redirectauth0-citichecking.cloudns.nz Open in urlscan Pro
34.121.156.86 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://redirectauth0-citichecking.cloudns.nz/fck/login1.php?tAuv5dvJq1wY1ujusb1aOspduObU3Pzp5ePAH76BTTW3fhbuX155MbZF8wI4wylrtgpU9rvxrY8UN5SXE...
Submission: On September 19 via automatic, source openphish (September 19th 2021, 1:11:43 am UTC) — Scanned from DE

Summary HTTP 53 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 17 IPs in 2 countries across 13 domains to perform 53 HTTP transactions. The main IP is 34.121.156.86, located in Council Bluffs, United States and belongs to GOOGLE, US. The main domain is redirectauth0-citichecking.cloudns.nz.
TLS certificate: Issued by cPanel, Inc. Certification Authority on September 18th 2021. Valid for: 3 months.

This is the only time redirectauth0-citichecking.cloudns.nz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citibank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
7	34.121.156.86 34.121.156.86	15169 (GOOGLE) (GOOGLE)
3	45.63.85.138 45.63.85.138	20473 (AS-CHOOPA) (AS-CHOOPA)
1	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
1	54.69.159.212 54.69.159.212	16509 (AMAZON-02) (AMAZON-02)
7	2a00:1450:400... 2a00:1450:4001:80f::2004	15169 (GOOGLE) (GOOGLE)
3	151.101.130.133 151.101.130.133	54113 (FASTLY) (FASTLY)
2	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
18	104.92.75.138 104.92.75.138	16625 (AKAMAI-AS) (AKAMAI-AS)
1	104.89.31.32 104.89.31.32	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2620:0:862:ed... 2620:0:862:ed1a::2:b	14907 (WIKIMEDIA) (WIKIMEDIA)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
1	35.190.60.146 35.190.60.146	15169 (GOOGLE) (GOOGLE)
1	104.89.42.102 104.89.42.102	16625 (AKAMAI-AS) (AKAMAI-AS)
1	151.101.193.175 151.101.193.175	54113 (FASTLY) (FASTLY)
1	35.241.45.82 35.241.45.82	15169 (GOOGLE) (GOOGLE)
53	17

7 34.121.156.86 (Council Bluffs, United States)

ASN15169 (GOOGLE, US)
PTR: 86.156.121.34.bc.googleusercontent.com

redirectauth0-citichecking.cloudns.nz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 45.63.85.138 (San Jose, United States)

ASN20473 (AS-CHOOPA, US)
PTR: 45.63.85.138.vultr.com

files.killbot.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
killbot.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cse.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.69.159.212 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-69-159-212.us-west-2.compute.amazonaws.com

ci-mpsnare.iovation.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.130.133 (United States)

ASN54113 (FASTLY, US)

resources.digital-cloud-citi.medallia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 104.92.75.138 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-92-75-138.deploy.static.akamaitechnologies.com

online.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.89.31.32 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-89-31-32.deploy.static.akamaitechnologies.com

www.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:0:862:ed1a::2:b (United States)

ASN14907 (WIKIMEDIA, US)

upload.wikimedia.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.se	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.60.146 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com

sr.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.89.42.102 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-89-42-102.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.193.175 (United States)

ASN54113 (FASTLY, US)

nebula-cdn.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.82 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 82.45.241.35.bc.googleusercontent.com

udc-neb.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	citi.com online.citi.com www.citi.com	694 KB
8	google.com cse.google.com www.google.com	267 KB
7	cloudns.nz redirectauth0-citichecking.cloudns.nz	2 MB
3	bing.com bat.bing.com	609 B
3	medallia.com resources.digital-cloud-citi.medallia.com	90 KB
3	killbot.org files.killbot.org killbot.org	5 KB
2	kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com	6 KB
2	google.se www.google.se	677 B
2	doubleclick.net googleads.g.doubleclick.net	3 KB
1	bluekai.com stags.bluekai.com	338 B
1	rlcdn.com sr.rlcdn.com	66 B
1	wikimedia.org upload.wikimedia.org	15 KB
1	iovation.com ci-mpsnare.iovation.com	610 B
53	13

	Domain	Requested by
18	online.citi.com	redirectauth0-citichecking.cloudns.nz
7	www.google.com	redirectauth0-citichecking.cloudns.nz cse.google.com
7	redirectauth0-citichecking.cloudns.nz	redirectauth0-citichecking.cloudns.nz
3	bat.bing.com	redirectauth0-citichecking.cloudns.nz
3	resources.digital-cloud-citi.medallia.com	redirectauth0-citichecking.cloudns.nz resources.digital-cloud-citi.medallia.com
2	www.google.se	redirectauth0-citichecking.cloudns.nz
2	killbot.org	files.killbot.org
2	googleads.g.doubleclick.net	redirectauth0-citichecking.cloudns.nz
1	udc-neb.kampyle.com
1	nebula-cdn.kampyle.com	resources.digital-cloud-citi.medallia.com
1	stags.bluekai.com	redirectauth0-citichecking.cloudns.nz
1	sr.rlcdn.com	redirectauth0-citichecking.cloudns.nz
1	upload.wikimedia.org	redirectauth0-citichecking.cloudns.nz
1	www.citi.com	redirectauth0-citichecking.cloudns.nz
1	ci-mpsnare.iovation.com	redirectauth0-citichecking.cloudns.nz
1	cse.google.com	redirectauth0-citichecking.cloudns.nz
1	files.killbot.org	redirectauth0-citichecking.cloudns.nz
53	17

This site contains links to these domains. Also see Links.

Domain
online.citi.com

Subject Issuer	Validity	Valid
redirectauth0-citichecking.cloudns.nz cPanel, Inc. Certification Authority	`2021-09-18` - `2021-12-17`	3 months	crt.sh
files.killbot.org R3	`2021-08-07` - `2021-11-05`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
ci-mpsnare.iovation.com DigiCert SHA2 Extended Validation Server CA	`2021-04-21` - `2022-05-10`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
*.digital-cloud-citi.medallia.com SSL.com RSA SSL subCA	`2020-10-21` - `2021-11-21`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
online.citibank.com DigiCert SHA2 Extended Validation Server CA	`2020-03-13` - `2022-05-14`	2 years	crt.sh
www.citi.com DigiCert SHA2 Extended Validation Server CA	`2019-10-17` - `2022-01-01`	2 years	crt.sh
*.wikipedia.org DigiCert SHA2 High Assurance Server CA	`2020-11-09` - `2021-11-16`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2021-07-06` - `2022-01-06`	6 months	crt.sh
killbot.org R3	`2021-08-08` - `2021-11-06`	3 months	crt.sh
*.google.se GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
odc-pixel-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2021-04-25` - `2022-04-26`	a year	crt.sh
*.kampyle.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-03-22` - `2022-04-23`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://redirectauth0-citichecking.cloudns.nz/fck/login1.php?tAuv5dvJq1wY1ujusb1aOspduObU3Pzp5ePAH76BTTW3fhbuX155MbZF8wI4wylrtgpU9rvxrY8UN5SXEdIqJZCTo6wdE0P8n9g4y8mK3lbb2x1B18Z4zWYwiwDNkWJXcqlJk5RTFMokidXsrhLV2l=
Frame ID: 2B5A119A8303C1DCEB2B37FE2486B211
Requests: 52 HTTP requests in this frame

Frame: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Frame ID: 02FBEEC1DF26F17A403E0DE16C07EADD
Requests: 1 HTTP requests in this frame

Frame: https://stags.bluekai.com/site/63068?ret=html&phint=language%3D&phint=product%3D&phint=event&phint=category%3D&phint=page%3D&phint=section1%3D&phint=section2%3D&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DCitibank%20Online&phint=__bk_k%3D&phint=__bk_l%3Dhttps%3A%2F%2Fwww.citi.com%2F&phint=__bk_v%3D3.1.7&limit=10&r=60521226
Frame ID: 07F19982A9BDEA601DA1D87089475DD6
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

53
Requests

100 %
HTTPS

38 %
IPv6

13
Domains

17
Subdomains

17
IPs

2
Countries

2638 kB
Transfer

3501 kB
Size

8
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://online.citi.com/US/ag/security-center
Title: Security Center

