citizen04secure.ru Open in urlscan Pro
45.133.200.3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://citizen04secure.ru/login.php?online_id=376e67f66a79d74ae4d24ade6&country=&iso=
Submission: On November 12 via automatic, source phishtank (November 12th 2021, 7:12:13 am UTC) — Scanned from DE

Summary HTTP 60 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 17 IPs in 6 countries across 13 domains to perform 60 HTTP transactions. The main IP is 45.133.200.3, located in Seychelles and belongs to INTERNET-IT, SC. The main domain is citizen04secure.ru.

This is the only time citizen04secure.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citizens Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
9	45.133.200.3 45.133.200.3	200313 (INTERNET-IT) (INTERNET-IT)
3	18.195.42.228 18.195.42.228	16509 (AMAZON-02) (AMAZON-02)
22	184.24.5.179 184.24.5.179	16625 (AKAMAI-AS) (AKAMAI-AS)
2 5	108.128.120.92 108.128.120.92	16509 (AMAZON-02) (AMAZON-02)
2	178.249.97.23 178.249.97.23	11054 (LIVEPERSON) (LIVEPERSON)
2	15.236.176.210 15.236.176.210	16509 (AMAZON-02) (AMAZON-02)
2 2	54.194.191.134 54.194.191.134	16509 (AMAZON-02) (AMAZON-02)
1	2.16.186.56 2.16.186.56	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	13.224.186.64 13.224.186.64	16509 (AMAZON-02) (AMAZON-02)
3	178.249.97.99 178.249.97.99	11054 (LIVEPERSON) (LIVEPERSON)
3	151.101.193.175 151.101.193.175	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6812:e16	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	199.187.116.90 199.187.116.90	11054 (LIVEPERSON) (LIVEPERSON)
2	54.211.122.190 54.211.122.190	14618 (AMAZON-AES) (AMAZON-AES)
1	35.241.45.82 35.241.45.82	15169 (GOOGLE) (GOOGLE)
2	208.89.15.170 208.89.15.170	11054 (LIVEPERSON) (LIVEPERSON)
1	208.89.12.87 208.89.12.87	11054 (LIVEPERSON) (LIVEPERSON)
60	17

9 45.133.200.3 (Seychelles)

ASN200313 (INTERNET-IT, SC)
PTR: cpanel-host.prohoster.info

citizen04secure.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.195.42.228 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com

nexus.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 184.24.5.179 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-24-5-179.deploy.static.akamaitechnologies.com

www3.citizensbankonline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www4.citizensbankonline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 108.128.120.92 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-108-128-120-92.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.249.97.23 (United Kingdom)

ASN11054 (LIVEPERSON, US)

lptag.liveperson.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.236.176.210 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

metrics.citizensbank.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.194.191.134 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-191-134.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.16.186.56 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-56.deploy.static.akamaitechnologies.com

fast.citizensbank.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.224.186.64 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-186-64.fra2.r.cloudfront.net

cdn.appdynamics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 178.249.97.99 (United Kingdom)

ASN11054 (LIVEPERSON, US)
PTR: lo-accdn.lpsnmedia.net

accdn.lpsnmedia.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.193.175 (United States)

ASN54113 (FASTLY, US)

nebula-cdn.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:e16 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.glassboxcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.187.116.90 (United States)

ASN11054 (LIVEPERSON, US)
PTR: ca-lpcdn.lpsnmedia.net

lpcdn.lpsnmedia.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.211.122.190 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-211-122-190.compute-1.amazonaws.com

report.citizen.glassboxdigital.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.82 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 82.45.241.35.bc.googleusercontent.com

udc-neb.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 208.89.15.170 (United States)

ASN11054 (LIVEPERSON, US)
PTR: va.idp.liveperson.net

va.idp.liveperson.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 208.89.12.87 (United States)

ASN11054 (LIVEPERSON, US)
PTR: va.v.liveperson.net

va.v.liveperson.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	citizensbankonline.com www3.citizensbankonline.com www4.citizensbankonline.com	234 KB
9	citizen04secure.ru citizen04secure.ru	8 KB
6	demdex.net 2 redirects dpm.demdex.net fast.citizensbank.demdex.net	8 KB
5	lpsnmedia.net accdn.lpsnmedia.net lpcdn.lpsnmedia.net	34 KB
5	liveperson.net lptag.liveperson.net va.idp.liveperson.net va.v.liveperson.net	115 KB
4	kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com	95 KB
3	ensighten.com nexus.ensighten.com	92 KB
2	glassboxdigital.io report.citizen.glassboxdigital.io	2 KB
2	appdynamics.com cdn.appdynamics.com	58 KB
2	everesttech.net 2 redirects cm.everesttech.net	772 B
2	citizensbank.com metrics.citizensbank.com	5 KB
1	glassboxcdn.com cdn.glassboxcdn.com	112 KB
0	eum-appdynamics.com Failed pdx-col.eum-appdynamics.com Failed
60	13

	Domain	Requested by
21	www3.citizensbankonline.com	citizen04secure.ru www3.citizensbankonline.com
9	citizen04secure.ru	citizen04secure.ru
5	dpm.demdex.net	2 redirects citizen04secure.ru nexus.ensighten.com
3	nebula-cdn.kampyle.com	cdn.appdynamics.com
3	accdn.lpsnmedia.net	cdn.appdynamics.com lpcdn.lpsnmedia.net
3	nexus.ensighten.com	citizen04secure.ru nexus.ensighten.com
2	va.idp.liveperson.net	cdn.appdynamics.com va.idp.liveperson.net
2	report.citizen.glassboxdigital.io	cdn.appdynamics.com
2	lpcdn.lpsnmedia.net	cdn.appdynamics.com
2	cdn.appdynamics.com	nexus.ensighten.com cdn.appdynamics.com
2	cm.everesttech.net	2 redirects
2	metrics.citizensbank.com	nexus.ensighten.com cdn.appdynamics.com
2	lptag.liveperson.net	citizen04secure.ru cdn.appdynamics.com
1	va.v.liveperson.net	cdn.appdynamics.com
1	udc-neb.kampyle.com
1	cdn.glassboxcdn.com	cdn.appdynamics.com
1	fast.citizensbank.demdex.net	nexus.ensighten.com
1	www4.citizensbankonline.com	citizen04secure.ru
0	pdx-col.eum-appdynamics.com Failed	cdn.appdynamics.com
60	19

This site contains links to these domains. Also see Links.

Domain
www.citizensbank.com

Subject Issuer	Validity	Valid
citizensbankonline.com Entrust Certification Authority - L1M	`2021-05-18` - `2022-05-18`	a year	crt.sh
*.liveperson.net Sectigo RSA Organization Validation Secure Server CA	`2020-05-30` - `2022-05-30`	2 years	crt.sh
*.lpsnmedia.net Sectigo RSA Organization Validation Secure Server CA	`2021-02-21` - `2022-02-21`	a year	crt.sh
*.kampyle.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-03-22` - `2022-04-23`	a year	crt.sh
citizen.glassboxdigital.io Amazon	`2020-12-19` - `2022-01-17`	a year	crt.sh
*.idp.liveperson.net COMODO RSA Organization Validation Secure Server CA	`2020-07-09` - `2022-07-09`	2 years	crt.sh
*.v.liveperson.net Sectigo RSA Organization Validation Secure Server CA	`2020-04-13` - `2022-04-13`	2 years	crt.sh

This page contains 4 frames:

Primary Page: http://citizen04secure.ru/login.php?online_id=376e67f66a79d74ae4d24ade6&country=&iso=
Frame ID: CE7E88DAC51CAC8E25552A4CCFB07F1F
Requests: 55 HTTP requests in this frame

Frame: http://fast.citizensbank.demdex.net/dest5.html?d_nsid=0
Frame ID: 614B559AE401B8CA90C9D9994D45A890
Requests: 1 HTTP requests in this frame

Frame: https://lpcdn.lpsnmedia.net/le_secure_storage/3.15.0.0-release_5063/storage.secure.min.html?loc=http%3A%2F%2Fcitizen04secure.ru&site=89632304&env=prod&isCrossDomain=true
Frame ID: 2DE5FDF03BE7BC4A6C6A85E79070B256
Requests: 2 HTTP requests in this frame

Frame: https://va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1636701130931&loc=http%3A%2F%2Fcitizen04secure.ru
Frame ID: F9B041AC850D87F69714D1E43EE1D5B9
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Online Login | Citizens

Page Statistics

60
Requests

58 %
HTTPS

6 %
IPv6

13
Domains

19
Subdomains

17
IPs

6
Countries

761 kB
Transfer

2516 kB
Size

30
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://www.citizensbank.com/learning/coronavirus/overview.aspx?WT.ac=CB_OLB_OLBAd_Coronavirus_CRC_COVID-19ResourceCenter_A484
Title: Resource Center

Search URL Search Domain Scan URL

URL: https://www.citizensbank.com/mobile-and-online-banking/mobile-app.aspx
Title: Check out everything it can do and see information on how to get it.

