citizenauthlogin-09.duckdns.org Open in urlscan Pro
174.138.45.252 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://citizenauthlogin-09.duckdns.org/login.php?online_id=19aa239c9273b1b1d5c7b3a31&country=&iso=
Submission: On December 21 via automatic, source openphish (December 21st 2021, 1:28:49 am UTC) — Scanned from DE

Summary HTTP 62 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 18 IPs in 6 countries across 14 domains to perform 62 HTTP transactions. The main IP is 174.138.45.252, located in North Bergen, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is citizenauthlogin-09.duckdns.org.

This is the only time citizenauthlogin-09.duckdns.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citizens Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
6	174.138.45.252 174.138.45.252	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
3	18.197.253.20 18.197.253.20	16509 (AMAZON-02) (AMAZON-02)
22	104.109.73.152 104.109.73.152	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
2 5	52.19.78.71 52.19.78.71	16509 (AMAZON-02) (AMAZON-02)
2	178.249.97.23 178.249.97.23	11054 (LIVEPERSON) (LIVEPERSON)
2	15.236.176.210 15.236.176.210	16509 (AMAZON-02) (AMAZON-02)
1	178.18.231.171 178.18.231.171	50952 (DATAIX-AS...) (DATAIX-AS Peering Ltd.)
2 2	52.51.88.158 52.51.88.158	16509 (AMAZON-02) (AMAZON-02)
2	65.9.64.126 65.9.64.126	16509 (AMAZON-02) (AMAZON-02)
3	208.89.12.91 208.89.12.91	11054 (LIVEPERSON) (LIVEPERSON)
3	151.101.1.175 151.101.1.175	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6812:f16	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	52.200.223.55 52.200.223.55	14618 (AMAZON-AES) (AMAZON-AES)
2	178.249.97.98 178.249.97.98	11054 (LIVEPERSON) (LIVEPERSON)
1	35.241.45.82 35.241.45.82	15169 (GOOGLE) (GOOGLE)
2	208.89.15.170 208.89.15.170	11054 (LIVEPERSON) (LIVEPERSON)
3	208.89.12.87 208.89.12.87	11054 (LIVEPERSON) (LIVEPERSON)
1	35.166.130.173 35.166.130.173	() ()
62	18

6 174.138.45.252 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

citizenauthlogin-09.duckdns.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.197.253.20 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com

nexus.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 104.109.73.152 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-109-73-152.deploy.static.akamaitechnologies.com

www3.citizensbankonline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www4.citizensbankonline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.19.78.71 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-78-71.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.249.97.23 (United Kingdom)

ASN11054 (LIVEPERSON, US)

lptag.liveperson.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.236.176.210 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

metrics.citizensbank.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.18.231.171 (Russian Federation)

ASN50952 (DATAIX-AS Peering Ltd., RU)

fast.citizensbank.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.51.88.158 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-51-88-158.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 65.9.64.126 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-64-126.fra56.r.cloudfront.net

cdn.appdynamics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 208.89.12.91 (United States)

ASN11054 (LIVEPERSON, US)

accdn.lpsnmedia.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.1.175 (United States)

ASN54113 (FASTLY, US)

nebula-cdn.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:f16 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.glassboxcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.200.223.55 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-200-223-55.compute-1.amazonaws.com

report.citizen.glassboxdigital.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.249.97.98 (United Kingdom)

ASN11054 (LIVEPERSON, US)
PTR: lo-lpcdn.lpsnmedia.net

lpcdn.lpsnmedia.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.82 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 82.45.241.35.bc.googleusercontent.com

udc-neb.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 208.89.15.170 (United States)

ASN11054 (LIVEPERSON, US)
PTR: va.idp.liveperson.net

va.idp.liveperson.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 208.89.12.87 (United States)

ASN11054 (LIVEPERSON, US)
PTR: va.v.liveperson.net

va.v.liveperson.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.166.130.173 (None, )

ASN- ()

pdx-col.eum-appdynamics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	citizensbankonline.com www3.citizensbankonline.com www4.citizensbankonline.com	234 KB
7	liveperson.net lptag.liveperson.net va.idp.liveperson.net va.v.liveperson.net	117 KB
6	demdex.net 2 redirects dpm.demdex.net fast.citizensbank.demdex.net	8 KB
6	duckdns.org citizenauthlogin-09.duckdns.org	26 KB
5	lpsnmedia.net accdn.lpsnmedia.net lpcdn.lpsnmedia.net	34 KB
4	glassboxdigital.io report.citizen.glassboxdigital.io	4 KB
4	kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com	104 KB
3	ensighten.com nexus.ensighten.com	92 KB
2	appdynamics.com cdn.appdynamics.com	58 KB
2	everesttech.net 2 redirects cm.everesttech.net	772 B
2	citizensbank.com metrics.citizensbank.com	5 KB
1	eum-appdynamics.com pdx-col.eum-appdynamics.com	1016 B
1	glassboxcdn.com cdn.glassboxcdn.com	112 KB
1	googleapis.com ajax.googleapis.com	29 KB
62	14

	Domain	Requested by
21	www3.citizensbankonline.com	citizenauthlogin-09.duckdns.org www3.citizensbankonline.com
6	citizenauthlogin-09.duckdns.org	citizenauthlogin-09.duckdns.org
5	dpm.demdex.net	2 redirects citizenauthlogin-09.duckdns.org nexus.ensighten.com
4	report.citizen.glassboxdigital.io	cdn.appdynamics.com
3	va.v.liveperson.net	cdn.appdynamics.com
3	nebula-cdn.kampyle.com	cdn.appdynamics.com
3	accdn.lpsnmedia.net	cdn.appdynamics.com lpcdn.lpsnmedia.net
3	nexus.ensighten.com	citizenauthlogin-09.duckdns.org nexus.ensighten.com
2	va.idp.liveperson.net	cdn.appdynamics.com va.idp.liveperson.net
2	lpcdn.lpsnmedia.net	cdn.appdynamics.com
2	cdn.appdynamics.com	nexus.ensighten.com cdn.appdynamics.com
2	cm.everesttech.net	2 redirects
2	metrics.citizensbank.com	nexus.ensighten.com cdn.appdynamics.com
2	lptag.liveperson.net	citizenauthlogin-09.duckdns.org cdn.appdynamics.com
1	pdx-col.eum-appdynamics.com	cdn.appdynamics.com
1	udc-neb.kampyle.com
1	cdn.glassboxcdn.com	cdn.appdynamics.com
1	fast.citizensbank.demdex.net	nexus.ensighten.com
1	ajax.googleapis.com	citizenauthlogin-09.duckdns.org
1	www4.citizensbankonline.com	citizenauthlogin-09.duckdns.org
62	20

This site contains links to these domains. Also see Links.

Domain
www.citizensbank.com

Subject Issuer	Validity	Valid
citizensbankonline.com Entrust Certification Authority - L1M	`2021-05-18` - `2022-05-18`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.liveperson.net Sectigo RSA Organization Validation Secure Server CA	`2020-05-30` - `2022-05-30`	2 years	crt.sh
*.lpsnmedia.net Sectigo RSA Organization Validation Secure Server CA	`2021-02-21` - `2022-02-21`	a year	crt.sh
*.kampyle.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-03-22` - `2022-04-23`	a year	crt.sh
citizen.glassboxdigital.io Amazon	`2021-11-19` - `2022-12-17`	a year	crt.sh
*.idp.liveperson.net COMODO RSA Organization Validation Secure Server CA	`2020-07-09` - `2022-07-09`	2 years	crt.sh
*.v.liveperson.net Sectigo RSA Organization Validation Secure Server CA	`2020-04-13` - `2022-04-13`	2 years	crt.sh
*.eum-appdynamics.com DigiCert TLS RSA SHA256 2020 CA1	`2021-06-14` - `2022-07-15`	a year	crt.sh

This page contains 4 frames:

Primary Page: http://citizenauthlogin-09.duckdns.org/login.php?online_id=19aa239c9273b1b1d5c7b3a31&country=&iso=
Frame ID: 4D62ECB9296B2E10086B5B6B9758A905
Requests: 57 HTTP requests in this frame

Frame: http://fast.citizensbank.demdex.net/dest5.html?d_nsid=0
Frame ID: B3CA7CF3DEE313D5964369527741D23A
Requests: 1 HTTP requests in this frame

Frame: https://lpcdn.lpsnmedia.net/le_secure_storage/3.15.0.0-release_5063/storage.secure.min.html?loc=http%3A%2F%2Fcitizenauthlogin-09.duckdns.org&site=89632304&env=prod&isCrossDomain=true
Frame ID: 4B4BBA60C881750E040618ED43DDDBD6
Requests: 2 HTTP requests in this frame

Frame: https://va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1640050117246&loc=http%3A%2F%2Fcitizenauthlogin-09.duckdns.org
Frame ID: 9EBE59018CF61086CB862BC799D8F961
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Online Login | Citizens

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppDynamics (Analytics) Expand

Overall confidence: 100%
Detected patterns

adrum

Ensighten (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

//nexus\.ensighten\.com/

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

62
Requests

66 %
HTTPS

11 %
IPv6

14
Domains

20
Subdomains

18
IPs

6
Countries

822 kB
Transfer

2584 kB
Size

16
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://www.citizensbank.com/learning/coronavirus/overview.aspx?WT.ac=CB_OLB_OLBAd_Coronavirus_CRC_COVID-19ResourceCenter_A484
Title: Resource Center

Search URL Search Domain Scan URL

URL: https://www.citizensbank.com/mobile-and-online-banking/mobile-app.aspx
Title: Check out everything it can do and see information on how to get it.

