www.thankyou.com Open in urlscan Pro
159.127.208.20 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://thankyou.citi.com/T/v500000174d9f614ad97b26af4bbe5cfc0/3bf2bdb046d54a330000021ef3a0bcd6/3bf2bdb0-46d5-4a33-94ae-df...
Effective URL:
https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
Submission Tags: phishing malicious Search All
Submission: On September 29 via api (September 29th 2020, 2:30:47 pm UTC) from US

Summary HTTP 70 Redirects Links 30 Behaviour Indicators

Summary

This website contacted 14 IPs in 6 countries across 10 domains to perform 70 HTTP transactions. The main IP is 159.127.208.20, located in United States and belongs to EPSILON-INTERACTIVE, US. The main domain is www.thankyou.com.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on June 14th 2019. Valid for: 2 years.

This is the only time www.thankyou.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 2	159.127.187.155 159.127.187.155	19137 (EPSILON-I...) (EPSILON-INTERACTIVE)
9	159.127.208.20 159.127.208.20	19137 (EPSILON-I...) (EPSILON-INTERACTIVE)
25	163.171.128.172 163.171.128.172	54994 (QUANTILNE...) (QUANTILNETWORKS)
2	178.249.101.23 178.249.101.23	11054 (LIVEPERSON) (LIVEPERSON)
8	2a03:6400:10:... 2a03:6400:10:0:178:249:97:99	11054 (LIVEPERSON) (LIVEPERSON)
1	54.239.192.34 54.239.192.34	16509 (AMAZON-02) (AMAZON-02)
5	18.195.42.228 18.195.42.228	16509 (AMAZON-02) (AMAZON-02)
3	159.127.208.21 159.127.208.21	19137 (EPSILON-I...) (EPSILON-INTERACTIVE)
3	151.101.114.133 151.101.114.133	54113 (FASTLY) (FASTLY)
1 2	15.236.9.100 15.236.9.100	16509 (AMAZON-02) (AMAZON-02)
1	151.101.113.175 151.101.113.175	54113 (FASTLY) (FASTLY)
1	35.241.45.82 35.241.45.82	15169 (GOOGLE) (GOOGLE)
3	2a03:6400:10:... 2a03:6400:10:0:178:249:97:98	11054 (LIVEPERSON) (LIVEPERSON)
6	208.89.12.87 208.89.12.87	11054 (LIVEPERSON) (LIVEPERSON)
2	104.109.92.187 104.109.92.187	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
70	14

2 159.127.187.155 (United States) 2 redirects

ASN19137 (EPSILON-INTERACTIVE, US)

thankyou.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 159.127.208.20 (United States)

ASN19137 (EPSILON-INTERACTIVE, US)

www.thankyou.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 163.171.128.172 (Germany)

ASN54994 (QUANTILNETWORKS, US)

staticcontent.thankyou.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
staticcontent.citirewards.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.249.101.23 (Netherlands)

ASN11054 (LIVEPERSON, US)

lptag.liveperson.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a03:6400:10:0:178:249:97:99 (United Kingdom)

ASN11054 (LIVEPERSON, US)

lp-01.chat.online.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.239.192.34 (Seattle, United States)

ASN16509 (AMAZON-02, US)

static-assets.fs.liveperson.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 18.195.42.228 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com

nexus.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 159.127.208.21 (United States)

ASN19137 (EPSILON-INTERACTIVE, US)

tyecho.epsilon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.114.133 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

resources.digital-cloud-citi.medallia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.236.9.100 (Paris, France) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-15-236-9-100.eu-west-3.compute.amazonaws.com

metrics1.citibank.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.113.175 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

nebula-cdn.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.82 (Ascension Island)

ASN15169 (GOOGLE, US)
PTR: 82.45.241.35.bc.googleusercontent.com

udc-neb.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:6400:10:0:178:249:97:98 (United Kingdom)

ASN11054 (LIVEPERSON, US)

lpcdn.chat.online.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 208.89.12.87 (United States)

ASN11054 (LIVEPERSON, US)
PTR: va.v.liveperson.net

lp-03.chat.online.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.109.92.187 (Netherlands)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a104-109-92-187.deploy.static.akamaitechnologies.com

online.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
33	thankyou.com www.thankyou.com staticcontent.thankyou.com	693 KB
21	citi.com 2 redirects thankyou.citi.com lp-01.chat.online.citi.com lpcdn.chat.online.citi.com lp-03.chat.online.citi.com online.citi.com	38 KB
5	ensighten.com nexus.ensighten.com	122 KB
3	medallia.com resources.digital-cloud-citi.medallia.com	64 KB
3	epsilon.com tyecho.epsilon.com	3 KB
2	kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com	6 KB
2	citibank.com 1 redirects metrics1.citibank.com	1 KB
2	liveperson.net lptag.liveperson.net	110 KB
1	liveperson.com static-assets.fs.liveperson.com	3 KB
1	citirewards.com staticcontent.citirewards.com	2 KB
70	10

	Domain	Requested by
24	staticcontent.thankyou.com	www.thankyou.com staticcontent.thankyou.com
9	www.thankyou.com	staticcontent.thankyou.com www.thankyou.com
8	lp-01.chat.online.citi.com	lptag.liveperson.net
6	lp-03.chat.online.citi.com	lptag.liveperson.net
5	nexus.ensighten.com	www.thankyou.com nexus.ensighten.com
3	lpcdn.chat.online.citi.com	lptag.liveperson.net
3	resources.digital-cloud-citi.medallia.com	nexus.ensighten.com resources.digital-cloud-citi.medallia.com
3	tyecho.epsilon.com	www.thankyou.com
2	online.citi.com	lpcdn.chat.online.citi.com
2	metrics1.citibank.com	1 redirects www.thankyou.com
2	lptag.liveperson.net	staticcontent.thankyou.com
2	thankyou.citi.com	2 redirects
1	udc-neb.kampyle.com
1	nebula-cdn.kampyle.com	resources.digital-cloud-citi.medallia.com
1	static-assets.fs.liveperson.com	lptag.liveperson.net
1	staticcontent.citirewards.com	staticcontent.thankyou.com
70	16

This site contains links to these domains. Also see Links.

Domain
tyecho.epsilon.com
travel.thankyou.com
online.citi.com
www.twitter.com
www.facebook.com
www.youtube.com

Subject Issuer	Validity	Valid
thankyou.com DigiCert SHA2 Extended Validation Server CA	`2019-06-14` - `2021-08-01`	2 years	crt.sh
staticcontent.thankyou.com DigiCert SHA2 Extended Validation Server CA	`2020-07-14` - `2022-08-23`	2 years	crt.sh
staticcontent.citirewards.com DigiCert SHA2 Extended Validation Server CA	`2020-02-07` - `2022-03-09`	2 years	crt.sh
*.liveperson.net COMODO RSA Organization Validation Secure Server CA	`2017-12-17` - `2020-12-16`	3 years	crt.sh
chat.online.citi.com DigiCert SHA2 Extended Validation Server CA	`2019-11-01` - `2022-01-25`	2 years	crt.sh
fs.liveperson.com Amazon	`2020-08-23` - `2021-09-23`	a year	crt.sh
nexus.ensighten.com DigiCert SHA2 Secure Server CA	`2020-09-09` - `2021-10-11`	a year	crt.sh
tyecho.epsilon.com Entrust Certification Authority - L1K	`2020-02-05` - `2022-05-04`	2 years	crt.sh
*.digital-cloud-citi.medallia.com SSL.com DV CA	`2018-11-13` - `2020-11-12`	2 years	crt.sh
metrics1.citibank.com DigiCert SHA2 High Assurance Server CA	`2020-01-20` - `2021-04-22`	a year	crt.sh
j.ssl.fastly.net GlobalSign Organization Validation CA - SHA256 - G2	`2020-08-24` - `2022-08-21`	2 years	crt.sh
*.kampyle.com RapidSSL RSA CA 2018	`2020-02-11` - `2022-03-06`	2 years	crt.sh
online.citibank.com DigiCert SHA2 Extended Validation Server CA	`2020-03-13` - `2022-05-14`	2 years	crt.sh

This page contains 2 frames:

Primary Page: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
Frame ID: 142278103A69A2875E546A11B4112041
Requests: 69 HTTP requests in this frame

Frame: https://lpcdn.chat.online.citi.com/le_secure_storage/3.10.0.1-release_5033/storage.secure.min.html?loc=https%3A%2F%2Fwww.thankyou.com&site=50929468&env=prod
Frame ID: E5F8A429FDC3C69BAE9A246B9105B093
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://thankyou.citi.com/T/v500000174d9f614ad97b26af4bbe5cfc0/3bf2bdb046d54a330000021ef3a0bcd6/3bf2bd... HTTP 302
https://thankyou.citi.com/T/v500000174d9f614ad97b26af4bbe5cfc0/3bf2bdb046d54a330000021ef3a0bcd6/3bf2bd... HTTP 302
https://www.thankyou.com/cms.htm?pageName=security&src=TYUSENG Page URL
https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG Page URL

Page Statistics

70
Requests

100 %
HTTPS

13 %
IPv6

10
Domains

16
Subdomains

14
IPs

6
Countries

1040 kB
Transfer

2687 kB
Size

5
Cookies

30 Outgoing links

These are links going to different origins than the main page.

URL: https://tyecho.epsilon.com/SonarEngine/T.aspx?l=C_0_29334_19152_1475699216
Title: 1-800-Flowers

Search URL Search Domain Scan URL

URL: https://tyecho.epsilon.com/SonarEngine/T.aspx?l=C_0_29334_19146_1475699216
Title: Amazon

Search URL Search Domain Scan URL

URL: https://tyecho.epsilon.com/SonarEngine/T.aspx?l=C_0_29334_19153_1475699216
Title: Best Buy

Search URL Search Domain Scan URL

URL: https://tyecho.epsilon.com/SonarEngine/T.aspx?l=C_0_29334_19177_1475699216
Title: PayPal

Search URL Search Domain Scan URL

URL: https://travel.thankyou.com/SH/Handlers/ReceptionDesk.ashx?clientharbor=e2c3a536e6814b3e80b68e7d5a65c14d&page=landingpage&landingpage=air&src=TYUSENG
Title: Flights

Search URL Search Domain Scan URL

URL: https://travel.thankyou.com/SH/Handlers/ReceptionDesk.ashx?clientharbor=e2c3a536e6814b3e80b68e7d5a65c14d&page=landingpage&landingpage=hotel&src=TYUSENG
Title: Hotels

Search URL Search Domain Scan URL

URL: https://travel.thankyou.com/SH/Handlers/ReceptionDesk.ashx?clientharbor=e2c3a536e6814b3e80b68e7d5a65c14d&page=landingpage&landingpage=car&src=TYUSENG
Title: Cars

Search URL Search Domain Scan URL

URL: https://travel.thankyou.com/SH/Handlers/ReceptionDesk.ashx?clientharbor=e2c3a536e6814b3e80b68e7d5a65c14d&page=landingpage&landingpage=cruise&src=TYUSENG
Title: Cruises

Search URL Search Domain Scan URL

URL: https://travel.thankyou.com/SH/Handlers/ReceptionDesk.ashx?clientharbor=e2c3a536e6814b3e80b68e7d5a65c14d&page=landingpage&landingpage=deals&src=TYUSENG
Title: Deals

Search URL Search Domain Scan URL

URL: https://travel.thankyou.com/SH/Handlers/ReceptionDesk.ashx?clientharbor=e2c3a536e6814b3e80b68e7d5a65c14d&page=landingpage&landingpage=myprofile&src=TYUSENG
Title: Profile

Search URL Search Domain Scan URL

URL: https://travel.thankyou.com/SH/Handlers/ReceptionDesk.ashx?clientharbor=e2c3a536e6814b3e80b68e7d5a65c14d&page=landingpage&landingpage=mytrips&src=TYUSENG
Title: My Trips

Search URL Search Domain Scan URL

URL: https://travel.thankyou.com/SH/Handlers/ReceptionDesk.ashx?clientharbor=e2c3a536e6814b3e80b68e7d5a65c14d&page=landingpage&landingpage=MyItinerary&src=TYUSENG
Title: Itinerary

Search URL Search Domain Scan URL

URL: https://tyecho.epsilon.com/SonarEngine/T.aspx?l=C_0_29194_19125_1475699216
Title: Pay With Points

Search URL Search Domain Scan URL

URL: https://tyecho.epsilon.com/SonarEngine/T.aspx?l=C_0_29194_19126_1475699216
Title: Online Bill Pay with Points

Search URL Search Domain Scan URL

URL: https://tyecho.epsilon.com/SonarEngine/T.aspx?l=C_0_29210_19140_1475699216
Title: Points Transfer

Search URL Search Domain Scan URL

URL: https://tyecho.epsilon.com/SonarEngine/T.aspx?l=C_0_29210_19141_1475699216
Title: Points Sharing

Search URL Search Domain Scan URL

URL: https://tyecho.epsilon.com/SonarEngine/T.aspx?l=C_0_29192_19135_1475699216
Title: Cash Rewards

Search URL Search Domain Scan URL

URL: https://tyecho.epsilon.com/SonarEngine/T.aspx?l=C_0_29192_19137_1475699216
Title: Statement Credit

Search URL Search Domain Scan URL

URL: https://tyecho.epsilon.com/SonarEngine/T.aspx?l=C_0_29192_19131_1475699216
Title: Payment Towards Mortgage

Search URL Search Domain Scan URL

URL: https://tyecho.epsilon.com/SonarEngine/T.aspx?l=C_0_29192_19132_1475699216
Title: Payment Towards Student Loan

Search URL Search Domain Scan URL

URL: https://tyecho.epsilon.com/SonarEngine/T.aspx?l=C_0_29192_19134_1475699216
Title: Charitable Contributions

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/login.do
Title: Citi

Search URL Search Domain Scan URL

URL: https://tyecho.epsilon.com/SonarEngine/T.aspx?l=C_0_29220_19121_1475699216
Title: FIND OUT HOW »

Search URL Search Domain Scan URL

URL: https://tyecho.epsilon.com/SonarEngine/T.aspx?l=C_0_29335_19300_1475699216
Title: MyTrips.

