urlscan.io logo urlscan.io
SecurityTrails logo

auth007-secure07b.serveirc.com Open in urlscan Pro
40.78.153.232  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://auth007-secure07b.serveirc.com/
Effective URL: https://auth007-secure07b.serveirc.com/Login/?token=
Submission: On May 27 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 18 IPs in 2 countries across 15 domains to perform 120 HTTP transactions. The main IP is 40.78.153.232, located in Des Moines, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is auth007-secure07b.serveirc.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on May 27th 2022. Valid for: 3 months.
This is the only time auth007-secure07b.serveirc.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citibank (Banking)

Domain & IP information

19    40.78.153.232 (Des Moines, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
auth007-secure07b.serveirc.com
1    151.101.1.175 (United States)

ASN54113 (FASTLY, US)
nebula-cdn.kampyle.com
12    2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    96.16.135.39 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a96-16-135-39.deploy.static.akamaitechnologies.com
tags.bkrtx.com
2    151.101.2.133 (United States)

ASN54113 (FASTLY, US)
resources.digital-cloud-citi.medallia.com
16    2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
8    18.197.253.20 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
nexus.ensighten.com
16    2a00:1450:4001:813::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
16    2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
2    104.111.215.191 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-191.deploy.static.akamaitechnologies.com
stags.bluekai.com
1    172.253.120.156 (United States)

ASN15169 (GOOGLE, US)
PTR: wd-in-f156.1e100.net
bid.g.doubleclick.net
1    2600:9000:223c:d400:1:76cf:fe80:93a1 (United States)

ASN16509 (AMAZON-02, US)
c1.rfihub.net
1    193.0.160.129 (United States)

ASN54312 (ROCKETFUEL, US)
20766699p.rfihub.com
1    18.66.122.27 (None, )

ASN- ()
cdn.pbbl.co
1    35.190.60.146 (None, )

ASN- ()
sr.rlcdn.com
1    142.250.185.162 (None, )

ASN- ()
www.googleadservices.com
1    35.241.45.82 (None, )

ASN- ()
udc-neb.kampyle.com
Apex Domain
Subdomains		 Transfer
19 serveirc.com
auth007-secure07b.serveirc.com
2 MB
17 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 40
bid.g.doubleclick.net — Cisco Umbrella Rank: 473
18 KB
16 google.de
www.google.de — Cisco Umbrella Rank: 6117
2 KB
16 google.com
www.google.com — Cisco Umbrella Rank: 2
2 KB
12 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 64
491 KB
8 ensighten.com
nexus.ensighten.com — Cisco Umbrella Rank: 2640 Failed
87 KB
2 bluekai.com
stags.bluekai.com — Cisco Umbrella Rank: 472
676 B
2 medallia.com
resources.digital-cloud-citi.medallia.com — Cisco Umbrella Rank: 25343
89 KB
2 kampyle.com
nebula-cdn.kampyle.com — Cisco Umbrella Rank: 3941
udc-neb.kampyle.com
6 KB
1 rlcdn.com
sr.rlcdn.com
98 B
1 rfihub.com
20766699p.rfihub.com — Cisco Umbrella Rank: 37831
685 B
1 rfihub.net
c1.rfihub.net — Cisco Umbrella Rank: 4451
6 KB
1 pbbl.co
cdn.pbbl.co Failed
1 googleadservices.com
www.googleadservices.com Failed
15 KB
1 bkrtx.com
tags.bkrtx.com — Cisco Umbrella Rank: 2829
16 KB
120 15
Domain Requested by
19 auth007-secure07b.serveirc.com auth007-secure07b.serveirc.com
16 www.google.de auth007-secure07b.serveirc.com
16 www.google.com 2 redirects auth007-secure07b.serveirc.com
16 googleads.g.doubleclick.net 2 redirects auth007-secure07b.serveirc.com
www.googleadservices.com
12 www.googletagmanager.com auth007-secure07b.serveirc.com
www.googletagmanager.com
8 nexus.ensighten.com auth007-secure07b.serveirc.com
2 stags.bluekai.com auth007-secure07b.serveirc.com
tags.bkrtx.com
2 resources.digital-cloud-citi.medallia.com auth007-secure07b.serveirc.com
resources.digital-cloud-citi.medallia.com
1 udc-neb.kampyle.com
1 sr.rlcdn.com nexus.ensighten.com
1 20766699p.rfihub.com c1.rfihub.net
1 c1.rfihub.net nexus.ensighten.com
1 bid.g.doubleclick.net auth007-secure07b.serveirc.com
1 cdn.pbbl.co auth007-secure07b.serveirc.com
nexus.ensighten.com
1 www.googleadservices.com auth007-secure07b.serveirc.com
www.googletagmanager.com
1 tags.bkrtx.com auth007-secure07b.serveirc.com
1 nebula-cdn.kampyle.com auth007-secure07b.serveirc.com
120 17

This site contains no links.

