aoqzhqir80w.shop Open in urlscan Pro
104.21.34.26 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://aoqzhqir80w.shop/cash-payout-scheme-registration-form
Submission: On August 04 via manual (August 4th 2023, 11:15:42 am UTC) from SG — Scanned from SG

Summary HTTP 58 Redirects Behaviour Indicators

Summary

This website contacted 9 IPs in 4 countries across 12 domains to perform 58 HTTP transactions. The main IP is 104.21.34.26, located in and belongs to CLOUDFLARENET, US. The main domain is aoqzhqir80w.shop.
TLS certificate: Issued by GTS CA 1P5 on July 14th 2023. Valid for: 3 months.

This is the only time aoqzhqir80w.shop was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
17	104.21.34.26 104.21.34.26	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2600:1417:3f:... 2600:1417:3f:118e::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 8	35.163.51.105 35.163.51.105	16509 (AMAZON-02) (AMAZON-02)
1	63.140.36.104 63.140.36.104	16509 (AMAZON-02) (AMAZON-02)
1 1	54.151.147.246 54.151.147.246	16509 (AMAZON-02) (AMAZON-02)
1	63.140.36.101 63.140.36.101	16509 (AMAZON-02) (AMAZON-02)
1	2600:1413:b00... 2600:1413:b000:385::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	35.82.124.255 35.82.124.255	16509 (AMAZON-02) (AMAZON-02)
1	2600:1413:1:a... 2600:1413:1:aaa::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 2	74.125.24.155 74.125.24.155	15169 (GOOGLE) (GOOGLE)
2 2	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
1 1	34.111.234.236 34.111.234.236	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 2	2406:2600:7:1... 2406:2600:7:100::9	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
2 2	54.255.46.102 54.255.46.102	16509 (AMAZON-02) (AMAZON-02)
58	9

17 104.21.34.26 (None, )

ASN13335 (CLOUDFLARENET, US)

aoqzhqir80w.shop	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:1417:3f:118e::1e80 (Singapore)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 35.163.51.105 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-163-51-105.us-west-2.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.140.36.104 (United States)

ASN16509 (AMAZON-02, US)
PTR: ip-63-140-36-104.data.adobedc.net

smetrics.citibank.com.hk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.151.147.246 (Singapore) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-151-147-246.ap-southeast-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.140.36.101 (United States)

ASN16509 (AMAZON-02, US)
PTR: ip-63-140-36-101.data.adobedc.net

citihktw.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1413:b000:385::11a6 (Singapore)

ASN20940 (AKAMAI-ASN1, NL)

s.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.82.124.255 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-82-124-255.us-west-2.compute.amazonaws.com

citihktw.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1413:1:aaa::11a6 (Singapore)

ASN20940 (AKAMAI-ASN1, NL)

c.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 74.125.24.155 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: sf-in-f155.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.223.40.198 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.111.234.236 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 236.234.111.34.bc.googleusercontent.com

ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2406:2600:7:100::9 (Japan) 2 redirects

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.255.46.102 (Singapore) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-255-46-102.ap-southeast-1.compute.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	aoqzhqir80w.shop aoqzhqir80w.shop	452 KB
9	demdex.net 1 redirects dpm.demdex.net — Cisco Umbrella Rank: 215 citihktw.demdex.net — Cisco Umbrella Rank: 773368	11 KB
3	adobedtm.com assets.adobedtm.com — Cisco Umbrella Rank: 417	118 KB
2	crwdcntrl.net 2 redirects sync.crwdcntrl.net — Cisco Umbrella Rank: 889	593 B
2	criteo.com 2 redirects gum.criteo.com — Cisco Umbrella Rank: 431	757 B
2	adsrvr.org 2 redirects match.adsrvr.org — Cisco Umbrella Rank: 385	953 B
2	doubleclick.net 2 redirects cm.g.doubleclick.net — Cisco Umbrella Rank: 244	958 B
2	go-mpulse.net s.go-mpulse.net — Cisco Umbrella Rank: 1337 c.go-mpulse.net — Cisco Umbrella Rank: 580	50 KB
1	ml314.com 1 redirects ml314.com — Cisco Umbrella Rank: 1885	407 B
1	omtrdc.net citihktw.tt.omtrdc.net — Cisco Umbrella Rank: 452125	844 B
1	everesttech.net 1 redirects cm.everesttech.net — Cisco Umbrella Rank: 1070	517 B
1	citibank.com.hk smetrics.citibank.com.hk — Cisco Umbrella Rank: 425373	462 B
58	12

	Domain	Requested by
17	aoqzhqir80w.shop	aoqzhqir80w.shop
8	dpm.demdex.net	1 redirects aoqzhqir80w.shop
3	assets.adobedtm.com	aoqzhqir80w.shop assets.adobedtm.com
2	sync.crwdcntrl.net	2 redirects
2	gum.criteo.com	2 redirects
2	match.adsrvr.org	2 redirects
2	cm.g.doubleclick.net	2 redirects
1	ml314.com	1 redirects
1	c.go-mpulse.net	s.go-mpulse.net
1	citihktw.demdex.net	assets.adobedtm.com
1	s.go-mpulse.net	aoqzhqir80w.shop
1	citihktw.tt.omtrdc.net	assets.adobedtm.com
1	cm.everesttech.net	1 redirects
1	smetrics.citibank.com.hk	assets.adobedtm.com
58	14

This site contains no links.

Subject Issuer	Validity	Valid
aoqzhqir80w.shop GTS CA 1P5	`2023-07-14` - `2023-10-12`	3 months	crt.sh
assets.adobedtm.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-19` - `2023-08-19`	a year	crt.sh
smetrics.citibank.com.hk DigiCert SHA2 Extended Validation Server CA	`2023-05-16` - `2024-06-06`	a year	crt.sh
*.tt.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1	`2022-08-01` - `2023-09-01`	a year	crt.sh
akstat.io DigiCert TLS RSA SHA256 2020 CA1	`2023-04-05` - `2024-04-04`	a year	crt.sh
*.demdex.com DigiCert TLS RSA SHA256 2020 CA1	`2022-09-26` - `2023-10-27`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form
Frame ID: 60FBEEE1C38B794A141484B786E7B2C8
Requests: 50 HTTP requests in this frame

Frame: https://s.go-mpulse.net/boomerang/C3ZLE-RTZ4R-Y3E4K-NS3CQ-73U9T
Frame ID: 2C14D3D9C43CB238B8C2A334FC337D47
Requests: 2 HTTP requests in this frame