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/
Title: Cancel

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 17

http://dpm.demdex.net/id?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1636701127799 HTTP 302
http://dpm.demdex.net/id/rd?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1636701127799

Request Chain 23

http://cm.everesttech.net/cm/dd?d_uuid=70908066440925479634424858603742590733 HTTP 301
https://cm.everesttech.net/cm/dd?d_uuid=70908066440925479634424858603742590733 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YY4TyAAAAJ9GVQP7 HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YY4TyAAAAJ9GVQP7

60 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request login.php Show response
citizen04secure.ru/ 26 KB
8 KB 52ms
30ms Document
text/html 45.133.200.3
INTERNET-IT

General

Check archive.org

Show headers Download Go to

Full URL

http://citizen04secure.ru/login.php?online_id=376e67f66a79d74ae4d24ade6&country=&iso=

Protocol

HTTP/1.1

Server

45.133.200.3 , Seychelles, ASN200313 (INTERNET-IT, SC),

Reverse DNS

cpanel-host.prohoster.info

Software

nginx / PHP/5.6.40

Resource Hash

bacfd23af9c90b604030b1fde7b8b7ca90f47c6902724d666a99e02ea36d682c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Server: nginx
Date: Fri, 12 Nov 2021 07:12:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.6.40
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Nginx-Upstream-Cache-Status: BYPASS
X-Server-Powered-By: Engintron
Content-Encoding: gzip

GET
H/1.1 200
OK Bootstrap.js Show response
nexus.ensighten.com/citizensbank/olbprod/ 86 KB
29 KB 27ms
14ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js
Requested by: Host: citizen04secure.ru
URL: http://citizen04secure.ru/login.php?online_id=376e67f66a79d74ae4d24ade6&country=&iso=
Protocol: HTTP/1.1
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 55d479e85168beaf51a55334a7705df70f093581280094737e635823385e376d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 07:12:07 GMT
Content-Encoding: gzip
Last-Modified: Tue, 07 Sep 2021 15:32:48 GMT
Server: nginx
ETag: W/"61378620-15729"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
cache-control: max-age=300
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 404
Not Found pm_fp.js
citizen04secure.ru/efs/efs/jsp-ns/ 0
0 16ms
15ms Script
text/html 45.133.200.3
INTERNET-IT

General

Check archive.org

Show headers Download Go to

Full URL

http://citizen04secure.ru/efs/efs/jsp-ns/pm_fp.js

Requested by

Host: citizen04secure.ru
URL: http://citizen04secure.ru/login.php?online_id=376e67f66a79d74ae4d24ade6&country=&iso=

Protocol

HTTP/1.1

Server

45.133.200.3 , Seychelles, ASN200313 (INTERNET-IT, SC),

Reverse DNS

cpanel-host.prohoster.info

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/login.php?online_id=376e67f66a79d74ae4d24ade6&country=&iso=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 07:12:07 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block

GET
H2 200 jquery-ui-1.10.3.custom.min.css
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ 19 KB
4 KB 609ms
134ms Stylesheet
text/css 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/jquery-ui-1.10.3.custom.min.css

Requested by

Host: citizen04secure.ru
URL: http://citizen04secure.ru/login.php?online_id=376e67f66a79d74ae4d24ade6&country=&iso=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

7aaf6df215bb7018439342fe6bcd1058de3e7dfa2c7b4e1176c842b1a8e529ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:12:08 GMT
content-encoding: gzip
server-timing: cdn-cache; desc=HIT, edge; dur=111
content-length: 3780
x-olb-req-received: t=1636433715512591
last-modified: Sat, 11 Sep 2021 02:07:17 GMT
x-frame-options: SAMEORIGIN
etag: "4a56-5cbaeb0fc35d7"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: text/css
access-control-allow-origin: *
expires: Fri, 12 Nov 2021 21:44:23 GMT
cache-control: max-age=52335
accept-ranges: bytes
lb-action: None
x-olb-req-duration: D=1611

GET
H2 200 normalize.css
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ 10 KB
3 KB 601ms
126ms Stylesheet
text/css 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/normalize.css

Requested by

Host: citizen04secure.ru
URL: http://citizen04secure.ru/login.php?online_id=376e67f66a79d74ae4d24ade6&country=&iso=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

91afb84bded857517d6a7e43932e3d4a43eaf42d1e4d0b77a8bc9c07973e21d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:12:08 GMT
content-encoding: gzip
server-timing: cdn-cache; desc=HIT, edge; dur=86
content-length: 2766
x-olb-req-received: t=1636278158052636
last-modified: Sat, 11 Sep 2021 02:07:17 GMT
x-frame-options: SAMEORIGIN
etag: "26c2-5cbaeb0fc3da7"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: text/css
access-control-allow-origin: *
expires: Fri, 12 Nov 2021 21:44:00 GMT
cache-control: max-age=52312
accept-ranges: bytes
lb-action: None
x-olb-req-duration: D=693

GET
H2 200 main.css
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ 61 KB
12 KB 601ms
127ms Stylesheet
text/css 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Requested by

Host: citizen04secure.ru
URL: http://citizen04secure.ru/login.php?online_id=376e67f66a79d74ae4d24ade6&country=&iso=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

66a13cad6c244da4061da65fd2fbf027bf1bb49e21c42f5e7c943a9379f1e7c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:12:08 GMT
content-encoding: gzip
server-timing: cdn-cache; desc=HIT, edge; dur=79
content-length: 12357
x-olb-req-received: t=1636355924214756
last-modified: Sat, 11 Sep 2021 02:07:17 GMT
x-frame-options: SAMEORIGIN
etag: "f405-5cbaeb0fb9d80"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: text/css
access-control-allow-origin: *
expires: Fri, 12 Nov 2021 21:49:52 GMT
cache-control: max-age=52664
accept-ranges: bytes
lb-action: None
x-olb-req-duration: D=2820

GET
H2 200 flows.css
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ 8 KB
3 KB 627ms
152ms Stylesheet
text/css 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css

Requested by

Host: citizen04secure.ru
URL: http://citizen04secure.ru/login.php?online_id=376e67f66a79d74ae4d24ade6&country=&iso=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

99373341554ceaade5ea6c81725f1cd4d05e906621a15797d99d01343ae551f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:12:08 GMT
content-encoding: gzip
server-timing: cdn-cache; desc=HIT, edge; dur=98
content-length: 2391
x-olb-req-received: t=1636433715582754
last-modified: Sat, 11 Sep 2021 02:07:17 GMT
x-frame-options: SAMEORIGIN
etag: "21ce-5cbaeb0fb9d80"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: text/css
access-control-allow-origin: *
expires: Fri, 12 Nov 2021 21:50:57 GMT
cache-control: max-age=52729
accept-ranges: bytes
lb-action: None
x-olb-req-duration: D=609

GET
H2 200 ad-containers.css
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ 8 KB
2 KB 621ms
147ms Stylesheet
text/css 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ad-containers.css

Requested by

Host: citizen04secure.ru
URL: http://citizen04secure.ru/login.php?online_id=376e67f66a79d74ae4d24ade6&country=&iso=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

c8a977fd23fc151d7944387ad07220eb673de84b4343d6304efe5a8e1c061b02

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:12:08 GMT
content-encoding: gzip
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=33, origin; dur=39
content-length: 1521
x-olb-req-received: t=1636667451687902
last-modified: Sat, 11 Sep 2021 02:07:17 GMT
x-frame-options: SAMEORIGIN
etag: "1f31-5cbaeb0fb9998"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: text/css
access-control-allow-origin: *
expires: Fri, 12 Nov 2021 21:49:02 GMT
cache-control: max-age=52614
accept-ranges: bytes
lb-action: None
x-olb-req-duration: D=1185

GET
H2 200 modernizr-2.6.2.min.js Show response
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/ 15 KB
6 KB 630ms
156ms Script
application/x-javascript 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/modernizr-2.6.2.min.js

Requested by

Host: citizen04secure.ru
URL: http://citizen04secure.ru/login.php?online_id=376e67f66a79d74ae4d24ade6&country=&iso=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

cf25ec18f223f4c51ce1128a42e644cdc2244d88f89d1a51440d9dbe51f4efe8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:12:08 GMT
content-encoding: gzip
server-timing: cdn-cache; desc=HIT, edge; dur=75
content-length: 6246
x-olb-req-received: t=1636356075700296
last-modified: Sat, 11 Sep 2021 02:07:17 GMT
x-frame-options: SAMEORIGIN
etag: "3c36-5cbaeb0fc9f4e"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: application/x-javascript
access-control-allow-origin: *
expires: Fri, 12 Nov 2021 21:51:55 GMT
cache-control: max-age=52787
accept-ranges: bytes
lb-action: None
x-olb-req-duration: D=930

GET
H2 200 plugins.js Show response
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/ 199 KB
45 KB 638ms
164ms Script
application/x-javascript 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/plugins.js

Requested by

Host: citizen04secure.ru
URL: http://citizen04secure.ru/login.php?online_id=376e67f66a79d74ae4d24ade6&country=&iso=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

b769305d18e59ddd6f13c3fb6db4f90a15770b3717aaddbadb6e543918178bc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:12:08 GMT
content-encoding: gzip
server-timing: cdn-cache; desc=HIT, edge; dur=19
content-length: 46041
x-olb-req-received: t=1636278158055235
last-modified: Sat, 11 Sep 2021 02:07:17 GMT
x-frame-options: SAMEORIGIN
etag: "31d24-5cbaeb0fc9396"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: application/x-javascript
access-control-allow-origin: *
expires: Fri, 12 Nov 2021 21:50:30 GMT
cache-control: max-age=52702
accept-ranges: bytes
lb-action: None
x-olb-req-duration: D=10735

GET
H2 200 main.js Show response
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/ 19 KB
5 KB 629ms
155ms Script
application/x-javascript 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/main.js

Requested by

Host: citizen04secure.ru
URL: http://citizen04secure.ru/login.php?online_id=376e67f66a79d74ae4d24ade6&country=&iso=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