Subject Issuer Validity Valid
auth007-secure07b.serveirc.com
cPanel, Inc. Certification Authority		 2022-05-27 -
2022-08-25		 3 months crt.sh
*.kampyle.com
GlobalSign Atlas R3 DV TLS CA 2022 Q1		 2022-02-22 -
2023-03-26		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
*.bkrtx.com
DigiCert SHA2 Secure Server CA		 2022-02-07 -
2023-02-06		 a year crt.sh
*.digital-cloud-citi.medallia.com
SSL.com RSA SSL subCA		 2021-11-15 -
2022-10-20		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
nexus.ensighten.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-14 -
2022-10-12		 a year crt.sh
www.google.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
www.google.de
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
odc-pixel-prod-01.oracle.com
DigiCert SHA2 Secure Server CA		 2022-02-26 -
2023-03-01		 a year crt.sh
*.rfihub.net
Amazon		 2021-12-29 -
2023-01-27		 a year crt.sh
*.rfihub.com
Sectigo RSA Domain Validation Secure Server CA		 2020-06-18 -
2022-06-18		 2 years crt.sh
*.pbbl.co
Amazon		 2021-11-04 -
2022-12-02		 a year crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2022-02-03 -
2023-02-25		 a year crt.sh
www.googleadservices.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
*.google.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
*.google.de
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh

This page contains 6 frames:

Primary Page: https://auth007-secure07b.serveirc.com/Login/?token=
Frame ID: CB414C1AF2EC5D5F21B0B5C8E99C8C3C
Requests: 115 HTTP requests in this frame

Frame: https://stags.bluekai.com/site/63068?ret=html&phint=language&phint=product&phint=event&phint=category&phint=page&phint=section1&phint=section2&phint=section3&phint=section4&phint=bankappstatus&phint=productID&phint=__bk_t%3DSign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&phint=__bk_k%3D&phint=__bk_pr%3Dhttp%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&phint=__bk_l%3Dhttp%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&phint=__bk_v%3D3.1.10&limit=10&r=92544077
Frame ID: 12510A23493E390A38C01FAA76F0E060
Requests: 1 HTTP requests in this frame

Frame: https://bid.g.doubleclick.net/xbbe/pixel?d=KAE
Frame ID: BCC94ECF00C33124702203E25A00A908
Requests: 1 HTTP requests in this frame

Frame: https://20766699p.rfihub.com/ca.html?ver=9&ra=334&rb=648&ca=20766699&_o=17169175&_t=&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=https%3A%2F%2Fauth007-secure07b.serveirc.com%2FLogin%2F%3Ftoken%3D&pf=https%3A%2F%2Fauth007-secure07b.serveirc.com%2F&ra=6987326521197164
Frame ID: 48A887DFA491778F7CE7D043AA7FC0E3
Requests: 1 HTTP requests in this frame

Frame: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Frame ID: 3B612F102B0F41BD26F4AF3A1D7D1E01
Requests: 1 HTTP requests in this frame

Frame: https://stags.bluekai.com/site/63068?ret=html&phint=language&phint=product&phint=event&phint=category&phint=page&phint=section1&phint=section2&phint=section3&phint=section4&phint=bankappstatus&phint=productID&phint=__bk_t%3DSign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&phint=__bk_k%3D&phint=__bk_pr%3Dhttps%3A%2F%2Fauth007-secure07b.serveirc.com%2F&phint=__bk_l%3Dhttps%3A%2F%2Fauth007-secure07b.serveirc.com%2FLogin%2F%3Ftoken%3D&phint=__bk_v%3D3.1.10&limit=10&r=36007401
Frame ID: D35F251D2BA9DABD6BC27B61E3B9D7EB
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign On to Your Citi Account - Citibank

Page URL History Show full URLs

  1. https://auth007-secure07b.serveirc.com/ Page URL
  2. https://auth007-secure07b.serveirc.com/Login/?token= Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • //nexus\.ensighten\.com/
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

120
Requests

78 %
HTTPS

29 %
IPv6

15
Domains

17
Subdomains

18
IPs

2
Countries

3249 kB
Transfer

4798 kB
Size

13
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://auth007-secure07b.serveirc.com/ Page URL
  2. https://auth007-secure07b.serveirc.com/Login/?token= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 102
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1653662259635&cv=9&fst=1653662259635&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa5p1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauth007-secure07b.serveirc.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauth007-secure07b.serveirc.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1 HTTP 302
  • https://www.google.com/pagead/1p-user-list/959299794/?random=1653662259635&cv=9&fst=1653660000000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa5p1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauth007-secure07b.serveirc.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauth007-secure07b.serveirc.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&is_vtc=1&random=3949932360&resp=GooglemKTybQhCsO HTTP 302
  • https://www.google.de/pagead/1p-user-list/959299794/?random=1653662259635&cv=9&fst=1653660000000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa5p1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauth007-secure07b.serveirc.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauth007-secure07b.serveirc.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&is_vtc=1&random=3949932360&resp=GooglemKTybQhCsO&ipr=y
Request Chain 105
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1653662259637&cv=9&fst=1653662259637&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa5p1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauth007-secure07b.serveirc.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauth007-secure07b.serveirc.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1 HTTP 302
  • https://www.google.com/pagead/1p-user-list/975701947/?random=1653662259637&cv=9&fst=1653660000000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa5p1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauth007-secure07b.serveirc.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauth007-secure07b.serveirc.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&is_vtc=1&random=2069269356&resp=GooglemKTybQhCsO HTTP 302
  • https://www.google.de/pagead/1p-user-list/975701947/?random=1653662259637&cv=9&fst=1653660000000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa5p1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauth007-secure07b.serveirc.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauth007-secure07b.serveirc.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&is_vtc=1&random=2069269356&resp=GooglemKTybQhCsO&ipr=y