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

53 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request login1.php Show response
redirectauth0-citichecking.cloudns.nz/fck/ 343 KB
344 KB 446ms
121ms Document
text/html 34.121.156.86
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://redirectauth0-citichecking.cloudns.nz/fck/login1.php?tAuv5dvJq1wY1ujusb1aOspduObU3Pzp5ePAH76BTTW3fhbuX155MbZF8wI4wylrtgpU9rvxrY8UN5SXEdIqJZCTo6wdE0P8n9g4y8mK3lbb2x1B18Z4zWYwiwDNkWJXcqlJk5RTFMokidXsrhLV2l=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.121.156.86 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 86.156.121.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: aa73aeb9562ce165c106efc277454411c5b3353eec11450ad5f9a2ec78e109f1

Request headers

Host: redirectauth0-citichecking.cloudns.nz
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Date: Sun, 19 Sep 2021 01:11:37 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK killbot-security.js Show response
files.killbot.org/.cdn-cgi/ 2 KB
3 KB 831ms
164ms Script
application/javascript 45.63.85.138
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL

https://files.killbot.org/.cdn-cgi/killbot-security.js

Requested by

Host: redirectauth0-citichecking.cloudns.nz
URL: https://redirectauth0-citichecking.cloudns.nz/fck/login1.php?tAuv5dvJq1wY1ujusb1aOspduObU3Pzp5ePAH76BTTW3fhbuX155MbZF8wI4wylrtgpU9rvxrY8UN5SXEdIqJZCTo6wdE0P8n9g4y8mK3lbb2x1B18Z4zWYwiwDNkWJXcqlJk5RTFMokidXsrhLV2l=

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

45.63.85.138 San Jose, United States, ASN20473 (AS-CHOOPA, US),

Reverse DNS

45.63.85.138.vultr.com

Software

nginx / Killbot, Inc.

Resource Hash

13f7de72970d9a3b94fcc44a294dc8159489be5195d477a95fa85a026b38242c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sun, 19 Sep 2021 01:11:37 GMT
X-Content-Type-Options: nosniff
X-Powered-By: Killbot, Inc.
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 2400
X-XSS-Protection: 1; mode=block
Last-Modified: Sat, 07 Aug 2021 14:01:31 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "610e923b-960"
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000
Content-Security-Policy: default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'
Accept-Ranges: bytes
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK styles.b03f48c37f713682a724.css
redirectauth0-citichecking.cloudns.nz/fck/css/ 1 MB
1 MB 338ms
113ms Stylesheet
text/css 34.121.156.86
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://redirectauth0-citichecking.cloudns.nz/fck/css/styles.b03f48c37f713682a724.css
Requested by: Host: redirectauth0-citichecking.cloudns.nz
URL: https://redirectauth0-citichecking.cloudns.nz/fck/login1.php?tAuv5dvJq1wY1ujusb1aOspduObU3Pzp5ePAH76BTTW3fhbuX155MbZF8wI4wylrtgpU9rvxrY8UN5SXEdIqJZCTo6wdE0P8n9g4y8mK3lbb2x1B18Z4zWYwiwDNkWJXcqlJk5RTFMokidXsrhLV2l=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.121.156.86 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 86.156.121.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: 3090163d8d4f6f5e97eee6f3499d3e86442d897f89dfde6b8e8c4d8d5116108d

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: redirectauth0-citichecking.cloudns.nz
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://redirectauth0-citichecking.cloudns.nz/fck/login1.php?tAuv5dvJq1wY1ujusb1aOspduObU3Pzp5ePAH76BTTW3fhbuX155MbZF8wI4wylrtgpU9rvxrY8UN5SXEdIqJZCTo6wdE0P8n9g4y8mK3lbb2x1B18Z4zWYwiwDNkWJXcqlJk5RTFMokidXsrhLV2l=
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/fck/login1.php?tAuv5dvJq1wY1ujusb1aOspduObU3Pzp5ePAH76BTTW3fhbuX155MbZF8wI4wylrtgpU9rvxrY8UN5SXEdIqJZCTo6wdE0P8n9g4y8mK3lbb2x1B18Z4zWYwiwDNkWJXcqlJk5RTFMokidXsrhLV2l=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sun, 19 Sep 2021 01:11:37 GMT
Last-Modified: Sun, 21 Mar 2021 01:47:20 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1239121

GET
H/1.1 200
OK media.css
redirectauth0-citichecking.cloudns.nz/fck/ 932 B
1 KB 336ms
112ms Stylesheet
text/css 34.121.156.86
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://redirectauth0-citichecking.cloudns.nz/fck/media.css
Requested by: Host: redirectauth0-citichecking.cloudns.nz
URL: https://redirectauth0-citichecking.cloudns.nz/fck/login1.php?tAuv5dvJq1wY1ujusb1aOspduObU3Pzp5ePAH76BTTW3fhbuX155MbZF8wI4wylrtgpU9rvxrY8UN5SXEdIqJZCTo6wdE0P8n9g4y8mK3lbb2x1B18Z4zWYwiwDNkWJXcqlJk5RTFMokidXsrhLV2l=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.121.156.86 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 86.156.121.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: 58d2fd4d0e35c6f1971869b55dc6e7f5124d52a37e605845818d0caca6c4999d

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: redirectauth0-citichecking.cloudns.nz
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://redirectauth0-citichecking.cloudns.nz/fck/login1.php?tAuv5dvJq1wY1ujusb1aOspduObU3Pzp5ePAH76BTTW3fhbuX155MbZF8wI4wylrtgpU9rvxrY8UN5SXEdIqJZCTo6wdE0P8n9g4y8mK3lbb2x1B18Z4zWYwiwDNkWJXcqlJk5RTFMokidXsrhLV2l=
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/fck/login1.php?tAuv5dvJq1wY1ujusb1aOspduObU3Pzp5ePAH76BTTW3fhbuX155MbZF8wI4wylrtgpU9rvxrY8UN5SXEdIqJZCTo6wdE0P8n9g4y8mK3lbb2x1B18Z4zWYwiwDNkWJXcqlJk5RTFMokidXsrhLV2l=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sun, 19 Sep 2021 01:11:37 GMT
Last-Modified: Sun, 21 Mar 2021 02:13:50 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 932

GET
H2 200 cse.js Show response
cse.google.com/ 10 KB
4 KB 83ms
44ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/cse.js?cx=009695499870347544712:e3dyicpbrwu

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gws /

Resource Hash

a82da19c93765f292df26b94ea166fb680d0fe1f39303340ac084d6c0ee206bf

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

bfcache-opt-in: unload
date: Sun, 19 Sep 2021 01:11:37 GMT
content-encoding: br
server: gws
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3510
x-xss-protection: 0
expires: Sun, 19 Sep 2021 01:11:37 GMT

GET
H/1.1 200
OK logo.js Show response
ci-mpsnare.iovation.com/script/ 96 B
610 B 683ms
159ms Script
text/javascript 54.69.159.212
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ci-mpsnare.iovation.com/script/logo.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.69.159.212 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-69-159-212.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

ce705beb0592bc173dc659ad44c429088971440ef37e1678112aff7140e04a28

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sun, 19 Sep 2021 01:11:38 GMT
Content-Encoding: gzip
Last-Modified: Tue, 06 May 2014 00:01:40 GMT
Server: nginx
Strict-Transport-Security: max-age=15552000; includeSubDomains
p3p: CP="NON DSP COR CURa"
Accept-CH: ua, ua-arch, ua-platform, ua-model, ua-mobile, ua-full-version, ua-platform-version
Cache-Control: private
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Expires: Mon, 19 Sep 2022 01:11:38 GMT

GET
H2 200 cse_element__en.js Show response
www.google.com/cse/static/element/921554e23151c152/ 264 KB
88 KB 46ms
17ms Script
text/javascript 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/921554e23151c152/cse_element__en.js?usqp=CAI%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9494e9aaa4363fcdd2994aabec2e1d4dee84d1ef1e25ddf14d80f364494671c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 17 Sep 2021 07:42:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 149325
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 89466
x-xss-protection: 0
last-modified: Thu, 19 Nov 2020 20:04:18 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 17 Sep 2022 07:42:52 GMT

GET
H2 200 default+en.css
www.google.com/cse/static/element/921554e23151c152/ 41 KB
41 KB 37ms
8ms Stylesheet
text/css 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/921554e23151c152/default+en.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

051b18ffc03e4adc771ab9efa6549b8d28074acd494045ab628a324ebf00ce30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 16 Sep 2021 02:18:31 GMT
x-content-type-options: nosniff
age: 255186
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41521
x-xss-protection: 0
last-modified: Thu, 19 Nov 2020 20:04:18 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Fri, 16 Sep 2022 02:18:31 GMT