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/
Title: Cancel

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15

http://dpm.demdex.net/id?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1640050114566 HTTP 302
http://dpm.demdex.net/id/rd?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1640050114566

Request Chain 26

http://cm.everesttech.net/cm/dd?d_uuid=08187236126633978750163847931160391450 HTTP 301
https://cm.everesttech.net/cm/dd?d_uuid=08187236126633978750163847931160391450 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YcEtwwAAAJyPTAQA HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YcEtwwAAAJyPTAQA

62 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request login.php Show response
citizenauthlogin-09.duckdns.org/ 26 KB
26 KB 544ms
437ms Document
text/html 174.138.45.252
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://citizenauthlogin-09.duckdns.org/login.php?online_id=19aa239c9273b1b1d5c7b3a31&country=&iso=
Protocol: HTTP/1.1
Server: 174.138.45.252 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 3ec13741a5ae48533f53bd49f257bc27fbd74b9e3311b42fbcf77104f04c0c8e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Date: Tue, 21 Dec 2021 01:28:34 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK Bootstrap.js Show response
nexus.ensighten.com/citizensbank/olbprod/ 86 KB
29 KB 26ms
12ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js
Requested by: Host: citizenauthlogin-09.duckdns.org
URL: http://citizenauthlogin-09.duckdns.org/login.php?online_id=19aa239c9273b1b1d5c7b3a31&country=&iso=
Protocol: HTTP/1.1
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 150921c3f95a4a9995efeb994e9b9a6882071c34a678a7bd1c800f0b27f33684

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Tue, 21 Dec 2021 01:28:34 GMT
Content-Encoding: gzip
Last-Modified: Wed, 15 Dec 2021 21:57:45 GMT
Server: nginx
ETag: W/"61ba64d9-15729"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
cache-control: max-age=300
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 404
Not Found pm_fp.js
citizenauthlogin-09.duckdns.org/efs/efs/jsp-ns/ 0
0 189ms
184ms Script
text/html 174.138.45.252
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://citizenauthlogin-09.duckdns.org/efs/efs/jsp-ns/pm_fp.js
Requested by: Host: citizenauthlogin-09.duckdns.org
URL: http://citizenauthlogin-09.duckdns.org/login.php?online_id=19aa239c9273b1b1d5c7b3a31&country=&iso=
Protocol: HTTP/1.1
Server: 174.138.45.252 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/login.php?online_id=19aa239c9273b1b1d5c7b3a31&country=&iso=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Tue, 21 Dec 2021 01:28:34 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 jquery-ui-1.10.3.custom.min.css
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ 19 KB
4 KB 91ms
24ms Stylesheet
text/css 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/jquery-ui-1.10.3.custom.min.css

Requested by

Host: citizenauthlogin-09.duckdns.org
URL: http://citizenauthlogin-09.duckdns.org/login.php?online_id=19aa239c9273b1b1d5c7b3a31&country=&iso=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

7aaf6df215bb7018439342fe6bcd1058de3e7dfa2c7b4e1176c842b1a8e529ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 21 Dec 2021 01:28:34 GMT
content-encoding: gzip
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 3780
x-olb-req-received: t=1639900834608778
last-modified: Sat, 18 Dec 2021 09:08:52 GMT
x-frame-options: SAMEORIGIN
etag: "4a56-5d36801200b98"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: text/css
access-control-allow-origin: *
expires: Tue, 21 Dec 2021 05:38:38 GMT
cache-control: max-age=15004
accept-ranges: bytes
lb-action: None
x-olb-req-duration: D=1775

GET
H2 200 normalize.css
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ 10 KB
3 KB 98ms
32ms Stylesheet
text/css 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/normalize.css

Requested by

Host: citizenauthlogin-09.duckdns.org
URL: http://citizenauthlogin-09.duckdns.org/login.php?online_id=19aa239c9273b1b1d5c7b3a31&country=&iso=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

91afb84bded857517d6a7e43932e3d4a43eaf42d1e4d0b77a8bc9c07973e21d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 21 Dec 2021 01:28:34 GMT
content-encoding: gzip
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 2766
x-olb-req-received: t=1639823069365257
last-modified: Sat, 18 Dec 2021 09:07:54 GMT
x-frame-options: SAMEORIGIN
etag: "26c2-5d367fda6fbb2"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: text/css
access-control-allow-origin: *
expires: Tue, 21 Dec 2021 05:37:30 GMT
cache-control: max-age=14936
accept-ranges: bytes
lb-action: None
x-olb-req-duration: D=649

GET
H2 200 main.css
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ 61 KB
12 KB 102ms
36ms Stylesheet
text/css 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Requested by

Host: citizenauthlogin-09.duckdns.org
URL: http://citizenauthlogin-09.duckdns.org/login.php?online_id=19aa239c9273b1b1d5c7b3a31&country=&iso=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

66a13cad6c244da4061da65fd2fbf027bf1bb49e21c42f5e7c943a9379f1e7c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 21 Dec 2021 01:28:34 GMT
content-encoding: gzip
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 12357
x-olb-req-received: t=1639900837649519
last-modified: Sat, 18 Dec 2021 09:08:52 GMT
x-frame-options: SAMEORIGIN
etag: "f405-5d36801200f80"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: text/css
access-control-allow-origin: *
expires: Tue, 21 Dec 2021 05:37:34 GMT
cache-control: max-age=14940
accept-ranges: bytes
lb-action: None
x-olb-req-duration: D=4031

GET
H2 200 flows.css
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ 8 KB
3 KB 115ms
49ms Stylesheet
text/css 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css

Requested by

Host: citizenauthlogin-09.duckdns.org
URL: http://citizenauthlogin-09.duckdns.org/login.php?online_id=19aa239c9273b1b1d5c7b3a31&country=&iso=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

99373341554ceaade5ea6c81725f1cd4d05e906621a15797d99d01343ae551f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 21 Dec 2021 01:28:34 GMT
content-encoding: gzip
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 2391
x-olb-req-received: t=1639823069131867
last-modified: Sat, 18 Dec 2021 09:08:52 GMT
x-frame-options: SAMEORIGIN
etag: "21ce-5d368011efe12"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: text/css
access-control-allow-origin: *
expires: Tue, 21 Dec 2021 05:38:19 GMT
cache-control: max-age=14985
accept-ranges: bytes
lb-action: None
x-olb-req-duration: D=655

GET
H2 200 ad-containers.css
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ 8 KB
2 KB 121ms
54ms Stylesheet
text/css 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ad-containers.css

Requested by

Host: citizenauthlogin-09.duckdns.org
URL: http://citizenauthlogin-09.duckdns.org/login.php?online_id=19aa239c9273b1b1d5c7b3a31&country=&iso=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

c8a977fd23fc151d7944387ad07220eb673de84b4343d6304efe5a8e1c061b02

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 21 Dec 2021 01:28:34 GMT
content-encoding: gzip
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 1521
x-olb-req-received: t=1639978631696438
last-modified: Sat, 18 Dec 2021 09:08:52 GMT
x-frame-options: SAMEORIGIN
etag: "1f31-5d368011efa2a"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: text/css
access-control-allow-origin: *
expires: Tue, 21 Dec 2021 05:38:12 GMT
cache-control: max-age=14978
accept-ranges: bytes
lb-action: None
x-olb-req-duration: D=555

GET
H2 200 modernizr-2.6.2.min.js Show response
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/ 15 KB
6 KB 133ms
67ms Script
application/x-javascript 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/modernizr-2.6.2.min.js

Requested by

Host: citizenauthlogin-09.duckdns.org
URL: http://citizenauthlogin-09.duckdns.org/login.php?online_id=19aa239c9273b1b1d5c7b3a31&country=&iso=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

cf25ec18f223f4c51ce1128a42e644cdc2244d88f89d1a51440d9dbe51f4efe8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 21 Dec 2021 01:28:34 GMT
content-encoding: gzip
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 6246
x-olb-req-received: t=1639823069146471
last-modified: Sat, 18 Dec 2021 09:08:52 GMT
x-frame-options: SAMEORIGIN
etag: "3c36-5d3680120ee27"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: application/x-javascript
access-control-allow-origin: *
expires: Tue, 21 Dec 2021 05:37:11 GMT
cache-control: max-age=14917
accept-ranges: bytes
lb-action: None
x-olb-req-duration: D=963

GET
H2 200 plugins.js Show response
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/ 199 KB
45 KB 143ms
77ms Script
application/x-javascript 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/plugins.js

Requested by

Host: citizenauthlogin-09.duckdns.org
URL: http://citizenauthlogin-09.duckdns.org/login.php?online_id=19aa239c9273b1b1d5c7b3a31&country=&iso=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

b769305d18e59ddd6f13c3fb6db4f90a15770b3717aaddbadb6e543918178bc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 21 Dec 2021 01:28:34 GMT
content-encoding: gzip
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 46041
x-olb-req-received: t=1639823069369763
last-modified: Sat, 18 Dec 2021 09:08:52 GMT
x-frame-options: SAMEORIGIN
etag: "31d24-5d36801211537"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: application/x-javascript
access-control-allow-origin: *
expires: Tue, 21 Dec 2021 05:36:14 GMT
cache-control: max-age=14860
accept-ranges: bytes
lb-action: None
x-olb-req-duration: D=10269

GET
H2 200 main.js Show response
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/ 19 KB
5 KB 165ms
99ms Script
application/x-javascript 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/main.js

Requested by

Host: citizenauthlogin-09.duckdns.org
URL: http://citizenauthlogin-09.duckdns.org/login.php?online_id=19aa239c9273b1b1d5c7b3a31&country=&iso=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

57a2dc0af7db36023b2b6c53e01dbd8e716d96174486ad20d68b2549589c5441

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 21 Dec 2021 01:28:34 GMT
content-encoding: gzip
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 4818
x-olb-req-received: t=1639978597544124
last-modified: Sat, 18 Dec 2021 09:07:54 GMT
x-frame-options: SAMEORIGIN
etag: "4c03-5d367fda74dba"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: application/x-javascript
access-control-allow-origin: *
expires: Tue, 21 Dec 2021 05:36:13 GMT
cache-control: max-age=14859
accept-ranges: bytes
lb-action: None
x-olb-req-duration: D=963