120 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
auth007-secure07b.serveirc.com/ 		4 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://auth007-secure07b.serveirc.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
40.78.153.232 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache /
Resource Hash
0ddb989a367c72a77f123d47bb4074f3c8245273e7bd6a5a4e1e5d019e653cae

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Date
Fri, 27 May 2022 14:37:34 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=100
Pragma
no-cache
Server
Apache
Transfer-Encoding
chunked
cf.css
auth007-secure07b.serveirc.com/A/css/other/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://auth007-secure07b.serveirc.com/A/css/other/cf.css
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
40.78.153.232 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Fri, 27 May 2022 14:37:35 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
Primary Request /
auth007-secure07b.serveirc.com/Login/ 		385 KB
386 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://auth007-secure07b.serveirc.com/Login/?token=
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
40.78.153.232 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache /
Resource Hash
176078acf95925030c4e9b30530e20df88d737449b844668c3e92ba6824667f0

Request headers

Referer
https://auth007-secure07b.serveirc.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Date
Fri, 27 May 2022 14:37:37 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=98
Pragma
no-cache
Server
Apache
Transfer-Encoding
chunked
cool-2.1.15.min.js
nebula-cdn.kampyle.com/resources/onsite/js/ 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.175 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-version-id
9HCXbKZTbCJZkS8s9IuB.pE0JEvI0TGW
content-encoding
gzip
etag
"80dd5e3be5152c5c72d552c6a26ef6ff"
age
868103
via
1.1 varnish
x-cache
HIT
content-length
5197
x-amz-id-2
3jFPBW0QDp203LoJopx7Dn6l6I6wAEiKKXjWFJOTbpsIupYw61z3hGAtfi4OACk3iRzItpeIxkw=
x-served-by
cache-hhn4055-HHN
last-modified
Sun, 24 Jan 2021 11:03:10 GMT
server
AmazonS3
x-timer
S1653662258.620957,VS0,VE0
date
Fri, 27 May 2022 14:37:37 GMT
vary
Accept-Encoding
x-amz-request-id
PP78GRY38DYP2X7S
access-control-allow-origin
*
cache-control
max-age=31622400
accept-ranges
bytes
content-type
application/javascript
x-cache-hits
12098
js
www.googletagmanager.com/gtag/ 		108 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-916451471
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
cf2bccfb622454069a9e5dc2ecb9fd50e77b64a917eb28883b624408da000c50
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 14:37:37 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43197
x-xss-protection
0
last-modified
Fri, 27 May 2022 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 27 May 2022 14:37:37 GMT
bk-coretag.js
tags.bkrtx.com/js/ 		51 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.bkrtx.com/js/bk-coretag.js
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
96.16.135.39 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a96-16-135-39.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
88cd43c3f5453f7b4db2cbe884b47db3c8317860a2ce6e9b2bc934ff4b8e32eb
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Strict-Transport-Security
max-age=15724800; includeSubDomains
Content-Encoding
gzip
Last-Modified
Fri, 21 May 2021 19:14:21 GMT
Server
nginx/1.15.8
ETag
W/"60a8068d-cbc2"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=604800
Date
Fri, 27 May 2022 14:37:38 GMT
Connection
keep-alive
Content-Length
16078
Expires
Fri, 03 Jun 2022 14:37:38 GMT
Bootstrap.js
auth007-secure07b.serveirc.com/Login/js/ 		280 KB
280 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://auth007-secure07b.serveirc.com/Login/js/Bootstrap.js
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
40.78.153.232 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache /
Resource Hash
c73e69a929ce513e05bba4a3359296cf41064aaff3355d900b971ca39175a935
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/Login/?token=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Fri, 27 May 2022 14:37:37 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sat, 19 Mar 2022 13:52:18 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
286351
X-XSS-Protection
1; mode=block
Interstate-Light.woff
auth007-secure07b.serveirc.com/Login/css/ 		74 KB
74 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://auth007-secure07b.serveirc.com/Login/css/Interstate-Light.woff
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
40.78.153.232 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache /
Resource Hash
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://auth007-secure07b.serveirc.com/Login/?token=
Origin
https://auth007-secure07b.serveirc.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Fri, 27 May 2022 14:37:37 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sat, 19 Mar 2022 13:52:14 GMT
Server
Apache
Content-Type
font/woff
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
75538
X-XSS-Protection
1; mode=block
Interstate-Bold.woff
auth007-secure07b.serveirc.com/Login/css/ 		70 KB
70 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://auth007-secure07b.serveirc.com/Login/css/Interstate-Bold.woff
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
40.78.153.232 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache /
Resource Hash
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://auth007-secure07b.serveirc.com/Login/?token=
Origin
https://auth007-secure07b.serveirc.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Fri, 27 May 2022 14:37:37 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sat, 19 Mar 2022 13:52:14 GMT
Server
Apache
Content-Type
font/woff
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
71874
X-XSS-Protection
1; mode=block
Interstate-Regular.woff
auth007-secure07b.serveirc.com/Login/css/ 		77 KB
77 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://auth007-secure07b.serveirc.com/Login/css/Interstate-Regular.woff
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
40.78.153.232 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache /
Resource Hash
045cd226594cb32ddf9d4db8ee45611f4d0788675ae50180b68da975e66fe1fe
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://auth007-secure07b.serveirc.com/Login/?token=
Origin
https://auth007-secure07b.serveirc.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Fri, 27 May 2022 14:37:38 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sat, 19 Mar 2022 13:52:14 GMT