GET
H2 200 default.css
www.google.com/cse/static/style/look/v4/ 4 KB
2 KB 36ms
7ms Stylesheet
text/css 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/style/look/v4/default.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 19 Sep 2021 00:51:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1209
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1345
x-xss-protection: 0
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/css
cache-control: public, max-age=3000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Sun, 19 Sep 2021 01:41:28 GMT

GET
H2 200 embed.js Show response
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ 2 KB
1 KB 688ms
626ms Script
application/javascript 151.101.130.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
Requested by: Host: redirectauth0-citichecking.cloudns.nz
URL: https://redirectauth0-citichecking.cloudns.nz/fck/login1.php?tAuv5dvJq1wY1ujusb1aOspduObU3Pzp5ePAH76BTTW3fhbuX155MbZF8wI4wylrtgpU9rvxrY8UN5SXEdIqJZCTo6wdE0P8n9g4y8mK3lbb2x1B18Z4zWYwiwDNkWJXcqlJk5RTFMokidXsrhLV2l=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 192755281f9111ab47b54e69e7a12256f74298f4911693d0ad8e73e2a39bcb49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-version-id: f8XgzYE.HPXfzl9bQJQVe.S_LqlZC5r5
content-encoding: gzip
etag: "6e8bfafe2c05a47c93686d2d53c6edcc"
age: 0
via: 1.1 varnish
x-cache: HIT
content-length: 675
x-amz-id-2: hi3sNJfUThSY3hq2P+UIGYl/MqKZbZU5vxE+LQZz+7E1dwTHIZsQt4QiXm7wYxw/o5x1PnaIQcI=
x-served-by: cache-fra19177-FRA
last-modified: Tue, 14 Sep 2021 21:12:01 GMT
server: AmazonS3
x-timer: S1632013898.687806,VS0,VE620
date: Sun, 19 Sep 2021 01:11:38 GMT
vary: Accept-Encoding
x-amz-request-id: 14S1NJ20RKA1PBW8
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/ 2 KB
2 KB 44ms
20ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1608659919652&cv=9&fst=1608659919652&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=1&u_tz=360&u_java=false&u_nplug=3&u_nmime=4&gtm=2oabu0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&tiba=Citibank%20Online&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

777fb48e28793d6d2d12da50165024a643bd3b7742b4496d8834cab36985be33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Sep 2021 01:11:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1018
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/ 2 KB
1 KB 44ms
21ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1608659919663&cv=9&fst=1608659919663&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=1&u_tz=360&u_java=false&u_nplug=3&u_nmime=4&gtm=2oabu0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&tiba=Citibank%20Online&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1f75685644ff9e60d64731513e3d0c1fcb7f347427c2bc05208103421059d5ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Sep 2021 01:11:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1019
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 citilogoredesign.png
online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 2 KB
3 KB 355ms
46ms Image
image/png 104.92.75.138
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/citilogoredesign.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.92.75.138 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-92-75-138.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-length: 1799
x-xss-protection: 1; mode=block
expires: Sun, 19 Sep 2021 07:11:37 GMT
last-modified: Mon, 23 Aug 2021 04:18:59 GMT
server: nginx
x-akamai-citisite: SWDC
x-frame-options: DENY
date: Sun, 19 Sep 2021 01:11:37 GMT
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
content-type: image/png
access-control-allow-origin
x-vcap-request-id: c4da89f7-00ed-479f-50ff-9135eea56967
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 050-location@2x.svg
online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 2 KB
2 KB 922ms
614ms Image
image/svg+xml 104.92.75.138
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/050-location@2x.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.92.75.138 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-92-75-138.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

sid: 327c6106-cabe-4494-8df3-aa3de6d7947b
content-encoding: gzip
x-content-type-options: nosniff
nonce: 4344291859125485
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
dclocation: SW1DMS
content-length: 758
x-xss-protection: 1; mode=block
uuid: 83db69d5-3964-4fc5-a830-41e52f481ccb
expires: Sun, 19 Sep 2021 07:11:38 GMT
last-modified: Mon, 23 Aug 2021 04:18:59 GMT
server: nginx
x-akamai-citisite: SWDC
x-frame-options: DENY
date: Sun, 19 Sep 2021 01:11:38 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
content-type: image/svg+xml
access-control-allow-origin
x-vcap-request-id: ca6f5b38-fa96-41a7-67f1-aa3b229a73c2
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
scope: VISITOR
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H/1.1 200
OK icon_globe_med-grey@2x.svg
www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 3 KB
3 KB 148ms
13ms Image
image/svg+xml 104.89.31.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/icon_globe_med-grey@2x.svg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.89.31.32 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-89-31-32.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Sid: d8041ad8-ccec-45fa-9070-3d432957faeb
Content-Encoding: gzip
ETag: W/"dc3-17b71bf4a58"
Nonce: 6819849842166746
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Connection: keep-alive
Content-Length: 1419
X-Xss-Protection: 1; mode=block
Uuid: f1fa3f08-7adf-4bf7-ae4d-a139c9840bb0
Last-Modified: Mon, 23 Aug 2021 06:42:47 GMT
Server: nginx
Cache-Control: public, no-transform, max-age=21600
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Sun, 19 Sep 2021 01:11:37 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
Content-Type: image/svg+xml
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: 3736ecde-8d7d-419e-74c0-c78787fcb522
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Scope: VISITOR
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
X-Content-Type-Options: nosniff
Dclocation: GT1DMS
Expires: Sun, 19 Sep 2021 07:11:37 GMT

GET
H2 200 1200px-Hamburger_icon.svg.png
upload.wikimedia.org/wikipedia/commons/thumb/b/b2/Hamburger_icon.svg/ 14 KB
15 KB 44ms
16ms Image
image/png 2620:0:862:ed1a::2:b
WIKIMEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://upload.wikimedia.org/wikipedia/commons/thumb/b/b2/Hamburger_icon.svg/1200px-Hamburger_icon.svg.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:0:862:ed1a::2:b , United States, ASN14907 (WIKIMEDIA, US),

Reverse DNS

Software

ATS/8.0.8 /

Resource Hash

e910e4210656ac060466b5b37c7a45e707fa0fdfc73250851d2cc5c82ccb8939

Security Headers

Name	Value
Strict-Transport-Security	max-age=106384710; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 18 Sep 2021 22:18:58 GMT
nel: { "report_to": "wm_nel", "max_age": 86400, "failure_fraction": 0.05, "success_fraction": 0.0}
age: 10359
x-cache-status: hit-front
x-cache: cp3061 hit, cp3057 hit/4
content-disposition: inline;filename*=UTF-8''Hamburger_icon.svg.png
server-timing: cache;desc="hit-front", host;desc="cp3057"
content-length: 14199
x-client-ip: 2a0f:9441:5:0:e3::1
x-object-meta-sha1base36: cahm2nlb65f2xcizmgouz9b2duv16ya
last-modified: Fri, 31 Mar 2017 13:01:56 GMT
server: ATS/8.0.8
etag: 79b18a5d205cdebc264fc06817b73584
strict-transport-security: max-age=106384710; includeSubDomains; preload
report-to: { "group": "wm_nel", "max_age": 86400, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
content-type: image/png
access-control-allow-origin: *
x-timestamp: 1490965315.47926
permissions-policy: interest-cohort=()
accept-ranges: bytes
timing-allow-origin: *
access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache

GET
H2 200 HP8764_H2.jpg
online.citi.com/JRS/banners/hero_background/ 196 KB
197 KB 841ms
533ms Image
image/jpeg 104.92.75.138
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/hero_background/HP8764_H2.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.92.75.138 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-92-75-138.deploy.static.akamaitechnologies.com

Software

Resource Hash

6f76589585a8e6aa963b9d8383c6369dee410c68ef8fbef5df7abef4b6ce5fa1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 19 Sep 2021 01:11:38 GMT
last-modified: Thu, 08 Oct 2020 21:56:16 GMT
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 200475
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 7717_HYCA_ME_m1m73up.jpg
online.citi.com/JRS/banners/modules/ 49 KB
50 KB 959ms
652ms Image
image/jpeg 104.92.75.138
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/7717_HYCA_ME_m1m73up.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.92.75.138 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-92-75-138.deploy.static.akamaitechnologies.com