GET
H2 200 placeholders.min.js Show response
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/ 4 KB
2 KB 174ms
108ms Script
application/x-javascript 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/placeholders.min.js

Requested by

Host: citizenauthlogin-09.duckdns.org
URL: http://citizenauthlogin-09.duckdns.org/login.php?online_id=19aa239c9273b1b1d5c7b3a31&country=&iso=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

babf6fd29c079790cc4d522f66f21af7c099e981080ddf11b5344b12b904e8a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 21 Dec 2021 01:28:34 GMT
content-encoding: gzip
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 1633
x-olb-req-received: t=1639900839069488
last-modified: Sat, 18 Dec 2021 09:08:52 GMT
x-frame-options: SAMEORIGIN
etag: "10aa-5d3680120f5f7"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: application/x-javascript
access-control-allow-origin: *
expires: Tue, 21 Dec 2021 05:36:10 GMT
cache-control: max-age=14856
accept-ranges: bytes
lb-action: None
x-olb-req-duration: D=1130

GET
H2 404 7c3ed55c
www4.citizensbankonline.com/akam/11/ 0
0 37ms
11ms Script
text/html 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www4.citizensbankonline.com/akam/11/7c3ed55c

Requested by

Host: citizenauthlogin-09.duckdns.org
URL: http://citizenauthlogin-09.duckdns.org/login.php?online_id=19aa239c9273b1b1d5c7b3a31&country=&iso=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 21 Dec 2021 01:28:34 GMT
strict-transport-security: max-age=15768000
content-type: text/html
expires: Tue, 21 Dec 2021 01:28:34 GMT
cache-control: max-age=0
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 9
lb-action: None

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.0.3/ 82 KB
29 KB 30ms
8ms Script
text/javascript 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.0.3/jquery.min.js

Requested by

Host: citizenauthlogin-09.duckdns.org
URL: http://citizenauthlogin-09.duckdns.org/login.php?online_id=19aa239c9273b1b1d5c7b3a31&country=&iso=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a57b5242b9a9adc4c1ef846c365147b89c472b9cd770face331efcb965346b25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 16 Dec 2021 14:13:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 386093
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29440
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 16 Dec 2022 14:13:41 GMT

GET
H2 404 tealeaf.js
www3.citizensbankonline.com/efs/efs/js/ 0
0 509ms
443ms Script
text/html 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www3.citizensbankonline.com/efs/efs/js/tealeaf.js
Requested by: Host: citizenauthlogin-09.duckdns.org
URL: http://citizenauthlogin-09.duckdns.org/login.php?online_id=19aa239c9273b1b1d5c7b3a31&country=&iso=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-73-152.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H2 200 CTZ_Green-01.png
www3.citizensbankonline.com/efs/hhf/img/ 5 KB
5 KB 16ms
15ms Image
image/png 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/hhf/img/CTZ_Green-01.png

Requested by

Host: citizenauthlogin-09.duckdns.org
URL: http://citizenauthlogin-09.duckdns.org/login.php?online_id=19aa239c9273b1b1d5c7b3a31&country=&iso=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

bf99a3203217c802888087df8a2c84b92e087829e7e24d38581a57cee763923b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 21 Dec 2021 01:28:34 GMT
x-olb-req-received: t=1639823069018171
last-modified: Sat, 18 Dec 2021 09:08:05 GMT
etag: "149d-5d367fe598290"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=377767
x-olb-req-duration: D=230
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 5277
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sat, 25 Dec 2021 10:24:41 GMT

GET
H/1.1

200
OK

rd Show response
dpm.demdex.net/id/
Redirect Chain

http://dpm.demdex.net/id?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1640050114566
http://dpm.demdex.net/id/rd?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1640050114566

110 B
737 B

37ms
37ms

XHR
application/json

52.19.78.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://dpm.demdex.net/id/rd?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1640050114566
Requested by: Host: citizenauthlogin-09.duckdns.org
URL: http://citizenauthlogin-09.duckdns.org/login.php?online_id=19aa239c9273b1b1d5c7b3a31&country=&iso=
Protocol: HTTP/1.1
Server: 52.19.78.71 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-78-71.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: a56e82f34c03b1bed67b86e8b09d36303d6204eeb04b968f8fe38077753606ca

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v026-0ac25a091.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
content-encoding: gzip
X-Error: 172
X-TID: vtwXAzxKRbw=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: http://citizenauthlogin-09.duckdns.org
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 124
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-1-v026-0af43dd6b.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Access-Control-Allow-Origin: http://citizenauthlogin-09.duckdns.org
X-TID: /pFZ3U/oQ10=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: http://dpm.demdex.net/id/rd?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1640050114566
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1 200
OK serverComponent.php Show response
nexus.ensighten.com/citizensbank/olbprod/ 280 B
517 B 10ms
9ms Script
text/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nexus.ensighten.com/citizensbank/olbprod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citizensbank/olbprod/code/&publishedOn=Wed%20Dec%2015%2021:57:44%20GMT%202021&ClientID=397&PageID=http%3A%2F%2Fcitizenauthlogin-09.duckdns.org%2Flogin.php%3Fonline_id%3D19aa239c9273b1b1d5c7b3a31%26country%3D%26iso%3D
Requested by: Host: nexus.ensighten.com
URL: http://nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js
Protocol: HTTP/1.1
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b594f779470f083abfb76e4c8f4e23b7ea025d0bc54bce73f1fd5710f6502c59

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Tue, 21 Dec 2021 01:28:34 GMT
Cache-Control: no-cache, no-store
Server: nginx
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 280
Expires: Tue, 21 Dec 2021 01:28:33 GMT

GET
H2 200 tag.js Show response
lptag.liveperson.net/tag/ 21 KB
8 KB 205ms
24ms Script
application/javascript 178.249.97.23
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lptag.liveperson.net/tag/tag.js?site=89632304
Requested by: Host: citizenauthlogin-09.duckdns.org
URL: http://citizenauthlogin-09.duckdns.org/login.php?online_id=19aa239c9273b1b1d5c7b3a31&country=&iso=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.249.97.23 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: ws /
Resource Hash: 145d14bb73e5b03cc73062c2a78c392125b891c62b1cc9d542e5adba762f04e7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 21 Dec 2021 01:28:34 GMT
content-encoding: gzip
last-modified: Thu, 03 Sep 2020 08:27:49 GMT
server: ws
etag: "5f50a905-1d8f"
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: public, max-age=630
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
content-length: 7567

GET
H/1.1 404
Not Found 930e113327rn2365aa3b7b98b0447e8d
citizenauthlogin-09.duckdns.org/content/ 0
0 95ms
95ms Script
text/html 174.138.45.252
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://citizenauthlogin-09.duckdns.org/content/930e113327rn2365aa3b7b98b0447e8d
Requested by: Host: citizenauthlogin-09.duckdns.org
URL: http://citizenauthlogin-09.duckdns.org/login.php?online_id=19aa239c9273b1b1d5c7b3a31&country=&iso=
Protocol: HTTP/1.1
Server: 174.138.45.252 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/login.php?online_id=19aa239c9273b1b1d5c7b3a31&country=&iso=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Tue, 21 Dec 2021 01:28:34 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found common.js
citizenauthlogin-09.duckdns.org/efs/efs/jsp-ns/scripts/ 0
0 95ms
95ms Script
text/html 174.138.45.252
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://citizenauthlogin-09.duckdns.org/efs/efs/jsp-ns/scripts/common.js
Requested by: Host: citizenauthlogin-09.duckdns.org
URL: http://citizenauthlogin-09.duckdns.org/login.php?online_id=19aa239c9273b1b1d5c7b3a31&country=&iso=
Protocol: HTTP/1.1
Server: 174.138.45.252 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/login.php?online_id=19aa239c9273b1b1d5c7b3a31&country=&iso=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Tue, 21 Dec 2021 01:28:34 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK id Show response
metrics.citizensbank.com/ 48 B
918 B 83ms
29ms XHR
application/x-javascript 15.236.176.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

http://metrics.citizensbank.com/id?d_visid_ver=2.1.0&d_fieldgroup=MC&mcorgid=4C3B0C3755C3822E7F000101%40AdobeOrg&ts=1640050114690

Requested by

Host: nexus.ensighten.com
URL: http://nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js

Protocol

HTTP/1.1

Server

15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

c0eba1a778a7a1ecbef2fc06f550de7aefb9b0f4a3b0b14ec3f58b08331affc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://citizenauthlogin-09.duckdns.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 21 Dec 2021 01:28:34 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-675dccd488-n5x9k
vary: Origin
x-c: main-1548.I52ef9e.M0-537
p3p: CP="This is not a P3P policy"
access-control-allow-origin: http://citizenauthlogin-09.duckdns.org
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-type: application/x-javascript;charset=utf-8
content-length: 48
x-xss-protection: 1; mode=block

GET
H2 200 citizen_roman.woff
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/ 31 KB
32 KB 60ms
35ms Font
application/octet-stream 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_roman.woff

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Origin: http://citizenauthlogin-09.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 21 Dec 2021 01:28:34 GMT
x-olb-req-received: t=1639823070481433
last-modified: Sat, 18 Dec 2021 09:08:52 GMT
etag: "7ce0-5d368011ffbf9"
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
cache-control: max-age=377726
x-olb-req-duration: D=224
server-timing: cdn-cache; desc=HIT, edge; dur=19
content-length: 31968
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sat, 25 Dec 2021 10:24:00 GMT

GET
H2 200 jquery-1.9.1.min.js Show response
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/ 90 KB
32 KB 28ms
27ms Script
application/x-javascript 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js