Search URL Search Domain Scan URL

URL: https://tyecho.epsilon.com/SonarEngine/T.aspx?l=C_0_29200_19125_1475699216
Title: Learn more »

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=CitiHelpsIdTheftVictims
Title: https://online.citi.com/US/JRS/pands/detail.do?ID=CitiHelpsIdTheftVictims

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/dataprivacyhub
Title: CA Privacy Hub

Search URL Search Domain Scan URL

URL: https://www.twitter.com/Citibank/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Citibank/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/citi

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://thankyou.citi.com/T/v500000174d9f614ad97b26af4bbe5cfc0/3bf2bdb046d54a330000021ef3a0bcd6/3bf2bdb0-46d5-4a33-94ae-df8336ca9242?__dU__=v0G4RBKTXg2Gs5BnssqDWhgDWVXpKy0GrsB2gabaYTn6rYFBs0LdIJkA==&__F__=v0fUYvjHMDjRPMSh3tviDHXIoXcPxvDgUUCCPvXMWoX_0JoZLAZABQF5BnkC6ALMKVVKovhFqYdDD49ef5aNnvp98by3al9No84Q2MDBpWyqIK6kq_BrTqifQF_BxXa8Awac7C7l1fJ1QgJ0WSBsLXf50HPuzrHyC1xy7dj_p4tWjwFrktzuwHOuuzrhlVEmyTc55oxGKhFK4uBS5LWWYTo9QnkjyQ6gC7y0plArSvj-uuTY3x8sQZLOpLLViaGuOrkxco5ckMHtngxxsas9mL6iy4dpqOnHn6lELmwtC-_8rINTW1MRXN2nzpZJM1ZdB3kuUgSiPpkrwQQFv5YO6gMXwli8ENMW3peBMU-15vn-0= HTTP 302
https://thankyou.citi.com/T/v500000174d9f614ad97b26af4bbe5cfc0/3bf2bdb046d54a330000021ef3a0bcd6/3bf2bdb0-46d5-4a33-94ae-df8336ca9242?__dU__=v0G4RBKTXg2Gs5BnssqDWhgDWVXpKy0GrsB2gabaYTn6rYFBs0LdIJkA==&__F__=v0fUYvjHMDjRPMSh3tviDHXIoXcPxvDgUUCCPvXMWoX_0JoZLAZABQF5BnkC6ALMKVVKovhFqYdDD49ef5aNnvp98by3al9No84Q2MDBpWyqIK6kq_BrTqifQF_BxXa8Awac7C7l1fJ1QgJ0WSBsLXf50HPuzrHyC1xy7dj_p4tWjwFrktzuwHOuuzrhlVEmyTc55oxGKhFK4uBS5LWWYTo9QnkjyQ6gC7y0plArSvj-uuTY3x8sQZLOpLLViaGuOrkxco5ckMHtngxxsas9mL6iy4dpqOnHn6lELmwtC-_8rINTW1MRXN2nzpZJM1ZdB3kuUgSiPpkrwQQFv5YO6gMXwli8ENMW3peBMU-15vn-0= HTTP 302
https://www.thankyou.com/cms.htm?pageName=security&src=TYUSENG Page URL
https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://thankyou.citi.com/T/v500000174d9f614ad97b26af4bbe5cfc0/3bf2bdb046d54a330000021ef3a0bcd6/3bf2bdb0-46d5-4a33-94ae-df8336ca9242?__dU__=v0G4RBKTXg2Gs5BnssqDWhgDWVXpKy0GrsB2gabaYTn6rYFBs0LdIJkA==&__F__=v0fUYvjHMDjRPMSh3tviDHXIoXcPxvDgUUCCPvXMWoX_0JoZLAZABQF5BnkC6ALMKVVKovhFqYdDD49ef5aNnvp98by3al9No84Q2MDBpWyqIK6kq_BrTqifQF_BxXa8Awac7C7l1fJ1QgJ0WSBsLXf50HPuzrHyC1xy7dj_p4tWjwFrktzuwHOuuzrhlVEmyTc55oxGKhFK4uBS5LWWYTo9QnkjyQ6gC7y0plArSvj-uuTY3x8sQZLOpLLViaGuOrkxco5ckMHtngxxsas9mL6iy4dpqOnHn6lELmwtC-_8rINTW1MRXN2nzpZJM1ZdB3kuUgSiPpkrwQQFv5YO6gMXwli8ENMW3peBMU-15vn-0= HTTP 302
https://thankyou.citi.com/T/v500000174d9f614ad97b26af4bbe5cfc0/3bf2bdb046d54a330000021ef3a0bcd6/3bf2bdb0-46d5-4a33-94ae-df8336ca9242?__dU__=v0G4RBKTXg2Gs5BnssqDWhgDWVXpKy0GrsB2gabaYTn6rYFBs0LdIJkA==&__F__=v0fUYvjHMDjRPMSh3tviDHXIoXcPxvDgUUCCPvXMWoX_0JoZLAZABQF5BnkC6ALMKVVKovhFqYdDD49ef5aNnvp98by3al9No84Q2MDBpWyqIK6kq_BrTqifQF_BxXa8Awac7C7l1fJ1QgJ0WSBsLXf50HPuzrHyC1xy7dj_p4tWjwFrktzuwHOuuzrhlVEmyTc55oxGKhFK4uBS5LWWYTo9QnkjyQ6gC7y0plArSvj-uuTY3x8sQZLOpLLViaGuOrkxco5ckMHtngxxsas9mL6iy4dpqOnHn6lELmwtC-_8rINTW1MRXN2nzpZJM1ZdB3kuUgSiPpkrwQQFv5YO6gMXwli8ENMW3peBMU-15vn-0= HTTP 302
https://www.thankyou.com/cms.htm?pageName=security&src=TYUSENG

Request Chain 47

https://metrics1.citibank.com/b/ss/citicitityprod/1/JS-2.14.0/s6981001104857?AQB=1&ndh=1&pf=1&t=29%2F8%2F2020%2016%3A30%3A32%202%20-120&fid=1B659BCB3FC791FD-17B26F09B38963B8&ce=UTF-8&ns=citinaconsumer&pageName=content%3Asecurity&g=https%3A%2F%2Fwww.thankyou.com%2Fcms%2Fthankyou%2Fsecurity.page%3FpageName%3Dsecurity%26src%3DTYUSENG&r=https%3A%2F%2Fwww.thankyou.com%2Fcms.htm%3FpageName%3Dsecurity%26src%3DTYUSENG&c.&language=ENG&.c&ch=epsilon&server=thankyou.com&events=event9&c1=epsilon&v1=content%3Asecurity&v2=Not%20Logged%20In&c3=content%3Asecurity&c4=ENG&c9=content%3Ainformation&v13=epsilon&v14=content%3Ainformation&v15=10%3A00AM&v16=Tuesday&v31=New&v32=1&c64=New&c65=1&c66=10%3A00AM&c67=Tuesday&c74=https%3A%2F%2Fwww.thankyou.com%2Fcms%2Fthankyou%2Fsecurity.page%3FpageName%3Dsecurity%26src%3DTYUSENG&c75=Citi%20TY%20AppMeasurement%202.14.0%20-%202019-AUG-15&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1 HTTP 302
https://metrics1.citibank.com/b/ss/citicitityprod/1/JS-2.14.0/s6981001104857?AQB=1&pccr=true&vidn=2FB9A2840515F335-60000B7A22B03E2F&ndh=1&pf=1&t=29%2F8%2F2020%2016%3A30%3A32%202%20-120&fid=1B659BCB3FC791FD-17B26F09B38963B8&ce=UTF-8&ns=citinaconsumer&pageName=content%3Asecurity&g=https%3A%2F%2Fwww.thankyou.com%2Fcms%2Fthankyou%2Fsecurity.page%3FpageName%3Dsecurity%26src%3DTYUSENG&r=https%3A%2F%2Fwww.thankyou.com%2Fcms.htm%3FpageName%3Dsecurity%26src%3DTYUSENG&c.&language=ENG&.c&ch=epsilon&server=thankyou.com&events=event9&c1=epsilon&v1=content%3Asecurity&v2=Not%20Logged%20In&c3=content%3Asecurity&c4=ENG&c9=content%3Ainformation&v13=epsilon&v14=content%3Ainformation&v15=10%3A00AM&v16=Tuesday&v31=New&v32=1&c64=New&c65=1&c66=10%3A00AM&c67=Tuesday&c74=https%3A%2F%2Fwww.thankyou.com%2Fcms%2Fthankyou%2Fsecurity.page%3FpageName%3Dsecurity%26src%3DTYUSENG&c75=Citi%20TY%20AppMeasurement%202.14.0%20-%202019-AUG-15&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1

70 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Cookie set cms.htm Show response
www.thankyou.com/
Redirect Chain

http://thankyou.citi.com/T/v500000174d9f614ad97b26af4bbe5cfc0/3bf2bdb046d54a330000021ef3a0bcd6/3bf2bdb0-46d5-4a33-94ae-df8336ca9242?__dU__=v0G4RBKTXg2Gs5BnssqDWhgDWVXpKy0GrsB2gabaYTn6rYFBs0LdIJkA==...
https://thankyou.citi.com/T/v500000174d9f614ad97b26af4bbe5cfc0/3bf2bdb046d54a330000021ef3a0bcd6/3bf2bdb0-46d5-4a33-94ae-df8336ca9242?__dU__=v0G4RBKTXg2Gs5BnssqDWhgDWVXpKy0GrsB2gabaYTn6rYFBs0LdIJkA=...
https://www.thankyou.com/cms.htm?pageName=security&src=TYUSENG

807 B
1 KB

783ms
169ms

Document
text/html

159.127.208.20
EPSILON-INTERACTIVE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thankyou.com/cms.htm?pageName=security&src=TYUSENG

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.127.208.20 , United States, ASN19137 (EPSILON-INTERACTIVE, US),

Reverse DNS

Software

Resource Hash

4fc9b9e306a97a74b6c8b1abd41161da088a2604e48aa5267afa63f82050db32

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Host: www.thankyou.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Date: Tue, 29 Sep 2020 14:30:29 GMT
Pragma: no-cache
Content-Length: 807
Content-Type: text/html; charset=UTF-8
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Language: us-ENG
Access-Control-Allow-Headers: x-tygr-token
Set-Cookie: CSESSIONID=2f39cb22933e437c83b2b03f2dc35824406aaad3b5bdf679eaae!2024023120; path=/; secure; HttpOnly
Access-Control-Allow-Credentials: true
X-FRAME-OPTIONS: SAMEORIGIN

Redirect headers

location: https://www.thankyou.com/cms.htm?pageName=security&src=TYUSENG
cache-control: no-cache
content-length: 0
date: Tue, 29 Sep 2020 14:30:29 GMT

POST
H/1.1 200
OK Primary Request security.page Show response
www.thankyou.com/cms/thankyou/ 47 KB
11 KB 363ms
362ms Document
text/html 159.127.208.20
EPSILON-INTERACTIVE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 159.127.208.20 , United States, ASN19137 (EPSILON-INTERACTIVE, US),
Reverse DNS
Software: /
Resource Hash: 3d2d84de6523760e119ab39344f33d06d98434733a5d37da19705601bc77677f

Request headers

Host: www.thankyou.com
Connection: keep-alive
Content-Length: 147
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
Origin: https://www.thankyou.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Referer: https://www.thankyou.com/cms.htm?pageName=security&src=TYUSENG
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: CSESSIONID=2f39cb22933e437c83b2b03f2dc35824406aaad3b5bdf679eaae!2024023120
Upgrade-Insecure-Requests: 1
Origin: https://www.thankyou.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.thankyou.com/cms.htm?pageName=security&src=TYUSENG

Response headers

Cache-Control: no-cache, no-store
Date: Tue, 29 Sep 2020 14:30:30 GMT
Pragma: no-cache
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
X-ORACLE-DMS-RID: 0
X-ORACLE-DMS-ECID: b7c9b135-b4a8-4bf1-9548-8caed8edbbd6-000667ad
Access-Control-Allow-Origin: https://www.thankyou.com
Content-Encoding: gzip

GET
H/1.1 200
OK tygr-framework.css
staticcontent.thankyou.com/cms/css/ui/ 39 KB
4 KB 282ms
45ms Stylesheet
text/css 163.171.128.172
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://staticcontent.thankyou.com/cms/css/ui/tygr-framework.css
Requested by: Host: www.thankyou.com
URL: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.128.172 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: 6f6e4f828874ea01899f4250abc8bde6886e5c0c69059add6ab19152a1bec5d8

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 29 Sep 2020 14:30:30 GMT
Content-Encoding: gzip
Last-Modified: Thu, 10 Oct 2019 12:56:06 GMT
Server: PWS/8.3.1.0.8
Age: 85403
X-Ws-Request-Id: 5f734506_PSdgflkfFRA1lr8_1354-47089
Content-Type: text/css
Via: 1.1 PSdgflkfFRA1bc200:4 (W), 1.1 PSdgflkfFRA1gd96:5 (W)
Cache-Control: max-age=86400
Transfer-Encoding: chunked
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Origin: *

GET
H/1.1 200
OK ty-custom.css
staticcontent.thankyou.com/cms/css/ui/ 134 KB
20 KB 286ms
49ms Stylesheet
text/css 163.171.128.172
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://staticcontent.thankyou.com/cms/css/ui/ty-custom.css
Requested by: Host: www.thankyou.com
URL: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.128.172 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: a648a22a4f116a4f428df6ed4e51dd716da90f2be3dde3de07d45f5dfc5c4532

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 29 Sep 2020 14:30:30 GMT
Content-Encoding: gzip
Last-Modified: Thu, 30 Apr 2020 11:16:13 GMT
Server: PWS/8.3.1.0.8
Age: 7471
X-Ws-Request-Id: 5f734506_PSdgflkfFRA1eq9_40015-40282
Content-Type: text/css
Via: 1.1 PSdgflkfFRA1bc200:1 (W), 1.1 PSdgflkfFRA1dm92:14 (W)
Cache-Control: max-age=86400
Transfer-Encoding: chunked
X-Cache-Spec: Yes
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Origin: *