57a2dc0af7db36023b2b6c53e01dbd8e716d96174486ad20d68b2549589c5441

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:12:08 GMT
content-encoding: gzip
server-timing: cdn-cache; desc=HIT, edge; dur=63
content-length: 4818
x-olb-req-received: t=1636278158062586
last-modified: Sat, 11 Sep 2021 02:07:17 GMT
x-frame-options: SAMEORIGIN
etag: "4c03-5cbaeb0fc4d47"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: application/x-javascript
access-control-allow-origin: *
expires: Fri, 12 Nov 2021 21:50:28 GMT
cache-control: max-age=52700
accept-ranges: bytes
lb-action: None
x-olb-req-duration: D=1124

GET
H2 200 placeholders.min.js Show response
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/ 4 KB
2 KB 629ms
156ms Script
application/x-javascript 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/placeholders.min.js

Requested by

Host: citizen04secure.ru
URL: http://citizen04secure.ru/login.php?online_id=376e67f66a79d74ae4d24ade6&country=&iso=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

babf6fd29c079790cc4d522f66f21af7c099e981080ddf11b5344b12b904e8a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:12:08 GMT
content-encoding: gzip
server-timing: cdn-cache; desc=HIT, edge; dur=31
content-length: 1633
x-olb-req-received: t=1636278158684515
last-modified: Sat, 11 Sep 2021 02:07:17 GMT
x-frame-options: SAMEORIGIN
etag: "10aa-5cbaeb0fca336"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: application/x-javascript
access-control-allow-origin: *
expires: Fri, 12 Nov 2021 21:50:03 GMT
cache-control: max-age=52675
accept-ranges: bytes
lb-action: None
x-olb-req-duration: D=457

GET
H2 404 7c3ed55c
www4.citizensbankonline.com/akam/11/ 0
0 102ms
43ms Script
text/html 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www4.citizensbankonline.com/akam/11/7c3ed55c

Requested by

Host: citizen04secure.ru
URL: http://citizen04secure.ru/login.php?online_id=376e67f66a79d74ae4d24ade6&country=&iso=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:12:08 GMT
strict-transport-security: max-age=15768000
content-type: text/html
expires: Fri, 12 Nov 2021 07:12:08 GMT
cache-control: max-age=0
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 9
lb-action: None

GET
H2 404 tealeaf.js
www3.citizensbankonline.com/efs/efs/js/ 0
0 741ms
267ms Script
text/html 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www3.citizensbankonline.com/efs/efs/js/tealeaf.js
Requested by: Host: citizen04secure.ru
URL: http://citizen04secure.ru/login.php?online_id=376e67f66a79d74ae4d24ade6&country=&iso=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-24-5-179.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

GET
H2 200 CTZ_Green-01.png
www3.citizensbankonline.com/efs/hhf/img/ 5 KB
5 KB 23ms
22ms Image
image/png 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/hhf/img/CTZ_Green-01.png

Requested by

Host: citizen04secure.ru
URL: http://citizen04secure.ru/login.php?online_id=376e67f66a79d74ae4d24ade6&country=&iso=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

bf99a3203217c802888087df8a2c84b92e087829e7e24d38581a57cee763923b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:12:08 GMT
x-olb-req-received: t=1636278157888811
last-modified: Sat, 28 Aug 2021 02:23:19 GMT
etag: "149d-5ca954886fa6a"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=181862
x-olb-req-duration: D=224
server-timing: cdn-cache; desc=HIT, edge; dur=4
content-length: 5277
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 14 Nov 2021 09:43:10 GMT

GET
H/1.1 404
Not Found citizensHeaderFooter-citizensns42588.js
citizen04secure.ru/efs/hhf/js/ 0
0 17ms
17ms Script
text/html 45.133.200.3
INTERNET-IT

General

Check archive.org

Show headers Download Go to

Full URL

http://citizen04secure.ru/efs/hhf/js/citizensHeaderFooter-citizensns42588.js

Requested by

Host: citizen04secure.ru
URL: http://citizen04secure.ru/login.php?online_id=376e67f66a79d74ae4d24ade6&country=&iso=

Protocol

HTTP/1.1

Server

45.133.200.3 , Seychelles, ASN200313 (INTERNET-IT, SC),

Reverse DNS

cpanel-host.prohoster.info

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/login.php?online_id=376e67f66a79d74ae4d24ade6&country=&iso=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 07:12:08 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block

GET
H/1.1 404
Not Found 930e113327rn2365aa3b7b98b0447e8d
citizen04secure.ru/content/ 0
0 31ms
24ms Script
text/html 45.133.200.3
INTERNET-IT

General

Check archive.org

Show headers Download Go to

Full URL

http://citizen04secure.ru/content/930e113327rn2365aa3b7b98b0447e8d

Requested by

Host: citizen04secure.ru
URL: http://citizen04secure.ru/login.php?online_id=376e67f66a79d74ae4d24ade6&country=&iso=

Protocol

HTTP/1.1

Server

45.133.200.3 , Seychelles, ASN200313 (INTERNET-IT, SC),

Reverse DNS

cpanel-host.prohoster.info

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/login.php?online_id=376e67f66a79d74ae4d24ade6&country=&iso=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 07:12:08 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block

GET
H/1.1 404
Not Found common.js
citizen04secure.ru/efs/efs/jsp-ns/scripts/ 0
0 21ms
15ms Script
text/html 45.133.200.3
INTERNET-IT

General

Check archive.org

Show headers Download Go to

Full URL

http://citizen04secure.ru/efs/efs/jsp-ns/scripts/common.js

Requested by

Host: citizen04secure.ru
URL: http://citizen04secure.ru/login.php?online_id=376e67f66a79d74ae4d24ade6&country=&iso=

Protocol

HTTP/1.1

Server

45.133.200.3 , Seychelles, ASN200313 (INTERNET-IT, SC),

Reverse DNS

cpanel-host.prohoster.info

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/login.php?online_id=376e67f66a79d74ae4d24ade6&country=&iso=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 07:12:08 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block

GET
H/1.1

200
OK

rd Show response
dpm.demdex.net/id/
Redirect Chain

http://dpm.demdex.net/id?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1636701127799
http://dpm.demdex.net/id/rd?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1636701127799

110 B
724 B

32ms
32ms

XHR
application/json

108.128.120.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://dpm.demdex.net/id/rd?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1636701127799
Requested by: Host: citizen04secure.ru
URL: http://citizen04secure.ru/login.php?online_id=376e67f66a79d74ae4d24ade6&country=&iso=
Protocol: HTTP/1.1
Server: 108.128.120.92 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-108-128-120-92.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: a56e82f34c03b1bed67b86e8b09d36303d6204eeb04b968f8fe38077753606ca

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v019-0ab66d375.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
content-encoding: gzip
X-Error: 172
X-TID: sc0Er13wSCw=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: http://citizen04secure.ru
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 124
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-2-v019-0180a36c3.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Access-Control-Allow-Origin: http://citizen04secure.ru
X-TID: QmRoIYgqQwE=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: http://dpm.demdex.net/id/rd?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1636701127799
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1 404
Not Found pm_fp.js
citizen04secure.ru/efs/efs/jsp-ns/ 0
0 16ms
15ms Script
text/html 45.133.200.3
INTERNET-IT

General

Check archive.org

Show headers Download Go to

Full URL

http://citizen04secure.ru/efs/efs/jsp-ns/pm_fp.js

Requested by

Host: citizen04secure.ru
URL: http://citizen04secure.ru/login.php?online_id=376e67f66a79d74ae4d24ade6&country=&iso=

Protocol

HTTP/1.1

Server

45.133.200.3 , Seychelles, ASN200313 (INTERNET-IT, SC),

Reverse DNS

cpanel-host.prohoster.info

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/login.php?online_id=376e67f66a79d74ae4d24ade6&country=&iso=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 07:12:07 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK serverComponent.php Show response
nexus.ensighten.com/citizensbank/olbprod/ 280 B
517 B 9ms
9ms Script
text/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nexus.ensighten.com/citizensbank/olbprod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citizensbank/olbprod/code/&publishedOn=Tue%20Sep%2007%2015:32:48%20GMT%202021&ClientID=397&PageID=http%3A%2F%2Fcitizen04secure.ru%2Flogin.php%3Fonline_id%3D376e67f66a79d74ae4d24ade6%26country%3D%26iso%3D
Requested by: Host: nexus.ensighten.com
URL: http://nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js
Protocol: HTTP/1.1
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 07953c295c30d7114633282fbe02fd6573674835ac61a951a2c5396fb53dd466

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 07:12:08 GMT
Cache-Control: no-cache, no-store
Server: nginx
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 280
Expires: Fri, 12 Nov 2021 07:12:07 GMT

GET
H2 200 tag.js Show response
lptag.liveperson.net/tag/ 21 KB
8 KB 131ms
26ms Script
application/javascript 178.249.97.23
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lptag.liveperson.net/tag/tag.js?site=89632304
Requested by: Host: citizen04secure.ru
URL: http://citizen04secure.ru/login.php?online_id=376e67f66a79d74ae4d24ade6&country=&iso=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.249.97.23 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: ws /
Resource Hash: 145d14bb73e5b03cc73062c2a78c392125b891c62b1cc9d542e5adba762f04e7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:12:08 GMT
content-encoding: gzip
last-modified: Thu, 03 Sep 2020 08:27:49 GMT
server: ws
etag: "5f50a905-1d8f"
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: public, max-age=630
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
content-length: 7567