Requested by

Host: citizenauthlogin-09.duckdns.org
URL: http://citizenauthlogin-09.duckdns.org/login.php?online_id=19aa239c9273b1b1d5c7b3a31&country=&iso=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

aa084d3968ab19898ebbed807ebc134b622fab78a888e7b36ae8386841636801

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: http://citizenauthlogin-09.duckdns.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Tue, 21 Dec 2021 01:28:34 GMT
content-encoding: gzip
server-timing: cdn-cache; desc=HIT, edge; dur=7
content-length: 32776
x-olb-req-received: t=1639900833289269
last-modified: Sat, 18 Dec 2021 09:08:52 GMT
x-frame-options: SAMEORIGIN
etag: "169d6-5d36801204e00"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: application/x-javascript
access-control-allow-origin: *
expires: Tue, 21 Dec 2021 05:37:11 GMT
cache-control: max-age=14917
accept-ranges: bytes
lb-action: None
x-olb-req-duration: D=7153

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 4 KB
2 KB 35ms
35ms XHR
application/json 52.19.78.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://dpm.demdex.net/id?d_visid_ver=2.1.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&d_mid=08161402003669820360164708125401911677&ts=1640050114790
Requested by: Host: nexus.ensighten.com
URL: http://nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js
Protocol: HTTP/1.1
Server: 52.19.78.71 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-78-71.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 825d9c83ef6dc6bd0c670b118bf5f5d03e169e8cddb088db6f4c65ecd541dbf9

Request headers

Referer: http://citizenauthlogin-09.duckdns.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-2-v026-0bcca82b0.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
content-encoding: gzip
X-TID: zKpJdc+dRL4=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: http://citizenauthlogin-09.duckdns.org
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 1307
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1 200
OK 1d1494fbbc8246ba11139ddf20217948.js Show response
nexus.ensighten.com/citizensbank/olbprod/code/ 199 KB
63 KB 13ms
12ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nexus.ensighten.com/citizensbank/olbprod/code/1d1494fbbc8246ba11139ddf20217948.js?conditionId0=421909
Requested by: Host: nexus.ensighten.com
URL: http://nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js
Protocol: HTTP/1.1
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 8715015b8674efc3b43d577df2ab061c5df2441b8deb8f38b6b1c0c0fde75fc7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Tue, 21 Dec 2021 01:28:34 GMT
Content-Encoding: gzip
Last-Modified: Wed, 15 Dec 2021 21:57:45 GMT
Server: nginx
ETag: W/"61ba64d9-31cd6"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
cache-control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK dest5.html Show response
fast.citizensbank.demdex.net/ Frame B3CA 7 KB
3 KB 220ms
167ms Document
text/html 178.18.231.171
DATAIX-AS Peering...

General

Check archive.org

Show headers Download Go to

Full URL: http://fast.citizensbank.demdex.net/dest5.html?d_nsid=0
Requested by: Host: nexus.ensighten.com
URL: http://nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js
Protocol: HTTP/1.1
Server: 178.18.231.171 , Russian Federation, ASN50952 (DATAIX-AS Peering Ltd., RU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/

Response headers

Accept-Ranges: bytes
Content-Type: text/html
ETag: "2c9c2ee145ee280b85a217ad7045fae5:1580750826.437238"
Last-Modified: Mon, 03 Feb 2020 17:27:06 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=21600
Date: Tue, 21 Dec 2021 01:28:35 GMT
Content-Length: 2785
Connection: keep-alive
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"

GET
H/1.1

200
OK

demconf.jpg
dpm.demdex.net/
Redirect Chain

http://cm.everesttech.net/cm/dd?d_uuid=08187236126633978750163847931160391450
https://cm.everesttech.net/cm/dd?d_uuid=08187236126633978750163847931160391450
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YcEtwwAAAJyPTAQA
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YcEtwwAAAJyPTAQA

42 B
945 B

33ms
32ms

Image
image/gif

52.19.78.71
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YcEtwwAAAJyPTAQA

Requested by

Host: citizenauthlogin-09.duckdns.org
URL: http://citizenauthlogin-09.duckdns.org/login.php?online_id=19aa239c9273b1b1d5c7b3a31&country=&iso=

Protocol

HTTP/1.1

Server

52.19.78.71 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-19-78-71.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v026-0cf43a924.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 1rMxBpVHR8o=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-1-v026-0eb858d0d.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: 6MHHucmxS68=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YcEtwwAAAJyPTAQA
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1 200
OK adrum-latest.js Show response
cdn.appdynamics.com/adrum/ 103 KB
38 KB 31ms
11ms Script
application/javascript 65.9.64.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Requested by: Host: nexus.ensighten.com
URL: http://nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js
Protocol: HTTP/1.1
Server: 65.9.64.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-64-126.fra56.r.cloudfront.net
Software: nginx/1.16.1 /
Resource Hash: 802fe463fb2c5049f755d600c2add791806ba93cf67009d1f621119887e411d7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Mon, 20 Dec 2021 22:23:55 GMT
Content-Encoding: gzip
Age: 11079
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
access-control-allow-origin: *
Last-Modified: Mon, 20 Dec 2021 22:21:02 GMT
Server: nginx/1.16.1
ETag: W/"61c101ce-19b76"
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
Content-Type: application/javascript
Via: 1.1 a383f82b5d4e98bbd66535c2c4b20c9e.cloudfront.net (CloudFront)
Cache-Control: public, max-age=2678400, s-max-age=14400
X-Amz-Cf-Pop: FRA56-C1
timing-allow-origin: *
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Amz-Cf-Id: j7ZuBjRk-A_QFZQqW2i1USB5mILlx2ibjGVN_ODsChULCCUR-Y2Jsg==

GET
H2 200 .jsonp Show response
lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/ 277 KB
99 KB 52ms
52ms Script
application/x-javascript 178.249.97.23
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.249.97.23 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: ws /
Resource Hash: b28872dc2790b53c8e8fb1ae5ea64a7f386c5e5ebd0e0ba12f053d785392f33d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 21 Dec 2021 01:28:35 GMT
content-encoding: gzip
server: ws
x-cache-status: MISS
access-control-allow-methods: GET, POST, PATCH
content-type: application/x-javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: public, max-age=630
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

GET
H2 200 icon-secure.png
www3.citizensbankonline.com/efs/efs/grafx/ 292 B
605 B 32ms
31ms Image
image/png 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/efs/grafx/icon-secure.png

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

c8d87d770112e188f7b1482e9a416ffc441a9a6e08e2fc38a886fa2986efdb46

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 21 Dec 2021 01:28:35 GMT
x-olb-req-received: t=1639823070799041
last-modified: Sat, 11 Sep 2021 01:43:10 GMT
etag: "124-5cbae5abb965b"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=377839
x-olb-req-duration: D=120
server-timing: cdn-cache; desc=HIT, edge; dur=6
content-length: 292
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sat, 25 Dec 2021 10:25:54 GMT

GET
H2 200 flows-tooltip.png
www3.citizensbankonline.com/efs/efs/grafx/ 364 B
677 B 33ms
32ms Image
image/png 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/efs/grafx/flows-tooltip.png

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

dfc042f7ff75f3c2f916bcfbff48c82834bab07b698a2c564906ca073f8286b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 21 Dec 2021 01:28:35 GMT
x-olb-req-received: t=1639823070789692
last-modified: Sat, 11 Sep 2021 01:43:11 GMT
etag: "16c-5cbae5aca150d"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=377798
x-olb-req-duration: D=150
server-timing: cdn-cache; desc=HIT, edge; dur=6
content-length: 364
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sat, 25 Dec 2021 10:25:13 GMT

GET
H2 200 arrow-button-white.png
www3.citizensbankonline.com/efs/efs/grafx/ 1017 B
1 KB 42ms
41ms Image
image/png 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/efs/grafx/arrow-button-white.png

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

ff327ec2a6dbd3fc76ceecf59e472d5d2f43c94dce851ced740abe5f75bb832e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 21 Dec 2021 01:28:35 GMT
x-olb-req-received: t=1639823070910796
last-modified: Sat, 11 Sep 2021 02:08:23 GMT
etag: "3f9-5cbaeb4e8f329"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=377717
x-olb-req-duration: D=186
server-timing: cdn-cache; desc=HIT, edge; dur=2
content-length: 1017
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sat, 25 Dec 2021 10:23:52 GMT

GET
H2 200 arrow-down-blue.png
www3.citizensbankonline.com/efs/efs/grafx/ 1 KB
1 KB 47ms
47ms Image
image/png 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/efs/grafx/arrow-down-blue.png

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 21 Dec 2021 01:28:35 GMT
x-olb-req-received: t=1639823070905506
last-modified: Sat, 11 Sep 2021 01:57:36 GMT
etag: "41e-5cbae8e5a64a2"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=377654
x-olb-req-duration: D=162
server-timing: cdn-cache; desc=HIT, edge; dur=3
content-length: 1054
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sat, 25 Dec 2021 10:22:49 GMT

GET
H2 200 arrow-right-orange.png
www3.citizensbankonline.com/efs/efs/grafx/ 165 B
478 B 47ms
47ms Image
image/png 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/efs/grafx/arrow-right-orange.png

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

bbb90a8f240e6dbbda1d3da534f8848f256e623ed470d045e1d86a465e424d69

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 21 Dec 2021 01:28:35 GMT
x-olb-req-received: t=1639823070940704
last-modified: Sat, 11 Sep 2021 01:43:10 GMT
etag: "a5-5cbae5ab76435"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=377804
x-olb-req-duration: D=140
server-timing: cdn-cache; desc=HIT, edge; dur=2
content-length: 165
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sat, 25 Dec 2021 10:25:19 GMT

GET
H2 200 citiolb_icons.woff
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/ 18 KB
18 KB 31ms
30ms Font
application/octet-stream 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citiolb_icons.woff