GET
H/1.1 200
OK ty-privacy-security.css
staticcontent.thankyou.com/cms/css/ui/securityprivacy/ 29 KB
5 KB 281ms
44ms Stylesheet
text/css 163.171.128.172
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://staticcontent.thankyou.com/cms/css/ui/securityprivacy/ty-privacy-security.css
Requested by: Host: www.thankyou.com
URL: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.128.172 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: 79d138d3df10d7f292d21b93fcbeda366a635b6237c6ab911e4ebe7e4e6ff694

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 29 Sep 2020 14:30:30 GMT
Content-Encoding: gzip
Last-Modified: Mon, 20 Jan 2020 12:30:11 GMT
Server: PWS/8.3.1.0.8
Age: 27
X-Ws-Request-Id: 5f734506_PSdgflkfFRA1lr8_1354-47088
Content-Type: text/css
Via: 1.1 PSdgflkfFRA1bc200:2 (W), 1.1 PSdgflkfFRA1lr89:1 (W)
Cache-Control: max-age=86400
Transfer-Encoding: chunked
X-Cache-Spec: Yes
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Origin: *

GET
H/1.1 200
OK Citi-Thankyou.png
staticcontent.thankyou.com/cms/images/citirewards/ty/usa/ 2 KB
2 KB 279ms
42ms Image
image/png 163.171.128.172
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://staticcontent.thankyou.com/cms/images/citirewards/ty/usa/Citi-Thankyou.png
Requested by: Host: www.thankyou.com
URL: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.128.172 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: 0f5de2f9da1bb346abebdae4127db29e587095c66f3539b5eb8c392e853d3af3

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 29 Sep 2020 14:30:30 GMT
Via: 1.1 PSdgflkfFRA1bc200:5 (W), 1.1 PSdgflkfFRA1eq94:0 (W)
Last-Modified: Fri, 11 Sep 2015 00:09:35 GMT
Server: PWS/8.3.1.0.8
Age: 7470
X-Ws-Request-Id: 5f734506_PSdgflkfFRA1lr8_1016-33309
Content-Type: image/png
Cache-Control: max-age=86400
Transfer-Encoding: chunked
X-Cache-Spec: Yes
Connection: keep-alive
Accept-Ranges: bytes

GET
H/1.1 200
OK backtotop.png
staticcontent.thankyou.com/cms/images/citirewards/img/ 1 KB
1 KB 144ms
44ms Image
image/png 163.171.128.172
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://staticcontent.thankyou.com/cms/images/citirewards/img/backtotop.png
Requested by: Host: www.thankyou.com
URL: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.128.172 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: 7def235eaa7d19f32071cdb8d57c488a5fc6cd20dfac5ff3ad96a62417039e8a

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 29 Sep 2020 14:30:30 GMT
Content-Encoding: gzip
Last-Modified: Fri, 09 Dec 2016 08:22:32 GMT
Server: PWS/8.3.1.0.8
Age: 66599
X-Ws-Request-Id: 5f734506_PSdgflkfFRA1lr8_1989-28058
Content-Type: image/png
Via: 1.1 PSdgflkfFRA1hb199:6 (W), 1.1 PSdgflkfFRA1yq93:6 (W)
Cache-Control: max-age=86400
Transfer-Encoding: chunked
X-Cache-Spec: Yes
Connection: keep-alive
Accept-Ranges: bytes

GET
H/1.1 200
OK Citi.png
staticcontent.thankyou.com/cms/images/citirewards/ty/usa/ 3 KB
3 KB 143ms
43ms Image
image/png 163.171.128.172
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://staticcontent.thankyou.com/cms/images/citirewards/ty/usa/Citi.png
Requested by: Host: www.thankyou.com
URL: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.128.172 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: 4309d7bc448aa67cb5795e803fc6631f1d6216588613659beb7b1249c8973d00

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 29 Sep 2020 14:30:30 GMT
Via: 1.1 VMmgytldATL1ww103:1 (W), 1.1 PSdgflkfFRA1ox201:7 (W), 1.1 PSdgflkfFRA1je97:10 (W)
Last-Modified: Fri, 11 Sep 2015 00:09:36 GMT
Server: PWS/8.3.1.0.8
Age: 85403
X-Ws-Request-Id: 5f734506_PSdgflkfFRA1lr8_1740-40908
Content-Type: image/png
Cache-Control: max-age=86400
Transfer-Encoding: chunked
X-Cache-Spec: Yes
Connection: keep-alive
Accept-Ranges: bytes

GET
H/1.1 200
OK footer_twitter.png
staticcontent.thankyou.com/cms/images/citirewards/ty/usa// 1 KB
1 KB 45ms
43ms Image
image/png 163.171.128.172
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://staticcontent.thankyou.com/cms/images/citirewards/ty/usa//footer_twitter.png
Requested by: Host: www.thankyou.com
URL: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.128.172 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: 105a9922e9ef7cf323045e0f281ded6bf7153b05b27304709cfcd17d96e19cfa

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 29 Sep 2020 14:30:30 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Sep 2015 00:09:36 GMT
Server: PWS/8.3.1.0.8
Age: 6751
X-Ws-Request-Id: 5f734506_PSdgflkfFRA1lr8_1740-40913
Content-Type: image/png
Via: 1.1 PSdgflkfFRA1hb199:5 (W), 1.1 PSdgflkfFRA1bc95:5 (W)
Cache-Control: max-age=86400
Transfer-Encoding: chunked
X-Cache-Spec: Yes
Connection: keep-alive
Accept-Ranges: bytes

GET
H/1.1 200
OK footer_facebook.png
staticcontent.thankyou.com/cms/images/citirewards/ty/usa/ 1 KB
1 KB 55ms
43ms Image
image/png 163.171.128.172
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://staticcontent.thankyou.com/cms/images/citirewards/ty/usa/footer_facebook.png
Requested by: Host: www.thankyou.com
URL: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.128.172 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: 8b5d7437eafc39e962a3bcb774325caebd68c3fc8f1146f0dd9c9ec0b2d79f71

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 29 Sep 2020 14:30:30 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Sep 2015 00:09:35 GMT
Server: PWS/8.3.1.0.8
Age: 85403
X-Ws-Request-Id: 5f734506_PSdgflkfFRA1lr8_1016-33314
Content-Type: image/png
Via: 1.1 PSdgflkfFRA1bc200:1 (W), 1.1 PSdgflkfFRA1vg90:1 (W)
Cache-Control: max-age=86400
Transfer-Encoding: chunked
X-Cache-Spec: Yes
Connection: keep-alive
Accept-Ranges: bytes

GET
H/1.1 200
OK footer_youtube.png
staticcontent.thankyou.com/cms/images/citirewards/ty/usa/ 1 KB
2 KB 50ms
46ms Image
image/png 163.171.128.172
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://staticcontent.thankyou.com/cms/images/citirewards/ty/usa/footer_youtube.png
Requested by: Host: www.thankyou.com
URL: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.128.172 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: 2115a92c7b90329f5b009f5df20a882e9c23b04466548d3b603f3fdee411dadf

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 29 Sep 2020 14:30:30 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Sep 2015 00:09:35 GMT
Server: PWS/8.3.1.0.8
Age: 6751
X-Ws-Request-Id: 5f734506_PSdgflkfFRA1eq9_40015-40286
Content-Type: image/png
Via: 1.1 PSdgflkfFRA1bc200:5 (W), 1.1 PSdgflkfFRA1bc95:5 (W)
Cache-Control: max-age=86400
Transfer-Encoding: chunked
X-Cache-Spec: Yes
Connection: keep-alive
Accept-Ranges: bytes

GET
H/1.1 200
OK tygr-framework-lib.js Show response
staticcontent.thankyou.com/cms/js/ui/ 864 KB
249 KB 60ms
57ms Script
text/javascript 163.171.128.172
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://staticcontent.thankyou.com/cms/js/ui/tygr-framework-lib.js
Requested by: Host: www.thankyou.com
URL: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.128.172 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: 835997f07e8d11c15ad1c0a28fbc69a258ba437ce4b0e04ded9426ea92a20a64

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 29 Sep 2020 14:30:30 GMT
Content-Encoding: gzip
Last-Modified: Tue, 19 Mar 2019 11:09:29 GMT
Server: PWS/8.3.1.0.8
Age: 72605
X-Ws-Request-Id: 5f734506_PSdgflkfFRA1lr8_1354-47097
Content-Type: text/javascript
Via: 1.1 VMmgdlsDAL1jx139:4 (W), 1.1 PSdgflkfFRA1bc200:2 (W), 1.1 PSdgflkfFRA1gd96:1 (W)
Cache-Control: max-age=86400
Transfer-Encoding: chunked
X-Cache-Spec: Yes
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Origin: *

GET
H/1.1 200
OK ty-custom.js Show response
staticcontent.thankyou.com/cms/js/ui/ 101 KB
23 KB 52ms
50ms Script
text/javascript 163.171.128.172
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://staticcontent.thankyou.com/cms/js/ui/ty-custom.js
Requested by: Host: www.thankyou.com
URL: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.128.172 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: d016fe7ac74d46d8d3109ba8c828d78708256db68b645cc1e51602b392027c12

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 29 Sep 2020 14:30:30 GMT
Content-Encoding: gzip
Last-Modified: Sun, 21 Jun 2020 05:53:21 GMT
Server: PWS/8.3.1.0.8
Age: 85403
X-Ws-Request-Id: 5f734506_PSdgflkfFRA1lr8_1354-47096
Content-Type: text/javascript
Via: 1.1 PSdgflkfFRA1bc200:4 (W), 1.1 PSdgflkfFRA1gd96:14 (W)
Cache-Control: max-age=86400
Transfer-Encoding: chunked
X-Cache-Spec: Yes
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Origin: *

GET
H/1.1 200
OK ty-privacy-security.js Show response
staticcontent.thankyou.com/cms/js/ui/securityprivacy/ 29 KB
8 KB 427ms
425ms Script
text/javascript 163.171.128.172
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://staticcontent.thankyou.com/cms/js/ui/securityprivacy/ty-privacy-security.js
Requested by: Host: www.thankyou.com
URL: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.128.172 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: 9afef8f56792c6b57add71e9925abe4d965068274aa0b08e873f4aabcad98562

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 29 Sep 2020 14:30:31 GMT
Content-Encoding: gzip
Last-Modified: Wed, 22 Jul 2020 11:57:41 GMT
Server: PWS/8.3.1.0.8
X-Ws-Request-Id: 5f734506_PSdgflkfFRA1lr8_1989-28062
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Transfer-Encoding: chunked
X-Cache-Spec: Yes
Connection: keep-alive
Accept-Ranges: bytes
Via: 1.1 PSdgflkfFRA1hb199:9 (W), 1.1 PSdgflkfFRA1eq94:8 (W)

GET
H/1.1 200
OK side-link-shopping-bag.jpg
staticcontent.thankyou.com/cms/images/citirewards/ty/usa/ 8 KB
8 KB 49ms
48ms Image
image/jpeg 163.171.128.172
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://staticcontent.thankyou.com/cms/images/citirewards/ty/usa/side-link-shopping-bag.jpg
Requested by: Host: staticcontent.thankyou.com
URL: https://staticcontent.thankyou.com/cms/css/ui/ty-custom.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.128.172 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: 47ead856cee3697b0b28c6c8c151dd3fef9b106f833bff804381a32795c952a9

Request headers

Referer: https://staticcontent.thankyou.com/cms/css/ui/ty-custom.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 29 Sep 2020 14:30:30 GMT
Content-Encoding: gzip
Last-Modified: Mon, 02 Nov 2015 15:46:57 GMT
Server: PWS/8.3.1.0.8
Age: 7470
X-Ws-Request-Id: 5f734506_PSdgflkfFRA1lr8_1740-40916
Content-Type: image/jpeg
Via: 1.1 PSdgflkfFRA1ox201:6 (W), 1.1 PSdgflkfFRA1dm92:5 (W)
Cache-Control: max-age=86400
Transfer-Encoding: chunked
X-Cache-Spec: Yes
Connection: keep-alive
Accept-Ranges: bytes

GET
H/1.1 200
OK side_link_shop_bg.jpg
staticcontent.thankyou.com/cms/images/citirewards/ty/usa/ 8 KB
7 KB 49ms
48ms Image
image/jpeg 163.171.128.172
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://staticcontent.thankyou.com/cms/images/citirewards/ty/usa/side_link_shop_bg.jpg
Requested by: Host: staticcontent.thankyou.com
URL: https://staticcontent.thankyou.com/cms/css/ui/ty-custom.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.128.172 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: be52e1530f33d5019477bb4d06e23ba493178db44aaaa21e5d9b7ee6e4b95084

Request headers

Referer: https://staticcontent.thankyou.com/cms/css/ui/ty-custom.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 29 Sep 2020 14:30:30 GMT
Content-Encoding: gzip
Last-Modified: Fri, 11 Sep 2015 00:09:35 GMT
Server: PWS/8.3.1.0.8
Age: 18536
X-Ws-Request-Id: 5f734506_PSdgflkfFRA1lr8_1354-47104
Content-Type: image/jpeg
Via: 1.1 PSdgflkfFRA1hb199:10 (W), 1.1 PSdgflkfFRA1lr89:8 (W)
Cache-Control: max-age=86400
Transfer-Encoding: chunked
X-Cache-Spec: Yes
Connection: keep-alive
Accept-Ranges: bytes

GET
H/1.1 200
OK Interstate-Light.woff
staticcontent.thankyou.com/cms/fonts/citirewards/ty/usa/ 74 KB
74 KB 135ms
48ms Font
application/octet-stream 163.171.128.172
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://staticcontent.thankyou.com/cms/fonts/citirewards/ty/usa/Interstate-Light.woff
Requested by: Host: staticcontent.thankyou.com
URL: https://staticcontent.thankyou.com/cms/css/ui/ty-custom.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.128.172 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296

Request headers

Origin: https://www.thankyou.com
Referer: https://staticcontent.thankyou.com/cms/css/ui/ty-custom.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 29 Sep 2020 14:30:30 GMT
Via: 1.1 VMmgzjgORD1vz68:0 (W), 1.1 PSdgflkfFRA1ox201:1 (W), 1.1 PSdgflkfFRA1lr89:10 (W)
Last-Modified: Sun, 16 Oct 2016 14:57:01 GMT
Server: PWS/8.3.1.0.8
Age: 85402
X-Ws-Request-Id: 5f734506_PSdgflkfFRA1eq9_39931-33745
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Transfer-Encoding: chunked
X-Cache-Spec: Yes
Connection: keep-alive
Accept-Ranges: bytes