GET
H/1.1 200
OK id Show response
metrics.citizensbank.com/ 48 B
905 B 49ms
28ms XHR
application/x-javascript 15.236.176.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

http://metrics.citizensbank.com/id?d_visid_ver=2.1.0&d_fieldgroup=MC&mcorgid=4C3B0C3755C3822E7F000101%40AdobeOrg&ts=1636701127927

Requested by

Host: nexus.ensighten.com
URL: http://nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js

Protocol

HTTP/1.1

Server

15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

2904e0512b5728c252fa3ddc428e055515980402b5102adb57c3dbf29958f9b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://citizen04secure.ru/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Fri, 12 Nov 2021 07:12:07 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-6988cccb6f-47l7n
vary: Origin
x-c: main-1542.If2e2aa.M0-523
p3p: CP="This is not a P3P policy"
access-control-allow-origin: http://citizen04secure.ru
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-type: application/x-javascript;charset=utf-8
content-length: 48
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 4 KB
2 KB 35ms
35ms XHR
application/json 108.128.120.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://dpm.demdex.net/id?d_visid_ver=2.1.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&d_mid=70911033423073968924424631110284380522&ts=1636701127979
Requested by: Host: nexus.ensighten.com
URL: http://nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js
Protocol: HTTP/1.1
Server: 108.128.120.92 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-108-128-120-92.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 82fbd95595291e292bc5ae3635ac0c9074f6b0705a0e3a6e1bf626ce86697abc

Request headers

Referer: http://citizen04secure.ru/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-2-v019-0c18f40d5.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
content-encoding: gzip
X-TID: Qnxls/1+Sw8=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: http://citizen04secure.ru
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 1308
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1

200
OK

demconf.jpg
dpm.demdex.net/
Redirect Chain

http://cm.everesttech.net/cm/dd?d_uuid=70908066440925479634424858603742590733
https://cm.everesttech.net/cm/dd?d_uuid=70908066440925479634424858603742590733
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YY4TyAAAAJ9GVQP7
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YY4TyAAAAJ9GVQP7

42 B
945 B

36ms
35ms

Image
image/gif

108.128.120.92
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YY4TyAAAAJ9GVQP7

Requested by

Host: citizen04secure.ru
URL: http://citizen04secure.ru/login.php?online_id=376e67f66a79d74ae4d24ade6&country=&iso=

Protocol

HTTP/1.1

Server

108.128.120.92 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-108-128-120-92.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v019-03eac61df.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: WS1w5ZkCR7o=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-1-v019-0143259ca.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: FGrNbYmUQSg=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YY4TyAAAAJ9GVQP7
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 citizen_roman.woff
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/ 31 KB
32 KB 50ms
32ms Font
application/octet-stream 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_roman.woff

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Origin: http://citizen04secure.ru
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:12:08 GMT
x-olb-req-received: t=1636278164985914
last-modified: Sat, 11 Sep 2021 01:42:14 GMT
etag: "7ce0-5cbae576b0650"
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
cache-control: max-age=181884
x-olb-req-duration: D=186
server-timing: cdn-cache; desc=HIT, edge; dur=11
content-length: 31968
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 14 Nov 2021 09:43:32 GMT

GET
H2 200 jquery-1.9.1.min.js Show response
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/ 90 KB
32 KB 40ms
40ms Script
application/x-javascript 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js

Requested by

Host: citizen04secure.ru
URL: http://citizen04secure.ru/login.php?online_id=376e67f66a79d74ae4d24ade6&country=&iso=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

aa084d3968ab19898ebbed807ebc134b622fab78a888e7b36ae8386841636801

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: http://citizen04secure.ru/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Fri, 12 Nov 2021 07:12:08 GMT
content-encoding: gzip
server-timing: cdn-cache; desc=HIT, edge; dur=7
content-length: 32776
x-olb-req-received: t=1636355926169487
last-modified: Sat, 11 Sep 2021 02:07:17 GMT
x-frame-options: SAMEORIGIN
etag: "169d6-5cbaeb0fc9f4e"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: application/x-javascript
access-control-allow-origin: *
expires: Fri, 12 Nov 2021 21:43:18 GMT
cache-control: max-age=52270
accept-ranges: bytes
lb-action: None
x-olb-req-duration: D=5718

GET
H/1.1 200
OK dest5.html Show response
fast.citizensbank.demdex.net/ Frame 614B 7 KB
3 KB 60ms
11ms Document
text/html 2.16.186.56
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: http://fast.citizensbank.demdex.net/dest5.html?d_nsid=0
Requested by: Host: nexus.ensighten.com
URL: http://nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js
Protocol: HTTP/1.1
Server: 2.16.186.56 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-56.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/

Response headers

Accept-Ranges: bytes
Content-Type: text/html
ETag: "2c9c2ee145ee280b85a217ad7045fae5:1580750826.437238"
Last-Modified: Mon, 03 Feb 2020 17:27:06 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=21600
Date: Fri, 12 Nov 2021 07:12:08 GMT
Content-Length: 2785
Connection: keep-alive
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"

GET
H/1.1 200
OK ab23b564354fb5711bac9e1bcff2c5e5.js Show response
nexus.ensighten.com/citizensbank/olbprod/code/ 203 KB
63 KB 16ms
16ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nexus.ensighten.com/citizensbank/olbprod/code/ab23b564354fb5711bac9e1bcff2c5e5.js?conditionId0=421909
Requested by: Host: nexus.ensighten.com
URL: http://nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js
Protocol: HTTP/1.1
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: d0dd4d3bca3af984b342c8d2f00110446f026a301801fde2f65442e696617751

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 07:12:08 GMT
Content-Encoding: gzip
Last-Modified: Tue, 07 Sep 2021 15:32:48 GMT
Server: nginx
ETag: W/"61378620-32d75"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
cache-control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive

GET
H2 200 icon-secure.png
www3.citizensbankonline.com/efs/efs/grafx/ 292 B
604 B 33ms
33ms Image
image/png 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/efs/grafx/icon-secure.png

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

c8d87d770112e188f7b1482e9a416ffc441a9a6e08e2fc38a886fa2986efdb46

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:12:08 GMT
x-olb-req-received: t=1636278164031335
last-modified: Sat, 11 Sep 2021 01:57:36 GMT
etag: "124-5cbae8e5ae972"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=181818
x-olb-req-duration: D=172
server-timing: cdn-cache; desc=HIT, edge; dur=8
content-length: 292
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 14 Nov 2021 09:42:26 GMT

GET
H2 200 flows-tooltip.png
www3.citizensbankonline.com/efs/efs/grafx/ 364 B
676 B 35ms
35ms Image
image/png 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/efs/grafx/flows-tooltip.png

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

dfc042f7ff75f3c2f916bcfbff48c82834bab07b698a2c564906ca073f8286b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:12:08 GMT
x-olb-req-received: t=1636278164040398
last-modified: Sat, 11 Sep 2021 01:43:11 GMT
etag: "16c-5cbae5aca150d"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=181838
x-olb-req-duration: D=190
server-timing: cdn-cache; desc=HIT, edge; dur=10
content-length: 364
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 14 Nov 2021 09:42:46 GMT

GET
H2 200 arrow-button-white.png
www3.citizensbankonline.com/efs/efs/grafx/ 1017 B
1 KB 44ms
44ms Image
image/png 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/efs/grafx/arrow-button-white.png

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

ff327ec2a6dbd3fc76ceecf59e472d5d2f43c94dce851ced740abe5f75bb832e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:12:08 GMT
x-olb-req-received: t=1636278164047438
last-modified: Sat, 11 Sep 2021 01:43:10 GMT
etag: "3f9-5cbae5abaf636"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=181830
x-olb-req-duration: D=148
server-timing: cdn-cache; desc=HIT, edge; dur=5
content-length: 1017
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 14 Nov 2021 09:42:38 GMT

GET
H2 200 arrow-down-blue.png
www3.citizensbankonline.com/efs/efs/grafx/ 1 KB
1 KB 55ms
55ms Image
image/png 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/efs/grafx/arrow-down-blue.png

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:12:08 GMT
x-olb-req-received: t=1636278168557132
last-modified: Sat, 11 Sep 2021 01:43:10 GMT
etag: "41e-5cbae5abaa817"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=181831
x-olb-req-duration: D=139
server-timing: cdn-cache; desc=HIT, edge; dur=2
content-length: 1054
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 14 Nov 2021 09:42:39 GMT

GET
H2 200 arrow-right-orange.png
www3.citizensbankonline.com/efs/efs/grafx/ 165 B
478 B 66ms
66ms Image
image/png 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/efs/grafx/arrow-right-orange.png

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

bbb90a8f240e6dbbda1d3da534f8848f256e623ed470d045e1d86a465e424d69

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:12:08 GMT
x-olb-req-received: t=1636278164094886
last-modified: Sat, 11 Sep 2021 02:08:23 GMT
etag: "a5-5cbaeb4e68de4"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=181889
x-olb-req-duration: D=179
server-timing: cdn-cache; desc=HIT, edge; dur=5
content-length: 165
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 14 Nov 2021 09:43:37 GMT

GET
H2 200 citiolb_icons.woff
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/ 18 KB
18 KB 21ms
21ms Font
application/octet-stream 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citiolb_icons.woff

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Origin: http://citizen04secure.ru
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:12:08 GMT
x-olb-req-received: t=1636278164210422
last-modified: Sat, 11 Sep 2021 01:56:34 GMT
etag: "485c-5cbae8aa2e026"
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
cache-control: max-age=181819
x-olb-req-duration: D=176
server-timing: cdn-cache; desc=HIT, edge; dur=8
content-length: 18524
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 14 Nov 2021 09:42:27 GMT