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Origin: http://citizenauthlogin-09.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 21 Dec 2021 01:28:35 GMT
x-olb-req-received: t=1639823070930653
last-modified: Sat, 18 Dec 2021 09:08:52 GMT
etag: "485c-5d368011f09ca"
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
cache-control: max-age=377819
x-olb-req-duration: D=205
server-timing: cdn-cache; desc=HIT, edge; dur=9
content-length: 18524
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sat, 25 Dec 2021 10:25:34 GMT

GET
H2 200 citizen_extrabold.woff
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/ 27 KB
28 KB 40ms
40ms Font
application/octet-stream 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_extrabold.woff

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Origin: http://citizenauthlogin-09.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 21 Dec 2021 01:28:35 GMT
x-olb-req-received: t=1639823070959829
last-modified: Sat, 18 Dec 2021 09:08:52 GMT
etag: "6ccc-5d368011fc161"
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
cache-control: max-age=377699
x-olb-req-duration: D=247
server-timing: cdn-cache; desc=HIT, edge; dur=10
content-length: 27852
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sat, 25 Dec 2021 10:23:34 GMT

GET
H2 200 citizen_book.woff
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/ 31 KB
31 KB 35ms
34ms Font
application/octet-stream 104.109.73.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_book.woff

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.109.73.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-109-73-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Origin: http://citizenauthlogin-09.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 21 Dec 2021 01:28:35 GMT
x-olb-req-received: t=1639823070966936
last-modified: Sat, 18 Dec 2021 09:05:27 GMT
etag: "7c78-5d367f4eb8e21"
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
cache-control: max-age=377739
x-olb-req-duration: D=207
server-timing: cdn-cache; desc=HIT, edge; dur=2
content-length: 31864
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sat, 25 Dec 2021 10:24:14 GMT

GET
H/1.1 404
Not Found 930e113327rn2365aa3b7b98b0447e8d
citizenauthlogin-09.duckdns.org/content/ 0
0 92ms
92ms Script
text/html 174.138.45.252
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://citizenauthlogin-09.duckdns.org/content/930e113327rn2365aa3b7b98b0447e8d
Requested by: Host: citizenauthlogin-09.duckdns.org
URL: http://citizenauthlogin-09.duckdns.org/login.php?online_id=19aa239c9273b1b1d5c7b3a31&country=&iso=
Protocol: HTTP/1.1
Server: 174.138.45.252 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/login.php?online_id=19aa239c9273b1b1d5c7b3a31&country=&iso=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Tue, 21 Dec 2021 01:28:35 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 / Show response
accdn.lpsnmedia.net/api/account/89632304/configuration/setting/accountproperties/ 6 KB
2 KB 515ms
177ms Script
application/javascript 208.89.12.91
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://accdn.lpsnmedia.net/api/account/89632304/configuration/setting/accountproperties/?cb=lpCb66460x89327
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.89.12.91 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: ws /
Resource Hash: 4a7e9d1f49e723d08889a94e84a400021424305b925817b66e75207611e73cee

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 21 Dec 2021 01:28:35 GMT
content-encoding: gzip
server: ws
x-cache-status: EXPIRED
vary: Accept
content-type: application/javascript
x-envoy-upstream-service-time: 1
expires: Tue, 21 Dec 2021 01:29:35 GMT

GET
H2 200 zones Show response
accdn.lpsnmedia.net/api/account/89632304/configuration/le-campaigns/ 3 KB
817 B 510ms
178ms Script
application/javascript 208.89.12.91
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://accdn.lpsnmedia.net/api/account/89632304/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.89.12.91 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: ws /
Resource Hash: af3350a4c9eab812e7821f6270334a6e83a4baf6687969cb1f6bccae5abb79d5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 21 Dec 2021 01:28:35 GMT
content-encoding: gzip
server: ws
x-cache-status: EXPIRED
vary: Accept
content-type: application/javascript
x-envoy-upstream-service-time: 1
expires: Tue, 21 Dec 2021 01:29:35 GMT

GET
H/1.1 404
Not Found common.js
citizenauthlogin-09.duckdns.org/efs/efs/jsp-ns/scripts/ 0
0 99ms
99ms Script
text/html 174.138.45.252
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://citizenauthlogin-09.duckdns.org/efs/efs/jsp-ns/scripts/common.js
Requested by: Host: citizenauthlogin-09.duckdns.org
URL: http://citizenauthlogin-09.duckdns.org/login.php?online_id=19aa239c9273b1b1d5c7b3a31&country=&iso=
Protocol: HTTP/1.1
Server: 174.138.45.252 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/login.php?online_id=19aa239c9273b1b1d5c7b3a31&country=&iso=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Tue, 21 Dec 2021 01:28:35 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=97
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK s68093002629982 Show response
metrics.citizensbank.com/b/ss/citizensbankdotcomprod/10/JS-2.5.0/ 3 KB
4 KB 45ms
45ms Script
application/x-javascript 15.236.176.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

http://metrics.citizensbank.com/b/ss/citizensbankdotcomprod/10/JS-2.5.0/s68093002629982?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=21%2F11%2F2021%201%3A28%3A35%202%200&d.&nsid=0&jsonv=1&.d&mid=08161402003669820360164708125401911677&aamlh=6&ce=UTF-8&ns=citizensbank&pageName=http%3A%2F%2Fcitizenauthlogin-09.duckdns.org%2Flogin.php&g=http%3A%2F%2Fcitizenauthlogin-09.duckdns.org%2Flogin.php%3Fonline_id%3D19aa239c9273b1b1d5c7b3a31%26country%3D%26iso%3D&cc=USD&aamb=j8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI&c5=D%3Dv8&c7=http%3A%2F%2Fcitizenauthlogin-09.duckdns.org%2Flogin.php&v7=New&v8=8%3A28%20PM%7CMonday&c9=D%3Dv7&v9=CTZ&c10=D%3Dv10&v10=http%3A%2F%2Fcitizenauthlogin-09.duckdns.org%2Flogin.php&c11=D%3Dv11&v11=http%3A%2F%2Fcitizenauthlogin-09.duckdns.org%2Flogin.php%3Fonline_id%3D19aa239c9273b1b1d5c7b3a31%26country%3D%26iso%3D&c12=D%3Dv12&v12=%2Flogin.php&c13=D%3Dv13&v13=citizenauthlogin-09.duckdns.org&c14=D%3Dv18&v14=http%3A%2F%2Fcitizenauthlogin-09.duckdns.org%2Flogin.php&c15=http%3A%2F%2Fcitizenauthlogin-09.duckdns.org%2Flogin.php&v18=.COM&v19=http%3A%2F%2Fcitizenauthlogin-09.duckdns.org%2Flogin.php&v26=%3A&v32=08161402003669820360164708125401911677&c75=VisitorAPI%20Present&v82=Legacy%20Site&s=1600x1200&c=24&j=1.6&v=N&k=N&bw=1600&bh=1200&mcorgid=4C3B0C3755C3822E7F000101%40AdobeOrg&AQE=1

Requested by

Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?

Protocol

HTTP/1.1

Server

15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

71ae67531d2c2731ab4a2b394414f4028f14ba11fc5dd4326e3d778736f4dc8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-aam-tid: 01tw+QNgRnw=
date: Tue, 21 Dec 2021 01:28:35 GMT
x-content-type-options: nosniff
x-c: main-1548.I52ef9e.M0-537
p3p: CP="This is not a P3P policy"
content-length: 3529
x-xss-protection: 1; mode=block
dcs: dcs-prod-irl1-1-v026-07c19b1db.edge-irl1.demdex.com UNKNOWN
pragma: no-cache
last-modified: Wed, 22 Dec 2021 01:28:35 GMT
server: jag
xserver: anedge-675dccd488-fdfbf
etag: 3521980805745639424-4619977510856374992
vary: *
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Mon, 20 Dec 2021 01:28:35 GMT

GET
H2 200 embed.js Show response
nebula-cdn.kampyle.com/wu/356861/onsite/ 2 KB
1 KB 34ms
8ms Script
application/javascript 151.101.1.175
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://nebula-cdn.kampyle.com/wu/356861/onsite/embed.js
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.175 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 805f6c9abf530f64bb5d7927b0cbbf428d207f689cdfccccebcf0a74a31a0cbd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id: 7Y9f_CKS9Rpk58nzVBLJc.Cl.dogVkDj
content-encoding: gzip
etag: "629d7a1a2b70b325ad37a6e4b912a644"
age: 22271
via: 1.1 varnish
x-cache: HIT
content-length: 665
x-amz-id-2: CgLegWcK6DAbSWE4Ey+/TOTGg5VUYO3eaUy90ijuEmFhLxMhk1sc5IGg7kRnEdiXNleH7PxFXSs=
x-served-by: cache-fra19142-FRA
last-modified: Mon, 20 Dec 2021 19:14:46 GMT
server: AmazonS3
x-timer: S1640050116.678328,VS0,VE1
date: Tue, 21 Dec 2021 01:28:35 GMT
vary: Accept-Encoding
x-amz-request-id: 1AFTFNK6C37VRQGS
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1

GET
H/1.1 200
OK detector-dom.min.js Show response
cdn.glassboxcdn.com/citizen/OLB/p/ 364 KB
112 KB 32ms
17ms Script
application/javascript 2606:4700::6812:f16
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.glassboxcdn.com/citizen/OLB/p/detector-dom.min.js?
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: HTTP/1.1
Server: 2606:4700::6812:f16 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 539fb8c821a40281df9376733a982048cbee054507dc38c35b9a5df712f6abc5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Tue, 21 Dec 2021 01:28:35 GMT
Via: 1.1 697a26790d3ab8292d8546ca9be87bbd.cloudfront.net (CloudFront)
CF-Cache-Status: HIT
Age: 4563
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Connection: keep-alive
Content-Encoding: gzip
Last-Modified: Thu, 13 May 2021 10:48:21 GMT
Server: cloudflare
ETag: W/"845173368b011e7fa14658b57426fe09"
Vary: Accept-Encoding
x-amz-version-id: bbfnKPP3ulrtofSzPJqgXAlMwVq2hNWe
Cache-Control: public, max-age=14400
X-Amz-Cf-Pop: AMS54-C1
CF-RAY: 6c0d55a6eb37694c-FRA
X-Amz-Cf-Id: tnkurGNm4VgtZ7NkhiFPT2CcgYoZlsSFM9TbU5svmK0sEFgF7hnx3g==
Expires: Tue, 21 Dec 2021 05:28:35 GMT