Frame: https://citihktw.demdex.net/dest5.html?d_nsid=0
Frame ID: 8D9534035DC09ACBF55CA93F32BEA6D8
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Register for $10,000 Cash Payout Scheme via Citibank Online - Procedures for Submitting Electronic ... - Cash Payout Scheme

Detected technologies

Clipboard.js (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

clipboard(?:-([\d.]+))?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

OWL Carousel (Widgets) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*href="[^"]+owl\.carousel(?:\.min)?\.css
owl\.carousel.*\.js

Page Statistics

58
Requests

43 %
HTTPS

29 %
IPv6

12
Domains

14
Subdomains

9
IPs

4
Countries

631 kB
Transfer

2448 kB
Size

14
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 37

https://dpm.demdex.net/id?d_visid_ver=5.1.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=723A625F5DFA732C0A495ED6%40AdobeOrg&d_nsid=0&ts=1691147731199 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=5.1.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=723A625F5DFA732C0A495ED6%40AdobeOrg&d_nsid=0&ts=1691147731199

Request Chain 40

https://cm.everesttech.net/cm/dd?d_uuid=52528980315603143992447925861387185212 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZMzd1AAAADmakAMg

Request Chain 52

https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=NTI1Mjg5ODAzMTU2MDMxNDM5OTI0NDc5MjU4NjEzODcxODUyMTI= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=NTI1Mjg5ODAzMTU2MDMxNDM5OTI0NDc5MjU4NjEzODcxODUyMTI=&google_tc= HTTP 302
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEGetGuRiPY6bPS_JIRGuwC4&google_cver=1?gdpr=0&gdpr_consent=

Request Chain 53

https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&domain=aoqzhqir80w.shop&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&domain=aoqzhqir80w.shop&ttd_tpi=1 HTTP 302
https://dpm.demdex.net/ibs:dpid=903&dpuuid=c40ea990-65fe-4b65-87fc-059ddf91a564

Request Chain 54

https://ml314.com/utsync.ashx?eid=50112&et=0&gdpr=0&gdpr_consent=&return=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D22052%26dpuuid%3D[PersonID] HTTP 302
https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3637563853377634379

Request Chain 55

https://gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
https://gum.criteo.com/sync?s=1&c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
https://dpm.demdex.net/ibs:dpid=28645&dpuuid=uwFq5La7UpzpBxxZaPhcx3GRYf6632ei&gdpr=0&gdpr_consent=

Request Chain 56

https://sync.crwdcntrl.net/map/c=9828/tp=ADBE/gdpr=0/gdpr_consent=/tpid=52528980315603143992447925861387185212?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D121998%26dpuuid%3D${profile_id} HTTP 302
https://sync.crwdcntrl.net/map/ct=y/c=9828/tp=ADBE/gdpr=0/gdpr_consent=/tpid=52528980315603143992447925861387185212?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D121998%26dpuuid%3D${profile_id} HTTP 302
https://dpm.demdex.net/ibs:dpid=121998&dpuuid=8c342e90807baf7fe907d831367db72a

58 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request cash-payout-scheme-registration-form Show response
aoqzhqir80w.shop/ 62 KB
17 KB 24441ms
24407ms Document
text/html 104.21.34.26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.34.26 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8047b5a870ad7cc044021da91d96dce15147e4f30347c32ffed339f466565627

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: zh-SG,zh;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7f1660f9fb305608-SIN
content-encoding: br
content-type: text/html;charset=UTF-8
date: Fri, 04 Aug 2023 11:15:12 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HC%2FDl1nylFQmAuR7u8rAvRQz3XybvfB70kEnn2w03PkZ4r6gexD2chacCBfPX0bUIRiEr7YV01xmQ1FboeMQ89McKPF3OArWvBUYAm8pZnu7VQEhfrfexYjb1r4eCAQDS3vk"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 vendor.css
aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/insurance/styles/ 596 KB
78 KB 9670ms
9667ms Stylesheet
text/css 104.21.34.26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/insurance/styles/vendor.css
Requested by: Host: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.34.26 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8494e1c2eeb8a813e4483e2837210f93d400ac3d33f8ea6706835c81a959dac2

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 04 Aug 2023 11:15:22 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 04 Aug 2023 11:15:21 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8f79UE9nIv8svyaMxI3VzgWUo4u89l7iQ3ttj7uPtsqqifm4y1uzsxWHOOFYNGWLJKpc2o2S%2BX0nAyuip2jIk9cAE3uMP%2BGYPeQgpCZ2HZ4iaEUa3AGxp7zThoI0QUFMvzyB"}],"group":"cf-nel","max_age":604800}
content-type: text/css;charset=UTF-8
cache-control: max-age=14400
cf-ray: 7f166192987a5608-SIN
alt-svc: h3=":443"; ma=86400

GET
H2 200 owl.carousel.min.css
aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/chinese/credit-cards/payall/css/ 3 KB
1 KB 17905ms
17901ms Stylesheet
text/css 104.21.34.26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/chinese/credit-cards/payall/css/owl.carousel.min.css
Requested by: Host: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.34.26 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 63fbbfd0a4dcb849d1c861c2f75a02bf96b909638c915ae7fb11f680d2bb93d9

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 04 Aug 2023 11:15:30 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 04 Aug 2023 11:15:30 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rAQ501eKxPl7OcOMjVvivrYpoBh7vBLUL1Dh9B5uBWr11BlUuJCyLNfnv5RAd4RYvm1zi8Gmcw32lyNf6dmpvCeTingcO63Dk18n5GTwgCseXQGp%2Flv6nPWpaN4nhkkM5UBn"}],"group":"cf-nel","max_age":604800}
content-type: text/css;charset=UTF-8
cache-control: max-age=14400
cf-ray: 7f166192987c5608-SIN
alt-svc: h3=":443"; ma=86400

GET
H2 200 xfs.js Show response
aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/views/js/ 307 B
440 B 17565ms
17562ms Script
application/x-javascript 104.21.34.26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/views/js/xfs.js
Requested by: Host: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.34.26 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c2d38b5b1b755c0ad4032ee910a797a24b7660ea1b0e0ce37758cade9faf5de7