Server
Apache
Content-Type
font/woff
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
78762
X-XSS-Protection
1; mode=block
conversion_async.js
www.googleadservices.com/pagead/ 		0
0
conversion_async.js
www.googleadservices.com/pagead/ 		0
0
conversion_async.js
www.googleadservices.com/pagead/ 		0
0
conversion_async.js
www.googleadservices.com/pagead/ 		0
0
conversion_async.js
www.googleadservices.com/pagead/ 		0
0
conversion_async.js
www.googleadservices.com/pagead/ 		0
0
conversion_async.js
www.googleadservices.com/pagead/ 		0
0
js
www.googletagmanager.com/gtag/ 		0
0
js
www.googletagmanager.com/gtag/ 		0
0
js
www.googletagmanager.com/gtag/ 		0
0
js
www.googletagmanager.com/gtag/ 		0
0
js
www.googletagmanager.com/gtag/ 		0
0
js
www.googletagmanager.com/gtag/ 		0
0
js
www.googletagmanager.com/gtag/ 		0
0
conversion_async.js
www.googleadservices.com/pagead/ 		0
0
1560.js
cdn.pbbl.co/r/ 		0
0
d139e7d35fc18934e03ae7d1eb3769bf.js
nexus.ensighten.com/citi/na_prod/code/ 		0
0
51aba9f62787efbaa13e53a8d1ae3892.js
nexus.ensighten.com/citi/na_prod/code/ 		0
0
c942fa5b036f63cf515027e22894e5aa.js
nexus.ensighten.com/citi/na_prod/code/ 		0
0
557566dc60916e3de69e006bef252459.js
nexus.ensighten.com/citi/na_prod/code/ 		0
0
42d4d669434e7d621371bd59ca097dbf.js
nexus.ensighten.com/citi/na_prod/code/ 		0
0
fdf45a7c15c1cee06bb71e10dac4e26e.js
nexus.ensighten.com/citi/na_prod/code/ 		0
0
serverComponent.php
nexus.ensighten.com/citi/na_prod/ 		0
0
styles.css
auth007-secure07b.serveirc.com/Login/css/ 		1 MB
1 MB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://auth007-secure07b.serveirc.com/Login/css/styles.css
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
40.78.153.232 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache /
Resource Hash
70f3cacfaa80a9d270cf98ce26fef532b1004bc471a20611f35bc70cd6d8d899
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/Login/?token=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Fri, 27 May 2022 14:37:37 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sat, 19 Mar 2022 13:52:18 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
1388422
X-XSS-Protection
1; mode=block
embed.js
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8b84143daf14daef3c3d40ee52ca34661923f713fc7099b7345084217d30bb4e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-version-id
2pC9G9.LIC9ZOLSMRFCabi1Ts0Nu0Km.
content-encoding
gzip
etag
"bf83acc30042827f38fa6ce8f1133c59"
age
129569
via
1.1 varnish
x-cache
HIT
content-length
675
x-amz-id-2
5cnclVAuEpgrb7vj7tWNmRF266l4u9th8jCWLKEoNlQXqbXdJQHeCWZRKgga6qFAT49Ppcclrmc=
x-served-by
cache-hhn4022-HHN
last-modified
Thu, 26 May 2022 02:38:01 GMT
server
AmazonS3
x-timer
S1653662258.120372,VS0,VE0
date
Fri, 27 May 2022 14:37:38 GMT
vary
Accept-Encoding
x-amz-request-id
WEHW9Q769C9N19TC
access-control-allow-origin
*
cache-control
max-age=0,must-revalidate
accept-ranges
bytes
content-type
application/javascript
x-cache-hits
61
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1642148921171&cv=9&fst=1642148921171&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
82c6add3f5ea5a65f93e576e953fb1079e748ffee52b271cd6a08d9eea180b43
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1187
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1642148921263&cv=9&fst=1642148921263&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2cc61e4818467df63fe1fdf04520c82b209e50732b5238328e3dbbdc07540ce3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1187
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1642148921305&cv=9&fst=1642148921305&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d96096e5d0015d2911819c14b38a00daecb670777d1cbb4661a44d165b34ceac
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1197
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1642148921445&cv=9&fst=1642148921445&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
cd3f5d6992b4491b8df72c11c1129ab3f3522bb5b86e3d1ea9ae1b2688b140af
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1187
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1642148921448&cv=9&fst=1642148921448&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3072098291dd55e6fdbd6dcb77a2fd7e5c997d3356d2281275d91fc54bf639bd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1185
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1642148921829&cv=9&fst=1642148921829&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1e2c4ca10994e15df5513cafc1fce27b9441f3f93941b853284386a3c0d4dea2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1186
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1642148922005&cv=9&fst=1642148922005&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9779de4a1526892bf9e5929f3d68f33a43d19ed08f3cac5b557044899c274e8b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1186
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1642148922009&cv=9&fst=1642148922009&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c66572861cbc68f1d2cde6c1f9c79fad6ac40b3f4b8886b2eee46aa888beedf6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1187
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
citipridelogo.jpg
auth007-secure07b.serveirc.com/Login/css/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth007-secure07b.serveirc.com/Login/css/citipridelogo.jpg
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
40.78.153.232 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache /
Resource Hash
f94cb7cab7413f3e828c469111e3f9ee7bf21ac163cea343be2cdef866160d40
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/Login/?token=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Fri, 27 May 2022 14:37:38 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sat, 19 Mar 2022 13:52:14 GMT
Server
Apache
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
2658
X-XSS-Protection
1; mode=block
050-location@2x.svg
auth007-secure07b.serveirc.com/Login/css/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth007-secure07b.serveirc.com/Login/css/050-location@2x.svg
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
40.78.153.232 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache /
Resource Hash
6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/Login/?token=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Fri, 27 May 2022 14:37:38 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sat, 19 Mar 2022 13:52:14 GMT