Software

Resource Hash

cf8c82bd56c521ac3910c3910afd8e51ba3fd7cb1f9ec15e9b6ca73c2b44c65d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 19 Sep 2021 01:11:38 GMT
last-modified: Fri, 16 Jul 2021 16:05:20 GMT
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 50262
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 HP418_M.jpg
online.citi.com/JRS/banners/modules/ 52 KB
53 KB 968ms
661ms Image
image/jpeg 104.92.75.138
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/HP418_M.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.92.75.138 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-92-75-138.deploy.static.akamaitechnologies.com

Software

Resource Hash

a3416b46058d11b22ed1862dbdc23227620ab579248b3fc9ead8dfdc0a5beb2f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 19 Sep 2021 01:11:38 GMT
last-modified: Fri, 16 Jul 2021 16:04:44 GMT
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 53475
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 M1-M7_DoubleCash.jpg
online.citi.com/JRS/banners/modules/ 21 KB
21 KB 892ms
585ms Image
image/jpeg 104.92.75.138
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/M1-M7_DoubleCash.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.92.75.138 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-92-75-138.deploy.static.akamaitechnologies.com

Software

Resource Hash

e8083753fb5c831319d97aea7f3e2fbafb4e30c01e86f41ca32489fa00b9d0b2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 19 Sep 2021 01:11:38 GMT
last-modified: Fri, 16 Jul 2021 16:04:56 GMT
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 21180
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 HP7643_M.jpg
online.citi.com/JRS/banners/modules/ 52 KB
53 KB 561ms
559ms Image
image/jpeg 104.92.75.138
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/HP7643_M.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.92.75.138 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-92-75-138.deploy.static.akamaitechnologies.com

Software

Resource Hash

217c90f4a8d721022603bb5594aeb922b3a855a0a22a967c2531f94b89914d91

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 19 Sep 2021 01:11:38 GMT
last-modified: Fri, 16 Jul 2021 16:04:54 GMT
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 53152
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 528-Citibank_Illustrations_Article_01.jpg
online.citi.com/JRS/banners/modules/ 14 KB
14 KB 77ms
76ms Image
image/jpeg 104.92.75.138
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/528-Citibank_Illustrations_Article_01.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.92.75.138 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-92-75-138.deploy.static.akamaitechnologies.com

Software

Resource Hash

716687b3c43deb80210c8a8992a264dd53e7b4e71d81f6406d9e90ba0e6c9107

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 19 Sep 2021 01:11:38 GMT
last-modified: Fri, 16 Jul 2021 16:04:34 GMT
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 14137
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 HP8564_M.jpg
online.citi.com/JRS/banners/modules/ 71 KB
72 KB 833ms
832ms Image
image/jpeg 104.92.75.138
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/HP8564_M.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.92.75.138 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-92-75-138.deploy.static.akamaitechnologies.com

Software

Resource Hash

c193d1d0ed44d73f08a6e23c949d9ee2126b1d487ef9c0aa5c4e9cf47c3a1a84

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 19 Sep 2021 01:11:38 GMT
last-modified: Fri, 16 Jul 2021 16:04:54 GMT
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 72898
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 googlePlay@3x.png
online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 24 KB
25 KB 752ms
751ms Image
image/png 104.92.75.138
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/googlePlay@3x.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.92.75.138 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-92-75-138.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

a079bb0d5590826bcc664715122004dff51e76c79608bc29f586c9388b623b77

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-length: 25077
x-xss-protection: 1; mode=block
expires: Sun, 19 Sep 2021 07:11:38 GMT
last-modified: Mon, 23 Aug 2021 04:18:59 GMT
server: nginx
x-akamai-citisite: SWDC
x-frame-options: DENY
date: Sun, 19 Sep 2021 01:11:38 GMT
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
content-type: image/png
access-control-allow-origin
x-vcap-request-id: 7081696c-59b5-4e29-41a0-6f2f2305d0b4
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 appStore@3x.png
online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 20 KB
21 KB 733ms
732ms Image
image/png 104.92.75.138
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/appStore@3x.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.92.75.138 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-92-75-138.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