GET
H2 200 citizen_extrabold.woff
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/ 27 KB
28 KB 23ms
23ms Font
application/octet-stream 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_extrabold.woff

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Origin: http://citizen04secure.ru
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:12:08 GMT
x-olb-req-received: t=1636278164080136
last-modified: Sat, 11 Sep 2021 01:42:14 GMT
etag: "6ccc-5cbae576afe80"
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
cache-control: max-age=181820
x-olb-req-duration: D=172
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 27852
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 14 Nov 2021 09:42:28 GMT

GET
H2 200 citizen_book.woff
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/ 31 KB
31 KB 27ms
27ms Font
application/octet-stream 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_book.woff

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Origin: http://citizen04secure.ru
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:12:08 GMT
x-olb-req-received: t=1636278164131265
last-modified: Sat, 11 Sep 2021 02:07:17 GMT
etag: "7c78-5cbaeb0fc0adf"
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
cache-control: max-age=181810
x-olb-req-duration: D=195
server-timing: cdn-cache; desc=HIT, edge; dur=5
content-length: 31864
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 14 Nov 2021 09:42:18 GMT

GET
H/1.1 404
Not Found citizensHeaderFooter-citizensns42588.js
citizen04secure.ru/efs/hhf/js/ 0
0 15ms
15ms Script
text/html 45.133.200.3
INTERNET-IT

General

Check archive.org

Show headers Download Go to

Full URL

http://citizen04secure.ru/efs/hhf/js/citizensHeaderFooter-citizensns42588.js

Requested by

Host: citizen04secure.ru
URL: http://citizen04secure.ru/login.php?online_id=376e67f66a79d74ae4d24ade6&country=&iso=

Protocol

HTTP/1.1

Server

45.133.200.3 , Seychelles, ASN200313 (INTERNET-IT, SC),

Reverse DNS

cpanel-host.prohoster.info

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/login.php?online_id=376e67f66a79d74ae4d24ade6&country=&iso=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 07:12:08 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK adrum-latest.js Show response
cdn.appdynamics.com/adrum/ 102 KB
38 KB 36ms
9ms Script
application/javascript 13.224.186.64
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Requested by: Host: nexus.ensighten.com
URL: http://nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js
Protocol: HTTP/1.1
Server: 13.224.186.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-186-64.fra2.r.cloudfront.net
Software: nginx/1.16.1 /
Resource Hash: f7b4c01edef29deff0c9c54e6dd504b25bec2ed87bf88074d6a739f98d335acd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Thu, 14 Oct 2021 21:28:33 GMT
Content-Encoding: gzip
Age: 2454215
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
access-control-allow-origin: *
Last-Modified: Wed, 17 Feb 2021 19:41:36 GMT
Server: nginx/1.16.1
ETag: W/"602d7170-199b9"
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
Content-Type: application/javascript
Via: 1.1 d8eef512ab23f23f549b4cd25ac5328d.cloudfront.net (CloudFront)
Cache-Control: public, max-age=2678400, s-max-age=14400
X-Amz-Cf-Pop: FRA2-C1
timing-allow-origin: *
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Amz-Cf-Id: bduNHWmbNKojZV7VVFD15mw4gFEjZvvpGXG6XRzfKJEhXx7jh2KQ9g==

GET
H/1.1 404
Not Found 930e113327rn2365aa3b7b98b0447e8d
citizen04secure.ru/content/ 0
0 15ms
15ms Script
text/html 45.133.200.3
INTERNET-IT

General

Check archive.org

Show headers Download Go to

Full URL

http://citizen04secure.ru/content/930e113327rn2365aa3b7b98b0447e8d

Requested by

Host: citizen04secure.ru
URL: http://citizen04secure.ru/login.php?online_id=376e67f66a79d74ae4d24ade6&country=&iso=

Protocol

HTTP/1.1

Server

45.133.200.3 , Seychelles, ASN200313 (INTERNET-IT, SC),

Reverse DNS

cpanel-host.prohoster.info

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/login.php?online_id=376e67f66a79d74ae4d24ade6&country=&iso=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 07:12:08 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block

GET
H/1.1 404
Not Found common.js
citizen04secure.ru/efs/efs/jsp-ns/scripts/ 0
0 15ms
15ms Script
text/html 45.133.200.3
INTERNET-IT

General

Check archive.org

Show headers Download Go to

Full URL

http://citizen04secure.ru/efs/efs/jsp-ns/scripts/common.js

Requested by

Host: citizen04secure.ru
URL: http://citizen04secure.ru/login.php?online_id=376e67f66a79d74ae4d24ade6&country=&iso=

Protocol

HTTP/1.1

Server

45.133.200.3 , Seychelles, ASN200313 (INTERNET-IT, SC),

Reverse DNS

cpanel-host.prohoster.info

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/login.php?online_id=376e67f66a79d74ae4d24ade6&country=&iso=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 07:12:08 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block

GET
H2 200 .jsonp Show response
lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/ 277 KB
99 KB 26ms
26ms Script
application/x-javascript 178.249.97.23
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.249.97.23 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: ws /
Resource Hash: cd8897eb36c46325c527e4073195b240605f7af880f51843d126aba8f49b346a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:12:08 GMT
content-encoding: gzip
server: ws
x-cache-status: HIT
access-control-allow-methods: GET, POST, PATCH
content-type: application/x-javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: public, max-age=630
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

GET
H2 200 / Show response
accdn.lpsnmedia.net/api/account/89632304/configuration/setting/accountproperties/ 6 KB
2 KB 163ms
41ms Script
application/javascript 178.249.97.99
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://accdn.lpsnmedia.net/api/account/89632304/configuration/setting/accountproperties/?cb=lpCb44673x73905
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.249.97.99 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS: lo-accdn.lpsnmedia.net
Software: ws /
Resource Hash: de909a018c74c1802bc8809013266c44b46da14757e8251c440b406e60433c23

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:12:08 GMT
content-encoding: gzip
server: ws
x-cache-status: EXPIRED
vary: Accept
content-type: application/javascript
x-envoy-upstream-service-time: 1
expires: Fri, 12 Nov 2021 07:13:08 GMT

GET
H2 200 zones Show response
accdn.lpsnmedia.net/api/account/89632304/configuration/le-campaigns/ 3 KB
817 B 139ms
24ms Script
application/javascript 178.249.97.99
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://accdn.lpsnmedia.net/api/account/89632304/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.249.97.99 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS: lo-accdn.lpsnmedia.net
Software: ws /
Resource Hash: 9a4e07e76def03b516f223ce742444842f24b9e64595bee2258583fb9f306cba

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:12:08 GMT
content-encoding: gzip
server: ws
x-cache-status: EXPIRED
vary: Accept
content-type: application/javascript
x-envoy-upstream-service-time: 1
expires: Fri, 12 Nov 2021 07:13:08 GMT

GET
H/1.1 200
OK s65983620834817 Show response
metrics.citizensbank.com/b/ss/citizensbankdotcomprod/10/JS-2.5.0/ 3 KB
4 KB 43ms
43ms Script
application/x-javascript 15.236.176.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

http://metrics.citizensbank.com/b/ss/citizensbankdotcomprod/10/JS-2.5.0/s65983620834817?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=12%2F10%2F2021%207%3A12%3A8%205%200&d.&nsid=0&jsonv=1&.d&mid=70911033423073968924424631110284380522&aamlh=6&ce=UTF-8&ns=citizensbank&pageName=http%3A%2F%2Fcitizen04secure.ru%2Flogin.php&g=http%3A%2F%2Fcitizen04secure.ru%2Flogin.php%3Fonline_id%3D376e67f66a79d74ae4d24ade6%26country%3D%26iso%3D&cc=USD&aamb=j8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI&c5=D%3Dv8&c7=http%3A%2F%2Fcitizen04secure.ru%2Flogin.php&v7=New&v8=2%3A12%20AM%7CFriday&c9=D%3Dv7&v9=CTZ&c10=D%3Dv10&v10=http%3A%2F%2Fcitizen04secure.ru%2Flogin.php&c11=D%3Dv11&v11=http%3A%2F%2Fcitizen04secure.ru%2Flogin.php%3Fonline_id%3D376e67f66a79d74ae4d24ade6%26country%3D%26iso%3D&c12=D%3Dv12&v12=%2Flogin.php&c13=D%3Dv13&v13=citizen04secure.ru&c14=D%3Dv18&v14=http%3A%2F%2Fcitizen04secure.ru%2Flogin.php&c15=http%3A%2F%2Fcitizen04secure.ru%2Flogin.php&v18=.COM&v19=http%3A%2F%2Fcitizen04secure.ru%2Flogin.php&v26=%3A&v32=70911033423073968924424631110284380522&c75=VisitorAPI%20Present&v82=Legacy%20Site&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=4C3B0C3755C3822E7F000101%40AdobeOrg&AQE=1

Requested by

Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?