Server
Apache
Content-Type
image/svg+xml
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
1752
X-XSS-Protection
1; mode=block
icon_globe_med-grey@2x.svg
auth007-secure07b.serveirc.com/Login/css/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth007-secure07b.serveirc.com/Login/css/icon_globe_med-grey@2x.svg
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
40.78.153.232 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache /
Resource Hash
a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/Login/?token=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Fri, 27 May 2022 14:37:38 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sat, 19 Mar 2022 13:52:14 GMT
Server
Apache
Content-Type
image/svg+xml
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
3523
X-XSS-Protection
1; mode=block
320_Citi-PLT@3x.png
auth007-secure07b.serveirc.com/Login/css/ 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth007-secure07b.serveirc.com/Login/css/320_Citi-PLT@3x.png
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
40.78.153.232 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache /
Resource Hash
f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/Login/?token=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Fri, 27 May 2022 14:37:38 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sat, 19 Mar 2022 13:52:14 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
11562
X-XSS-Protection
1; mode=block
1440_Citi-PLT@3x.png
auth007-secure07b.serveirc.com/Login/css/ 		27 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth007-secure07b.serveirc.com/Login/css/1440_Citi-PLT@3x.png
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
40.78.153.232 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache /
Resource Hash
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/Login/?token=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Fri, 27 May 2022 14:37:38 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sat, 19 Mar 2022 13:52:14 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
28149
X-XSS-Protection
1; mode=block
e.gif
nexus.ensighten.com/error/ 		0
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nexus.ensighten.com/error/e.gif?msg=_dl%20is%20not%20defined&lnn=-1&fn=&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 14:37:38 GMT
cache-control
no-cache, no-store
server
nginx
expires
Fri, 27 May 2022 14:37:37 GMT
serverComponent.php
nexus.ensighten.com/citi/na_prod/ 		1 KB
714 B 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/citi/na_prod/serverComponent.php?r=2494006000.1400275&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=https%3A%2F%2Fauth007-secure07b.serveirc.com%2FLogin%2F%3Ftoken%3D
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/js/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
2a2d6ef797a68cfbefbe164ec6d70bec615b87b2f1dfcf568c92bd41faf8e10f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 14:37:38 GMT
cache-control
no-cache, no-store
content-type
text/javascript
server
nginx
content-encoding
gzip
vary
Accept-Encoding
expires
Fri, 27 May 2022 14:37:37 GMT
/
www.google.com/pagead/1p-user-list/916451471/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/916451471/?random=1642148921171&cv=9&fst=1642147200000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2929027820&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:38 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/916451471/ 		42 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/916451471/?random=1642148921171&cv=9&fst=1642147200000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2929027820&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:38 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/960621875/ 		42 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/960621875/?random=1642148921263&cv=9&fst=1642147200000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=40109969&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:38 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/960621875/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/960621875/?random=1642148921263&cv=9&fst=1642147200000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=40109969&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:38 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/644574043/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/644574043/?random=1642148921305&cv=9&fst=1642147200000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2179100841&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:38 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/644574043/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/644574043/?random=1642148921305&cv=9&fst=1642147200000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2179100841&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:38 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/975701947/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/975701947/?random=1642148921445&cv=9&fst=1642147200000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3747551495&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:38 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/975701947/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/975701947/?random=1642148921445&cv=9&fst=1642147200000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3747551495&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:38 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/830907969/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/830907969/?random=1642148921448&cv=9&fst=1642147200000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2822935111&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:38 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/830907969/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/830907969/?random=1642148921448&cv=9&fst=1642147200000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2822935111&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:38 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/695231162/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/695231162/?random=1642148921829&cv=9&fst=1642147200000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=359903072&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:38 