87c763c6b05015e55915d0a1e6647e4e5d0b996e78d79e1afe228dd33b68e65b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-length: 20047
x-xss-protection: 1; mode=block
expires: Sun, 19 Sep 2021 07:11:38 GMT
last-modified: Mon, 23 Aug 2021 04:18:59 GMT
server: nginx
x-akamai-citisite: SWDC
x-frame-options: DENY
date: Sun, 19 Sep 2021 01:11:38 GMT
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
content-type: image/png
access-control-allow-origin
x-vcap-request-id: 0043256e-2069-4873-4b40-8e176c59f27b
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 social-media_facebook@3x.png
online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 445 B
1 KB 743ms
742ms Image
image/png 104.92.75.138
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/social-media_facebook@3x.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.92.75.138 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-92-75-138.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-length: 445
x-xss-protection: 1; mode=block
expires: Sun, 19 Sep 2021 07:11:38 GMT
last-modified: Mon, 23 Aug 2021 04:18:59 GMT
server: nginx
x-akamai-citisite: SWDC
x-frame-options: DENY
date: Sun, 19 Sep 2021 01:11:38 GMT
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
content-type: image/png
access-control-allow-origin
x-vcap-request-id: 331e6c89-4258-4034-7b1b-8dce34ff7561
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 social-media_twitter@3x.png
online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 1 KB
2 KB 607ms
606ms Image
image/png 104.92.75.138
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/social-media_twitter@3x.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.92.75.138 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-92-75-138.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-length: 1277
x-xss-protection: 1; mode=block
expires: Sun, 19 Sep 2021 07:11:38 GMT
last-modified: Mon, 23 Aug 2021 04:18:59 GMT
server: nginx
x-akamai-citisite: SWDC
x-frame-options: DENY
date: Sun, 19 Sep 2021 01:11:38 GMT
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
content-type: image/png
access-control-allow-origin
x-vcap-request-id: 729e0ac9-4576-47ff-6979-da49b87b2cae
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 social-media_youtube@3x.png
online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 1 KB
2 KB 667ms
666ms Image
image/png 104.92.75.138
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/social-media_youtube@3x.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.92.75.138 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-92-75-138.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-length: 1175
x-xss-protection: 1; mode=block
expires: Sun, 19 Sep 2021 07:11:38 GMT
last-modified: Mon, 23 Aug 2021 04:18:59 GMT
server: nginx
x-akamai-citisite: SWDC
x-frame-options: DENY
date: Sun, 19 Sep 2021 01:11:38 GMT
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
content-type: image/png
access-control-allow-origin
x-vcap-request-id: 3b2d79f2-6e40-4e25-60f4-02b3839b7396
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H/1.1 404
Not Found 320_Citi-PLT@3x.png
redirectauth0-citichecking.cloudns.nz/fck/cbol-pre-login-static-assets/citi-branding-assets/images/ 315 B
315 B 112ms
112ms Image
text/html 34.121.156.86
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redirectauth0-citichecking.cloudns.nz/fck/cbol-pre-login-static-assets/citi-branding-assets/images/320_Citi-PLT@3x.png
Requested by: Host: redirectauth0-citichecking.cloudns.nz
URL: https://redirectauth0-citichecking.cloudns.nz/fck/login1.php?tAuv5dvJq1wY1ujusb1aOspduObU3Pzp5ePAH76BTTW3fhbuX155MbZF8wI4wylrtgpU9rvxrY8UN5SXEdIqJZCTo6wdE0P8n9g4y8mK3lbb2x1B18Z4zWYwiwDNkWJXcqlJk5RTFMokidXsrhLV2l=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.121.156.86 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 86.156.121.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: redirectauth0-citichecking.cloudns.nz
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://redirectauth0-citichecking.cloudns.nz/fck/login1.php?tAuv5dvJq1wY1ujusb1aOspduObU3Pzp5ePAH76BTTW3fhbuX155MbZF8wI4wylrtgpU9rvxrY8UN5SXEdIqJZCTo6wdE0P8n9g4y8mK3lbb2x1B18Z4zWYwiwDNkWJXcqlJk5RTFMokidXsrhLV2l=
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/fck/login1.php?tAuv5dvJq1wY1ujusb1aOspduObU3Pzp5ePAH76BTTW3fhbuX155MbZF8wI4wylrtgpU9rvxrY8UN5SXEdIqJZCTo6wdE0P8n9g4y8mK3lbb2x1B18Z4zWYwiwDNkWJXcqlJk5RTFMokidXsrhLV2l=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sun, 19 Sep 2021 01:11:37 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 1440_Citi-PLT@3x.png
online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 27 KB
29 KB 133ms
132ms Image
image/png 104.92.75.138
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/1440_Citi-PLT@3x.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.92.75.138 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-92-75-138.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-length: 28149
x-xss-protection: 1; mode=block
expires: Sun, 19 Sep 2021 07:11:38 GMT
last-modified: Mon, 23 Aug 2021 06:42:47 GMT
server: nginx
x-akamai-citisite: GTDC
x-frame-options: DENY
date: Sun, 19 Sep 2021 01:11:38 GMT
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
content-type: image/png
access-control-allow-origin
x-vcap-request-id: 951d74b2-dd74-474c-4c53-4211ca8410bb
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 204 0
bat.bing.com/action/ 0
313 B 68ms
29ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=16003743&Ver=2&mid=34ee05cc-a481-4210-bcbb-3b2a22295c09&sid=290dd2e043b711eb882a591d5e6a23c3&vid=8e858e4036e611eb9397f9ea92600a60&vids=0&pi=1200101525&lg=en-US&sw=1920&sh=1080&sc=24&tl=Citibank%20Online&p=https%3A%2F%2Fwww.citi.com%2F&r=&lt=7127&evt=pageLoad&msclkid=N&sv=1&rn=271722
Requested by: Host: redirectauth0-citichecking.cloudns.nz
URL: https://redirectauth0-citichecking.cloudns.nz/fck/login1.php?tAuv5dvJq1wY1ujusb1aOspduObU3Pzp5ePAH76BTTW3fhbuX155MbZF8wI4wylrtgpU9rvxrY8UN5SXEdIqJZCTo6wdE0P8n9g4y8mK3lbb2x1B18Z4zWYwiwDNkWJXcqlJk5RTFMokidXsrhLV2l=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Sun, 19 Sep 2021 01:11:37 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: B96212F80F31460AADC501CFE81D9D2B Ref B: FRAEDGE1507 Ref C: 2021-09-19T01:11:37Z
x-cache: CONFIG_NOCACHE
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 0
bat.bing.com/action/ 0
202 B 30ms
30ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=16003743&Ver=2&mid=34ee05cc-a481-4210-bcbb-3b2a22295c09&sid=290dd2e043b711eb882a591d5e6a23c3&vid=8e858e4036e611eb9397f9ea92600a60&vids=0&ea=Application&evt=custom&msclkid=N&rn=480075
Requested by: Host: redirectauth0-citichecking.cloudns.nz
URL: https://redirectauth0-citichecking.cloudns.nz/fck/login1.php?tAuv5dvJq1wY1ujusb1aOspduObU3Pzp5ePAH76BTTW3fhbuX155MbZF8wI4wylrtgpU9rvxrY8UN5SXEdIqJZCTo6wdE0P8n9g4y8mK3lbb2x1B18Z4zWYwiwDNkWJXcqlJk5RTFMokidXsrhLV2l=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Sun, 19 Sep 2021 01:11:37 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: F3F44A1388964B89913E94BF4D28FCD0 Ref B: FRAEDGE1507 Ref C: 2021-09-19T01:11:37Z
x-cache: CONFIG_NOCACHE
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 0
bat.bing.com/action/ 0
94 B 30ms
29ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=16001692&Ver=2&mid=8936f9d9-a058-48c7-b3bb-647f9b931c9f&sid=290dd2e043b711eb882a591d5e6a23c3&vid=8e858e4036e611eb9397f9ea92600a60&vids=0&pi=1200101525&lg=en-US&sw=1920&sh=1080&sc=24&tl=Citibank%20Online&p=https%3A%2F%2Fwww.citi.com%2F&r=&lt=7127&evt=pageLoad&msclkid=N&sv=1&rn=429226
Requested by: Host: redirectauth0-citichecking.cloudns.nz
URL: https://redirectauth0-citichecking.cloudns.nz/fck/login1.php?tAuv5dvJq1wY1ujusb1aOspduObU3Pzp5ePAH76BTTW3fhbuX155MbZF8wI4wylrtgpU9rvxrY8UN5SXEdIqJZCTo6wdE0P8n9g4y8mK3lbb2x1B18Z4zWYwiwDNkWJXcqlJk5RTFMokidXsrhLV2l=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Sun, 19 Sep 2021 01:11:37 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 6F3A4276D23B4CDB98661F85D269F816 Ref B: FRAEDGE1507 Ref C: 2021-09-19T01:11:37Z
x-cache: CONFIG_NOCACHE
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 1592741950571_CTA_Feedback(final).png
resources.digital-cloud-citi.medallia.com/wdcusciti/50/resources/image/ 2 KB
2 KB 634ms
633ms Image
image/png 151.101.130.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/resources/image/1592741950571_CTA_Feedback(final).png
Requested by: Host: redirectauth0-citichecking.cloudns.nz
URL: https://redirectauth0-citichecking.cloudns.nz/fck/login1.php?tAuv5dvJq1wY1ujusb1aOspduObU3Pzp5ePAH76BTTW3fhbuX155MbZF8wI4wylrtgpU9rvxrY8UN5SXEdIqJZCTo6wdE0P8n9g4y8mK3lbb2x1B18Z4zWYwiwDNkWJXcqlJk5RTFMokidXsrhLV2l=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 25f4eeb23f67fe1d74534ed37230ecd54ab4f57524276970dcbeaaf3b0fc64f9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-version-id: Yu5KFpG13jOL6lsHUOzbaMYLsyQXTr7u
content-encoding: gzip
etag: "e6ed675f115fb1568bb1aabc00aa3f30"
age: 0
via: 1.1 varnish
x-cache: HIT
content-length: 2219
x-amz-id-2: LocxMUrHjLDPYwpIgaCAr32Dk3q529ClV3TcpX+g8OH1BevEzX7HgkRUxUO7PJlCHwxoV8j40ZM=
x-served-by: cache-fra19177-FRA
last-modified: Sun, 21 Jun 2020 12:19:35 GMT
server: AmazonS3
x-timer: S1632013898.703069,VS0,VE627
date: Sun, 19 Sep 2021 01:11:38 GMT
vary: Accept-Encoding
x-amz-request-id: W0MPKJD0GS8TSERA
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: image/png
x-cache-hits: 1

GET
H/1.1 200
OK whois Show response
killbot.org/api/v2/ 265 B
1021 B 484ms
164ms Fetch
application/json 45.63.85.138
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: https://killbot.org/api/v2/whois?apikey=bMIU64-sFcycv4MRtmkaJVwXzSpoGeDnSGOU_4LpXC91t
Requested by: Host: files.killbot.org
URL: https://files.killbot.org/.cdn-cgi/killbot-security.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 45.63.85.138 San Jose, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: 45.63.85.138.vultr.com
Software: nginx /
Resource Hash: 29635461a6371a60b6e8e2d516e2997d86a96098f69ac3e4b02f16a29be78299

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 19 Sep 2021 01:11:38 GMT
Server: nginx
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: POST, GET
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Transfer-Encoding: chunked
Bug-Bounty: Report to live chat :)
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 cse_element__de.js Show response
www.google.com/cse/static/element/b54a745638da8bbb/ 280 KB
92 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/b54a745638da8bbb/cse_element__de.js?usqp=CAI%3D

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=009695499870347544712:e3dyicpbrwu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

37c3ee1cf5ea40bba6290222162d2519c2c037f90538cb7d4327fcff734ced86

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 16 Sep 2021 13:41:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 214210
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 94157
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 17:07:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Fri, 16 Sep 2022 13:41:28 GMT