GET
H/1.1 200
OK bg-shadow-top.png
staticcontent.citirewards.com/cms/images/citirewards/ 1 KB
2 KB 208ms
47ms Image
image/png 163.171.128.172
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://staticcontent.citirewards.com/cms/images/citirewards/bg-shadow-top.png
Requested by: Host: staticcontent.thankyou.com
URL: https://staticcontent.thankyou.com/cms/css/ui/ty-custom.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.128.172 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: 7336ccd85b52a994f2a3bc591738505f79de908f28824a787cc33c377f808045

Request headers

Referer: https://staticcontent.thankyou.com/cms/css/ui/ty-custom.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 29 Sep 2020 14:30:30 GMT
Content-Encoding: gzip
Last-Modified: Tue, 05 Apr 2016 23:24:11 GMT
Server: PWS/8.3.1.0.8
Age: 7356
X-Ws-Request-Id: 5f734506_PSdgflkfFRA1eq9_39931-33749
Content-Type: image/png
Via: 1.1 PSdgflkfFRA1ox201:8 (W), 1.1 PSdgflkfFRA1eq94:11 (W)
Cache-Control: max-age=86400
Transfer-Encoding: chunked
X-Cache-Spec: Yes
Connection: keep-alive
Accept-Ranges: bytes

GET
H/1.1 200
OK Interstate-Regular.woff
staticcontent.thankyou.com/cms/fonts/citirewards/ty/usa/ 77 KB
77 KB 123ms
41ms Font
application/octet-stream 163.171.128.172
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://staticcontent.thankyou.com/cms/fonts/citirewards/ty/usa/Interstate-Regular.woff
Requested by: Host: staticcontent.thankyou.com
URL: https://staticcontent.thankyou.com/cms/css/ui/ty-custom.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.128.172 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: 045cd226594cb32ddf9d4db8ee45611f4d0788675ae50180b68da975e66fe1fe

Request headers

Origin: https://www.thankyou.com
Referer: https://staticcontent.thankyou.com/cms/css/ui/ty-custom.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 29 Sep 2020 14:30:30 GMT
Via: 1.1 VMmgdlsDAL1jx139:4 (W), 1.1 PSdgflkfFRA1ox201:9 (W), 1.1 PSdgflkfFRA1yq93:6 (W)
Last-Modified: Sun, 16 Oct 2016 14:57:03 GMT
Server: PWS/8.3.1.0.8
Age: 85402
X-Ws-Request-Id: 5f734506_PSdgflkfFRA1lr8_1207-30852
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Transfer-Encoding: chunked
X-Cache-Spec: Yes
Connection: keep-alive
Accept-Ranges: bytes

GET
H/1.1 200
OK glyphs.woff
staticcontent.thankyou.com/cms/fonts/citirewards/ty/usa/ 8 KB
8 KB 132ms
44ms Font
application/octet-stream 163.171.128.172
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://staticcontent.thankyou.com/cms/fonts/citirewards/ty/usa/glyphs.woff
Requested by: Host: staticcontent.thankyou.com
URL: https://staticcontent.thankyou.com/cms/css/ui/ty-custom.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.128.172 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: c380686de9982b77804fe1bbe3b4908115e40a42ab9de638bbaf17becace7e37

Request headers

Origin: https://www.thankyou.com
Referer: https://staticcontent.thankyou.com/cms/css/ui/ty-custom.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 29 Sep 2020 14:30:30 GMT
Via: 1.1 VMmgasbIAD1pn58:3 (W), 1.1 PSdgflkfFRA1bc200:10 (W), 1.1 PSdgflkfFRA1eq94:2 (W)
Last-Modified: Sun, 16 Oct 2016 14:56:51 GMT
Server: PWS/8.3.1.0.8
Age: 7706
X-Ws-Request-Id: 5f734506_PSdgflkfFRA1lr8_800-3371
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Transfer-Encoding: chunked
X-Cache-Spec: Yes
Connection: keep-alive
Accept-Ranges: bytes

GET
H/1.1 200
OK Interstate-ExtraLight.woff
staticcontent.thankyou.com/cms/fonts/citirewards/ty/usa/ 38 KB
38 KB 148ms
53ms Font
application/octet-stream 163.171.128.172
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://staticcontent.thankyou.com/cms/fonts/citirewards/ty/usa/Interstate-ExtraLight.woff
Requested by: Host: staticcontent.thankyou.com
URL: https://staticcontent.thankyou.com/cms/css/ui/ty-custom.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.128.172 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: 9a93b0d48f5d73e23d7eff3e2c5f855b84398c37939253ce5eb3c2873a99a8bc

Request headers

Origin: https://www.thankyou.com
Referer: https://staticcontent.thankyou.com/cms/css/ui/ty-custom.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 29 Sep 2020 14:30:30 GMT
Via: 1.1 PSmgnyNY2er187:5 (W), 1.1 PSdgflkfFRA1hb199:3 (W), 1.1 PSdgflkfFRA1yq93:8 (W)
Last-Modified: Sun, 16 Oct 2016 14:56:59 GMT
Server: PWS/8.3.1.0.8
Age: 83691
X-Ws-Request-Id: 5f734506_PSdgflkfFRA1eq9_40252-47948
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Transfer-Encoding: chunked
Connection: keep-alive
Accept-Ranges: bytes

GET
H/1.1 200
OK Interstate-Bold.woff
staticcontent.thankyou.com/cms/fonts/citirewards/ty/usa/ 70 KB
71 KB 147ms
51ms Font
application/octet-stream 163.171.128.172
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://staticcontent.thankyou.com/cms/fonts/citirewards/ty/usa/Interstate-Bold.woff
Requested by: Host: staticcontent.thankyou.com
URL: https://staticcontent.thankyou.com/cms/css/ui/ty-custom.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.128.172 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7

Request headers

Origin: https://www.thankyou.com
Referer: https://staticcontent.thankyou.com/cms/css/ui/ty-custom.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 29 Sep 2020 14:30:30 GMT
Via: 1.1 PSdgflkfFRA1ox201:4 (W), 1.1 PSdgflkfFRA1je97:9 (W)
Last-Modified: Sun, 16 Oct 2016 14:56:58 GMT
Server: PWS/8.3.1.0.8
Age: 67077
X-Ws-Request-Id: 5f734506_PSdgflkfFRA1lr8_800-3372
Access-Control-Allow-Origin: *
Cache-Control: max-age=86400
Transfer-Encoding: chunked
Connection: keep-alive
Accept-Ranges: bytes

GET
H2 200 tag.js Show response
lptag.liveperson.net/tag/ 18 KB
7 KB 175ms
48ms Script
application/javascript 178.249.101.23
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lptag.liveperson.net/tag/tag.js?site=50929468
Requested by: Host: staticcontent.thankyou.com
URL: https://staticcontent.thankyou.com/cms/js/ui/ty-custom.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.249.101.23 , Netherlands, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: ws /
Resource Hash: cc490a8ef7deb4c7fba66f332ad8cdd39433675b95d2bd341300ab7b718f8e4e

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 29 Sep 2020 14:30:31 GMT
content-encoding: gzip
last-modified: Tue, 21 Aug 2018 07:47:45 GMT
server: ws
etag: "5b7bc3a1-198d"
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
status: 200
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: public, max-age=630
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
content-length: 6541

GET
H/1.1 200
OK tyMemberInfo.htm Show response
www.thankyou.com/ 379 B
840 B 489ms
167ms Script
application/json 159.127.208.20
EPSILON-INTERACTIVE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thankyou.com/tyMemberInfo.htm?memberid=&callback=&callback=memberInfo&_=1601389831077

Requested by

Host: staticcontent.thankyou.com
URL: https://staticcontent.thankyou.com/cms/js/ui/tygr-framework-lib.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.127.208.20 , United States, ASN19137 (EPSILON-INTERACTIVE, US),

Reverse DNS

Software

Resource Hash

4a55544c4872275aae21c1ab984d8876141f4cac0bc657d0c10d03a4f880307f

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 29 Sep 2020 14:30:31 GMT
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: application/json; charset=utf-8
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: x-tygr-token
Content-Length: 379
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK getCartCount.htm Show response
www.thankyou.com/ 32 B
478 B 480ms
165ms XHR
application/json 159.127.208.20
EPSILON-INTERACTIVE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thankyou.com/getCartCount.htm?memberid=&tiercode=CTHNKYUCD&countryCode=US&callback=&callback=cartCount&_=1601389831078

Requested by

Host: staticcontent.thankyou.com
URL: https://staticcontent.thankyou.com/cms/js/ui/tygr-framework-lib.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.127.208.20 , United States, ASN19137 (EPSILON-INTERACTIVE, US),

Reverse DNS

Software

Resource Hash

2fff571aa512d029f255ddc07a78cbd3a85dd125db144c8886b8a23cc2e6bfd4

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

Pragma: no-cache
Date: Tue, 29 Sep 2020 14:30:31 GMT
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: application/json
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: x-tygr-token
Content-Length: 32
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK sonarContent.htm Show response
www.thankyou.com/ 14 KB
14 KB 518ms
202ms XHR
application/json 159.127.208.20
EPSILON-INTERACTIVE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thankyou.com/sonarContent.htm?GuestID=0&GuestType=IM&Destination=TYRD&Touchpoint=TYRMM&Location=TYHDR&Brand=&Style=citismart&PriorityOnlyFlag=&ProductionFlag=Y&EnforceEventTypes=&SupressEventTypes=&ExternalData=%3CREQUEST_ORIGIN%3EWeb%3C%2FREQUEST_ORIGIN%3E%3CWEB_SESSION_STATE%3Eanonymous%3C%2FWEB_SESSION_STATE%3E%3CLOCATION%3ETYHDR%3C%2FLOCATION%3E%3CSRC_CODE%3EENG%3C%2FSRC_CODE%3E&callback&callback=sonarContent&_=1601389831079

Requested by

Host: staticcontent.thankyou.com
URL: https://staticcontent.thankyou.com/cms/js/ui/tygr-framework-lib.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.127.208.20 , United States, ASN19137 (EPSILON-INTERACTIVE, US),

Reverse DNS

Software

Resource Hash

85f8d359a2c462623cecc34104f31bffc4ef82dbd512e6e670539571041b3f93

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

Pragma: no-cache
Date: Tue, 29 Sep 2020 14:30:31 GMT
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: application/json
Cache-Control: no-cache, no-store, must-revalidate
Transfer-Encoding: chunked
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: x-tygr-token
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK ic-minus.png
www.thankyou.com//images/chat-overlay/overlay/ 191 B
361 B 482ms
161ms Image
image/png 159.127.208.20
EPSILON-INTERACTIVE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.thankyou.com//images/chat-overlay/overlay/ic-minus.png
Requested by: Host: www.thankyou.com
URL: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 159.127.208.20 , United States, ASN19137 (EPSILON-INTERACTIVE, US),
Reverse DNS
Software: /
Resource Hash: 557b15f6c62e4d44850eb4b8c56d81785a8a335f840ca8cba6562f43823186ef

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 29 Sep 2020 14:30:31 GMT
Last-Modified: Wed, 17 Jul 2019 21:11:20 GMT
Accept-Ranges: bytes
Content-Length: 191
Content-Type: image/png

GET
H/1.1 200
OK sessionHeartBeat.htm
www.thankyou.com/ 0
444 B 496ms
168ms Image
application/json 159.127.208.20
EPSILON-INTERACTIVE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.thankyou.com/sessionHeartBeat.htm?var=1601389831356

Requested by

Host: www.thankyou.com
URL: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.127.208.20 , United States, ASN19137 (EPSILON-INTERACTIVE, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 29 Sep 2020 14:30:31 GMT
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: application/json
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: x-tygr-token
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 .jsonp Show response
lptag.liveperson.net/lptag/api/account/50929468/configuration/applications/taglets/ 284 KB
103 KB 62ms
61ms Script
application/x-javascript 178.249.101.23
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lptag.liveperson.net/lptag/api/account/50929468/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=thank%20you%20rewards&b=1
Requested by: Host: staticcontent.thankyou.com
URL: https://staticcontent.thankyou.com/cms/js/ui/ty-custom.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.249.101.23 , Netherlands, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: ws /
Resource Hash: b68fbc5c58162cb437715aaa6a7884d56104e7293a893cdcb45938a19bad176c

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 29 Sep 2020 14:30:31 GMT
content-encoding: gzip
server: ws
x-cache-status: EXPIRED
access-control-allow-methods: GET, POST, PATCH
content-type: application/x-javascript
status: 200
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: public, max-age=630
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

GET
H2 200 / Show response
lp-01.chat.online.citi.com/api/account/50929468/configuration/setting/accountproperties/ 4 KB
1 KB 152ms
17ms Script
application/javascript 2a03:6400:10:0:178:249:97:99
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lp-01.chat.online.citi.com/api/account/50929468/configuration/setting/accountproperties/?cb=lpCb75558x26796
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/50929468/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=thank%20you%20rewards&b=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a03:6400:10:0:178:249:97:99 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: ws /
Resource Hash: 975084955e73edada4dfd21d6c556c6bfd8d3836d62c1c7246af694d2ac77a98

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 29 Sep 2020 14:30:31 GMT
content-encoding: gzip
server: ws
x-cache-status: HIT
vary: Accept
content-type: application/javascript
status: 200
x-envoy-upstream-service-time: 1
expires: Tue, 29 Sep 2020 14:30:49 GMT

GET
H/1.1 200
OK taglet_v2.2.js Show response
static-assets.fs.liveperson.com/citi/taglets/ 9 KB
3 KB 169ms
109ms Script
application/javascript 54.239.192.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static-assets.fs.liveperson.com/citi/taglets/taglet_v2.2.js
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/50929468/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=thank%20you%20rewards&b=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 54.239.192.34 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5fed06c270b4eefc001f362ca7a78b8a5430441b61a9389b7e591224b786503c