Protocol

HTTP/1.1

Server

15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

47399950735a298aab381feab26fc9f7931b4874e1b1a05932889a116c0e186a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-aam-tid: RrndX8rlT+A=
date: Fri, 12 Nov 2021 07:12:08 GMT
x-content-type-options: nosniff
x-c: main-1542.If2e2aa.M0-523
p3p: CP="This is not a P3P policy"
content-length: 3529
x-xss-protection: 1; mode=block
dcs: dcs-prod-irl1-2-v019-050eb7a98.edge-irl1.demdex.com UNKNOWN
pragma: no-cache
last-modified: Sat, 13 Nov 2021 07:12:08 GMT
server: jag
xserver: anedge-6988cccb6f-s2stp
etag: 3514788910590230528-4619660426496583951
vary: *
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Thu, 11 Nov 2021 07:12:08 GMT

GET
H2 200 embed.js Show response
nebula-cdn.kampyle.com/wu/356861/onsite/ 2 KB
1 KB 28ms
6ms Script
application/javascript 151.101.193.175
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://nebula-cdn.kampyle.com/wu/356861/onsite/embed.js
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.175 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7001893331806f100ac77b4fadba552d8377c545c64f685f9fa12744cd254a25

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-amz-version-id: pGIXvhLWfDzGMVPEev_JvoEW7fOe6G1r
content-encoding: gzip
etag: "da328e1406ad0538f232d609b404838e"
age: 419476
via: 1.1 varnish
x-cache: HIT
content-length: 665
x-amz-id-2: jzEklx7Vick38L04NlM9yhE3+vMBG+mjkrcXuPkpBkmR5JTeEfjnRk/oW7XF4eEhCpw55r1vCJg=
x-served-by: cache-fra19146-FRA
last-modified: Fri, 30 Jul 2021 17:17:00 GMT
server: AmazonS3
x-timer: S1636701129.922196,VS0,VE0
date: Fri, 12 Nov 2021 07:12:08 GMT
vary: Accept-Encoding
x-amz-request-id: B2Q7R00WVVVXEW58
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 4

GET
H/1.1 200
OK detector-dom.min.js Show response
cdn.glassboxcdn.com/citizen/OLB/p/ 364 KB
112 KB 43ms
28ms Script
application/javascript 2606:4700::6812:e16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js?
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: HTTP/1.1
Server: 2606:4700::6812:e16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 539fb8c821a40281df9376733a982048cbee054507dc38c35b9a5df712f6abc5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 07:12:08 GMT
Via: 1.1 ac0e9b19969df989a920e6d1b834d009.cloudfront.net (CloudFront)
CF-Cache-Status: HIT
Age: 5999
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 13 May 2021 10:48:21 GMT
Server: cloudflare
ETag: W/"845173368b011e7fa14658b57426fe09"
Vary: Accept-Encoding
x-amz-version-id: bbfnKPP3ulrtofSzPJqgXAlMwVq2hNWe
Cache-Control: public, max-age=14400
X-Amz-Cf-Pop: FRA2-C2
CF-RAY: 6acdf347be31dfcb-FRA
X-Amz-Cf-Id: y9pQJzWdY7Afh4aTYcnA7Y44dcyHZREvv1DRsDZCajarSFF2zAhkoA==
Expires: Fri, 12 Nov 2021 11:12:08 GMT

GET
H/1.1 200
OK adrum-ext.4a8dd0f950e3f613a821c330eb081cdc.js Show response
cdn.appdynamics.com/ 51 KB
20 KB 7ms
7ms Script
application/javascript 13.224.186.64
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.appdynamics.com/adrum-ext.4a8dd0f950e3f613a821c330eb081cdc.js
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: HTTP/1.1
Server: 13.224.186.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-186-64.fra2.r.cloudfront.net
Software: nginx/1.16.1 /
Resource Hash: 5346dfc0f18be96e38080c303c312d99867487d6078f5ce0f1c0ddaaf165c473

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Mon, 18 Oct 2021 21:42:33 GMT
Content-Encoding: gzip
Age: 2107775
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
access-control-allow-origin: *
Last-Modified: Wed, 17 Feb 2021 19:41:35 GMT
Server: nginx/1.16.1
ETag: W/"602d716f-cc11"
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
Content-Type: application/javascript
Via: 1.1 d8eef512ab23f23f549b4cd25ac5328d.cloudfront.net (CloudFront)
Cache-Control: public, max-age=2678400, s-max-age=14400
X-Amz-Cf-Pop: FRA2-C1
timing-allow-origin: *
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Amz-Cf-Id: d3pzfCBHkJIW8bH2kM-OQocrK3UUfxwT7zb0tKQQZT3w0idWNeF-Ew==

GET
H/1.1 200
OK generic1627665419003.js Show response
nebula-cdn.kampyle.com/us/wu/356861/onsite/ 708 KB
88 KB 12ms
6ms Script
application/javascript 151.101.193.175
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://nebula-cdn.kampyle.com/us/wu/356861/onsite/generic1627665419003.js
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: HTTP/1.1
Server: 151.101.193.175 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0127d268a6a4cf765e1cc11ecefd388dee5431fa0100afc60f8fd0365441409d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-amz-version-id: xzfZ8wCDhw5e8izCl9zfknZaOkwG9yp.
Content-Encoding: gzip
ETag: "3e0f51a7fc9d1b87f0f8f84c58f5cff6"
Age: 415994
Via: 1.1 varnish
X-Cache: HIT
Connection: keep-alive
Content-Length: 89384
x-amz-id-2: ca0UtxWVUFCrOZltxUdAsBxUEK4d+H2AncJ6mHBtfY4MudRO24fZgSwp3kTubLKyj/4Si76zLF8=
X-Served-By: cache-fra19123-FRA
Last-Modified: Fri, 30 Jul 2021 17:17:00 GMT
Server: AmazonS3
X-Timer: S1636701129.935655,VS0,VE0
Date: Fri, 12 Nov 2021 07:12:08 GMT
Vary: Accept-Encoding
x-amz-request-id: KT25FG3GN6F06ZQ8
Access-Control-Allow-Origin: *
Cache-Control: max-age=31622400
Accept-Ranges: bytes
Content-Type: application/javascript
X-Cache-Hits: 2

GET
H2 200 storage.secure.min.html Show response
lpcdn.lpsnmedia.net/le_secure_storage/3.15.0.0-release_5063/ Frame 2DE5 39 KB
16 KB 942ms
305ms Document
text/html 199.187.116.90
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lpcdn.lpsnmedia.net/le_secure_storage/3.15.0.0-release_5063/storage.secure.min.html?loc=http%3A%2F%2Fcitizen04secure.ru&site=89632304&env=prod&isCrossDomain=true
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.187.116.90 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS: ca-lpcdn.lpsnmedia.net
Software: ws /
Resource Hash: 59f4843277d9aca1200c779c52318aadb380021a0051a6644b75274acb7fe158

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/

Response headers

date: Fri, 12 Nov 2021 07:12:09 GMT
content-type: text/html
last-modified: Fri, 05 Nov 2021 13:34:21 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Fri, 12 Nov 2021 07:22:09 GMT
cache-control: max-age=600

GET
H2 200 storage.secure.min.js Show response
lpcdn.lpsnmedia.net/le_secure_storage/3.15.0.0-release_5063/ 38 KB
15 KB 1237ms
604ms Script
application/javascript 199.187.116.90
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lpcdn.lpsnmedia.net/le_secure_storage/3.15.0.0-release_5063/storage.secure.min.js?loc=http%3A%2F%2Fcitizen04secure.ru&site=89632304&force=1&env=prod&isCrossDomain=true
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.187.116.90 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS: ca-lpcdn.lpsnmedia.net
Software: ws /
Resource Hash: 996ab3c1e26cb00ec7d3d29650e784755ba46f33613563b7173b0dab03fa3d73

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:12:09 GMT
content-encoding: gzip
last-modified: Fri, 05 Nov 2021 13:34:21 GMT
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control: max-age=600
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires: Fri, 12 Nov 2021 07:22:09 GMT

GET
H/1.1 200
OK cool-2.1.15.min.js Show response
nebula-cdn.kampyle.com/resources/onsite/js/ 14 KB
6 KB 6ms
6ms Script
application/javascript 151.101.193.175
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: HTTP/1.1
Server: 151.101.193.175 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-amz-version-id: 9HCXbKZTbCJZkS8s9IuB.pE0JEvI0TGW
Content-Encoding: gzip
ETag: "80dd5e3be5152c5c72d552c6a26ef6ff"
Age: 420195
Via: 1.1 varnish
X-Cache: HIT
Connection: keep-alive
Content-Length: 5197
x-amz-id-2: i4yEv5OfJ2ngkYqK6dY0oPCZJ75eg5IdsXyRaGoudOzIwZBr9c6670eqhW4a4pKk7P4wBqjtkRo=
X-Served-By: cache-fra19123-FRA
Last-Modified: Sun, 24 Jan 2021 11:03:10 GMT
Server: AmazonS3
X-Timer: S1636701129.974882,VS0,VE0
Date: Fri, 12 Nov 2021 07:12:08 GMT
Vary: Accept-Encoding
x-amz-request-id: 6K58BN6YD6EVY1ZM
Access-Control-Allow-Origin: *
Cache-Control: max-age=31622400
Accept-Ranges: bytes
Content-Type: application/javascript
X-Cache-Hits: 107942

GET
H/1.1 200
OK cls_report Show response
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/ 0
929 B 300ms
92ms XHR
text/plain 54.211.122.190
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?_cls_s=90ceb7e5-ac45-4414-8874-5b8384c62cb6%3A0&_cls_v=792d420b-2a95-486d-9f66-9f25d0d38211&pv=2&f_cls_s=true
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.211.122.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-211-122-190.compute-1.amazonaws.com
Software: GlassBox Cligate /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 07:12:09 GMT
Server: GlassBox Cligate
vary: origin
Content-Type: text/plain; charset=utf-8
access-control-allow-origin: http://citizen04secure.ru
access-control-allow-credentials: true
Connection: keep-alive
GB-Server: g5015
X-Robots-Tag: noindex
Content-Length: 0