GET
H2 200 default+de.css
www.google.com/cse/static/element/b54a745638da8bbb/ 41 KB
41 KB 8ms
8ms Stylesheet
text/css 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/b54a745638da8bbb/default+de.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=009695499870347544712:e3dyicpbrwu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4c1355d27b14881a055e00a4a2afa4608b452c9780ac5c61e1b8f9fd55fa3e1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 16 Sep 2021 13:41:27 GMT
x-content-type-options: nosniff
age: 214211
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41474
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 17:07:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="prose-team"
expires: Fri, 16 Sep 2022 13:41:27 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/644574043/ 42 B
340 B 17ms
17ms Image
image/gif 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/644574043/?random=1608659919652&cv=9&fst=1608656400000&num=1&bg=ffffff&guid=ON&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=1&u_tz=360&u_java=false&u_nplug=3&u_nmime=4&gtm=2oabu0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=260078498&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Sep 2021 01:11:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.se/pagead/1p-user-list/644574043/ 42 B
569 B 42ms
19ms Image
image/gif 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.se/pagead/1p-user-list/644574043/?random=1608659919652&cv=9&fst=1608656400000&num=1&bg=ffffff&guid=ON&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=1&u_tz=360&u_java=false&u_nplug=3&u_nmime=4&gtm=2oabu0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=260078498&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Sep 2021 01:11:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/644574043/ 42 B
108 B 18ms
18ms Image
image/gif 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/644574043/?random=1608659919663&cv=9&fst=1608656400000&num=1&bg=ffffff&guid=ON&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=1&u_tz=360&u_java=false&u_nplug=3&u_nmime=4&gtm=2oabu0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=3364873478&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Sep 2021 01:11:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.se/pagead/1p-user-list/644574043/ 42 B
108 B 47ms
24ms Image
image/gif 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.se/pagead/1p-user-list/644574043/?random=1608659919663&cv=9&fst=1608656400000&num=1&bg=ffffff&guid=ON&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=1&u_tz=360&u_java=false&u_nplug=3&u_nmime=4&gtm=2oabu0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=3364873478&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 19 Sep 2021 01:11:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 451 425466.html Show response
sr.rlcdn.com/ Frame 02FB 0
66 B 181ms
113ms Document
text/plain 35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Requested by: Host: redirectauth0-citichecking.cloudns.nz
URL: https://redirectauth0-citichecking.cloudns.nz/fck/login1.php?tAuv5dvJq1wY1ujusb1aOspduObU3Pzp5ePAH76BTTW3fhbuX155MbZF8wI4wylrtgpU9rvxrY8UN5SXEdIqJZCTo6wdE0P8n9g4y8mK3lbb2x1B18Z4zWYwiwDNkWJXcqlJk5RTFMokidXsrhLV2l=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: sr.rlcdn.com
:scheme: https
:path: /425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://redirectauth0-citichecking.cloudns.nz/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/

Response headers

date: Sun, 19 Sep 2021 01:11:38 GMT
content-length: 0
via: 1.1 google
alt-svc: clear

GET
H2 404 search.svg
online.citi.com/citi-branding-assets/images/ 0
0 523ms
522ms Image
text/html 104.92.75.138
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online.citi.com/citi-branding-assets/images/search.svg
Requested by: Host: redirectauth0-citichecking.cloudns.nz
URL: https://redirectauth0-citichecking.cloudns.nz/fck/login1.php?tAuv5dvJq1wY1ujusb1aOspduObU3Pzp5ePAH76BTTW3fhbuX155MbZF8wI4wylrtgpU9rvxrY8UN5SXEdIqJZCTo6wdE0P8n9g4y8mK3lbb2x1B18Z4zWYwiwDNkWJXcqlJk5RTFMokidXsrhLV2l=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.92.75.138 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-75-138.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 918 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e90fb0eba512ed6473f6fb8acf4cd09b38732f150f43c396246c12bb2aacbb67

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=US-ASCII

GET
H/1.1 404
Not Found Citi-Branding-Sprite.png
redirectauth0-citichecking.cloudns.nz/fck/assets/branding/ 315 B
315 B 112ms
112ms Image
text/html 34.121.156.86
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://redirectauth0-citichecking.cloudns.nz/fck/assets/branding/Citi-Branding-Sprite.png
Requested by: Host: redirectauth0-citichecking.cloudns.nz
URL: https://redirectauth0-citichecking.cloudns.nz/fck/login1.php?tAuv5dvJq1wY1ujusb1aOspduObU3Pzp5ePAH76BTTW3fhbuX155MbZF8wI4wylrtgpU9rvxrY8UN5SXEdIqJZCTo6wdE0P8n9g4y8mK3lbb2x1B18Z4zWYwiwDNkWJXcqlJk5RTFMokidXsrhLV2l=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.121.156.86 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 86.156.121.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: redirectauth0-citichecking.cloudns.nz
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://redirectauth0-citichecking.cloudns.nz/fck/login1.php?tAuv5dvJq1wY1ujusb1aOspduObU3Pzp5ePAH76BTTW3fhbuX155MbZF8wI4wylrtgpU9rvxrY8UN5SXEdIqJZCTo6wdE0P8n9g4y8mK3lbb2x1B18Z4zWYwiwDNkWJXcqlJk5RTFMokidXsrhLV2l=
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/fck/login1.php?tAuv5dvJq1wY1ujusb1aOspduObU3Pzp5ePAH76BTTW3fhbuX155MbZF8wI4wylrtgpU9rvxrY8UN5SXEdIqJZCTo6wdE0P8n9g4y8mK3lbb2x1B18Z4zWYwiwDNkWJXcqlJk5RTFMokidXsrhLV2l=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sun, 19 Sep 2021 01:11:38 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 Interstate-Light.woff
online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 74 KB
75 KB 839ms
825ms Font
font/woff 104.92.75.138
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.92.75.138 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-92-75-138.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://redirectauth0-citichecking.cloudns.nz/
Origin: https://redirectauth0-citichecking.cloudns.nz
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

sid: d5ea5207-9907-47b9-b2e2-df53e2f684e4
strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
x-content-type-options: nosniff
nonce: 6333469472076792
dclocation: SW1DMS
content-length: 75538
x-xss-protection: 1; mode=block
uuid: 171153b4-db79-4433-95c0-f0047bb610e3
expires: Sun, 19 Sep 2021 07:11:39 GMT
last-modified: Mon, 23 Aug 2021 04:18:59 GMT
server: nginx
x-akamai-citisite: SWDC
x-frame-options: DENY
date: Sun, 19 Sep 2021 01:11:39 GMT
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
content-type: font/woff
access-control-allow-origin: https://redirectauth0-citichecking.cloudns.nz
x-vcap-request-id: 4aa779c0-3667-429a-6790-3515bed84285
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
scope: VISITOR
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H/1.1 404
Not Found Interstate-Bold.woff
redirectauth0-citichecking.cloudns.nz/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0 112ms
111ms Font
text/html 34.121.156.86
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://redirectauth0-citichecking.cloudns.nz/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff
Requested by: Host: redirectauth0-citichecking.cloudns.nz
URL: https://redirectauth0-citichecking.cloudns.nz/fck/css/styles.b03f48c37f713682a724.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.121.156.86 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 86.156.121.34.bc.googleusercontent.com
Software: Apache /
Resource Hash

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://redirectauth0-citichecking.cloudns.nz
Accept-Encoding: gzip, deflate, br
Host: redirectauth0-citichecking.cloudns.nz
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://redirectauth0-citichecking.cloudns.nz/fck/css/styles.b03f48c37f713682a724.css
Connection: keep-alive
Referer: https://redirectauth0-citichecking.cloudns.nz/fck/css/styles.b03f48c37f713682a724.css
Origin: https://redirectauth0-citichecking.cloudns.nz
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sun, 19 Sep 2021 01:11:38 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK 63068 Show response
stags.bluekai.com/site/ Frame 07F1 71 B
338 B 479ms
393ms Document
text/html 104.89.42.102
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://stags.bluekai.com/site/63068?ret=html&phint=language%3D&phint=product%3D&phint=event&phint=category%3D&phint=page%3D&phint=section1%3D&phint=section2%3D&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DCitibank%20Online&phint=__bk_k%3D&phint=__bk_l%3Dhttps%3A%2F%2Fwww.citi.com%2F&phint=__bk_v%3D3.1.7&limit=10&r=60521226
Requested by: Host: redirectauth0-citichecking.cloudns.nz
URL: https://redirectauth0-citichecking.cloudns.nz/fck/login1.php?tAuv5dvJq1wY1ujusb1aOspduObU3Pzp5ePAH76BTTW3fhbuX155MbZF8wI4wylrtgpU9rvxrY8UN5SXEdIqJZCTo6wdE0P8n9g4y8mK3lbb2x1B18Z4zWYwiwDNkWJXcqlJk5RTFMokidXsrhLV2l=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.42.102 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-42-102.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 53350525edba0b889e87ea52a16ed843a928a2557e9f8d6747acd7ff991c95c3

Request headers

Host: stags.bluekai.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://redirectauth0-citichecking.cloudns.nz/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/