GET
H/1.1 200
OK adrum-ext.59191791453ae6311081a09b4cf33c2d.js Show response
cdn.appdynamics.com/ 51 KB
20 KB 7ms
7ms Script
application/javascript 65.9.64.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.appdynamics.com/adrum-ext.59191791453ae6311081a09b4cf33c2d.js
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: HTTP/1.1
Server: 65.9.64.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-64-126.fra56.r.cloudfront.net
Software: nginx/1.16.1 /
Resource Hash: e490994ad61a64454e06354b4c74756269548b48e8bd476b35762d713ccb8c86

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 15 Dec 2021 20:22:43 GMT
Content-Encoding: gzip
Age: 450352
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
access-control-allow-origin: *
Last-Modified: Wed, 21 Jul 2021 17:52:36 GMT
Server: nginx/1.16.1
ETag: W/"60f85ee4-ccbc"
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
Content-Type: application/javascript
Via: 1.1 a383f82b5d4e98bbd66535c2c4b20c9e.cloudfront.net (CloudFront)
Cache-Control: public, max-age=2678400, s-max-age=14400
X-Amz-Cf-Pop: FRA56-C1
timing-allow-origin: *
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Amz-Cf-Id: 3RrifWHn2wV4x1CaH1GmQdzfhRa_ZpZhKzqbnoTkus6j5dnyTbyZOg==

GET
H/1.1 200
OK generic1640027684575.js Show response
nebula-cdn.kampyle.com/us/wu/356861/onsite/ 698 KB
97 KB 13ms
7ms Script
application/javascript 151.101.1.175
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://nebula-cdn.kampyle.com/us/wu/356861/onsite/generic1640027684575.js
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: HTTP/1.1
Server: 151.101.1.175 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d59181a59b2d1d9c6e19ff50994da93676dfdd72f1c1268ab54d8ec9a6cc6dfa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id: H21d96DaMWTf7cdoE22MZZnJppoOjYW_
Content-Encoding: gzip
ETag: "9d02923e15365c3e86b25729fbe934f9"
Age: 22153
Via: 1.1 varnish
X-Cache: HIT
Connection: keep-alive
Content-Length: 98174
x-amz-id-2: rF+7VIXW9C10eHWK0AJp+YZc8iuslajVSEah5PABfRnXM0gwmGVELbXXwodIHW6i6q+tQwX9bQE=
X-Served-By: cache-fra19143-FRA
Last-Modified: Mon, 20 Dec 2021 19:14:45 GMT
Server: AmazonS3
X-Timer: S1640050116.693656,VS0,VE1
Date: Tue, 21 Dec 2021 01:28:35 GMT
Vary: Accept-Encoding
x-amz-request-id: 493A3A5NQ12PVWQB
Access-Control-Allow-Origin: *
Cache-Control: max-age=31622400
Accept-Ranges: bytes
Content-Type: application/javascript
X-Cache-Hits: 1

GET
H/1.1 200
OK cls_report Show response
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/ 50 B
1 KB 487ms
94ms XHR
application/json 52.200.223.55
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?_cls_s=c868dc64-4be5-4bde-b3d4-27eb55556baa%3A0&_cls_v=89a6c123-7ae0-4dd7-bfe9-6cef7ad11538&pv=2&f_cls_s=true
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.200.223.55 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-200-223-55.compute-1.amazonaws.com
Software: GlassBox Cligate /
Resource Hash: 95a12c19c2a439de5edc113955a988be00dc0f75340f476aaadcd66ab632a867

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Tue, 21 Dec 2021 01:28:36 GMT
content-encoding: gzip
Server: GlassBox Cligate
vary: origin
Content-Type: application/json; charset=utf-8
access-control-allow-origin: http://citizenauthlogin-09.duckdns.org
access-control-allow-credentials: true
Connection: keep-alive
GB-Server: g5015
X-Robots-Tag: noindex
Content-Length: 73

GET
H2 200 storage.secure.min.html Show response
lpcdn.lpsnmedia.net/le_secure_storage/3.15.0.0-release_5063/ Frame 4B4B 39 KB
16 KB 48ms
38ms Document
text/html 178.249.97.98
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lpcdn.lpsnmedia.net/le_secure_storage/3.15.0.0-release_5063/storage.secure.min.html?loc=http%3A%2F%2Fcitizenauthlogin-09.duckdns.org&site=89632304&env=prod&isCrossDomain=true
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.249.97.98 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS: lo-lpcdn.lpsnmedia.net
Software: ws /
Resource Hash: 59f4843277d9aca1200c779c52318aadb380021a0051a6644b75274acb7fe158

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/

Response headers

date: Tue, 21 Dec 2021 01:28:36 GMT
content-type: text/html
last-modified: Fri, 05 Nov 2021 13:34:15 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Tue, 21 Dec 2021 01:38:36 GMT
cache-control: max-age=600

GET
H2 200 storage.secure.min.js Show response
lpcdn.lpsnmedia.net/le_secure_storage/3.15.0.0-release_5063/ 38 KB
15 KB 454ms
70ms Script
application/javascript 178.249.97.98
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lpcdn.lpsnmedia.net/le_secure_storage/3.15.0.0-release_5063/storage.secure.min.js?loc=http%3A%2F%2Fcitizenauthlogin-09.duckdns.org&site=89632304&force=1&env=prod&isCrossDomain=true
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.249.97.98 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS: lo-lpcdn.lpsnmedia.net
Software: ws /
Resource Hash: 996ab3c1e26cb00ec7d3d29650e784755ba46f33613563b7173b0dab03fa3d73

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 21 Dec 2021 01:28:36 GMT
content-encoding: gzip
last-modified: Fri, 05 Nov 2021 13:34:15 GMT
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control: max-age=600
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires: Tue, 21 Dec 2021 01:38:36 GMT

GET
H/1.1 200
OK cool-2.1.15.min.js Show response
nebula-cdn.kampyle.com/resources/onsite/js/ 14 KB
6 KB 6ms
6ms Script
application/javascript 151.101.1.175
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: HTTP/1.1
Server: 151.101.1.175 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id: 9HCXbKZTbCJZkS8s9IuB.pE0JEvI0TGW
Content-Encoding: gzip
ETag: "80dd5e3be5152c5c72d552c6a26ef6ff"
Age: 653417
Via: 1.1 varnish
X-Cache: HIT
Connection: keep-alive
Content-Length: 5197
x-amz-id-2: LbHSXaYCZIyQPf8ovR2F2Z7KtknVk9AdMvmRYMUZYAHs251hE1slDSmkvlPjv2kGXt0BHpQ7jSs=
X-Served-By: cache-fra19143-FRA
Last-Modified: Sun, 24 Jan 2021 11:03:10 GMT
Server: AmazonS3
X-Timer: S1640050116.757824,VS0,VE0
Date: Tue, 21 Dec 2021 01:28:35 GMT
Vary: Accept-Encoding
x-amz-request-id: T9HQ2DA8H1H1TTE2
Access-Control-Allow-Origin: *
Cache-Control: max-age=31622400
Accept-Ranges: bytes
Content-Type: application/javascript
X-Cache-Hits: 183397

GET
H/1.1 200
OK __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
486 B 114ms
100ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk2LjAuNDY2NC45MyBTYWZhcmkvNTM3LjM2Iiwic2Vzc2lvbl9wbGF0Zm9ybSI6ICJMaW51eCB4ODZfNjQiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjEuMTUiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY0MDA1MDExNjEzNCIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTdkZGE5YWM2MjRiZmQtMDc4NmEyNGRkNGIzYzMtOTc4MTUzYy0xZDRjMDAtMTdkZGE5YWM2MjVkMDQiLCJlbnZpcm9tZW50IjogInByb2RVc09yZWdvbiIsImFjY291bnRJZCI6IDM1Njg2MCwidXJsIjogImh0dHA6Ly9jaXRpemVuYXV0aGxvZ2luLTA5LmR1Y2tkbnMub3JnL2xvZ2luLnBocD9vbmxpbmVfaWQ9MTlhYTIzOWM5MjczYjFiMWQ1YzdiM2EzMSZjb3VudHJ5PSZpc289Iiwid2Vic2l0ZUlkIjogMzU2ODYxLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICJkYTUxLWNmYWMtMWQ0MS1kZTQ5LWUxYzQtOGNhZC1iYzA3LTQwMWMiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY0MDA1MDExNTc2MCIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA3MDQsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQyLjEiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQyLjEiLCJoaXN0b3J5X2xlbmd0aCI6IDIsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NDAwNTAxMTU3NjQsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=
Protocol: HTTP/1.1
Server: 35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

X-ME: prod-instance-gatewayservice-blue-8wjf
Date: Tue, 21 Dec 2021 01:28:36 GMT
Via: 1.1 google
Server: Jetty(9.2.11.v20150529)
Access-Control-Max-Age: 1800
Access-Control-Allow-Methods: GET, POST, PUT, DELETE
Content-Type: image/gif; charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Origin, Content-Type, Accept
Content-Length: 0
X-Application-Context: application:9090