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 04 Aug 2023 11:15:29 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 04 Aug 2023 11:15:29 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=riMxK1hzDrVVObVOHev%2BLRm1A3ucxwxJ46TWLSgG8T%2F7gpcMkqNC7wz7%2Fe1kIt4eY0VZulPd4fXkqzLVmurKV3fAfugV6uNB%2ByZWeIMGIwGZ1wdaRd2W21I2NUzByTufKdi2"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=14400
cf-ray: 7f16619298815608-SIN
alt-svc: h3=":443"; ma=86400

GET
H2 200 xss.js Show response
aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/views/templates/en/ 814 B
569 B 17903ms
17900ms Script
application/x-javascript 104.21.34.26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/views/templates/en/xss.js
Requested by: Host: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.34.26 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 68a578ad2b17dfc79314c3327478ed5563eb9cadc3c80bd1df520d1beaa8653f

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 04 Aug 2023 11:15:30 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 04 Aug 2023 11:15:30 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uJ2VmJiq8LeuqE5ULozVgUAvjKzJHwaGS8p4PoZ5mtD8XW31r1eZuJVv4YDDPC4%2FIxXckRPc8QO2ow5tMv77qQ%2FBfnLulvUnZah%2BqYUmVSXVfyA2m1IsvBjDMJdMjPnqsDCc"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=14400
cf-ray: 7f16619298825608-SIN
alt-svc: h3=":443"; ma=86400

GET
H2 200 vendor.min.js Show response
aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/insurance/scripts/ 204 KB
66 KB 18672ms
18670ms Script
application/x-javascript 104.21.34.26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/insurance/scripts/vendor.min.js
Requested by: Host: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.34.26 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7a494e419e95a017142ae05af68d02cb9fedb4124fce97950f0bc727b5db0d40

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 04 Aug 2023 11:15:31 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 04 Aug 2023 11:15:30 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dm1Wm2N38DlD87hJo%2FRN%2FNfVYVX1cvr1xk0wP1C3H0piyQwR4M%2B55xTfJHJgZiVAjDxDIcA4UyvBSp2CfjjACMWSpF%2F5GCgdjQVTlrI%2BIyVvPherMhxULLmoWWvE8cYAR%2B0d"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=14400
cf-ray: 7f16619298835608-SIN
alt-svc: h3=":443"; ma=86400

GET
H2 200 main.css
aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/insurance/styles/ 79 KB
11 KB 18049ms
18047ms Stylesheet
text/css 104.21.34.26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/insurance/styles/main.css
Requested by: Host: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.34.26 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c094f1f1015a291dc968880d1b66d01ac95afe96b6eb69bc80a46b77b1be6ca3

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 04 Aug 2023 11:15:30 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 04 Aug 2023 11:15:30 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=21Z6Ni4p5owItwsHoHYYQ0vRhJ31w%2BFRyCukli6Vxkr8T37WKQQXyanJfm9f%2FYYruWsgfOQn8JLQK78x3quMPyomZjr7%2FAQwZSfMu56ojW4fLqJfUd4O0DhkG5MeMKg%2B4M0m"}],"group":"cf-nel","max_age":604800}
content-type: text/css;charset=UTF-8
cache-control: max-age=14400
cf-ray: 7f166192987d5608-SIN
alt-svc: h3=":443"; ma=86400

GET
H2 200 share.css
aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/insurance/css/ 3 KB
1 KB 17902ms
17900ms Stylesheet
text/css 104.21.34.26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/insurance/css/share.css
Requested by: Host: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.34.26 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: af0b5b602e40ece55ae893b5a36beaf7db5d401fccbe2d174b191afb752bffbe

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 04 Aug 2023 11:15:30 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 04 Aug 2023 11:15:30 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O28xjhA9nMzQjwXmigtYTesJkU%2B%2B2wswOGeW4DANjI6p2wxE8ywM18MnplEwppf3uZvbj1ZAS%2FtDEeXe8DrwJUWbQBzo2qY3Mr5urdQOT3sqLPJ2ZfnzTvwZ9Jb5pgi469mc"}],"group":"cf-nel","max_age":604800}
content-type: text/css;charset=UTF-8
cache-control: max-age=14400
cf-ray: 7f166192987f5608-SIN
alt-svc: h3=":443"; ma=86400

GET
H2 200 vhis.css
aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/insurance/styles/ 29 KB
6 KB 18112ms
18110ms Stylesheet
text/css 104.21.34.26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/insurance/styles/vhis.css
Requested by: Host: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.34.26 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ee59ea37eb075db98de4004f2893b5047c1949863aa12f390f51cf95dca08d7

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 04 Aug 2023 11:15:30 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 04 Aug 2023 11:15:30 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SWcYKtygzUjDpcu1Qq602%2Bjtiwh5c2s1bfHw5%2B9KDpGKcn9pOpqnZ00o1lVbTqGr9Mz%2FyvTo7H2FLjXxeZCv9%2B%2FJJcR6XFuKHbyxyDruStiBDaTmzTfiNfUOTB6ZTiDOjigU"}],"group":"cf-nel","max_age":604800}
content-type: text/css;charset=UTF-8
cache-control: max-age=14400
cf-ray: 7f16619298805608-SIN
alt-svc: h3=":443"; ma=86400

GET
H2 200 fontawesome.js Show response
aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/insurance/js/ 657 KB
237 KB 19680ms
19678ms Script
application/x-javascript 104.21.34.26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/insurance/js/fontawesome.js
Requested by: Host: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.34.26 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 242bc6c8dbd384c124db213737e647a65f357b7d832889d5b36c6b28650c0d27

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 04 Aug 2023 11:15:32 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 04 Aug 2023 11:15:30 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YR0vUb3tx6ENldOs5Vkoo%2FN09Z0Y19BVY5hRP6NuicZkUkDIiPiIBiGlUzDrdHC5KN%2FvOi0WhQ1hCew3mbaJm5iPNQCSIGOOJCc64zr1jPJZFVXHtsAyRwn6TviFsVN7exs%2F"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=14400
cf-ray: 7f16619298845608-SIN
alt-svc: h3=":443"; ma=86400

GET
H2 200 vhis_share.js Show response
aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/insurance/js/ 10 KB
3 KB 9150ms
9148ms Script
application/x-javascript 104.21.34.26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/insurance/js/vhis_share.js
Requested by: Host: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.34.26 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 62f225024c10c7f4bac9a7851c5126b82d4abfcc384f38adbf002199bcc4d382