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
Date: Tue, 29 Sep 2020 14:30:31 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Mon, 28 Sep 2020 22:10:53 GMT
Server: AmazonS3
X-Amz-Cf-Pop: WAW50-C1
ETag: "d35e506baa0d5dac1b4b7bd03dd096af"
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Via: 1.1 c35525724b74ec2ec80741ffbf1ff218.cloudfront.net (CloudFront)
Connection: keep-alive
X-Amz-Cf-Id: upCsqnYZaIg87IyhABSZDOuDdoN60QhT6XZez5tW9FuVOAI5X9GJxg==

GET
H2 200 zones Show response
lp-01.chat.online.citi.com/api/account/50929468/configuration/le-campaigns/ 5 KB
1020 B 154ms
32ms Script
application/javascript 2a03:6400:10:0:178:249:97:99
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lp-01.chat.online.citi.com/api/account/50929468/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/50929468/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=thank%20you%20rewards&b=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a03:6400:10:0:178:249:97:99 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: ws /
Resource Hash: 4e4ab72725ca42cc6c17f9f590583a9cee49c62e570be8734ee1107bffc3a200

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 29 Sep 2020 14:30:31 GMT
content-encoding: gzip
server: ws
x-cache-status: HIT
vary: Accept
content-type: application/javascript
status: 200
x-envoy-upstream-service-time: 1
expires: Tue, 29 Sep 2020 14:31:27 GMT

GET
H/1.1 200
OK bg-gradient-header.jpg
staticcontent.thankyou.com/cms/images/citirewards/ty/usa/ 1 KB
2 KB 43ms
43ms Image
image/jpeg 163.171.128.172
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://staticcontent.thankyou.com/cms/images/citirewards/ty/usa/bg-gradient-header.jpg
Requested by: Host: staticcontent.thankyou.com
URL: https://staticcontent.thankyou.com/cms/css/ui/ty-custom.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.128.172 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: 879dc3db3d8c775239b28a16801ed4fc2b11e920b97dc1692e192c5c6711eb6c

Request headers

Referer: https://staticcontent.thankyou.com/cms/css/ui/ty-custom.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 29 Sep 2020 14:30:31 GMT
Via: 1.1 PSdgflkfFRA1bc200:0 (W), 1.1 PSdgflkfFRA1vg90:13 (W)
Last-Modified: Mon, 02 Nov 2015 15:46:49 GMT
Server: PWS/8.3.1.0.8
Age: 77660
X-Ws-Request-Id: 5f734507_PSdgflkfFRA1lr8_1989-28133
Content-Type: image/jpeg
Cache-Control: max-age=86400
Transfer-Encoding: chunked
X-Cache-Spec: Yes
Connection: keep-alive
Accept-Ranges: bytes

GET
H/1.1 200
OK Ensighten_Bootstrap_TY.js Show response
www.thankyou.com/cms/js/citirewards/ty/usa/ 721 B
920 B 162ms
161ms Script
text/javascript 159.127.208.20
EPSILON-INTERACTIVE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.thankyou.com/cms/js/citirewards/ty/usa/Ensighten_Bootstrap_TY.js
Requested by: Host: staticcontent.thankyou.com
URL: https://staticcontent.thankyou.com/cms/js/ui/ty-custom.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 159.127.208.20 , United States, ASN19137 (EPSILON-INTERACTIVE, US),
Reverse DNS
Software: /
Resource Hash: 1f099b989771195014f11ecadea0f787ca5c297f1b141d8aa7925ec08f04a10b

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 29 Sep 2020 14:30:31 GMT
Last-Modified: Wed, 18 Jul 2018 12:46:06 GMT
Accept-Ranges: bytes
Transfer-Encoding: chunked
Content-Type: text/javascript

GET
H2 200 Bootstrap.js Show response
nexus.ensighten.com/citi/typrod/ 53 KB
16 KB 239ms
105ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/typrod/Bootstrap.js
Requested by: Host: www.thankyou.com
URL: https://www.thankyou.com/cms/js/citirewards/ty/usa/Ensighten_Bootstrap_TY.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: eac41ad002a2b245a44a41b0af7cd2dca349f4ab79b7010f1f47e1714dd091e9

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 29 Sep 2020 14:30:32 GMT
content-encoding: gzip
last-modified: Sun, 23 Aug 2020 04:07:50 GMT
server: nginx
etag: W/"5f41eb96-d5e9"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=300

GET
H/1.1 200
OK side-link-information-circle.svg
staticcontent.thankyou.com/cms/images/citirewards/ty/usa/ 368 B
785 B 43ms
42ms Image
image/svg+xml 163.171.128.172
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://staticcontent.thankyou.com/cms/images/citirewards/ty/usa/side-link-information-circle.svg
Requested by: Host: staticcontent.thankyou.com
URL: https://staticcontent.thankyou.com/cms/css/ui/ty-custom.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.128.172 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: 4daf57d8a3a0be5a17f7a8790d3df24304ba19d41d1ec7dd5da430abd6c27157

Request headers

Referer: https://staticcontent.thankyou.com/cms/css/ui/ty-custom.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 29 Sep 2020 14:30:32 GMT
Via: 1.1 PSdgflkfFRA1bc200:0 (W), 1.1 PSdgflkfFRA1lr89:7 (W)
Last-Modified: Tue, 31 Mar 2020 17:28:03 GMT
Server: PWS/8.3.1.0.8
Age: 83692
X-Ws-Request-Id: 5f734508_PSdgflkfFRA1lr8_1989-28163
Content-Type: image/svg+xml
Cache-Control: max-age=86400
Transfer-Encoding: chunked
X-Cache-Spec: Yes
Connection: keep-alive
Accept-Ranges: bytes

GET
H/1.1 200
OK side_link_redeem_bg.jpg
staticcontent.thankyou.com/cms/images/citirewards/ty/usa/ 7 KB
6 KB 44ms
44ms Image
image/jpeg 163.171.128.172
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://staticcontent.thankyou.com/cms/images/citirewards/ty/usa/side_link_redeem_bg.jpg
Requested by: Host: staticcontent.thankyou.com
URL: https://staticcontent.thankyou.com/cms/css/ui/ty-custom.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.128.172 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: 98d29b8c4be2ed6953237a1468a683182806c62ec53cd6856e18607db45bbce1

Request headers

Referer: https://staticcontent.thankyou.com/cms/css/ui/ty-custom.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 29 Sep 2020 14:30:32 GMT
Content-Encoding: gzip
Last-Modified: Mon, 02 Nov 2015 15:46:57 GMT
Server: PWS/8.3.1.0.8
Age: 83692
X-Ws-Request-Id: 5f734508_PSdgflkfFRA1lr8_1354-47210
Content-Type: image/jpeg
Via: 1.1 PSdgflkfFRA1bc200:6 (W), 1.1 PSdgflkfFRA1yq93:6 (W)
Cache-Control: max-age=86400
Transfer-Encoding: chunked
X-Cache-Spec: Yes
Connection: keep-alive
Accept-Ranges: bytes

GET
H/1.1 200
OK sonarContent.htm Show response
www.thankyou.com/ 7 KB
7 KB 206ms
204ms XHR
application/json 159.127.208.20
EPSILON-INTERACTIVE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.thankyou.com/sonarContent.htm?GuestID=0&GuestType=IM&Destination=TYRD&Touchpoint=TYRMM&Location=TYHPR&Brand=&Style=citismart&PriorityOnlyFlag=&ProductionFlag=Y&EnforceEventTypes=&SupressEventTypes=&ExternalData=%3CREQUEST_ORIGIN%3EWeb%3C%2FREQUEST_ORIGIN%3E%3CWEB_SESSION_STATE%3Eanonymous%3C%2FWEB_SESSION_STATE%3E%3CLOCATION%3ETYHPR%3C%2FLOCATION%3E%3CSRC_CODE%3EENG%3C%2FSRC_CODE%3E&callback=sonarContent&callback=sonarContent&_=1601389831080

Requested by

Host: staticcontent.thankyou.com
URL: https://staticcontent.thankyou.com/cms/js/ui/tygr-framework-lib.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.127.208.20 , United States, ASN19137 (EPSILON-INTERACTIVE, US),

Reverse DNS

Software

Resource Hash

6eb6c0e12273b2b589fa77a26afd1d0fa5afd3a32583e9628871027d67fda4f3

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

Pragma: no-cache
Date: Tue, 29 Sep 2020 14:30:32 GMT
X-FRAME-OPTIONS: SAMEORIGIN
Content-Type: application/json
Access-Control-Allow-Origin
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: x-tygr-token
Content-Length: 6989
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK pwp-more-ways-to-redeem.jpg
staticcontent.thankyou.com/cms/images/citirewards/ty/usa/ 16 KB
16 KB 49ms
47ms Image
image/jpeg 163.171.128.172
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://staticcontent.thankyou.com/cms/images/citirewards/ty/usa/pwp-more-ways-to-redeem.jpg
Requested by: Host: www.thankyou.com
URL: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.128.172 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: b96110f98315ea68474d2dec577e4e59cc7276f197e6c8a74be4c07964d4496d

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 29 Sep 2020 14:30:32 GMT
Via: 1.1 PSdgflkfFRA1bc200:2 (W), 1.1 PSdgflkfFRA1je97:10 (W)
Last-Modified: Thu, 28 Mar 2019 11:10:40 GMT
Server: PWS/8.3.1.0.8
Age: 83692
X-Ws-Request-Id: 5f734508_PSdgflkfFRA1lr8_1354-47211
Content-Type: image/jpeg
Cache-Control: max-age=86400
Transfer-Encoding: chunked
X-Cache-Spec: Yes
Connection: keep-alive
Accept-Ranges: bytes

GET
H/1.1 200
OK imp_C_29200_0_1475699216.jpg
tyecho.epsilon.com/SonarEngine/ 631 B
876 B 779ms
162ms Image
image/jpg 159.127.208.21
EPSILON-INTERACTIVE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tyecho.epsilon.com/SonarEngine/imp_C_29200_0_1475699216.jpg

Requested by

Host: www.thankyou.com
URL: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

159.127.208.21 , United States, ASN19137 (EPSILON-INTERACTIVE, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

592940666137da705db11558b5601579abf2e044ff4a62c81f1f386bbce6e101

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 29 Sep 2020 14:30:21 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Content-Type: IMAGE/jpg
Cache-Control: private, no-store
Content-Length: 631

GET
H/1.1 200
OK sonar-megamenu-shop-with-points.jpg
staticcontent.thankyou.com/cms/images/citirewards/ty/usa/ 29 KB
29 KB 45ms
43ms Image
image/jpeg 163.171.128.172
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://staticcontent.thankyou.com/cms/images/citirewards/ty/usa/sonar-megamenu-shop-with-points.jpg
Requested by: Host: www.thankyou.com
URL: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 163.171.128.172 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: PWS/8.3.1.0.8 /
Resource Hash: b7bb45628b609763291068b17a190c3973d0c18902e4c7bf90b33d6bc38c7dc7

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 29 Sep 2020 14:30:32 GMT
Content-Encoding: gzip
Last-Modified: Fri, 09 Nov 2018 09:56:35 GMT
Server: PWS/8.3.1.0.8
Age: 7469
X-Ws-Request-Id: 5f734508_PSdgflkfFRA1lr8_1740-41005
Content-Type: image/jpeg
Via: 1.1 PSdgflkfFRA1bc200:7 (W), 1.1 PSdgflkfFRA1bc95:8 (W)
Cache-Control: max-age=86400
Transfer-Encoding: chunked
X-Cache-Spec: Yes
Connection: keep-alive
Accept-Ranges: bytes

GET
H/1.1 200
OK imp_C_29220_0_1475699216.jpg
tyecho.epsilon.com/SonarEngine/ 631 B
876 B 797ms
166ms Image
image/jpg 159.127.208.21
EPSILON-INTERACTIVE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tyecho.epsilon.com/SonarEngine/imp_C_29220_0_1475699216.jpg

Requested by

Host: www.thankyou.com
URL: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

159.127.208.21 , United States, ASN19137 (EPSILON-INTERACTIVE, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

592940666137da705db11558b5601579abf2e044ff4a62c81f1f386bbce6e101

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 29 Sep 2020 14:30:07 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Content-Type: IMAGE/jpg
Cache-Control: private, no-store
Content-Length: 631

GET
H/1.1 200
OK imp_C_29335_0_1475699216.jpg
tyecho.epsilon.com/SonarEngine/ 631 B
876 B 801ms
167ms Image
image/jpg 159.127.208.21
EPSILON-INTERACTIVE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tyecho.epsilon.com/SonarEngine/imp_C_29335_0_1475699216.jpg

Requested by

Host: www.thankyou.com
URL: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

159.127.208.21 , United States, ASN19137 (EPSILON-INTERACTIVE, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

592940666137da705db11558b5601579abf2e044ff4a62c81f1f386bbce6e101

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 29 Sep 2020 14:30:07 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Frame-Options: SAMEORIGIN
Content-Type: IMAGE/jpg
Cache-Control: private, no-store
Content-Length: 631

GET
H2 200 serverComponent.php Show response
nexus.ensighten.com/citi/typrod/ 485 B
627 B 66ms
66ms Script
text/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/typrod/serverComponent.php?r=324650.06183297327&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/typrod/code/&publishedOn=Sun%20Aug%2023%2004:07:45%20GMT%202020&ClientID=1129&PageID=https%3A%2F%2Fwww.thankyou.com%2Fcms%2Fthankyou%2Fsecurity.page%3FpageName%3Dsecurity%26src%3DTYUSENG
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/typrod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 4f3f202879ffbe4ff4c506d47fcb9103fa1417ac9a10d64516b713c3a2bb5657

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Tue, 29 Sep 2020 14:30:32 GMT
cache-control: no-cache, no-store
server: nginx
content-type: text/javascript
content-length: 485
expires: Tue, 29 Sep 2020 14:30:31 GMT

GET
H2 200 86cd3cd101c74d3f4395be6127097b64.js Show response
nexus.ensighten.com/citi/typrod/code/ 462 B
645 B 64ms
64ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/typrod/code/86cd3cd101c74d3f4395be6127097b64.js?conditionId0=1927913
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/typrod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 78bae927c0bc1ae10742349dd9413dd6de82f28c54361ff35d061d00b5f9e5f0