GET
H2 200 refererrestrictions Show response
accdn.lpsnmedia.net/api/account/89632304/configuration/domainprotection/ Frame 4B4B 437 B
418 B 100ms
100ms Script
application/javascript 208.89.12.91
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://accdn.lpsnmedia.net/api/account/89632304/configuration/domainprotection/refererrestrictions?cb=lpCb55013x12751
Requested by: Host: lpcdn.lpsnmedia.net
URL: https://lpcdn.lpsnmedia.net/le_secure_storage/3.15.0.0-release_5063/storage.secure.min.html?loc=http%3A%2F%2Fcitizenauthlogin-09.duckdns.org&site=89632304&env=prod&isCrossDomain=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.89.12.91 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: ws /
Resource Hash: 16105623a977567b878ef4e842f35efeec6425bb3eef45390a1fda2cb85f8347

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://lpcdn.lpsnmedia.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 21 Dec 2021 01:28:36 GMT
content-encoding: gzip
server: ws
x-cache-status: EXPIRED
vary: Accept
content-type: application/javascript
x-envoy-upstream-service-time: 1
expires: Tue, 21 Dec 2021 01:29:36 GMT

POST
H/1.1 200
OK cls_report Show response
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/ 596 B
1 KB 100ms
100ms XHR
application/json 52.200.223.55
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?clsjsv=6.6.04B137&_cls_s=c868dc64-4be5-4bde-b3d4-27eb55556baa:0&_cls_v=89a6c123-7ae0-4dd7-bfe9-6cef7ad11538&pid=ee5abc51-0b0c-4744-8d37-d738dcf6f4fd&sn=1&cfg&pv=2&aid=
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.200.223.55 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-200-223-55.compute-1.amazonaws.com
Software: GlassBox Cligate /
Resource Hash: 68f69c5dd73363c95d07e5af0d437523d179c0a12eca3af9503f50da10643203

Request headers

Referer: http://citizenauthlogin-09.duckdns.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Date: Tue, 21 Dec 2021 01:28:37 GMT
content-encoding: gzip
Server: GlassBox Cligate
vary: origin
Content-Type: application/json
access-control-allow-origin: http://citizenauthlogin-09.duckdns.org
access-control-allow-credentials: true
Connection: keep-alive
GB-Server: g5015
X-Robots-Tag: noindex
Content-Length: 343

GET
H2 200 postmessage.min.html Show response
va.idp.liveperson.net/postmessage/ Frame 9EBE 11 KB
5 KB 443ms
101ms Document
text/html 208.89.15.170
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1640050117246&loc=http%3A%2F%2Fcitizenauthlogin-09.duckdns.org
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.89.15.170 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS: va.idp.liveperson.net
Software: ws /
Resource Hash: c8cd0b0d514cecdaf4e7214325a70bba9bae301e156265bd0d880f9065d1d183

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/

Response headers

date: Tue, 21 Dec 2021 01:28:37 GMT
content-type: text/html
last-modified: Sun, 09 Aug 2020 13:04:00 GMT
etag: W/"5f2ff440-2a51"
server: ws
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
content-encoding: gzip

POST
H/1.1 200
OK cls_report Show response
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/ 0
780 B 95ms
94ms XHR
text/plain 52.200.223.55
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?clsjsv=6.6.04B137&_cls_s=c868dc64-4be5-4bde-b3d4-27eb55556baa:0&_cls_v=89a6c123-7ae0-4dd7-bfe9-6cef7ad11538&pid=ee5abc51-0b0c-4744-8d37-d738dcf6f4fd&sn=2&cfg=27baeec&pv=2&aid=
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.200.223.55 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-200-223-55.compute-1.amazonaws.com
Software: GlassBox Cligate /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://citizenauthlogin-09.duckdns.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Date: Tue, 21 Dec 2021 01:28:37 GMT
Server: GlassBox Cligate
vary: origin
Content-Type: text/plain; charset=utf-8
access-control-allow-origin: http://citizenauthlogin-09.duckdns.org
access-control-allow-credentials: true
Connection: keep-alive
GB-Server: g5015
X-Robots-Tag: noindex
Content-Length: 0

POST
H2 200 authorize Show response
va.idp.liveperson.net/api/account/89632304/anonymous/ Frame 9EBE 678 B
1 KB 246ms
246ms XHR
application/json 208.89.15.170
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://va.idp.liveperson.net/api/account/89632304/anonymous/authorize?__d=96373

Requested by

Host: va.idp.liveperson.net
URL: https://va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1640050117246&loc=http%3A%2F%2Fcitizenauthlogin-09.duckdns.org

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

208.89.15.170 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

va.idp.liveperson.net

Software

ws /

Resource Hash

a1ee9b0d486d11f72866cea139889cdea4a8334e6a1b89de25fbd6c55634d84f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

LP-DOMAIN-REFERER: http://citizenauthlogin-09.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json; charset=UTF-8
Accept: */*
Referer: https://va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1640050117246&loc=http%3A%2F%2Fcitizenauthlogin-09.duckdns.org
X-Requested-With: XMLHttpRequest
LP-URL: http://citizenauthlogin-09.duckdns.org/login.php?online_id=19aa239c9273b1b1d5c7b3a31&country=&iso=

Response headers

date: Tue, 21 Dec 2021 01:28:37 GMT
server: ws
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
content-type: application/json
access-control-allow-origin: https://va.idp.liveperson.net
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
content-length: 678

GET
H2 200 89632304 Show response
va.v.liveperson.net/api/js/ 238 B
1 KB 534ms
229ms Script
application/javascript 208.89.12.87
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://va.v.liveperson.net/api/js/89632304?&cb=lpCb22896x58035&t=sp&ts=1640050117238&pid=3750847052&tid=3533530641&pt=Online%20Login%20%7C%20Citizens&u=http%3A%2F%2Fcitizenauthlogin-09.duckdns.org%2Flogin.php%3Fonline_id%3D19aa239c9273b1b1d5c7b3a31%26country%3D%26iso%3D&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%2C%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%2C%22sub%22%3A%22f65d11d0-1f16-4236-9d11-d01f16423668%22%2C%22account%22%3A%2289632304%22%7D%5D
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.89.12.87 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS: va.v.liveperson.net
Software: ws /
Resource Hash: 11408e23f40246e01d517d0ea238078c5ffdf8644f2ddb27bc093e6c8d564f65

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 21 Dec 2021 01:28:38 GMT
content-encoding: gzip
server: ws
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: no-store
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

GET
H2 200 89632304 Show response
va.v.liveperson.net/api/js/ 111 B
854 B 96ms
96ms Script
application/javascript 208.89.12.87
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://va.v.liveperson.net/api/js/89632304?sid=j02G5kqPT9aV7GY89Pfw8w&cb=lpCb26359x57920&t=pl&ts=1640050118052&pid=3750847052&tid=3533530641&vid=Q5ZmRlNjkzY2M4NjExODBl
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.89.12.87 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS: va.v.liveperson.net
Software: ws /
Resource Hash: b2db16a0072f1d2f543d9fffbf55ca224de481ce2fe6940e62311613642b796c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 21 Dec 2021 01:28:38 GMT
content-encoding: gzip
server: ws
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: no-store
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

POST
H/1.1 200
OK adrum Show response
pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-AAN-PKK/ 0
1016 B 676ms
187ms XHR
text/html 35.166.130.173

General

Check archive.org

Show headers Download Go to

Full URL

https://pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-AAN-PKK/adrum

Requested by

Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum-ext.59191791453ae6311081a09b4cf33c2d.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.166.130.173 -, , ASN (),

Reverse DNS

Software

envoy /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://citizenauthlogin-09.duckdns.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Tue, 21 Dec 2021 01:28:41 GMT
x-content-type-options: nosniff
server: envoy
vary: *
content-type: text/html
access-control-allow-origin: *
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
x-envoy-upstream-service-time: 0
Connection: keep-alive
access-control-allow-headers: origin, content-type, accept
Content-Length: 0
expires: 0

POST
H/1.1 200
OK cls_report Show response
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/ 0
780 B 106ms
105ms XHR
text/plain 52.200.223.55
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD/cls_report?clsjsv=6.6.04B137&_cls_s=c868dc64-4be5-4bde-b3d4-27eb55556baa:0&_cls_v=89a6c123-7ae0-4dd7-bfe9-6cef7ad11538&pid=ee5abc51-0b0c-4744-8d37-d738dcf6f4fd&sn=3&cfg=27baeec&pv=2&aid=
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.200.223.55 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-200-223-55.compute-1.amazonaws.com
Software: GlassBox Cligate /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://citizenauthlogin-09.duckdns.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Date: Tue, 21 Dec 2021 01:28:46 GMT
Server: GlassBox Cligate
vary: origin
Content-Type: text/plain; charset=utf-8
access-control-allow-origin: http://citizenauthlogin-09.duckdns.org
access-control-allow-credentials: true
Connection: keep-alive
GB-Server: g5015
X-Robots-Tag: noindex
Content-Length: 0

GET
H2 200 89632304 Show response
va.v.liveperson.net/api/js/ 73 B
823 B 181ms
180ms Script
application/javascript 208.89.12.87
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://va.v.liveperson.net/api/js/89632304?sid=j02G5kqPT9aV7GY89Pfw8w&cb=lpCb32854x18216&t=ip&ts=1640050128687&pid=3750847052&tid=3533530641&vid=Q5ZmRlNjkzY2M4NjExODBl
Requested by: Host: cdn.appdynamics.com
URL: http://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.89.12.87 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS: va.v.liveperson.net
Software: ws /
Resource Hash: 89573291887c73ca5e89148fae808c72e67b8b5cbfa7dfe8e758cc25ec3583b4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://citizenauthlogin-09.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 21 Dec 2021 01:28:48 GMT
content-encoding: gzip
server: ws
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: no-store
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citizens Bank (Banking)