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 04 Aug 2023 11:15:21 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 04 Aug 2023 11:15:21 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JmXEKYxgzZtEOg%2FWfe8TX12JNhHMb2HKk%2FLBLOPt5iVUtomlckP8a1c3ePtxJx5w6LT5JHaLMjVg4w4%2Bt5UZjDNyN7PIB%2FjG6m6W1Yna4BYpbSQiNMwaYzQj56SH%2B3s5Hkke"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=14400
cf-ray: 7f16619298855608-SIN
alt-svc: h3=":443"; ma=86400

GET
H2 200 clipboard.min.js Show response
aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/insurance/js/ 11 KB
4 KB 9194ms
9192ms Script
application/x-javascript 104.21.34.26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/insurance/js/clipboard.min.js
Requested by: Host: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.34.26 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c228a8e12e33827977851a6b9dde862feba61ac34c5ad5bc675e55603754d770

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 04 Aug 2023 11:15:21 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 04 Aug 2023 11:15:21 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nX6xTTf%2BpoHXFw8HWWz0Zw9tNQNuCwCvRqjozAVR39hjVEu5SJMovvtBiuV%2BxXRoDwk95EHfkaTnYkaYAoNrOlXnVcrYXPv%2Bz%2F9ew3zaytLJx8D2MmJC0zAZcHX%2FBrExWShG"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=14400
cf-ray: 7f16619298875608-SIN
alt-svc: h3=":443"; ma=86400

GET logo.png
aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/insurance/images/ 0
0

GET cps1m.jpg
aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/banking/images/ 0
0

GET
H3 200 cps1.jpg
aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/banking/images/ 31 KB
0 10317ms
10313ms Image
image/jpeg 104.21.34.26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/banking/images/cps1.jpg
Requested by: Host: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.34.26 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 04 Aug 2023 11:15:42 GMT
cf-cache-status: MISS
last-modified: Fri, 04 Aug 2023 11:15:42 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eu85E1AHmhOGFLoMrIAeJ3QrCZfj4trhLdC7RLeabmINyBMTsuoBbev%2FJlIM2QeOslDumBEXVNc3j20i8jN9YWiz%2BBRwu5P9GsaU210%2FcAf30zoGptOAMtMgzKIqW8rbUkJW"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
cf-ray: 7f16620fd8b540b2-SIN
alt-svc: h3=":443"; ma=86400

GET cps2.png
aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/banking/images/ 0
0

GET
H3 200 cps4.png
aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/banking/images/ 5 KB
5 KB 10145ms
10141ms Image
image/png 104.21.34.26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/banking/images/cps4.png
Requested by: Host: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.34.26 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 49eb33cea514fe02f982a3e72aa8cc5d580ebdad49c6feac76bea3b9e6aca754

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 04 Aug 2023 11:15:42 GMT
cf-cache-status: MISS
last-modified: Fri, 04 Aug 2023 11:15:42 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DM%2F%2BKfCI%2Fcv%2B3f%2BvFABDVbSMpK70DNn20QA%2Br6K6mkSx6mAmA5HURFTP2ximrQVIPU80s4h77ZCdgUsYpGa0foXgjudqcff5iMw8AW%2F2yBbltgWauQPqVlXKD%2By5xYK4hfJH"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
cf-ray: 7f16620fd8b740b2-SIN
alt-svc: h3=":443"; ma=86400

GET
H3 200 cps3.png
aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/banking/images/ 2 KB
2 KB 10059ms
10056ms Image
image/png 104.21.34.26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/banking/images/cps3.png
Requested by: Host: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.34.26 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 131d90595c9aa1cd8cd67db65f47ab61d86f1753b9cd4798ff103017eea7be97

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 04 Aug 2023 11:15:42 GMT
cf-cache-status: MISS
last-modified: Fri, 04 Aug 2023 11:15:42 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UJN5HH50JJR%2BHQzWmZUJ7Glpxhjt9GbSkp91c9jbISnqA3aa0b999BcrznGFhvRPWs6Rwtlc70PPun9SFFBJyIT6dQe70DNMs0MfgIq1Kg5qTfT1CPcAhk9YQAvcoENNnHeV"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
cf-ray: 7f16620fd8b840b2-SIN
alt-svc: h3=":443"; ma=86400

GET cps5.png
aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/banking/images/ 0
0

GET cps6.png
aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/banking/images/ 0
0

GET cps7.png
aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/banking/images/ 0
0

GET cps8.jpg
aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/banking/images/ 0
0

GET Step1.gif
aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/banking/images/ 0
0

GET Step2.gif
aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/banking/images/ 0
0

GET Step3.gif
aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/banking/images/ 0
0

GET Step4.gif
aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/banking/images/ 0
0

GET Step5.gif
aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/banking/images/ 0
0

GET Step6.gif
aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/banking/images/ 0
0

GET cps8.png
aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/banking/images/ 0
0

GET cps10.png
aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/banking/images/ 0
0

GET
H3 200 global.js Show response
aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/insurance/scripts/ 66 KB
19 KB 10214ms
10214ms Script
application/x-javascript 104.21.34.26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/insurance/scripts/global.js
Requested by: Host: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.34.26 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6de445f13c7cf11cf9734cf8dadea7e69de167821db9ed63d76c41c968a4733e

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 04 Aug 2023 11:15:41 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 04 Aug 2023 11:15:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QG1gZ5CrHxpm%2Fu2t%2FMHafDB8m4qezCyWPEGk5nykxKYyLXj2GM7iysiOM%2BJhzjjvCc%2FvWe48gDuzKPTfQVDM8WCczjOrzor4dPlT1NiBkQP83ILh%2B3cCFOEssTU%2BE8RX8bl4"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: max-age=14400
cf-ray: 7f1662075e6240b2-SIN
alt-svc: h3=":443"; ma=86400

GET plugins.min.js
aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/insurance/scripts/ 0
0

GET app.min.js
aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/insurance/scripts/ 0
0

GET owl.carousel.min.js
aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/chinese/credit-cards/payall/js/ 0
0

GET common-cookies.js
aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/views/js/ 0
0

GET BkdaDB4
aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/WvOAlPuI9RtiY90te3jR/5f3YbhmwXJYa/Lw9CD1Y_SwE/STRA/ 0
0