GET
H/1.1 200
OK __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
486 B 108ms
96ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk1LjAuNDYzOC41NCBTYWZhcmkvNTM3LjM2Iiwic2Vzc2lvbl9wbGF0Zm9ybSI6ICJMaW51eCB4ODZfNjQiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjEuMTUiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTYzNjcwMTEyOTAyNCIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTdkMTJmZDQ5M2VhNjctMDIwMTFhNjcxNTg5YzktNTdiMTkzZS0xZDRjMDAtMTdkMTJmZDQ5M2YxMDk3IiwiZW52aXJvbWVudCI6ICJwcm9kVXNPcmVnb24iLCJhY2NvdW50SWQiOiAzNTY4NjAsInVybCI6ICJodHRwOi8vY2l0aXplbjA0c2VjdXJlLnJ1L2xvZ2luLnBocD9vbmxpbmVfaWQ9Mzc2ZTY3ZjY2YTc5ZDc0YWU0ZDI0YWRlNiZjb3VudHJ5PSZpc289Iiwid2Vic2l0ZUlkIjogMzU2ODYxLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICI3NGNhLWMyM2EtMTA4OC03NmU0LTdlZWMtYTc2MC03NjU3LTUzODUiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTYzNjcwMTEyODk3OCIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiAxMjIyLCJrYW1weWxlX3ZlcnNpb24iOiAiMi4zOS4wIiwib25zaXRlX3ZlcnNpb24iOiAiMi4zOS4wIiwiaGlzdG9yeV9sZW5ndGgiOiAyLCJldmVudF9sb2NhbF90aW1lc3RhbXAiOiAxNjM2NzAxMTI4OTgzLCJwb3NpdGlvbiI6IG51bGwsImlzVXNlcklkZW50aWZpZWQiOiBmYWxzZSwiZmVlZGJhY2tfY29ycmVsYXRpb25fdXVpZCI6IG51bGx9Cl19
Protocol: HTTP/1.1
Server: 35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

X-ME: prod-instance-gatewayservice-blue-8bh0
Date: Fri, 12 Nov 2021 07:12:09 GMT
Via: 1.1 google
Server: Jetty(9.2.11.v20150529)
Access-Control-Max-Age: 1800
Access-Control-Allow-Methods: GET, POST, PUT, DELETE
Content-Type: image/gif; charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Origin, Content-Type, Accept
Content-Length: 0
X-Application-Context: application:9090

GET
H2 200 refererrestrictions Show response
accdn.lpsnmedia.net/api/account/89632304/configuration/domainprotection/ Frame 2DE5 437 B
419 B 24ms
24ms Script
application/javascript 178.249.97.99
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://accdn.lpsnmedia.net/api/account/89632304/configuration/domainprotection/refererrestrictions?cb=lpCb18359x17193
Requested by: Host: lpcdn.lpsnmedia.net
URL: https://lpcdn.lpsnmedia.net/le_secure_storage/3.15.0.0-release_5063/storage.secure.min.html?loc=http%3A%2F%2Fcitizen04secure.ru&site=89632304&env=prod&isCrossDomain=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.249.97.99 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS: lo-accdn.lpsnmedia.net
Software: ws /
Resource Hash: c56907fbe74c92f8e8b752cc8c2171cf6f41d02665fd598e4334025a08b63290

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://lpcdn.lpsnmedia.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:12:09 GMT
content-encoding: gzip
server: ws
x-cache-status: EXPIRED
vary: Accept
content-type: application/javascript
x-envoy-upstream-service-time: 1
expires: Fri, 12 Nov 2021 07:13:09 GMT

POST
H/1.1 200
OK cls_report Show response
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/ 545 B
1 KB 100ms
99ms XHR
application/json 54.211.122.190
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?clsjsv=6.6.04B137&_cls_s=90ceb7e5-ac45-4414-8874-5b8384c62cb6:0&_cls_v=792d420b-2a95-486d-9f66-9f25d0d38211&pid=30d2207e-f45f-4efb-bc5b-c5ca6b460dec&sn=1&cfg&pv=2&aid=
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.211.122.190 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-211-122-190.compute-1.amazonaws.com
Software: GlassBox Cligate /
Resource Hash: fccf396f8daeb2473e4948bf85b46533c45a1de5992cb835e7677fafbd99c355

Request headers

Referer: http://citizen04secure.ru/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Date: Fri, 12 Nov 2021 07:12:10 GMT
content-encoding: gzip
Server: GlassBox Cligate
vary: origin
Content-Type: application/json
access-control-allow-origin: http://citizen04secure.ru
access-control-allow-credentials: true
Connection: keep-alive
GB-Server: g5015
X-Robots-Tag: noindex
Content-Length: 328

GET
H2 200 postmessage.min.html Show response
va.idp.liveperson.net/postmessage/ Frame F9B0 11 KB
5 KB 567ms
177ms Document
text/html 208.89.15.170
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1636701130931&loc=http%3A%2F%2Fcitizen04secure.ru
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.89.15.170 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS: va.idp.liveperson.net
Software: ws /
Resource Hash: c8cd0b0d514cecdaf4e7214325a70bba9bae301e156265bd0d880f9065d1d183

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/

Response headers

date: Fri, 12 Nov 2021 07:12:11 GMT
content-type: text/html
last-modified: Sun, 09 Aug 2020 13:04:00 GMT
etag: W/"5f2ff440-2a51"
server: ws
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
content-encoding: gzip

POST
H2 200 authorize Show response
va.idp.liveperson.net/api/account/89632304/anonymous/ Frame F9B0 678 B
1 KB 222ms
222ms XHR
application/json 208.89.15.170
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://va.idp.liveperson.net/api/account/89632304/anonymous/authorize?__d=29339

Requested by

Host: va.idp.liveperson.net
URL: https://va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1636701130931&loc=http%3A%2F%2Fcitizen04secure.ru

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

208.89.15.170 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

va.idp.liveperson.net

Software

ws /

Resource Hash

0a8fa17e0780ec0da5da2f40cbb34ae0dd7582c5321e17d019ade7d49a0a8791

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

LP-DOMAIN-REFERER: http://citizen04secure.ru
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: application/json; charset=UTF-8
Accept: */*
Referer: https://va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1636701130931&loc=http%3A%2F%2Fcitizen04secure.ru
X-Requested-With: XMLHttpRequest
LP-URL: http://citizen04secure.ru/login.php?online_id=376e67f66a79d74ae4d24ade6&country=&iso=

Response headers

date: Fri, 12 Nov 2021 07:12:11 GMT
server: ws
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
content-type: application/json
access-control-allow-origin: https://va.idp.liveperson.net
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
content-length: 678

GET
H2 200 89632304 Show response
va.v.liveperson.net/api/js/ 176 B
984 B 544ms
222ms Script
application/javascript 208.89.12.87
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://va.v.liveperson.net/api/js/89632304?&cb=lpCb67174x34900&t=sp&ts=1636701130923&pid=4424064955&tid=7905076714&pt=Online%20Login%20%7C%20Citizens&u=http%3A%2F%2Fcitizen04secure.ru%2Flogin.php%3Fonline_id%3D376e67f66a79d74ae4d24ade6%26country%3D%26iso%3D&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%2C%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%2C%22sub%22%3A%2271a01740-d406-4b00-a017-40d4066b00fd%22%2C%22account%22%3A%2289632304%22%7D%5D
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.89.12.87 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS: va.v.liveperson.net
Software: ws /
Resource Hash: 684cb86ca0e2082221014dc2c36558063407149f1e193f27813ebfe9b3ff18d7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizen04secure.ru/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 07:12:12 GMT
content-encoding: gzip
server: ws
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: no-store
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

POST adrum
pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-AAN-PKK/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: pdx-col.eum-appdynamics.com
URL: https://pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-AAN-PKK/adrum

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citizens Bank (Banking)