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 29 Sep 2020 14:30:32 GMT
last-modified: Mon, 09 Sep 2019 18:10:37 GMT
server: nginx
etag: "5d76959d-1ce"
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 462

GET
H2 200 e3155b1d308203037a71aa5f505f11d2.js Show response
nexus.ensighten.com/citi/typrod/code/ 326 KB
104 KB 76ms
76ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/typrod/code/e3155b1d308203037a71aa5f505f11d2.js?conditionId0=421908
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/typrod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: bd6fb66644b3a205e439a59414307db8a23509a62c253764a6d7c8bd3a70f356

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 29 Sep 2020 14:30:32 GMT
content-encoding: gzip
last-modified: Thu, 02 Jan 2020 17:38:55 GMT
server: nginx
etag: W/"5e0e2aaf-51848"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H2 200 43f23044b53314db56a83a54b79026ff.js Show response
nexus.ensighten.com/citi/typrod/code/ 7 KB
941 B 65ms
64ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/typrod/code/43f23044b53314db56a83a54b79026ff.js?conditionId0=4846619
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/typrod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e32df789e40e80fdd64caa71cecb10fdcacd88043431c00202988e5ea68885a4

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 29 Sep 2020 14:30:32 GMT
content-encoding: gzip
last-modified: Fri, 09 Aug 2019 15:40:54 GMT
server: nginx
etag: W/"5d4d9406-1c81"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H2 200 embed.js Show response
resources.digital-cloud-citi.medallia.com/wdcusciti/69/onsite/ 2 KB
1 KB 129ms
42ms Script
application/javascript 151.101.114.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/69/onsite/embed.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/typrod/code/e3155b1d308203037a71aa5f505f11d2.js?conditionId0=421908
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 37dd8f83ece44abead7a2679d82e6b1775f4f987f93200cdde1cdb4a60ecefa7

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: 5LN327qUv1bceA309VJPWq6ZimTFbFOj
content-encoding: gzip
etag: "422bec680375dd62f6f7c71b570acdeb"
age: 56
via: 1.1 varnish
x-cache: HIT
status: 200
content-length: 675
x-amz-id-2: mwst0jX9sDNLF8ynt7hgO7IrN4hccwQIjFq0TFMV1RPu+E0RT4ahm+/JMYRwIVSHY8/qG7ydxDo=
x-served-by: cache-hhn4062-HHN
last-modified: Thu, 06 Aug 2020 19:45:18 GMT
server: AmazonS3
x-timer: S1601389833.614309,VS0,VE1
date: Tue, 29 Sep 2020 14:30:32 GMT
vary: Accept-Encoding
x-amz-request-id: 913920C9539D1237
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1

GET
H2

200

s6981001104857
metrics1.citibank.com/b/ss/citicitityprod/1/JS-2.14.0/
Redirect Chain

https://metrics1.citibank.com/b/ss/citicitityprod/1/JS-2.14.0/s6981001104857?AQB=1&ndh=1&pf=1&t=29%2F8%2F2020%2016%3A30%3A32%202%20-120&fid=1B659BCB3FC791FD-17B26F09B38963B8&ce=UTF-8&ns=citinaconsu...
https://metrics1.citibank.com/b/ss/citicitityprod/1/JS-2.14.0/s6981001104857?AQB=1&pccr=true&vidn=2FB9A2840515F335-60000B7A22B03E2F&ndh=1&pf=1&t=29%2F8%2F2020%2016%3A30%3A32%202%20-120&fid=1B659BCB...

43 B
269 B

63ms
62ms

Image
image/gif

15.236.9.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://metrics1.citibank.com/b/ss/citicitityprod/1/JS-2.14.0/s6981001104857?AQB=1&pccr=true&vidn=2FB9A2840515F335-60000B7A22B03E2F&ndh=1&pf=1&t=29%2F8%2F2020%2016%3A30%3A32%202%20-120&fid=1B659BCB3FC791FD-17B26F09B38963B8&ce=UTF-8&ns=citinaconsumer&pageName=content%3Asecurity&g=https%3A%2F%2Fwww.thankyou.com%2Fcms%2Fthankyou%2Fsecurity.page%3FpageName%3Dsecurity%26src%3DTYUSENG&r=https%3A%2F%2Fwww.thankyou.com%2Fcms.htm%3FpageName%3Dsecurity%26src%3DTYUSENG&c.&language=ENG&.c&ch=epsilon&server=thankyou.com&events=event9&c1=epsilon&v1=content%3Asecurity&v2=Not%20Logged%20In&c3=content%3Asecurity&c4=ENG&c9=content%3Ainformation&v13=epsilon&v14=content%3Ainformation&v15=10%3A00AM&v16=Tuesday&v31=New&v32=1&c64=New&c65=1&c66=10%3A00AM&c67=Tuesday&c74=https%3A%2F%2Fwww.thankyou.com%2Fcms%2Fthankyou%2Fsecurity.page%3FpageName%3Dsecurity%26src%3DTYUSENG&c75=Citi%20TY%20AppMeasurement%202.14.0%20-%202019-AUG-15&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1

Requested by

Host: www.thankyou.com
URL: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.9.100 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-9-100.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 29 Sep 2020 14:30:32 GMT
x-content-type-options: nosniff
x-c: master-1380.Ie4fd2b.M0-456
p3p: CP="This is not a P3P policy"
status: 200
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Wed, 30 Sep 2020 14:30:32 GMT
server: jag
xserver: anedge-794d66dbb8-79fvd
etag: 3438958478378762240-4621585001114232933
vary: *
content-type: image/gif;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Mon, 28 Sep 2020 14:30:32 GMT

Redirect headers

date: Tue, 29 Sep 2020 14:30:32 GMT
x-content-type-options: nosniff
access-control-allow-origin: *
x-c: master-1380.Ie4fd2b.M0-456
p3p: CP="This is not a P3P policy"
status: 302
content-length: 0
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Wed, 30 Sep 2020 14:30:32 GMT
server: jag
xserver: anedge-794d66dbb8-vxtlk
content-type: text/plain;charset=utf-8
location: https://metrics1.citibank.com/b/ss/citicitityprod/1/JS-2.14.0/s6981001104857?AQB=1&pccr=true&vidn=2FB9A2840515F335-60000B7A22B03E2F&ndh=1&pf=1&t=29%2F8%2F2020%2016%3A30%3A32%202%20-120&fid=1B659BCB3FC791FD-17B26F09B38963B8&ce=UTF-8&ns=citinaconsumer&pageName=content%3Asecurity&g=https%3A%2F%2Fwww.thankyou.com%2Fcms%2Fthankyou%2Fsecurity.page%3FpageName%3Dsecurity%26src%3DTYUSENG&r=https%3A%2F%2Fwww.thankyou.com%2Fcms.htm%3FpageName%3Dsecurity%26src%3DTYUSENG&c.&language=ENG&.c&ch=epsilon&server=thankyou.com&events=event9&c1=epsilon&v1=content%3Asecurity&v2=Not%20Logged%20In&c3=content%3Asecurity&c4=ENG&c9=content%3Ainformation&v13=epsilon&v14=content%3Ainformation&v15=10%3A00AM&v16=Tuesday&v31=New&v32=1&c64=New&c65=1&c66=10%3A00AM&c67=Tuesday&c74=https%3A%2F%2Fwww.thankyou.com%2Fcms%2Fthankyou%2Fsecurity.page%3FpageName%3Dsecurity%26src%3DTYUSENG&c75=Citi%20TY%20AppMeasurement%202.14.0%20-%202019-AUG-15&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Mon, 28 Sep 2020 14:30:32 GMT

GET
H2 200 generic1596743117072.js Show response
resources.digital-cloud-citi.medallia.com/wdcusciti/69/onsite/ 282 KB
61 KB 45ms
44ms Script
application/javascript 151.101.114.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/69/onsite/generic1596743117072.js
Requested by: Host: resources.digital-cloud-citi.medallia.com
URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/69/onsite/embed.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8b3119f3a1da06b9d7fe1238fca76b326bdfb12028d28b3f3c16dc392286bcba

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: 9.qKk9ZZhUovMwhqBHTUMZQ6ytomS7x_
content-encoding: gzip
etag: "6835a9fc963a1a725720b2d221c67eef"
age: 55
via: 1.1 varnish
x-cache: HIT
status: 200
content-length: 61892
x-amz-id-2: e9UED+Su4OhlPQCxz/NnUfxM3kp59tyGJXhHr4wnjy36eD/YsvYXJCJtXl2ZvHKKBiYc6jP2vJY=
x-served-by: cache-hhn4062-HHN
last-modified: Thu, 06 Aug 2020 19:45:18 GMT
server: AmazonS3
x-timer: S1601389833.052373,VS0,VE1
date: Tue, 29 Sep 2020 14:30:33 GMT
vary: Accept-Encoding
x-amz-request-id: 8C627CD75DD7B108
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1

GET
H2 200 cool-2.1.15.min.js Show response
nebula-cdn.kampyle.com/resources/onsite/js/ 14 KB
5 KB 133ms
43ms Script
application/javascript 151.101.113.175
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
Requested by: Host: resources.digital-cloud-citi.medallia.com
URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/69/onsite/generic1596743117072.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.175 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: 0OTdpKixh0SS794XSYeUvg7VD7EDv2Rr
content-encoding: gzip
etag: "80dd5e3be5152c5c72d552c6a26ef6ff"
age: 0
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT
status: 200
x-amz-request-id: 53F522770558A8D1
x-amz-id-2: pdYkS9YKZxNLgaWA4xUWMk2j5yw9+GT1YZvnFHCdoQ7jAw5fN+AuzS/9nCiUWPM9WVubd7ZC6mI=
x-served-by: cache-dca17746-DCA, cache-hhn4081-HHN
accept-ranges: bytes
last-modified: Sun, 13 Sep 2020 16:38:29 GMT
server: AmazonS3
x-timer: S1601389833.245201,VS0,VE0
date: Tue, 29 Sep 2020 14:30:33 GMT
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
content-length: 5197
x-cache-hits: 9, 578797

GET
H2 200 1573596402105_Feedback_(4).png
resources.digital-cloud-citi.medallia.com/wdcusciti/69/resources/image/ 2 KB
2 KB 43ms
42ms Image
image/png 151.101.114.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/69/resources/image/1573596402105_Feedback_(4).png
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 506575b752d10714465811aec4dd67a7bfb471fcbc2e9619c1faad68c110759e

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: 33wsnUUkixCSuTAWaEm1onSnF9SY1XTb
content-encoding: gzip
etag: "8515c838c29a9151befa4f4350e41381"
age: 55
via: 1.1 varnish
x-cache: HIT
status: 200
content-length: 2016
x-amz-id-2: yvmfH5PJgZ3Z4W3NHDXG+N5B2r+kZG3b/amQGSd2Cu4AtMjKQ5PWFMEatE+qhkV5YIWFgKYHSgQ=
x-served-by: cache-hhn4062-HHN
last-modified: Tue, 12 Nov 2019 22:06:47 GMT
server: AmazonS3
x-timer: S1601389833.177137,VS0,VE1
date: Tue, 29 Sep 2020 14:30:33 GMT
vary: Accept-Encoding
x-amz-request-id: 8C796586EE7591E2
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: image/png
x-cache-hits: 1

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
317 B 220ms
135ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKE1hY2ludG9zaDsgSW50ZWwgTWFjIE9TIFggMTBfMTRfNSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzgzLjAuNDEwMy42MSBTYWZhcmkvNTM3LjM2Iiwic2Vzc2lvbl9wbGF0Zm9ybSI6ICJMaW51eCB4ODZfNjQiLCJyZWZlcnJpbmdfdXJsIjogImh0dHBzOi8vd3d3LnRoYW5reW91LmNvbS9jbXMuaHRtP3BhZ2VOYW1lPXNlY3VyaXR5JnNyYz1UWVVTRU5HIiwicmVmZXJyaW5nX2RvbWFpbiI6ICJ3d3cudGhhbmt5b3UuY29tIiwidHJhY2tlcl90eXBlIjogImphdmFzY3JpcHQiLCJ0cmFja2VyX3ZlcnNpb24iOiAiMi4xLjE1IiwiZXZlbnRfbmFtZSI6ICJuZWJ1bGFfcGFnZV92aWV3IiwiZXZlbnRfdGltZXN0YW1wX2Vwb2NoIjogIjE2MDEzODk4MzMyNzEiLCJldmVudF90aW1lem9uZV9vZmZzZXQiOiAyLCJ1c2VyX2lkIjogIjE3NGRhNDVhYzM1NjM5LTAzZDFhMTJiZTU0YWVjLTFiMzk2MjU2LTFkNGMwMC0xNzRkYTQ1YWMzNjY0OCIsImVudmlyb21lbnQiOiAiZGlnaXRhbC1jbG91ZC11cy1jaXRpIiwiYWNjb3VudElkIjogNDksInVybCI6ICJodHRwczovL3d3dy50aGFua3lvdS5jb20vY21zL3RoYW5reW91L3NlY3VyaXR5LnBhZ2U/cGFnZU5hbWU9c2VjdXJpdHkmc3JjPVRZVVNFTkciLCJ3ZWJzaXRlSWQiOiA2OSwiZmVlZGJhY2tfdXVpZCI6IG51bGwsImZvcm1JZCI6IG51bGwsImZvcm1UcmlnZ2VyVHlwZSI6IG51bGwsImthbXB5bGVfZGF0YSI6IHsiTEFTVF9JTlZJVEFUSU9OX1ZJRVciOiAiIiwiREVDTElORURfREFURSI6ICIiLCJrYW1weWxlSW52aXRlUHJlc2VudGVkIjogIiIsImthbXB5bGVfdXNlcmlkIjogImZiZDEtNzllOC0yN2ZiLWYwNjktZGFiYi1kNDQxLWNjYjMtYWU4MyIsImthbXB5bGVVc2VyU2Vzc2lvbiI6ICIxNjAxMzg5ODMzMTQwIiwia2FtcHlsZVVzZXJQZXJjZW50aWxlIjogIiIsIlNVQk1JVFRFRF9EQVRFIjogIiJ9LCJjb29raWVfc2l6ZSI6IDcxNSwia2FtcHlsZV92ZXJzaW9uIjogIjIuMzMuMSIsIm9uc2l0ZV92ZXJzaW9uIjogIjIuMzMuMSIsImhpc3RvcnlfbGVuZ3RoIjogMiwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTYwMTM4OTgzMzE0NCwicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2V9Cl19
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.82 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-me: prod-instance-gatewayservice-blue-z3b3
date: Tue, 29 Sep 2020 14:30:33 GMT
via: 1.1 google
server: Jetty(9.2.11.v20150529)
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
status: 200
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-application-context: application:9090