GET
H3 200 b2defd.png
aoqzhqir80w.shop/ 68 B
492 B 10011ms
10007ms Image
image/png 104.21.34.26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aoqzhqir80w.shop/b2defd.png
Requested by: Host: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.34.26 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 04 Aug 2023 11:15:42 GMT
cf-cache-status: MISS
last-modified: Fri, 04 Aug 2023 11:15:42 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F2DCiDJsXdIETLdFWYvR51eEAY4Q667gl2ztiKhIJIrbvBJL4Oh32cyAM7VhaWglGc2CFAlwFJr1abdj6GwyG2917JdskultKiPvOFc%2FFWoYbk5RWuAtLTM7pRJpXReo%2BR2l"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
cf-ray: 7f16620fd8c740b2-SIN
alt-svc: h3=":443"; ma=86400

GET
H2 200 launch-d42d76c2b23c-staging.min.js Show response
assets.adobedtm.com/e98965ff8624/b8c0b5e404b1/ 414 KB
95 KB 40ms
14ms Script
application/x-javascript 2600:1417:3f:118e::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/e98965ff8624/b8c0b5e404b1/launch-d42d76c2b23c-staging.min.js
Requested by: Host: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1417:3f:118e::1e80 , Singapore, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 686ca2a6a292b2815c0b303bd823bce33650b762b340c0e88f1170fcd7250d94

Request headers

Referer: https://aoqzhqir80w.shop/
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

pragma: no-cache
date: Fri, 04 Aug 2023 11:15:31 GMT
content-encoding: gzip
last-modified: Thu, 03 Aug 2023 10:11:44 GMT
server: AkamaiNetStorage
etag: "c794b1eb78f90f75059e769d8529b95e:1691057504.608929"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://aoqzhqir80w.shop
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 04 Aug 2023 11:15:31 GMT

GET
H/1.1

200
OK

rd Show response
dpm.demdex.net/id/
Redirect Chain

https://dpm.demdex.net/id?d_visid_ver=5.1.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=723A625F5DFA732C0A495ED6%40AdobeOrg&d_nsid=0&ts=1691147731199
https://dpm.demdex.net/id/rd?d_visid_ver=5.1.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=723A625F5DFA732C0A495ED6%40AdobeOrg&d_nsid=0&ts=1691147731199

1 KB
1 KB

194ms
193ms

XHR
application/json

35.163.51.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id/rd?d_visid_ver=5.1.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=723A625F5DFA732C0A495ED6%40AdobeOrg&d_nsid=0&ts=1691147731199

Requested by

Host: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form

Protocol

HTTP/1.1

Server

35.163.51.105 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-163-51-105.us-west-2.compute.amazonaws.com

Software

Resource Hash

7e224757592c6fb4534a78256b981db0b8cb31c503922ddf52fc73eb07ff564a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://aoqzhqir80w.shop/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

DCS: dcs-prod-usw2-2-v046-0ec0063c0.edge-usw2.demdex.com 6 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: 5j6M3BSrQD0=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://aoqzhqir80w.shop
Content-Type: application/json;charset=utf-8
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 720
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-usw2-1-v046-06ceea025.edge-usw2.demdex.com 0 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: oEI2IVmbSic=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://aoqzhqir80w.shop
Location: https://dpm.demdex.net/id/rd?d_visid_ver=5.1.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=723A625F5DFA732C0A495ED6%40AdobeOrg&d_nsid=0&ts=1691147731199
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EP5e9ec493dfa0465eaa797b523b09d3f7/ 36 KB
13 KB 8ms
3ms Script
application/x-javascript 2600:1417:3f:118e::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP5e9ec493dfa0465eaa797b523b09d3f7/AppMeasurement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/e98965ff8624/b8c0b5e404b1/launch-d42d76c2b23c-staging.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1417:3f:118e::1e80 , Singapore, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 7c9cecd10e7ebe0bd54d4c544d872270d4148922ee896d2ad404dc791ad0ef3a

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://aoqzhqir80w.shop/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 04 Aug 2023 11:15:32 GMT
content-encoding: gzip
last-modified: Wed, 13 Nov 2019 18:34:43 GMT
server: AkamaiNetStorage
etag: "d6e076e7d6ae0d567c0f611bee8f9855:1573670083.361234"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://aoqzhqir80w.shop
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 13335
expires: Fri, 04 Aug 2023 12:15:32 GMT

GET
H2 200 id Show response
smetrics.citibank.com.hk/ 48 B
462 B 576ms
187ms XHR
application/x-javascript 63.140.36.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://smetrics.citibank.com.hk/id?d_visid_ver=5.1.1&d_fieldgroup=A&mcorgid=723A625F5DFA732C0A495ED6%40AdobeOrg&mid=47205026423920407632926307663357404952&ts=1691147732161

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/e98965ff8624/b8c0b5e404b1/launch-d42d76c2b23c-staging.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.36.104 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-63-140-36-104.data.adobedc.net

Software

jag /

Resource Hash

72041a2da1a6a49d3022dfed6b7b0c398959fe7b1b0e0b445097a8d49195218f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://aoqzhqir80w.shop/
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Fri, 04 Aug 2023 11:15:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: https://aoqzhqir80w.shop
p3p: CP="This is not a P3P policy"
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-length: 48
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=ZMzd1AAAADmakAMg
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=52528980315603143992447925861387185212
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZMzd1AAAADmakAMg

42 B
942 B

187ms
187ms

Image
image/gif

35.163.51.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZMzd1AAAADmakAMg

Requested by

Host: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form

Protocol

HTTP/1.1

Server

35.163.51.105 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-163-51-105.us-west-2.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://aoqzhqir80w.shop/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

DCS: dcs-prod-usw2-2-v046-06f18ff71.edge-usw2.demdex.com 1 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: h6o57Dy9RGQ=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZMzd1AAAADmakAMg
Date: Fri, 04 Aug 2023 11:15:32 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

POST
H2 200 delivery Show response
citihktw.tt.omtrdc.net/rest/v1/ 351 B
844 B 579ms
195ms XHR
application/json 63.140.36.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://citihktw.tt.omtrdc.net/rest/v1/delivery?client=citihktw&sessionId=14ff9655a2404803a1d28f8714ca4b7e&version=2.3.2

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/e98965ff8624/b8c0b5e404b1/launch-d42d76c2b23c-staging.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.36.101 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-63-140-36-101.data.adobedc.net