Response headers

Content-Type: text/html
Content-Length: 71
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
BK-Server: de6d
Date: Sun, 19 Sep 2021 01:11:38 GMT
Connection: keep-alive
X-N: S

GET
H/1.1 404
Not Found Interstate-Bold.ttf
redirectauth0-citichecking.cloudns.nz/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0 112ms
112ms Font
text/html 34.121.156.86
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://redirectauth0-citichecking.cloudns.nz/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf
Requested by: Host: redirectauth0-citichecking.cloudns.nz
URL: https://redirectauth0-citichecking.cloudns.nz/fck/css/styles.b03f48c37f713682a724.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.121.156.86 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 86.156.121.34.bc.googleusercontent.com
Software: Apache /
Resource Hash

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://redirectauth0-citichecking.cloudns.nz
Accept-Encoding: gzip, deflate, br
Host: redirectauth0-citichecking.cloudns.nz
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://redirectauth0-citichecking.cloudns.nz/fck/css/styles.b03f48c37f713682a724.css
Connection: keep-alive
Referer: https://redirectauth0-citichecking.cloudns.nz/fck/css/styles.b03f48c37f713682a724.css
Origin: https://redirectauth0-citichecking.cloudns.nz
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sun, 19 Sep 2021 01:11:38 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=97
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 Interstate-Bold.ttf
online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 141 KB
72 KB 808ms
808ms Font
font/ttf 104.92.75.138
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.92.75.138 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-92-75-138.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

838582fa5444d52f30652783eb589a4e76f29b932b50af19b7a230f26c254825

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://redirectauth0-citichecking.cloudns.nz/
Origin: https://redirectauth0-citichecking.cloudns.nz
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

sid: d1960dae-612c-4817-8cab-2103729247c0
content-encoding: gzip
x-content-type-options: nosniff
nonce: 1984886528900491
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
dclocation: GT1DMS
content-length: 72474
x-xss-protection: 1; mode=block
uuid: 9b70c2f9-64fc-423f-b5c1-e8eb6f508ba1
expires: Sun, 19 Sep 2021 07:11:39 GMT
last-modified: Mon, 23 Aug 2021 06:42:47 GMT
server: nginx
x-akamai-citisite: GTDC
x-frame-options: DENY
date: Sun, 19 Sep 2021 01:11:39 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
content-type: font/ttf
access-control-allow-origin: https://redirectauth0-citichecking.cloudns.nz
x-vcap-request-id: a6910e80-f638-47d9-4c24-f145458abbab
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
scope: VISITOR
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H/1.1 401
Unauthorized blocker Show response
killbot.org/api/v2/ 146 B
911 B 164ms
164ms Fetch
application/json 45.63.85.138
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: https://killbot.org/api/v2/blocker?apikey=bMIU64-sFcycv4MRtmkaJVwXzSpoGeDnSGOU_4LpXC91t&ip=91.199.118.155&ua=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/92.0.4515.159%20Safari/537.36&url=?tAuv5dvJq1wY1ujusb1aOspduObU3Pzp5ePAH76BTTW3fhbuX155MbZF8wI4wylrtgpU9rvxrY8UN5SXEdIqJZCTo6wdE0P8n9g4y8mK3lbb2x1B18Z4zWYwiwDNkWJXcqlJk5RTFMokidXsrhLV2l=
Requested by: Host: files.killbot.org
URL: https://files.killbot.org/.cdn-cgi/killbot-security.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 45.63.85.138 San Jose, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: 45.63.85.138.vultr.com
Software: nginx /
Resource Hash: 9999f5dbf899307d8d9a37abda49b26efcfc6a7dd56cb09d2c172aa4093955f1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 19 Sep 2021 01:11:38 GMT
Server: nginx
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: POST, GET
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Transfer-Encoding: chunked
Bug-Bounty: Report to live chat :)
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 generic1631653920531.js Show response
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ 517 KB
87 KB 612ms
612ms Script
application/javascript 151.101.130.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1631653920531.js
Requested by: Host: resources.digital-cloud-citi.medallia.com
URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 46e59ee2bc9446c494edf892a92a7ad114e4f02d4caaafe749622c25fdd11d18

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-version-id: eioO8bQ8fbPFxHN1tIuxjAxNfy_jHYzE
content-encoding: gzip
etag: "5bf80d73aab17795e47e4ecc39ef8448"
age: 0
via: 1.1 varnish
x-cache: HIT
content-length: 88321
x-amz-id-2: F9Q0GruQk95XsJihM3dqm4QLu12323TRllSfHkyNz19/ysYvrgThADZaPYywf2Oh8KSwRN5vFY0=
x-served-by: cache-fra19177-FRA
last-modified: Tue, 14 Sep 2021 21:12:01 GMT
server: AmazonS3
x-timer: S1632013899.284113,VS0,VE605
date: Sun, 19 Sep 2021 01:11:39 GMT
vary: Accept-Encoding
x-amz-request-id: DG2ZAAX6GCJME987
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1

GET
H2 200 cool-2.1.15.min.js Show response
nebula-cdn.kampyle.com/resources/onsite/js/ 14 KB
5 KB 39ms
6ms Script
application/javascript 151.101.193.175
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
Requested by: Host: resources.digital-cloud-citi.medallia.com
URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1631653920531.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.175 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-version-id: 9HCXbKZTbCJZkS8s9IuB.pE0JEvI0TGW
content-encoding: gzip
etag: "80dd5e3be5152c5c72d552c6a26ef6ff"
age: 0
via: 1.1 varnish
x-cache: HIT
x-amz-request-id: 82X80E56NEA3X14C
x-amz-id-2: GwG0/bWUh7RMGErJtrGYpfuOPwNZ9YJq6X7kuGUTjK4/ZJOh47K/hs42xL9BkQ9uXKq7iIB3xPY=
x-served-by: cache-fra19143-FRA
accept-ranges: bytes
last-modified: Sun, 24 Jan 2021 11:03:10 GMT
server: AmazonS3
x-timer: S1632013900.961509,VS0,VE0
date: Sun, 19 Sep 2021 01:11:39 GMT
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
content-length: 5197
x-cache-hits: 116999

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
318 B 119ms
97ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzkyLjAuNDUxNS4xNTkgU2FmYXJpLzUzNy4zNiIsInNlc3Npb25fcGxhdGZvcm0iOiAiTGludXggeDg2XzY0IiwidHJhY2tlcl90eXBlIjogImphdmFzY3JpcHQiLCJ0cmFja2VyX3ZlcnNpb24iOiAiMi4xLjE1IiwiZXZlbnRfbmFtZSI6ICJuZWJ1bGFfcGFnZV92aWV3IiwiZXZlbnRfdGltZXN0YW1wX2Vwb2NoIjogIjE2MzIwMTM4OTk5NzAiLCJldmVudF90aW1lem9uZV9vZmZzZXQiOiAwLCJ1c2VyX2lkIjogIjE3YmZiOWJkOGMwM2JhLTA3N2QxN2E2ZGUzZTM5LWMzNDMzNjUtMWQ0YzAwLTE3YmZiOWJkOGMxZDkwIiwiZW52aXJvbWVudCI6ICJkaWdpdGFsLWNsb3VkLXVzLWNpdGkiLCJhY2NvdW50SWQiOiA0OSwidXJsIjogImh0dHBzOi8vcmVkaXJlY3RhdXRoMC1jaXRpY2hlY2tpbmcuY2xvdWRucy5uei9mY2svbG9naW4xLnBocD90QXV2NWR2SnExd1kxdWp1c2IxYU9zcGR1T2JVM1B6cDVlUEFINzZCVFRXM2ZoYnVYMTU1TWJaRjh3STR3eWxydGdwVTlydnhyWThVTjVTWEVkSXFKWkNUbzZ3ZEUwUDhuOWc0eThtSzNsYmIyeDFCMThaNHpXWXdpd0ROa1dKWGNxbEprNVJURk1va2lkWHNyaExWMmw9Iiwid2Vic2l0ZUlkIjogNTAsImZvcm1JZCI6IG51bGwsImZvcm1UcmlnZ2VyVHlwZSI6IG51bGwsImthbXB5bGVfZGF0YSI6IHsiTEFTVF9JTlZJVEFUSU9OX1ZJRVciOiAiIiwiREVDTElORURfREFURSI6ICIiLCJrYW1weWxlSW52aXRlUHJlc2VudGVkIjogIiIsImthbXB5bGVfdXNlcmlkIjogIjJjNWYtNGFkZi1hYTZhLWVhMzItOTA3NC1jYjQ3LTRhZDEtMGJmMSIsImthbXB5bGVVc2VyU2Vzc2lvbiI6ICIxNjMyMDEzODk5OTM0Iiwia2FtcHlsZVVzZXJQZXJjZW50aWxlIjogIiIsIlNVQk1JVFRFRF9EQVRFIjogIiJ9LCJjb29raWVfc2l6ZSI6IDIwNCwia2FtcHlsZV92ZXJzaW9uIjogIjIuNDAuMCIsIm9uc2l0ZV92ZXJzaW9uIjogIjIuNDAuMCIsImhpc3RvcnlfbGVuZ3RoIjogMiwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTYzMjAxMzg5OTkzNiwicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2UsImZlZWRiYWNrX2NvcnJlbGF0aW9uX3V1aWQiOiBudWxsfQpdfQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirectauth0-citichecking.cloudns.nz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-me: prod-instance-gatewayservice-green-dg88
date: Sun, 19 Sep 2021 01:11:40 GMT
via: 1.1 google
server: Jetty(9.2.11.v20150529)
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-application-context: application:9090