GET
H2 200 storage.secure.min.html
lpcdn.chat.online.citi.com/le_secure_storage/3.10.0.1-release_5033/ Frame E5F8 0
0 88ms
21ms Document
text/html 2a03:6400:10:0:178:249:97:98
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lpcdn.chat.online.citi.com/le_secure_storage/3.10.0.1-release_5033/storage.secure.min.html?loc=https%3A%2F%2Fwww.thankyou.com&site=50929468&env=prod
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/50929468/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=thank%20you%20rewards&b=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a03:6400:10:0:178:249:97:98 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: ws /
Resource Hash

Request headers

:method: GET
:authority: lpcdn.chat.online.citi.com
:scheme: https
:path: /le_secure_storage/3.10.0.1-release_5033/storage.secure.min.html?loc=https%3A%2F%2Fwww.thankyou.com&site=50929468&env=prod
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG

Response headers

status: 200
date: Tue, 29 Sep 2020 14:30:33 GMT
content-type: text/html
last-modified: Mon, 30 Mar 2020 14:49:28 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
expires: Tue, 29 Sep 2020 14:40:33 GMT
cache-control: max-age=600

GET
H2 200 50929468 Show response
lp-03.chat.online.citi.com/api/js/ 237 B
1 KB 627ms
252ms Script
application/javascript 208.89.12.87
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lp-03.chat.online.citi.com/api/js/50929468?&cb=lpCb54816x46465&t=sp&ts=1601389831734&pid=8489344651&tid=7650263105&pt=Citi%20ThankYou%C2%AE%20Rewards%20-%20Our%20Security%20Measures&u=https%3A%2F%2Fwww.thankyou.com%2Fcms%2Fthankyou%2Fsecurity.page%3FpageName%3Dsecurity%26src%3DTYUSENG&r=https%3A%2F%2Fwww.thankyou.com%2Fcms.htm%3FpageName%3Dsecurity%26src%3DTYUSENG&sec=%5B%22thank%20you%20rewards%22%5D&df=0&os=1&identities=%5B%7B%22iss%22%3A%22Citi%22%2C%22acr%22%3A%22loa1%22%7D%2C%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%5D
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/50929468/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=thank%20you%20rewards&b=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.89.12.87 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS: va.v.liveperson.net
Software: ws /
Resource Hash: a5f57d5db7e96d30479bd361672dcba6e98c356da6edba004f77fd81ce5e2e97

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 29 Sep 2020 14:30:34 GMT
content-encoding: gzip
server: ws
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
status: 200
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: no-store
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

GET
H2 200 50929468 Show response
lp-03.chat.online.citi.com/api/js/ 42 B
792 B 1930ms
1930ms Script
application/javascript 208.89.12.87
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lp-03.chat.online.citi.com/api/js/50929468?sid=-KcFrOePRAKOcvdGZgPAMQ&cb=lpCb36642x82804&t=uc&ts=1601389831732&pid=8489344651&tid=7650263105&sdes=%5B%7B%22type%22%3A%22ctmrinfo%22%2C%22info%22%3A%7B%22ctype%22%3A%22TYR%22%2C%22cstatus%22%3A%22anonymous%22%7D%7D%2C%7B%22type%22%3A%22prodView%22%2C%22products%22%3A%7B%22product%22%3A%7B%22name%22%3A%22Citi%20ThankYou%C2%AE%20Rewards%20-%20Our%20Security%20Measures%22%2C%22category%22%3A%22https%3A%2F%2Fwww.thankyou.com%2Fcms%2Fthankyou%2Fsecurity.page%3FpageName%3Dsecurity%26src%3DTYUSENG%22%2C%22sku%22%3A%22thank%20you%20rewards%22%7D%7D%7D%5D&vid=EzNTM5Nzg4MjcyNTk0ZDgz
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/50929468/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=thank%20you%20rewards&b=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.89.12.87 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS: va.v.liveperson.net
Software: ws /
Resource Hash: 6a106fae16b18eb31eca0d2701d4a47bf350dd0aecf6e8f2cd430d956aae4f75

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 29 Sep 2020 14:30:36 GMT
content-encoding: gzip
server: ws
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
status: 200
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: no-store
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

GET
H2 200 50929468 Show response
lp-03.chat.online.citi.com/api/js/ 820 B
1 KB 278ms
278ms Script
application/javascript 208.89.12.87
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lp-03.chat.online.citi.com/api/js/50929468?sid=-KcFrOePRAKOcvdGZgPAMQ&cb=lpCb62876x8472&t=uc&ts=1601389831890&pid=8489344651&tid=7650263105&sdes=%5B%7B%22type%22%3A%22pagediv%22%2C%22divId%22%3A%22lpDivCU%22%7D%2C%7B%22type%22%3A%22pagediv%22%2C%22divId%22%3A%22lpDivRR%22%7D%5D&vid=EzNTM5Nzg4MjcyNTk0ZDgz
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/50929468/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=thank%20you%20rewards&b=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.89.12.87 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS: va.v.liveperson.net
Software: ws /
Resource Hash: a6d7347dc2192238c2d5e91bc8968456ab67df36975b098f2464677314bc206a

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 29 Sep 2020 14:30:36 GMT
content-encoding: gzip
server: ws
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
status: 200
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: no-store
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

GET
H2 200 overlay.js Show response
lpcdn.chat.online.citi.com/le_re/3.42.0.2-release_5022/jsv2/ 6 KB
3 KB 21ms
21ms Script
application/javascript 2a03:6400:10:0:178:249:97:98
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lpcdn.chat.online.citi.com/le_re/3.42.0.2-release_5022/jsv2/overlay.js?_v=3.42.0.2-release_5022
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/50929468/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=thank%20you%20rewards&b=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a03:6400:10:0:178:249:97:98 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: ws /
Resource Hash: 44027ec55ed8b2de1f3dcdaf00c6b0c72c466e85d515c60431f61da11f242047

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 29 Sep 2020 14:30:36 GMT
content-encoding: gzip
last-modified: Wed, 19 Aug 2020 12:50:18 GMT
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
status: 200
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: max-age=600
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
expires: Tue, 29 Sep 2020 14:40:36 GMT

GET
H2 200 UISuite.js Show response
lpcdn.chat.online.citi.com/le_re/3.42.0.2-release_5022/jsv2/ 30 KB
12 KB 22ms
21ms Script
application/javascript 2a03:6400:10:0:178:249:97:98
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lpcdn.chat.online.citi.com/le_re/3.42.0.2-release_5022/jsv2/UISuite.js?_v=3.42.0.2-release_5022
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/50929468/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=thank%20you%20rewards&b=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a03:6400:10:0:178:249:97:98 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: ws /
Resource Hash: 9bebc276e1808d8b0b29ad4ab94d77652bf14f69839f540b8a874f82d73d5a51

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 29 Sep 2020 14:30:36 GMT
content-encoding: gzip
last-modified: Wed, 19 Aug 2020 12:50:18 GMT
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
status: 200
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: max-age=600
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
expires: Tue, 29 Sep 2020 14:40:36 GMT

GET
H2 200 18112 Show response
lp-01.chat.online.citi.com/api/account/50929468/configuration/le-campaigns/campaigns/1742962830/engagements/1742962930/revision/ 8 KB
3 KB 17ms
17ms Script
application/javascript 2a03:6400:10:0:178:249:97:99
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lp-01.chat.online.citi.com/api/account/50929468/configuration/le-campaigns/campaigns/1742962830/engagements/1742962930/revision/18112?v=3.0&cb=lp1742962930&flavor=dependency
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/50929468/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=thank%20you%20rewards&b=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a03:6400:10:0:178:249:97:99 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: ws /
Resource Hash: 7679f2305be928f3afcb3f70eaf3038d19639e36923d432db06df7e56d90196e

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 29 Sep 2020 14:30:36 GMT
content-encoding: gzip
server: ws
x-cache-status: HIT
vary: Accept
content-type: application/javascript
status: 200
x-envoy-upstream-service-time: 2
expires: Tue, 29 Sep 2020 14:30:39 GMT

GET
H2 200 / Show response
lp-01.chat.online.citi.com/api/account/50929468/configuration/setting/accountproperties/ 4 KB
1 KB 17ms
17ms Script
application/javascript 2a03:6400:10:0:178:249:97:99
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lp-01.chat.online.citi.com/api/account/50929468/configuration/setting/accountproperties/?cb=lpCb25790x82868
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/50929468/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=thank%20you%20rewards&b=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a03:6400:10:0:178:249:97:99 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: ws /
Resource Hash: bebf051e4da87c6cc6ed57f74b675ee713a9734787fc4e27e51b26cd8d286371

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 29 Sep 2020 14:30:36 GMT
content-encoding: gzip
server: ws
x-cache-status: HIT
vary: Accept
content-type: application/javascript
status: 200
x-envoy-upstream-service-time: 1
expires: Tue, 29 Sep 2020 14:30:49 GMT

GET
H2 200 18112 Show response
lp-01.chat.online.citi.com/api/account/50929468/configuration/le-campaigns/campaigns/1742962830/engagements/1742963230/revision/ 2 KB
2 KB 17ms
17ms Script
application/javascript 2a03:6400:10:0:178:249:97:99
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lp-01.chat.online.citi.com/api/account/50929468/configuration/le-campaigns/campaigns/1742962830/engagements/1742963230/revision/18112?v=3.0&cb=lp1742963230&flavor=dependency
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/50929468/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=thank%20you%20rewards&b=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a03:6400:10:0:178:249:97:99 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: ws /
Resource Hash: 9718c629653274ec386c561c709146c147ef5d6414cb60e7e6bcf2761edd3c3c

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 29 Sep 2020 14:30:36 GMT
content-encoding: gzip
server: ws
x-cache-status: HIT
vary: Accept
content-type: application/javascript
status: 200
x-envoy-upstream-service-time: 2
expires: Tue, 29 Sep 2020 14:30:39 GMT

GET
H2 200 / Show response
lp-01.chat.online.citi.com/api/account/50929468/configuration/setting/accountproperties/ 4 KB
1 KB 70ms
69ms Script
application/javascript 2a03:6400:10:0:178:249:97:99
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lp-01.chat.online.citi.com/api/account/50929468/configuration/setting/accountproperties/?cb=lpCb41206x46858
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/50929468/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=thank%20you%20rewards&b=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a03:6400:10:0:178:249:97:99 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: ws /
Resource Hash: 7f2c198d47b6a2850e730f0f874fc97a0c2bd1149b316fbef6f41cfe4148417d

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 29 Sep 2020 14:30:36 GMT
content-encoding: gzip
server: ws
x-cache-status: HIT
vary: Accept
content-type: application/javascript
status: 200
x-envoy-upstream-service-time: 1
expires: Tue, 29 Sep 2020 14:30:49 GMT

GET
H2 200 50929468 Show response
lp-03.chat.online.citi.com/api/js/ 111 B
854 B 128ms
128ms Script
application/javascript 208.89.12.87
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lp-03.chat.online.citi.com/api/js/50929468?sid=-KcFrOePRAKOcvdGZgPAMQ&cb=lpCb79163x23288&t=pl&ts=1601389833890&pid=8489344651&tid=7650263105&vid=EzNTM5Nzg4MjcyNTk0ZDgz
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/50929468/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=thank%20you%20rewards&b=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.89.12.87 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS: va.v.liveperson.net
Software: ws /
Resource Hash: 28290e15d83f2f65cfab0949d16cdf0276e3c174f8c666d3d57cc6b62e215d76

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 29 Sep 2020 14:30:36 GMT
content-encoding: gzip
server: ws
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
status: 200
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: no-store
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

GET
H2 200 247469514 Show response
lp-01.chat.online.citi.com/api/account/50929468/configuration/engagement-window/window-confs/ 4 KB
1 KB 18ms
17ms Script
application/javascript 2a03:6400:10:0:178:249:97:99
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lp-01.chat.online.citi.com/api/account/50929468/configuration/engagement-window/window-confs/247469514?cb=lpCb13220x26451
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/50929468/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=thank%20you%20rewards&b=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a03:6400:10:0:178:249:97:99 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: ws /
Resource Hash: 507680dfd34bf97a1143dcab528b01b89f37eee37fc192fdaa11c349fb3171f7

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 29 Sep 2020 14:30:36 GMT
content-encoding: gzip
server: ws
x-cache-status: HIT
vary: Accept
content-type: application/javascript
status: 200
x-envoy-upstream-service-time: 0
expires: Tue, 29 Sep 2020 14:30:39 GMT

GET
H2 200 247469514 Show response
lp-01.chat.online.citi.com/api/account/50929468/configuration/engagement-window/window-confs/ 4 KB
1 KB 33ms
32ms Script
application/javascript 2a03:6400:10:0:178:249:97:99
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lp-01.chat.online.citi.com/api/account/50929468/configuration/engagement-window/window-confs/247469514?cb=lpCb27412x34326
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/50929468/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=thank%20you%20rewards&b=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a03:6400:10:0:178:249:97:99 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: ws /
Resource Hash: 4d588dee01c556b9afb6d0f410ec0d38e57cc83e6ab2a9d10507781d202aa89d

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 29 Sep 2020 14:30:36 GMT
content-encoding: gzip
server: ws
x-cache-status: HIT
vary: Accept
content-type: application/javascript
status: 200
x-envoy-upstream-service-time: 0
expires: Tue, 29 Sep 2020 14:30:39 GMT

GET
H2 200 chat.png
online.citi.com/US/ag/assets/branding/ 2 KB
3 KB 164ms
49ms Image
image/png 104.109.92.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/US/ag/assets/branding/chat.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.92.187 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-109-92-187.deploy.static.akamaitechnologies.com