Software

jag /

Resource Hash

4ba4a1b7e303cb11b9308c8053e809b68925f40bd8b4205759f50ea67e15cb78

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://aoqzhqir80w.shop/
accept-language: zh-SG,zh;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 04 Aug 2023 11:15:32 GMT
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List
server: jag
x-content-type-options: nosniff
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://aoqzhqir80w.shop
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
timing-allow-origin: *
x-xss-protection: 1; mode=block
x-request-id: b2a1dbd1-1c31-4b43-aa0a-92df9e33049a

GET
H2 200 C3ZLE-RTZ4R-Y3E4K-NS3CQ-73U9T Show response
s.go-mpulse.net/boomerang/ Frame 2C14 205 KB
49 KB 36ms
4ms Script
application/javascript 2600:1413:b000:385::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.go-mpulse.net/boomerang/C3ZLE-RTZ4R-Y3E4K-NS3CQ-73U9T
Requested by: Host: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1413:b000:385::11a6 , Singapore, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://aoqzhqir80w.shop/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 04 Aug 2023 11:15:32 GMT
content-encoding: br
last-modified: Thu, 06 Jul 2023 04:41:01 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=604800
x-n: S
timing-allow-origin: *
content-length: 50393

GET cps1.jpg
aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/banking/images/ 0
0

GET cps8.png
aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/banking/images/ 0
0

GET jamp-spinner-2x.svg
aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/insurance/images/svg/ 0
0

GET sample.png
aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/banking/images/ 0
0

GET Interstate-Light.woff
aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/insurance/styles/fonts/interstate/ 0
0

GET Interstate-Bold.woff
aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/insurance/styles/fonts/interstate/ 0
0

GET
H/1.1 200
OK dest5.html Show response
citihktw.demdex.net/ Frame 8D95 7 KB
3 KB 845ms
210ms Document
text/html 35.82.124.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://citihktw.demdex.net/dest5.html?d_nsid=0

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/e98965ff8624/b8c0b5e404b1/launch-d42d76c2b23c-staging.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.82.124.255 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-82-124-255.us-west-2.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://aoqzhqir80w.shop/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: zh-SG,zh;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 2791
Content-Type: text/html;charset=UTF-8
DCS: dcs-prod-usw2-1-v046-07d37c089.edge-usw2.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: sysHw5CFTso=
content-encoding: gzip
date: Fri, 4 Aug 2023 11:15:33 GMT
last-modified: Thu, 27 Jul 2023 09:53:52 GMT
vary: accept-encoding

GET
H/1.1 403
Forbidden config.json Show response
c.go-mpulse.net/api/ Frame 2C14 136 B
415 B 222ms
205ms XHR
application/json 2600:1413:1:aaa::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/api/config.json?key=CWRRZ-ACKDF-DD76Q-YYKV5-M7QZJ&d=aoqzhqir80w.shop&t=5637159&v=1.720.0&if=&sl=0&si=fa94793b-3c8c-4409-bc74-82cf72128a5a-ryv5wo&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=405695
Requested by: Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/C3ZLE-RTZ4R-Y3E4K-NS3CQ-73U9T
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1413:1:aaa::11a6 , Singapore, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 0513cec0f3a57b74aca00e7cf4950176720ec3ed4c35eeb6cf812496b1caa4e9

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://aoqzhqir80w.shop/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 04 Aug 2023 11:15:32 GMT
Cache-Control: public, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 136
Content-Type: application/json

GET
H2 200 AppMeasurement_Module_AudienceManagement.min.js Show response
assets.adobedtm.com/extensions/EP5e9ec493dfa0465eaa797b523b09d3f7/ 25 KB
9 KB 4ms
3ms Script
application/x-javascript 2600:1417:3f:118e::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP5e9ec493dfa0465eaa797b523b09d3f7/AppMeasurement_Module_AudienceManagement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/e98965ff8624/b8c0b5e404b1/launch-d42d76c2b23c-staging.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1417:3f:118e::1e80 , Singapore, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 19742d915958a7525879a20699efdda3cb8214cf7eaf07c18a0fffaf12c71b63

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://aoqzhqir80w.shop/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 04 Aug 2023 11:15:32 GMT
content-encoding: gzip
last-modified: Wed, 13 Nov 2019 18:34:43 GMT
server: AkamaiNetStorage
etag: "46e2aa1bef425becb0cb4651c23fff38:1573670083.753497"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://aoqzhqir80w.shop
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 8769
expires: Fri, 04 Aug 2023 12:15:32 GMT

GET
H/1.1

200
OK

ibs:dpid=771&dpuuid=CAESEGetGuRiPY6bPS_JIRGuwC4&google_cver=1
dpm.demdex.net/ Frame 8D95
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=NTI1Mjg5ODAzMTU2MDMxNDM5OTI0NDc5MjU4NjEzODcxODUyMTI=
https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=NTI1Mjg5ODAzMTU2MDMxNDM5OTI0NDc5MjU4NjEzODcxODUyMTI=&google_tc=
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEGetGuRiPY6bPS_JIRGuwC4&google_cver=1?gdpr=0&gdpr_consent=

42 B
942 B

188ms
188ms

Image
image/gif

35.163.51.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEGetGuRiPY6bPS_JIRGuwC4&google_cver=1?gdpr=0&gdpr_consent=

Requested by

Host: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form

Protocol

HTTP/1.1

Server

35.163.51.105 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-163-51-105.us-west-2.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://citihktw.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

DCS: dcs-prod-usw2-1-v046-0916fabba.edge-usw2.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: zbTZ4EsXSEk=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Fri, 04 Aug 2023 11:15:33 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEGetGuRiPY6bPS_JIRGuwC4&google_cver=1?gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

ibs:dpid=903&dpuuid=c40ea990-65fe-4b65-87fc-059ddf91a564
dpm.demdex.net/ Frame 8D95
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&domain=aoqzhqir80w.shop&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=aam&gdpr=0&gdpr_consent=&domain=aoqzhqir80w.shop&ttd_tpi=1
https://dpm.demdex.net/ibs:dpid=903&dpuuid=c40ea990-65fe-4b65-87fc-059ddf91a564

42 B
942 B

276ms
188ms

Image
image/gif

35.163.51.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=903&dpuuid=c40ea990-65fe-4b65-87fc-059ddf91a564

Requested by

Host: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form

Protocol

HTTP/1.1

Server

35.163.51.105 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-163-51-105.us-west-2.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://citihktw.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