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citibank (Banking)

43 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-19 21:20:14	Name: test_cookie Value: CheckForPermission
.bing.com/	1970-01-20 06:41:49	Name: MUID Value: 1667146B83FD69B7346204DC82966840
redirectauth0-citichecking.cloudns.nz/	1970-01-20 06:05:49	Name: mdLogger Value: false
redirectauth0-citichecking.cloudns.nz/	1970-01-20 06:05:49	Name: kampyle_userid Value: 2c5f-4adf-aa6a-ea32-9074-cb47-4ad1-0bf1
redirectauth0-citichecking.cloudns.nz/	1970-01-20 06:05:49	Name: kampyleUserSession Value: 1632013899934
redirectauth0-citichecking.cloudns.nz/	1970-01-20 06:05:49	Name: kampyleUserSessionsCount Value: 1
redirectauth0-citichecking.cloudns.nz/	1970-01-20 06:05:49	Name: kampyleSessionPageCounter Value: 1
.redirectauth0-citichecking.cloudns.nz/	1970-01-20 06:05:49	Name: cd_user_id Value: 17bfb9bd8c03ba-077d17a6de3e39-c343365-1d4c00-17bfb9bd8c1d90

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://redirectauth0-citichecking.cloudns.nz/fck/cbol-pre-login-static-assets/citi-branding-assets/images/320_Citi-PLT@3x.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://redirectauth0-citichecking.cloudns.nz/fck/assets/branding/Citi-Branding-Sprite.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://redirectauth0-citichecking.cloudns.nz/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709 Message: Failed to load resource: the server responded with a status of 451 ()
network	error	URL: https://redirectauth0-citichecking.cloudns.nz/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://killbot.org/api/v2/blocker?apikey=bMIU64-sFcycv4MRtmkaJVwXzSpoGeDnSGOU_4LpXC91t&ip=91.199.118.155&ua=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/92.0.4515.159%20Safari/537.36&url=?tAuv5dvJq1wY1ujusb1aOspduObU3Pzp5ePAH76BTTW3fhbuX155MbZF8wI4wylrtgpU9rvxrY8UN5SXEdIqJZCTo6wdE0P8n9g4y8mK3lbb2x1B18Z4zWYwiwDNkWJXcqlJk5RTFMokidXsrhLV2l= Message: Failed to load resource: the server responded with a status of 401 (Unauthorized)
network	error	URL: https://online.citi.com/citi-branding-assets/images/search.svg Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bat.bing.com
ci-mpsnare.iovation.com
cse.google.com
files.killbot.org
googleads.g.doubleclick.net
killbot.org
nebula-cdn.kampyle.com
online.citi.com
redirectauth0-citichecking.cloudns.nz
resources.digital-cloud-citi.medallia.com
sr.rlcdn.com
stags.bluekai.com
udc-neb.kampyle.com
upload.wikimedia.org
www.citi.com
www.google.com
www.google.se
104.89.31.32
104.89.42.102
104.92.75.138
151.101.130.133
151.101.193.175
2620:0:862:ed1a::2:b
2620:1ec:c11::200
2a00:1450:4001:80f::2002
2a00:1450:4001:80f::2004
2a00:1450:4001:827::200e
2a00:1450:4001:830::2003
34.121.156.86
35.190.60.146
35.241.45.82
45.63.85.138
54.69.159.212
051b18ffc03e4adc771ab9efa6549b8d28074acd494045ab628a324ebf00ce30
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed
13f7de72970d9a3b94fcc44a294dc8159489be5195d477a95fa85a026b38242c
192755281f9111ab47b54e69e7a12256f74298f4911693d0ad8e73e2a39bcb49
1f75685644ff9e60d64731513e3d0c1fcb7f347427c2bc05208103421059d5ba
217c90f4a8d721022603bb5594aeb922b3a855a0a22a967c2531f94b89914d91
25f4eeb23f67fe1d74534ed37230ecd54ab4f57524276970dcbeaaf3b0fc64f9
29635461a6371a60b6e8e2d516e2997d86a96098f69ac3e4b02f16a29be78299
3090163d8d4f6f5e97eee6f3499d3e86442d897f89dfde6b8e8c4d8d5116108d
37c3ee1cf5ea40bba6290222162d2519c2c037f90538cb7d4327fcff734ced86
3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1
46e59ee2bc9446c494edf892a92a7ad114e4f02d4caaafe749622c25fdd11d18
4c1355d27b14881a055e00a4a2afa4608b452c9780ac5c61e1b8f9fd55fa3e1e
53350525edba0b889e87ea52a16ed843a928a2557e9f8d6747acd7ff991c95c3
5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837
58d2fd4d0e35c6f1971869b55dc6e7f5124d52a37e605845818d0caca6c4999d
6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452
6f76589585a8e6aa963b9d8383c6369dee410c68ef8fbef5df7abef4b6ce5fa1
716687b3c43deb80210c8a8992a264dd53e7b4e71d81f6406d9e90ba0e6c9107
777fb48e28793d6d2d12da50165024a643bd3b7742b4496d8834cab36985be33
838582fa5444d52f30652783eb589a4e76f29b932b50af19b7a230f26c254825
87c763c6b05015e55915d0a1e6647e4e5d0b996e78d79e1afe228dd33b68e65b
9494e9aaa4363fcdd2994aabec2e1d4dee84d1ef1e25ddf14d80f364494671c1
9999f5dbf899307d8d9a37abda49b26efcfc6a7dd56cb09d2c172aa4093955f1
a079bb0d5590826bcc664715122004dff51e76c79608bc29f586c9388b623b77
a3416b46058d11b22ed1862dbdc23227620ab579248b3fc9ead8dfdc0a5beb2f
a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f
a82da19c93765f292df26b94ea166fb680d0fe1f39303340ac084d6c0ee206bf
aa73aeb9562ce165c106efc277454411c5b3353eec11450ad5f9a2ec78e109f1
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8
c193d1d0ed44d73f08a6e23c949d9ee2126b1d487ef9c0aa5c4e9cf47c3a1a84
ce705beb0592bc173dc659ad44c429088971440ef37e1678112aff7140e04a28
cf8c82bd56c521ac3910c3910afd8e51ba3fd7cb1f9ec15e9b6ca73c2b44c65d
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8083753fb5c831319d97aea7f3e2fbafb4e30c01e86f41ca32489fa00b9d0b2
e90fb0eba512ed6473f6fb8acf4cd09b38732f150f43c396246c12bb2aacbb67
e910e4210656ac060466b5b37c7a45e707fa0fdfc73250851d2cc5c82ccb8939
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296

redirectauth0-citichecking.cloudns.nz Open in urlscan Pro 34.121.156.86 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

53 Requests

100 %HTTPS

38 %IPv6

13 Domains

17 Subdomains

17 IPs

2 Countries

2638 kBTransfer

3501 kBSize

8 Cookies

1 Outgoing links

Redirected requests

53 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

redirectauth0-citichecking.cloudns.nz Open in urlscan Pro
34.121.156.86 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

53
Requests

100 %
HTTPS

38 %
IPv6

13
Domains

17
Subdomains

17
IPs

2
Countries

2638 kB
Transfer

3501 kB
Size

8
Cookies

53 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!