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/695231162/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/695231162/?random=1642148921829&cv=9&fst=1642147200000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=359903072&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:38 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/819500023/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/819500023/?random=1642148922005&cv=9&fst=1642147200000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=854921173&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:38 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/819500023/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/819500023/?random=1642148922005&cv=9&fst=1642147200000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=854921173&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:38 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/959299794/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/959299794/?random=1642148922009&cv=9&fst=1642147200000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1269193466&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:38 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/959299794/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/959299794/?random=1642148922009&cv=9&fst=1642147200000&num=1&bg=ffffff&guid=ON&u_h=864&u_w=1536&u_ah=824&u_aw=1536&u_cd=24&u_his=9&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa1c0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&ref=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1269193466&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:38 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
LSO_4959.jpg
auth007-secure07b.serveirc.com/Login/css/ 		171 KB
171 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth007-secure07b.serveirc.com/Login/css/LSO_4959.jpg
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
40.78.153.232 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache /
Resource Hash
48e89b7e40e096b89d864a5c8ee340ce44ca60fe9675310ef2f3f40a53a7d593
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/Login/?token=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Fri, 27 May 2022 14:37:38 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sat, 19 Mar 2022 13:52:16 GMT
Server
Apache
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
174933
X-XSS-Protection
1; mode=block
Citi-Branding-Sprite.png
auth007-secure07b.serveirc.com/Login/img/ 		315 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth007-secure07b.serveirc.com/Login/img/Citi-Branding-Sprite.png
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
40.78.153.232 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache /
Resource Hash
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/Login/?token=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Fri, 27 May 2022 14:37:38 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=97
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
Appstore-Googleplay-JDPower-Sprite.png
auth007-secure07b.serveirc.com/Login/css/ 		44 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth007-secure07b.serveirc.com/Login/css/Appstore-Googleplay-JDPower-Sprite.png
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
40.78.153.232 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache /
Resource Hash
b8e446605f92c29a178dd6494688103ac268004592afe06643df46f4bff68577
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/Login/?token=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Fri, 27 May 2022 14:37:38 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sat, 19 Mar 2022 13:52:14 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
44996
X-XSS-Protection
1; mode=block
social-media_facebook@3x.png
auth007-secure07b.serveirc.com/Login/css/ 		445 B
752 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth007-secure07b.serveirc.com/Login/css/social-media_facebook@3x.png
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
40.78.153.232 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache /
Resource Hash
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/Login/?token=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Fri, 27 May 2022 14:37:39 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sat, 19 Mar 2022 13:52:16 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=96
Content-Length
445
X-XSS-Protection
1; mode=block
social-media_twitter@3x.png
auth007-secure07b.serveirc.com/Login/css/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth007-secure07b.serveirc.com/Login/css/social-media_twitter@3x.png
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
40.78.153.232 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache /
Resource Hash
5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/Login/?token=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Fri, 27 May 2022 14:37:39 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sat, 19 Mar 2022 13:52:16 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
1277
X-XSS-Protection
1; mode=block
social-media_youtube@3x.png
auth007-secure07b.serveirc.com/Login/css/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth007-secure07b.serveirc.com/Login/css/social-media_youtube@3x.png
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
40.78.153.232 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache /
Resource Hash
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/Login/?token=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Fri, 27 May 2022 14:37:39 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sat, 19 Mar 2022 13:52:16 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
1175
X-XSS-Protection
1; mode=block
63068
stags.bluekai.com/site/ Frame 1251 		71 B
338 B 		Document
General
Check archive.org
Download Go to
Full URL
https://stags.bluekai.com/site/63068?ret=html&phint=language&phint=product&phint=event&phint=category&phint=page&phint=section1&phint=section2&phint=section3&phint=section4&phint=bankappstatus&phint=productID&phint=__bk_t%3DSign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&phint=__bk_k%3D&phint=__bk_pr%3Dhttp%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2F&phint=__bk_l%3Dhttp%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2&phint=__bk_v%3D3.1.10&limit=10&r=92544077
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.215.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-215-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
53350525edba0b889e87ea52a16ed843a928a2557e9f8d6747acd7ff991c95c3