DCS: dcs-prod-usw2-2-v046-087bdb9c3.edge-usw2.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 4jDXdadZQrk=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Fri, 04 Aug 2023 11:15:33 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://dpm.demdex.net/ibs:dpid=903&dpuuid=c40ea990-65fe-4b65-87fc-059ddf91a564
content-type: text/html
cache-control: private,no-cache, must-revalidate
content-length: 189

GET
H/1.1

200
OK

ibs:dpid=22052&dpuuid=3637563853377634379
dpm.demdex.net/ Frame 8D95
Redirect Chain

https://ml314.com/utsync.ashx?eid=50112&et=0&gdpr=0&gdpr_consent=&return=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D22052%26dpuuid%3D[PersonID]
https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3637563853377634379

42 B
942 B

313ms
187ms

Image
image/gif

35.163.51.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3637563853377634379

Requested by

Host: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form

Protocol

HTTP/1.1

Server

35.163.51.105 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-163-51-105.us-west-2.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://citihktw.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

DCS: dcs-prod-usw2-2-v046-081475e08.edge-usw2.demdex.com 1 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: g47a4GmYQzM=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Fri, 04 Aug 2023 11:15:32 GMT
via: 1.1 google
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: text/html; charset=utf-8
location: https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3637563853377634379
p3p: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 185
expires: 0,Sat, 05 Aug 2023 07:15:33 GMT

GET
H/1.1

200
OK

ibs:dpid=28645&dpuuid=uwFq5La7UpzpBxxZaPhcx3GRYf6632ei&gdpr=0&gdpr_consent=
dpm.demdex.net/ Frame 8D95
Redirect Chain

https://gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent=
https://gum.criteo.com/sync?s=1&c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent=
https://dpm.demdex.net/ibs:dpid=28645&dpuuid=uwFq5La7UpzpBxxZaPhcx3GRYf6632ei&gdpr=0&gdpr_consent=

42 B
942 B

332ms
188ms

Image
image/gif

35.163.51.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=28645&dpuuid=uwFq5La7UpzpBxxZaPhcx3GRYf6632ei&gdpr=0&gdpr_consent=

Requested by

Host: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form

Protocol

HTTP/1.1

Server

35.163.51.105 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-163-51-105.us-west-2.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://citihktw.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

DCS: dcs-prod-usw2-1-v046-0c44d542e.edge-usw2.demdex.com 1 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: DOjO/NhLS8U=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location: https://dpm.demdex.net/ibs:dpid=28645&dpuuid=uwFq5La7UpzpBxxZaPhcx3GRYf6632ei&gdpr=0&gdpr_consent=
date: Fri, 04 Aug 2023 11:15:33 GMT
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
strict-transport-security: max-age=31536000; preload;
server: Kestrel
server-processing-duration-in-ticks: 753084
content-length: 0

GET
H/1.1

200
OK

ibs:dpid=121998&dpuuid=8c342e90807baf7fe907d831367db72a
dpm.demdex.net/ Frame 8D95
Redirect Chain

https://sync.crwdcntrl.net/map/c=9828/tp=ADBE/gdpr=0/gdpr_consent=/tpid=52528980315603143992447925861387185212?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D121998%26dpuuid%3D${profile_id}
https://sync.crwdcntrl.net/map/ct=y/c=9828/tp=ADBE/gdpr=0/gdpr_consent=/tpid=52528980315603143992447925861387185212?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D121998%26dpuuid%3D${profile_id}
https://dpm.demdex.net/ibs:dpid=121998&dpuuid=8c342e90807baf7fe907d831367db72a

42 B
942 B

292ms
206ms

Image
image/gif

35.163.51.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=121998&dpuuid=8c342e90807baf7fe907d831367db72a

Requested by

Host: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form

Protocol

HTTP/1.1

Server

35.163.51.105 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-163-51-105.us-west-2.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://citihktw.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

DCS: dcs-prod-usw2-2-v046-0c723b0bc.edge-usw2.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: xqV5dDg+Rb0=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma: no-cache
date: Fri, 04 Aug 2023 11:15:33 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://dpm.demdex.net/ibs:dpid=121998&dpuuid=8c342e90807baf7fe907d831367db72a
cache-control: no-cache
x-server: 10.42.8.122
content-length: 0
expires: 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/insurance/images/logo.png

Domain: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/banking/images/cps1m.jpg

Domain: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/banking/images/cps2.png

Domain: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/banking/images/cps5.png

Domain: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/banking/images/cps6.png

Domain: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/banking/images/cps7.png

Domain: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/banking/images/cps8.jpg

Domain: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/banking/images/Step1.gif

Domain: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/banking/images/Step2.gif

Domain: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/banking/images/Step3.gif

Domain: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/banking/images/Step4.gif

Domain: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/banking/images/Step5.gif

Domain: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/banking/images/Step6.gif

Domain: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/banking/images/cps8.png

Domain: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/banking/images/cps10.png

Domain: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/insurance/scripts/plugins.min.js

Domain: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/insurance/scripts/app.min.js

Domain: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/chinese/credit-cards/payall/js/owl.carousel.min.js

Domain: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/views/js/common-cookies.js

Domain: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/WvOAlPuI9RtiY90te3jR/5f3YbhmwXJYa/Lw9CD1Y_SwE/STRA/BkdaDB4

Domain: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/banking/images/cps1.jpg

Domain: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/banking/images/cps8.png

Domain: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/insurance/images/svg/jamp-spinner-2x.svg

Domain: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/banking/images/sample.png

Domain: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/insurance/styles/fonts/interstate/Interstate-Light.woff

Domain: aoqzhqir80w.shop
URL: https://aoqzhqir80w.shop/f8abf24d/https/8783c0/www.citibank.com.hk/english/insurance/styles/fonts/interstate/Interstate-Bold.woff