103 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

16 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD	1969-12-31 23:59:59	Name: _cls_s Value: c868dc64-4be5-4bde-b3d4-27eb55556baa:0
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD	1969-12-31 23:59:59	Name: _cls_v Value: 89a6c123-7ae0-4dd7-bfe9-6cef7ad11538
report.citizen.glassboxdigital.io/glassbox/reporting/A1F924CD-F1F0-C445-9923-C6EA4A9913FD	1969-12-31 23:59:59	Name: _cls_cfgver Value: 27baeec
citizenauthlogin-09.duckdns.org/	1969-12-31 23:59:59	Name: PHPSESSID Value: e82fb428138f802a955542c355eb24ba
citizenauthlogin-09.duckdns.org/	1969-12-31 23:59:59	Name: AMCVS_4C3B0C3755C3822E7F000101%40AdobeOrg Value: 1
.everesttech.net/	1970-01-20 08:19:46	Name: everest_g_v2 Value: g_surferid~YcEtwwAAAJyPTAQA
.demdex.net/	1970-01-20 03:53:22	Name: demdex Value: 24234815791726761654366458204863873208
.dpm.demdex.net/	1970-01-20 03:53:22	Name: dpm Value: 24234815791726761654366458204863873208
citizenauthlogin-09.duckdns.org/	1970-01-20 17:05:22	Name: AMCV_4C3B0C3755C3822E7F000101%40AdobeOrg Value: 1099438348%7CMCIDTS%7C18983%7CMCMID%7C08161402003669820360164708125401911677%7CMCAID%7CNONE%7CMCOPTOUT-1640057314s%7CNONE%7CMCAAMLH-1640654914%7C6%7CMCAAMB-1640654914%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CMCSYNCSOP%7C411-18990%7CvVersion%7C2.1.0
.citizenauthlogin-09.duckdns.org/	1970-01-20 00:17:22	Name: aam_uuid Value: 08187236126633978750163847931160391450
citizenauthlogin-09.duckdns.org/	1970-01-20 08:19:46	Name: mdLogger Value: false
citizenauthlogin-09.duckdns.org/	1970-01-20 08:19:46	Name: kampyle_userid Value: da51-cfac-1d41-de49-e1c4-8cad-bc07-401c
citizenauthlogin-09.duckdns.org/	1970-01-20 08:19:46	Name: kampyleUserSession Value: 1640050115760
citizenauthlogin-09.duckdns.org/	1970-01-20 08:19:46	Name: kampyleUserSessionsCount Value: 1
citizenauthlogin-09.duckdns.org/	1970-01-20 08:19:46	Name: kampyleSessionPageCounter Value: 1
report.citizen.glassboxdigital.io/	1970-01-19 23:44:14	Name: AWSALBCORS Value: f8RDJgL00INyTEyHBi3xxCHhPQN+45CKfDSN0fC1IoM5lDBRZvRIBpdg60M0a7lvzRy6CoEc4xQgTOVRc8S0lXTzGqpJRwWMlkdLwzXC2sDW4HsuxAy+6FoIY2kN

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://citizenauthlogin-09.duckdns.org/efs/efs/jsp-ns/pm_fp.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
javascript	warning	URL: http://citizenauthlogin-09.duckdns.org/login.php?online_id=19aa239c9273b1b1d5c7b3a31&country=&iso=(Line 168) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: http://citizenauthlogin-09.duckdns.org/login.php?online_id=19aa239c9273b1b1d5c7b3a31&country=&iso=(Line 168) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: http://citizenauthlogin-09.duckdns.org/content/930e113327rn2365aa3b7b98b0447e8d Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://www4.citizensbankonline.com/akam/11/7c3ed55c Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: http://citizenauthlogin-09.duckdns.org/efs/efs/jsp-ns/scripts/common.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://www3.citizensbankonline.com/efs/efs/js/tealeaf.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: http://citizenauthlogin-09.duckdns.org/content/930e113327rn2365aa3b7b98b0447e8d Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://citizenauthlogin-09.duckdns.org/efs/efs/jsp-ns/scripts/common.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accdn.lpsnmedia.net
ajax.googleapis.com
cdn.appdynamics.com
cdn.glassboxcdn.com
citizenauthlogin-09.duckdns.org
cm.everesttech.net
dpm.demdex.net
fast.citizensbank.demdex.net
lpcdn.lpsnmedia.net
lptag.liveperson.net
metrics.citizensbank.com
nebula-cdn.kampyle.com
nexus.ensighten.com
pdx-col.eum-appdynamics.com
report.citizen.glassboxdigital.io
udc-neb.kampyle.com
va.idp.liveperson.net
va.v.liveperson.net
www3.citizensbankonline.com
www4.citizensbankonline.com
104.109.73.152
15.236.176.210
151.101.1.175
174.138.45.252
178.18.231.171
178.249.97.23
178.249.97.98
18.197.253.20
208.89.12.87
208.89.12.91
208.89.15.170
2606:4700::6812:f16
2a00:1450:4001:82f::200a
35.166.130.173
35.241.45.82
52.19.78.71
52.200.223.55
52.51.88.158
65.9.64.126
0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759
11408e23f40246e01d517d0ea238078c5ffdf8644f2ddb27bc093e6c8d564f65
145d14bb73e5b03cc73062c2a78c392125b891c62b1cc9d542e5adba762f04e7
150921c3f95a4a9995efeb994e9b9a6882071c34a678a7bd1c800f0b27f33684
16105623a977567b878ef4e842f35efeec6425bb3eef45390a1fda2cb85f8347
2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277
3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1
3ec13741a5ae48533f53bd49f257bc27fbd74b9e3311b42fbcf77104f04c0c8e
4a7e9d1f49e723d08889a94e84a400021424305b925817b66e75207611e73cee
539fb8c821a40281df9376733a982048cbee054507dc38c35b9a5df712f6abc5
56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c
57a2dc0af7db36023b2b6c53e01dbd8e716d96174486ad20d68b2549589c5441
59f4843277d9aca1200c779c52318aadb380021a0051a6644b75274acb7fe158
66a13cad6c244da4061da65fd2fbf027bf1bb49e21c42f5e7c943a9379f1e7c4
68f69c5dd73363c95d07e5af0d437523d179c0a12eca3af9503f50da10643203
71ae67531d2c2731ab4a2b394414f4028f14ba11fc5dd4326e3d778736f4dc8f
7aaf6df215bb7018439342fe6bcd1058de3e7dfa2c7b4e1176c842b1a8e529ac
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
802fe463fb2c5049f755d600c2add791806ba93cf67009d1f621119887e411d7
805f6c9abf530f64bb5d7927b0cbbf428d207f689cdfccccebcf0a74a31a0cbd
825d9c83ef6dc6bd0c670b118bf5f5d03e169e8cddb088db6f4c65ecd541dbf9
8715015b8674efc3b43d577df2ab061c5df2441b8deb8f38b6b1c0c0fde75fc7
89573291887c73ca5e89148fae808c72e67b8b5cbfa7dfe8e758cc25ec3583b4
91afb84bded857517d6a7e43932e3d4a43eaf42d1e4d0b77a8bc9c07973e21d2
95a12c19c2a439de5edc113955a988be00dc0f75340f476aaadcd66ab632a867
99373341554ceaade5ea6c81725f1cd4d05e906621a15797d99d01343ae551f8
996ab3c1e26cb00ec7d3d29650e784755ba46f33613563b7173b0dab03fa3d73
a1ee9b0d486d11f72866cea139889cdea4a8334e6a1b89de25fbd6c55634d84f
a56e82f34c03b1bed67b86e8b09d36303d6204eeb04b968f8fe38077753606ca
a57b5242b9a9adc4c1ef846c365147b89c472b9cd770face331efcb965346b25
aa084d3968ab19898ebbed807ebc134b622fab78a888e7b36ae8386841636801
af3350a4c9eab812e7821f6270334a6e83a4baf6687969cb1f6bccae5abb79d5
b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115
b28872dc2790b53c8e8fb1ae5ea64a7f386c5e5ebd0e0ba12f053d785392f33d
b2db16a0072f1d2f543d9fffbf55ca224de481ce2fe6940e62311613642b796c
b594f779470f083abfb76e4c8f4e23b7ea025d0bc54bce73f1fd5710f6502c59
b769305d18e59ddd6f13c3fb6db4f90a15770b3717aaddbadb6e543918178bc8
babf6fd29c079790cc4d522f66f21af7c099e981080ddf11b5344b12b904e8a5
bbb90a8f240e6dbbda1d3da534f8848f256e623ed470d045e1d86a465e424d69
bf99a3203217c802888087df8a2c84b92e087829e7e24d38581a57cee763923b
c0eba1a778a7a1ecbef2fc06f550de7aefb9b0f4a3b0b14ec3f58b08331affc9
c8a977fd23fc151d7944387ad07220eb673de84b4343d6304efe5a8e1c061b02
c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42
c8cd0b0d514cecdaf4e7214325a70bba9bae301e156265bd0d880f9065d1d183
c8d87d770112e188f7b1482e9a416ffc441a9a6e08e2fc38a886fa2986efdb46
cf25ec18f223f4c51ce1128a42e644cdc2244d88f89d1a51440d9dbe51f4efe8
d59181a59b2d1d9c6e19ff50994da93676dfdd72f1c1268ab54d8ec9a6cc6dfa
dfc042f7ff75f3c2f916bcfbff48c82834bab07b698a2c564906ca073f8286b2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e490994ad61a64454e06354b4c74756269548b48e8bd476b35762d713ccb8c86
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ff327ec2a6dbd3fc76ceecf59e472d5d2f43c94dce851ced740abe5f75bb832e

citizenauthlogin-09.duckdns.org Open in urlscan Pro 174.138.45.252 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

62 Requests

66 %HTTPS

11 %IPv6

14 Domains

20 Subdomains

18 IPs

6 Countries

822 kBTransfer

2584 kBSize

16 Cookies

3 Outgoing links

Redirected requests

62 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

citizenauthlogin-09.duckdns.org Open in urlscan Pro
174.138.45.252 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

62
Requests

66 %
HTTPS

11 %
IPv6

14
Domains

20
Subdomains

18
IPs

6
Countries

822 kB
Transfer

2584 kB
Size

16
Cookies

62 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!