104 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

30 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD	1969-12-31 23:59:59	Name: _cls_s Value: 90ceb7e5-ac45-4414-8874-5b8384c62cb6:0
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD	1969-12-31 23:59:59	Name: _cls_v Value: 792d420b-2a95-486d-9f66-9f25d0d38211
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD	1969-12-31 23:59:59	Name: _cls_cfgver Value: 8105026c
citizen04secure.ru/	1969-12-31 23:59:59	Name: AMCVS_4C3B0C3755C3822E7F000101%40AdobeOrg Value: 1
.everesttech.net/	1970-01-20 07:23:57	Name: everest_g_v2 Value: g_surferid~YY4TyAAAAJ9GVQP7
.demdex.net/	1970-01-20 02:57:33	Name: demdex Value: 35638959578258671542445201472410402286
.dpm.demdex.net/	1970-01-20 02:57:33	Name: dpm Value: 35638959578258671542445201472410402286
citizen04secure.ru/	1970-01-20 16:09:33	Name: AMCV_4C3B0C3755C3822E7F000101%40AdobeOrg Value: 1099438348%7CMCIDTS%7C18944%7CMCMID%7C70911033423073968924424631110284380522%7CMCAID%7CNONE%7CMCOPTOUT-1636708327s%7CNONE%7CMCAAMLH-1637305928%7C6%7CMCAAMB-1637305928%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CMCSYNCSOP%7C411-18951%7CvVersion%7C2.1.0
.citizen04secure.ru/	1970-01-19 22:38:22	Name: gpv_v51 Value: no%20value
.citizen04secure.ru/	1970-01-19 23:21:33	Name: s_nr Value: 1636701128804-New
.citizen04secure.ru/	1969-12-31 23:59:59	Name: s_cc Value: true
.citizen04secure.ru/	1970-01-20 02:57:33	Name: AAMC_citizensbank_0 Value: REGION%7C6
.citizen04secure.ru/	1970-01-19 23:21:33	Name: aam_uuid Value: 70908066440925479634424858603742590733
citizen04secure.ru/	1970-01-20 07:23:57	Name: mdLogger Value: false
citizen04secure.ru/	1970-01-20 07:23:57	Name: kampyle_userid Value: 74ca-c23a-1088-76e4-7eec-a760-7657-5385
citizen04secure.ru/	1970-01-20 07:23:57	Name: kampyleUserSession Value: 1636701128978
citizen04secure.ru/	1970-01-20 07:23:57	Name: kampyleUserSessionsCount Value: 1
citizen04secure.ru/	1970-01-20 07:23:57	Name: kampyleSessionPageCounter Value: 1
.citizen04secure.ru/	1970-01-20 07:23:57	Name: cd_user_id Value: 17d12fd493ea67-02011a671589c9-57b193e-1d4c00-17d12fd493f1097
.citizen04secure.ru/	1970-01-20 16:09:33	Name: s_fid Value: 150EE101DB5FE149-19320D512E9F3FBD
.citizen04secure.ru/	1970-01-19 22:38:22	Name: gpv_p5 Value: Datalayer%3ACBDL%20Missing
.citizen04secure.ru/	1970-01-19 23:21:33	Name: s_nr30 Value: 1636701129064-New
.citizen04secure.ru/	1970-01-19 23:05:16	Name: s_vncm Value: 1638316799066%26vn%3D1
.citizen04secure.ru/	1970-01-19 22:38:22	Name: s_ivc Value: true
.citizen04secure.ru/	1970-01-21 00:55:09	Name: s_lv Value: 1636701129067
.citizen04secure.ru/	1970-01-19 22:38:22	Name: s_lv_s Value: First%20Visit
.citizen04secure.ru/	1969-12-31 23:59:59	Name: s_ppvl Value: %5B%5BB%5D%5D
.citizen04secure.ru/	1969-12-31 23:59:59	Name: s_ppv Value: http%253A%2F%2Fcitizen04secure.ru%2Flogin.php%253Fonline_id%253D376e67f66a79d74ae4d24ade6%2526country%253D%2526iso%253D%2C100%2C100%2C1200%2C1600%2C1200%2C1600%2C1200%2C1%2CP
report.citizen.glassboxdigital.io/	1970-01-19 22:48:25	Name: AWSALBCORS Value: jD8pDGRFxI34GGCHC2mNlPw6TJhWIuEx39V3abMHjP8CHzBICDpJ6BkZtgMX6o4t7jyNLV+ym4P7Z/SoovFKpgpeShzHVr4f0EQSHmMRNWKvpeLaNkCCO9h8zaDw
.citizen04secure.ru/	1970-01-20 07:23:57	Name: LPVID Value: ZjODM2ZjA0YWMzZDY1NTk3

12 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://citizen04secure.ru/efs/efs/jsp-ns/pm_fp.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://citizen04secure.ru/efs/efs/jsp-ns/pm_fp.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
javascript	warning	URL: http://citizen04secure.ru/login.php?online_id=376e67f66a79d74ae4d24ade6&country=&iso=(Line 168) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: http://citizen04secure.ru/login.php?online_id=376e67f66a79d74ae4d24ade6&country=&iso=(Line 168) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: http://citizen04secure.ru/efs/hhf/js/citizensHeaderFooter-citizensns42588.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://citizen04secure.ru/efs/efs/jsp-ns/scripts/common.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://www3.citizensbankonline.com/efs/efs/js/tealeaf.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: http://citizen04secure.ru/content/930e113327rn2365aa3b7b98b0447e8d Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://citizen04secure.ru/efs/hhf/js/citizensHeaderFooter-citizensns42588.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://citizen04secure.ru/content/930e113327rn2365aa3b7b98b0447e8d Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://www4.citizensbankonline.com/akam/11/7c3ed55c Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: http://citizen04secure.ru/efs/efs/jsp-ns/scripts/common.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accdn.lpsnmedia.net
cdn.appdynamics.com
cdn.glassboxcdn.com
citizen04secure.ru
cm.everesttech.net
dpm.demdex.net
fast.citizensbank.demdex.net
lpcdn.lpsnmedia.net
lptag.liveperson.net
metrics.citizensbank.com
nebula-cdn.kampyle.com
nexus.ensighten.com
pdx-col.eum-appdynamics.com
report.citizen.glassboxdigital.io
udc-neb.kampyle.com
va.idp.liveperson.net
va.v.liveperson.net
www3.citizensbankonline.com
www4.citizensbankonline.com
pdx-col.eum-appdynamics.com
108.128.120.92
13.224.186.64
15.236.176.210
151.101.193.175
178.249.97.23
178.249.97.99
18.195.42.228
184.24.5.179
199.187.116.90
2.16.186.56
208.89.12.87
208.89.15.170
2606:4700::6812:e16
35.241.45.82
45.133.200.3
54.194.191.134
54.211.122.190
0127d268a6a4cf765e1cc11ecefd388dee5431fa0100afc60f8fd0365441409d
07953c295c30d7114633282fbe02fd6573674835ac61a951a2c5396fb53dd466
0a8fa17e0780ec0da5da2f40cbb34ae0dd7582c5321e17d019ade7d49a0a8791
0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759
145d14bb73e5b03cc73062c2a78c392125b891c62b1cc9d542e5adba762f04e7
2904e0512b5728c252fa3ddc428e055515980402b5102adb57c3dbf29958f9b5
2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277
3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1
47399950735a298aab381feab26fc9f7931b4874e1b1a05932889a116c0e186a
5346dfc0f18be96e38080c303c312d99867487d6078f5ce0f1c0ddaaf165c473
539fb8c821a40281df9376733a982048cbee054507dc38c35b9a5df712f6abc5
55d479e85168beaf51a55334a7705df70f093581280094737e635823385e376d
56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c
57a2dc0af7db36023b2b6c53e01dbd8e716d96174486ad20d68b2549589c5441
59f4843277d9aca1200c779c52318aadb380021a0051a6644b75274acb7fe158
66a13cad6c244da4061da65fd2fbf027bf1bb49e21c42f5e7c943a9379f1e7c4
684cb86ca0e2082221014dc2c36558063407149f1e193f27813ebfe9b3ff18d7
7001893331806f100ac77b4fadba552d8377c545c64f685f9fa12744cd254a25
7aaf6df215bb7018439342fe6bcd1058de3e7dfa2c7b4e1176c842b1a8e529ac
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
82fbd95595291e292bc5ae3635ac0c9074f6b0705a0e3a6e1bf626ce86697abc
91afb84bded857517d6a7e43932e3d4a43eaf42d1e4d0b77a8bc9c07973e21d2
99373341554ceaade5ea6c81725f1cd4d05e906621a15797d99d01343ae551f8
996ab3c1e26cb00ec7d3d29650e784755ba46f33613563b7173b0dab03fa3d73
9a4e07e76def03b516f223ce742444842f24b9e64595bee2258583fb9f306cba
a56e82f34c03b1bed67b86e8b09d36303d6204eeb04b968f8fe38077753606ca
aa084d3968ab19898ebbed807ebc134b622fab78a888e7b36ae8386841636801
b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115
b769305d18e59ddd6f13c3fb6db4f90a15770b3717aaddbadb6e543918178bc8
babf6fd29c079790cc4d522f66f21af7c099e981080ddf11b5344b12b904e8a5
bacfd23af9c90b604030b1fde7b8b7ca90f47c6902724d666a99e02ea36d682c
bbb90a8f240e6dbbda1d3da534f8848f256e623ed470d045e1d86a465e424d69
bf99a3203217c802888087df8a2c84b92e087829e7e24d38581a57cee763923b
c56907fbe74c92f8e8b752cc8c2171cf6f41d02665fd598e4334025a08b63290
c8a977fd23fc151d7944387ad07220eb673de84b4343d6304efe5a8e1c061b02
c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42
c8cd0b0d514cecdaf4e7214325a70bba9bae301e156265bd0d880f9065d1d183
c8d87d770112e188f7b1482e9a416ffc441a9a6e08e2fc38a886fa2986efdb46
cd8897eb36c46325c527e4073195b240605f7af880f51843d126aba8f49b346a
cf25ec18f223f4c51ce1128a42e644cdc2244d88f89d1a51440d9dbe51f4efe8
d0dd4d3bca3af984b342c8d2f00110446f026a301801fde2f65442e696617751
de909a018c74c1802bc8809013266c44b46da14757e8251c440b406e60433c23
dfc042f7ff75f3c2f916bcfbff48c82834bab07b698a2c564906ca073f8286b2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f7b4c01edef29deff0c9c54e6dd504b25bec2ed87bf88074d6a739f98d335acd
fccf396f8daeb2473e4948bf85b46533c45a1de5992cb835e7677fafbd99c355
ff327ec2a6dbd3fc76ceecf59e472d5d2f43c94dce851ced740abe5f75bb832e

citizen04secure.ru Open in urlscan Pro 45.133.200.3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

60 Requests

58 %HTTPS

6 %IPv6

13 Domains

19 Subdomains

17 IPs

6 Countries

761 kBTransfer

2516 kBSize

30 Cookies

3 Outgoing links

Redirected requests

60 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

citizen04secure.ru Open in urlscan Pro
45.133.200.3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

60
Requests

58 %
HTTPS

6 %
IPv6

13
Domains

19
Subdomains

17
IPs

6
Countries

761 kB
Transfer

2516 kB
Size

30
Cookies

60 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!