Software

Resource Hash

f88d9391beb391593f05da088019d66831c6b36f36de1b4a94e50f4aae681966

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=300
last-modified: Sat, 26 Sep 2020 04:40:32 GMT
x-akamai-citisite: SWDC
date: Tue, 29 Sep 2020 14:30:36 GMT
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
expires: Tue, 29 Sep 2020 14:30:36 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 2224
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/png
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 50929468 Show response
lp-03.chat.online.citi.com/api/js/ 42 B
792 B 130ms
129ms Script
application/javascript 208.89.12.87
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lp-03.chat.online.citi.com/api/js/50929468?sid=-KcFrOePRAKOcvdGZgPAMQ&cb=lpCb63908x11855&t=uc&ts=1601389836811&pid=8489344651&tid=7650263105&vid=EzNTM5Nzg4MjcyNTk0ZDgz&sdes=%5B%7B%22type%22%3A%22impDisplay%22%2C%22campaign%22%3A1742962830%2C%22engId%22%3A1742962930%2C%22revision%22%3A18112%2C%22eContext%22%3A%5B%7B%22type%22%3A%22engagementContext%22%2C%22id%22%3A%221%22%7D%5D%7D%5D
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/50929468/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=thank%20you%20rewards&b=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.89.12.87 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS: va.v.liveperson.net
Software: ws /
Resource Hash: 6f74948babffd224dc68aadf801f616ed8c1c8f99ed5890ef36acd3487aa5903

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 29 Sep 2020 14:30:36 GMT
content-encoding: gzip
server: ws
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
status: 200
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: no-store
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

GET
H2 200 chat.png
online.citi.com/US/ag/assets/branding/ 2 KB
3 KB 55ms
55ms Image
image/png 104.109.92.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/US/ag/assets/branding/chat.png

Requested by

Host: lpcdn.chat.online.citi.com
URL: https://lpcdn.chat.online.citi.com/le_re/3.42.0.2-release_5022/jsv2/overlay.js?_v=3.42.0.2-release_5022

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.92.187 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

a104-109-92-187.deploy.static.akamaitechnologies.com

Software

Resource Hash

f88d9391beb391593f05da088019d66831c6b36f36de1b4a94e50f4aae681966

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=300
last-modified: Sat, 26 Sep 2020 04:40:32 GMT
x-akamai-citisite: SWDC
date: Tue, 29 Sep 2020 14:30:37 GMT
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
expires: Tue, 29 Sep 2020 14:30:37 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 2224
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/png
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 50929468 Show response
lp-03.chat.online.citi.com/api/js/ 42 B
792 B 131ms
130ms Script
application/javascript 208.89.12.87
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lp-03.chat.online.citi.com/api/js/50929468?sid=-KcFrOePRAKOcvdGZgPAMQ&cb=lpCb63753x97613&t=uc&ts=1601389836992&pid=8489344651&tid=7650263105&vid=EzNTM5Nzg4MjcyNTk0ZDgz&sdes=%5B%7B%22type%22%3A%22impDisplay%22%2C%22campaign%22%3A1742962830%2C%22engId%22%3A1742963230%2C%22revision%22%3A18112%2C%22eContext%22%3A%5B%7B%22type%22%3A%22engagementContext%22%2C%22id%22%3A%222%22%7D%5D%7D%5D
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/50929468/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=thank%20you%20rewards&b=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.89.12.87 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS: va.v.liveperson.net
Software: ws /
Resource Hash: af9e1b29975fce18b88aba63a962bb354e9ebdb9f12c4345a3cea6c35696d32a

Request headers

Referer: https://www.thankyou.com/cms/thankyou/security.page?pageName=security&src=TYUSENG
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 29 Sep 2020 14:30:37 GMT
content-encoding: gzip
server: ws
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
status: 200
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: no-store
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

Verdicts & Comments Add Verdict or Comment

248 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.thankyou.com/	1969-12-31 23:59:59	Name: _cls_s Value: 32bc6689-503b-49e2-9c82-4b2551d03745:0
.thankyou.com/	1970-01-21 08:39:16	Name: s_pers Value: %20s_fid%3D1B659BCB3FC791FD-17B26F09B38963B8%7C1759156232763%3B%20s_nr%3D1601389832764-New%7C1759069832764%3B%20s_vnum%3D1601503200765%2526vn%253D1%7C1601503200765%3B%20s_invisit%3Dtrue%7C1601391632765%3B%20gpv_pn%3Dcontent%253Asecurity%7C1601391632768%3B
.thankyou.com/	1970-01-21 08:37:49	Name: _cls_v Value: b902f566-9fa2-47ed-b445-a3900ca0b5f1
.thankyou.com/	1969-12-31 23:59:59	Name: s_sess Value: %20s_cc%3Dtrue%3B%20s_ppv%3Dcontent%25253Asecurity%252C81%252C81%252C1200%3B
www.thankyou.com/	1969-12-31 23:59:59	Name: CSESSIONID Value: 24e1004bb790423d9ca83e9e941943e24ac1b8d3bc597a2a103e!-1726528001

10 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://staticcontent.thankyou.com/cms/js/ui/ty-custom.js(Line 1) Message: web_session_state:anonymous
console-api	log	URL: https://staticcontent.thankyou.com/cms/js/ui/ty-custom.js(Line 1) Message: web_session_state:anonymous
console-api	log	URL: https://lptag.liveperson.net/lptag/api/account/50929468/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=thank%20you%20rewards&b=1(Line 1) Message: ext JS_in init
console-api	log	URL: https://lptag.liveperson.net/lptag/api/account/50929468/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=thank%20you%20rewards&b=1(Line 1) Message: ext JS_in addexternalscript
console-api	log	URL: https://lptag.liveperson.net/lptag/api/account/50929468/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=thank%20you%20rewards&b=1(Line 1) Message: ext JS_in valid check
console-api	log	URL: https://lptag.liveperson.net/lptag/api/account/50929468/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=thank%20you%20rewards&b=1(Line 1) Message: ext JS_in_if function
console-api	log	URL: https://lptag.liveperson.net/lptag/api/account/50929468/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=thank%20you%20rewards&b=1(Line 1) Message: ext JS_after add
console-api	log	URL: https://staticcontent.thankyou.com/cms/js/ui/ty-custom.js(Line 1) Message: Show the domore section
console-api	log	URL: https://nexus.ensighten.com/citi/typrod/code/e3155b1d308203037a71aa5f505f11d2.js?conditionId0=421908(Line 623) Message: searching for products...
console-api	log	URL: https://nexus.ensighten.com/citi/typrod/code/e3155b1d308203037a71aa5f505f11d2.js?conditionId0=421908(Line 628) Message:

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

lp-01.chat.online.citi.com
lp-03.chat.online.citi.com
lpcdn.chat.online.citi.com
lptag.liveperson.net
metrics1.citibank.com
nebula-cdn.kampyle.com
nexus.ensighten.com
online.citi.com
resources.digital-cloud-citi.medallia.com
static-assets.fs.liveperson.com
staticcontent.citirewards.com
staticcontent.thankyou.com
thankyou.citi.com
tyecho.epsilon.com
udc-neb.kampyle.com
www.thankyou.com
104.109.92.187
15.236.9.100
151.101.113.175
151.101.114.133
159.127.187.155
159.127.208.20
159.127.208.21
163.171.128.172
178.249.101.23
18.195.42.228
208.89.12.87
2a03:6400:10:0:178:249:97:98
2a03:6400:10:0:178:249:97:99
35.241.45.82
54.239.192.34
045cd226594cb32ddf9d4db8ee45611f4d0788675ae50180b68da975e66fe1fe
0f5de2f9da1bb346abebdae4127db29e587095c66f3539b5eb8c392e853d3af3
105a9922e9ef7cf323045e0f281ded6bf7153b05b27304709cfcd17d96e19cfa
1f099b989771195014f11ecadea0f787ca5c297f1b141d8aa7925ec08f04a10b
2115a92c7b90329f5b009f5df20a882e9c23b04466548d3b603f3fdee411dadf
28290e15d83f2f65cfab0949d16cdf0276e3c174f8c666d3d57cc6b62e215d76
2fff571aa512d029f255ddc07a78cbd3a85dd125db144c8886b8a23cc2e6bfd4
37dd8f83ece44abead7a2679d82e6b1775f4f987f93200cdde1cdb4a60ecefa7
3d2d84de6523760e119ab39344f33d06d98434733a5d37da19705601bc77677f
3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1
4309d7bc448aa67cb5795e803fc6631f1d6216588613659beb7b1249c8973d00
44027ec55ed8b2de1f3dcdaf00c6b0c72c466e85d515c60431f61da11f242047
47ead856cee3697b0b28c6c8c151dd3fef9b106f833bff804381a32795c952a9
4a55544c4872275aae21c1ab984d8876141f4cac0bc657d0c10d03a4f880307f
4d588dee01c556b9afb6d0f410ec0d38e57cc83e6ab2a9d10507781d202aa89d
4daf57d8a3a0be5a17f7a8790d3df24304ba19d41d1ec7dd5da430abd6c27157
4e4ab72725ca42cc6c17f9f590583a9cee49c62e570be8734ee1107bffc3a200
4f3f202879ffbe4ff4c506d47fcb9103fa1417ac9a10d64516b713c3a2bb5657
4fc9b9e306a97a74b6c8b1abd41161da088a2604e48aa5267afa63f82050db32
506575b752d10714465811aec4dd67a7bfb471fcbc2e9619c1faad68c110759e
507680dfd34bf97a1143dcab528b01b89f37eee37fc192fdaa11c349fb3171f7
557b15f6c62e4d44850eb4b8c56d81785a8a335f840ca8cba6562f43823186ef
592940666137da705db11558b5601579abf2e044ff4a62c81f1f386bbce6e101
5fed06c270b4eefc001f362ca7a78b8a5430441b61a9389b7e591224b786503c
6a106fae16b18eb31eca0d2701d4a47bf350dd0aecf6e8f2cd430d956aae4f75
6eb6c0e12273b2b589fa77a26afd1d0fa5afd3a32583e9628871027d67fda4f3
6f6e4f828874ea01899f4250abc8bde6886e5c0c69059add6ab19152a1bec5d8
6f74948babffd224dc68aadf801f616ed8c1c8f99ed5890ef36acd3487aa5903
7336ccd85b52a994f2a3bc591738505f79de908f28824a787cc33c377f808045
7679f2305be928f3afcb3f70eaf3038d19639e36923d432db06df7e56d90196e
78bae927c0bc1ae10742349dd9413dd6de82f28c54361ff35d061d00b5f9e5f0
79d138d3df10d7f292d21b93fcbeda366a635b6237c6ab911e4ebe7e4e6ff694
7def235eaa7d19f32071cdb8d57c488a5fc6cd20dfac5ff3ad96a62417039e8a
7f2c198d47b6a2850e730f0f874fc97a0c2bd1149b316fbef6f41cfe4148417d
835997f07e8d11c15ad1c0a28fbc69a258ba437ce4b0e04ded9426ea92a20a64
85f8d359a2c462623cecc34104f31bffc4ef82dbd512e6e670539571041b3f93
879dc3db3d8c775239b28a16801ed4fc2b11e920b97dc1692e192c5c6711eb6c
8b3119f3a1da06b9d7fe1238fca76b326bdfb12028d28b3f3c16dc392286bcba
8b5d7437eafc39e962a3bcb774325caebd68c3fc8f1146f0dd9c9ec0b2d79f71
9718c629653274ec386c561c709146c147ef5d6414cb60e7e6bcf2761edd3c3c
975084955e73edada4dfd21d6c556c6bfd8d3836d62c1c7246af694d2ac77a98
98d29b8c4be2ed6953237a1468a683182806c62ec53cd6856e18607db45bbce1
9a93b0d48f5d73e23d7eff3e2c5f855b84398c37939253ce5eb3c2873a99a8bc
9afef8f56792c6b57add71e9925abe4d965068274aa0b08e873f4aabcad98562
9bebc276e1808d8b0b29ad4ab94d77652bf14f69839f540b8a874f82d73d5a51
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a5f57d5db7e96d30479bd361672dcba6e98c356da6edba004f77fd81ce5e2e97
a648a22a4f116a4f428df6ed4e51dd716da90f2be3dde3de07d45f5dfc5c4532
a6d7347dc2192238c2d5e91bc8968456ab67df36975b098f2464677314bc206a
af9e1b29975fce18b88aba63a962bb354e9ebdb9f12c4345a3cea6c35696d32a
b68fbc5c58162cb437715aaa6a7884d56104e7293a893cdcb45938a19bad176c
b7bb45628b609763291068b17a190c3973d0c18902e4c7bf90b33d6bc38c7dc7
b96110f98315ea68474d2dec577e4e59cc7276f197e6c8a74be4c07964d4496d
bd6fb66644b3a205e439a59414307db8a23509a62c253764a6d7c8bd3a70f356
be52e1530f33d5019477bb4d06e23ba493178db44aaaa21e5d9b7ee6e4b95084
bebf051e4da87c6cc6ed57f74b675ee713a9734787fc4e27e51b26cd8d286371
c380686de9982b77804fe1bbe3b4908115e40a42ab9de638bbaf17becace7e37
cc490a8ef7deb4c7fba66f332ad8cdd39433675b95d2bd341300ab7b718f8e4e
d016fe7ac74d46d8d3109ba8c828d78708256db68b645cc1e51602b392027c12
e32df789e40e80fdd64caa71cecb10fdcacd88043431c00202988e5ea68885a4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7
eac41ad002a2b245a44a41b0af7cd2dca349f4ab79b7010f1f47e1714dd091e9
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296
f88d9391beb391593f05da088019d66831c6b36f36de1b4a94e50f4aae681966

www.thankyou.com Open in urlscan Pro 159.127.208.20 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

70 Requests

100 %HTTPS

13 %IPv6

10 Domains

16 Subdomains

14 IPs

6 Countries

1040 kBTransfer

2687 kBSize

5 Cookies

30 Outgoing links

Page URL History

Redirected requests

70 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.thankyou.com Open in urlscan Pro
159.127.208.20 Public Scan

Screenshot
Live screenshot

Full Image

70
Requests

100 %
HTTPS

13 %
IPv6

10
Domains

16
Subdomains

14
IPs

6
Countries

1040 kB
Transfer

2687 kB
Size

5
Cookies

70 HTTP transactions
0 data transactions