Verdicts & Comments Add Verdict or Comment

55 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

14 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.aoqzhqir80w.shop/	1969-12-31 23:59:59	Name: at_check Value: true
.demdex.net/	1970-01-20 18:04:59	Name: demdex Value: 52528980315603143992447925861387185212
.aoqzhqir80w.shop/	1969-12-31 23:59:59	Name: AMCVS_723A625F5DFA732C0A495ED6%40AdobeOrg Value: 1
.everesttech.net/	1970-01-20 22:31:23	Name: everest_g_v2 Value: g_surferid~ZMzd1AAAADmakAMg
.aoqzhqir80w.shop/	1970-01-20 23:21:47	Name: mbox Value: session#14ff9655a2404803a1d28f8714ca4b7e#1691149592\|PC#14ff9655a2404803a1d28f8714ca4b7e.35_0#1754392533
.dpm.demdex.net/	1970-01-20 18:04:59	Name: dpm Value: 52528980315603143992447925861387185212
.aoqzhqir80w.shop/	1970-01-20 23:21:47	Name: AMCV_723A625F5DFA732C0A495ED6%40AdobeOrg Value: -637568504%7CMCIDTS%7C19574%7CMCMID%7C47205026423920407632926307663357404952%7CMCAAMLH-1691752532%7C9%7CMCAAMB-1691752532%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1691154932s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19581%7CvVersion%7C5.1.1
.doubleclick.net/	1970-01-20 23:21:47	Name: IDE Value: AHWqTUkCODmgAiTXwTZcFECRl-clt-yig3FwIx1qUvHDWP1aTNpmZAGWz1SPVSsGfJA
.adsrvr.org/	1970-01-20 22:32:50	Name: TDID Value: c40ea990-65fe-4b65-87fc-059ddf91a564
.adsrvr.org/	1970-01-20 22:32:50	Name: TDCPM Value: CAESEgoDYWFtEgsI2riw8sS5ijwQBRgFIAEoAjILCNqws5_buYo8EAU4AQ..
.ml314.com/	1970-01-20 22:32:50	Name: pi Value: 3637563853377634379
.demdex.net/	1970-01-20 18:04:59	Name: dextp Value: 771-1-1691147733332\|903-1-1691147733433\|22052-1-1691147733534\|28645-1-1691147733635\|121998-1-1691147733737
.criteo.com/	1970-01-20 23:07:23	Name: uid Value: d74b3e6c-dbd7-46a3-920a-82450016b3b4
.crwdcntrl.net/	1969-12-31 23:59:59	Name: _cc_cc Value: ctst

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form(Line 160) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://assets.adobedtm.com/e98965ff8624/b8c0b5e404b1/launch-d42d76c2b23c-staging.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://aoqzhqir80w.shop/cash-payout-scheme-registration-form(Line 160) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://assets.adobedtm.com/e98965ff8624/b8c0b5e404b1/launch-d42d76c2b23c-staging.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://c.go-mpulse.net/api/config.json?key=CWRRZ-ACKDF-DD76Q-YYKV5-M7QZJ&d=aoqzhqir80w.shop&t=5637159&v=1.720.0&if=&sl=0&si=fa94793b-3c8c-4409-bc74-82cf72128a5a-ryv5wo&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=405695 Message: Failed to load resource: the server responded with a status of 403 (Forbidden)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aoqzhqir80w.shop
assets.adobedtm.com
c.go-mpulse.net
citihktw.demdex.net
citihktw.tt.omtrdc.net
cm.everesttech.net
cm.g.doubleclick.net
dpm.demdex.net
gum.criteo.com
match.adsrvr.org
ml314.com
s.go-mpulse.net
smetrics.citibank.com.hk
sync.crwdcntrl.net
aoqzhqir80w.shop
104.21.34.26
2406:2600:7:100::9
2600:1413:1:aaa::11a6
2600:1413:b000:385::11a6
2600:1417:3f:118e::1e80
34.111.234.236
35.163.51.105
35.82.124.255
52.223.40.198
54.151.147.246
54.255.46.102
63.140.36.101
63.140.36.104
74.125.24.155
0513cec0f3a57b74aca00e7cf4950176720ec3ed4c35eeb6cf812496b1caa4e9
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4
131d90595c9aa1cd8cd67db65f47ab61d86f1753b9cd4798ff103017eea7be97
19742d915958a7525879a20699efdda3cb8214cf7eaf07c18a0fffaf12c71b63
242bc6c8dbd384c124db213737e647a65f357b7d832889d5b36c6b28650c0d27
49eb33cea514fe02f982a3e72aa8cc5d580ebdad49c6feac76bea3b9e6aca754
4ba4a1b7e303cb11b9308c8053e809b68925f40bd8b4205759f50ea67e15cb78
62f225024c10c7f4bac9a7851c5126b82d4abfcc384f38adbf002199bcc4d382
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
63fbbfd0a4dcb849d1c861c2f75a02bf96b909638c915ae7fb11f680d2bb93d9
686ca2a6a292b2815c0b303bd823bce33650b762b340c0e88f1170fcd7250d94
68a578ad2b17dfc79314c3327478ed5563eb9cadc3c80bd1df520d1beaa8653f
6de445f13c7cf11cf9734cf8dadea7e69de167821db9ed63d76c41c968a4733e
72041a2da1a6a49d3022dfed6b7b0c398959fe7b1b0e0b445097a8d49195218f
7a494e419e95a017142ae05af68d02cb9fedb4124fce97950f0bc727b5db0d40
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7c9cecd10e7ebe0bd54d4c544d872270d4148922ee896d2ad404dc791ad0ef3a
7e224757592c6fb4534a78256b981db0b8cb31c503922ddf52fc73eb07ff564a
8047b5a870ad7cc044021da91d96dce15147e4f30347c32ffed339f466565627
8494e1c2eeb8a813e4483e2837210f93d400ac3d33f8ea6706835c81a959dac2
8ee59ea37eb075db98de4004f2893b5047c1949863aa12f390f51cf95dca08d7
af0b5b602e40ece55ae893b5a36beaf7db5d401fccbe2d174b191afb752bffbe
c094f1f1015a291dc968880d1b66d01ac95afe96b6eb69bc80a46b77b1be6ca3
c228a8e12e33827977851a6b9dde862feba61ac34c5ad5bc675e55603754d770
c2d38b5b1b755c0ad4032ee910a797a24b7660ea1b0e0ce37758cade9faf5de7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

aoqzhqir80w.shop Open in urlscan Pro 104.21.34.26 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

58 Requests

43 %HTTPS

29 %IPv6

12 Domains

14 Subdomains

9 IPs

4 Countries

631 kBTransfer

2448 kBSize

14 Cookies

0 Outgoing links

Redirected requests

58 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

aoqzhqir80w.shop Open in urlscan Pro
104.21.34.26 Public Scan

Screenshot
Live screenshot

Full Image

58
Requests

43 %
HTTPS

29 %
IPv6

12
Domains

14
Subdomains

9
IPs

4
Countries

631 kB
Transfer

2448 kB
Size

14
Cookies

58 HTTP transactions
0 data transactions