Request headers

Referer
https://auth007-secure07b.serveirc.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

BK-Server
b789
Connection
keep-alive
Content-Length
71
Content-Type
text/html
Date
Fri, 27 May 2022 14:37:39 GMT
P3P
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
X-N
S
generic1642092206405.js
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ 		0
0
pixel
bid.g.doubleclick.net/xbbe/ Frame BCC9 		0
683 B 		Document
General
Check archive.org
Download Go to
Full URL
https://bid.g.doubleclick.net/xbbe/pixel?d=KAE
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/?token=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.120.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wd-in-f156.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://auth007-secure07b.serveirc.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 27 May 2022 14:37:38 GMT
expires
Fri, 27 May 2022 14:37:38 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
fdf45a7c15c1cee06bb71e10dac4e26e.js
nexus.ensighten.com/citi/na_prod/code/ 		989 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/js/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
7df13706eaab8ce9a3dcd2a501f60bc66987c83834d07dfaf07ae56ef814c110

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 14:37:38 GMT
last-modified
Tue, 14 May 2019 17:01:42 GMT
server
nginx
etag
"5cdaf476-3dd"
content-type
application/javascript; charset=utf-8
cache-control
max-age=315360000
accept-ranges
bytes
content-length
989
da6191c2b2959a15b37bb1f025a35ecd.js
nexus.ensighten.com/citi/na_prod/code/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/citi/na_prod/code/da6191c2b2959a15b37bb1f025a35ecd.js?conditionId0=4897099
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/js/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
5cbb5852d6dd001b4defb3f6ace7f8beb88d0f19d20d00ebfd086a24c31988db

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 14:37:38 GMT
content-encoding
gzip
last-modified
Tue, 01 Mar 2022 18:19:28 GMT
server
nginx
etag
W/"621e63b0-12ea"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=315360000
557566dc60916e3de69e006bef252459.js
nexus.ensighten.com/citi/na_prod/code/ 		2 KB
961 B 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/js/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
31b00ff4929696dfca06885da68e58c3e09f6ecb4ae0fe1ae287e99a3fd1f716

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 14:37:38 GMT
content-encoding
gzip
last-modified
Tue, 27 Aug 2019 16:59:12 GMT
server
nginx
etag
W/"5d656160-887"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=315360000
8d20a90ccfa2a960fc13dd8b92ea9e4c.js
nexus.ensighten.com/citi/na_prod/code/ 		158 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/citi/na_prod/code/8d20a90ccfa2a960fc13dd8b92ea9e4c.js?conditionId0=421908
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/js/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
dce306cc7125d829747f2e313bc52c840b5e1a0be61c315ad0a2e601b77afe9e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 14:37:38 GMT
content-encoding
gzip
last-modified
Tue, 10 May 2022 17:44:06 GMT
server
nginx
etag
W/"627aa466-27643"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=315360000
de88c43a88bf405685fa768bde50a3a6.js
nexus.ensighten.com/citi/na_prod/code/ 		147 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/citi/na_prod/code/de88c43a88bf405685fa768bde50a3a6.js?conditionId0=486757
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/js/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3f35e704f782885238c81edc4d12b020a5402115edc8fa684ef0879722045f6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 14:37:38 GMT
content-encoding
gzip
last-modified
Tue, 24 May 2022 20:25:36 GMT
server
nginx
etag
W/"628d3f40-24db1"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=315360000
6f89cb7c64fe829adb61ed37a155f58e.js
nexus.ensighten.com/citi/na_prod/code/ 		47 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/citi/na_prod/code/6f89cb7c64fe829adb61ed37a155f58e.js?conditionId0=467299
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/js/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
f636737ba1207aba7c37329e48607498971707a15b0493fadcdf1249a1775200

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 14:37:38 GMT
content-encoding
gzip
last-modified
Tue, 24 May 2022 20:25:36 GMT
server
nginx
etag
W/"628d3f40-bc0a"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=315360000
js
www.googletagmanager.com/gtag/ 		97 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-6260004
Requested by
Host: auth007-secure07b.serveirc.com
URL: https://auth007-secure07b.serveirc.com/Login/js/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
fd1b4bf5f51cea1129ec833e6dcc4213514ffb01ca67e2a1bfc5c82c2e3bbb2c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 14:37:38 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39025
x-xss-protection
0
last-modified
Fri, 27 May 2022 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 27 May 2022 14:37:38 GMT
tc.min.js
c1.rfihub.net/js/ 		19 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c1.rfihub.net/js/tc.min.js
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/6f89cb7c64fe829adb61ed37a155f58e.js?conditionId0=467299
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223c:d400:1:76cf:fe80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Jetty(9.3.29.v20201019) /
Resource Hash
7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 14:08:02 GMT
content-encoding
gzip
last-modified
Fri, 27 May 2022 14:07:52 GMT
server
Jetty(9.3.29.v20201019)
age
1777
x-cache
Hit from cloudfront
p3p
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
via
1.1 891011d51eb2353ebe8601f5b6467070.cloudfront.net (CloudFront)
cache-control
public, max-age=3600
x-amz-cf-pop
FRA56-P2
content-type
application/x-javascript
content-length
6162
x-amz-cf-id
tHjzTUGV1sem6ynjEjn27XIl84UHoZKxfhQzWdfSuESEwmjPHrRAEw==
expires
Fri, 27 May 2022 15:08:02 GMT
ca.html
20766699p.rfihub.com/ Frame 48A8 		118 B
685 B 		Document
General
Check archive.org
Download Go to
Full URL
https://20766699p.rfihub.com/ca.html?ver=9&ra=334&rb=648&ca=20766699&_o=17169175&_t=&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=https%3A%2F%2Fauth007-secure07b.serveirc.com%2FLogin%2F%3Ftoken%3D&pf=https%3A%2F%2Fauth007-secure07b.serveirc.com%2F&ra=6987326521197164
Requested by
Host: c1.rfihub.net
URL: https://c1.rfihub.net/js/tc.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
193.0.160.129 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software
Jetty(9.3.29.v20201019) /
Resource Hash
c437eb764a99e6cd5172d63c3fae564bbc51eda4981058d5edebd2bf0700eb76

Request headers

Referer
https://auth007-secure07b.serveirc.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache
Content-Length
118
Content-Type
text/html;charset=utf-8
Date
Fri, 27 May 2022 14:37:39 GMT
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server
Jetty(9.3.29.v20201019)
js
www.googletagmanager.com/gtag/ 		97 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-6269322&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-916451471
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
cb79d957593c026e8328a5bc61e0a886e73318c2d1633e7fe44be9369dccf930
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 14:37:39 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39040
x-xss-protection
0
last-modified
Fri, 27 May 2022 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 27 May 2022 14:37:39 GMT
js
www.googletagmanager.com/gtag/ 		97 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-6256710&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-916451471
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
03c577a8029b7cf968a01cd6b6cd433a8d3d4861e7f839a74033ee8f113e5ee9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 14:37:39 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39040
x-xss-protection
0
last-modified
Fri, 27 May 2022 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 27 May 2022 14:37:39 GMT
js
www.googletagmanager.com/gtag/ 		97 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-6415812&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-916451471
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f534bbe848e198496928fc4ce0e9b7fcebe9eba6126cb2d6091c5931a8444cd5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 14:37:39 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39043
x-xss-protection
0
last-modified
Fri, 27 May 2022 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 27 May 2022 14:37:39 GMT
1560.js
cdn.pbbl.co/r/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.pbbl.co/r/1560.js
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/da6191c2b2959a15b37bb1f025a35ecd.js?conditionId0=4897099
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.122.27 -, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers
425466.html
sr.rlcdn.com/ Frame 3B61 		0
98 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/6f89cb7c64fe829adb61ed37a155f58e.js?conditionId0=467299
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.60.146 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://auth007-secure07b.serveirc.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Fri, 27 May 2022 14:37:39 GMT
via
1.1 google
generic1653532680245.js
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ 		519 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1653532680245.js
Requested by
Host: resources.digital-cloud-citi.medallia.com
URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f466fefcfa7d8042306f8bf5c739670b8b20f3622cbc43e1e482263d95dd3ce5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-version-id
nUnVasC9cUQDDj7d6cLcxqr8Tretdvcv
content-encoding
gzip
etag
"9d8d8096ee36f8e60dd768baa749d47e"
age
129570
via
1.1 varnish
x-cache
HIT
content-length
89904
x-amz-id-2
zdcyS82faOAirUt6GtUg7+bzm7ZUlcxfmbAf48gMGc/GRn2bvVeGUHrlnNlqDF17w97wEqPgeNI=
x-served-by
cache-hhn4022-HHN
last-modified
Thu, 26 May 2022 02:38:01 GMT
server
AmazonS3
x-timer
S1653662259.449724,VS0,VE0
date
Fri, 27 May 2022 14:37:39 GMT
vary
Accept-Encoding
x-amz-request-id
ZG1DKXV5QZV0NZP1
access-control-allow-origin
*
cache-control
max-age=0,must-revalidate
accept-ranges
bytes
content-type
application/javascript
x-cache-hits
10
63068
stags.bluekai.com/site/ Frame D35F 		71 B
338 B 		Document
General
Check archive.org
Download Go to
Full URL
https://stags.bluekai.com/site/63068?ret=html&phint=language&phint=product&phint=event&phint=category&phint=page&phint=section1&phint=section2&phint=section3&phint=section4&phint=bankappstatus&phint=productID&phint=__bk_t%3DSign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&phint=__bk_k%3D&phint=__bk_pr%3Dhttps%3A%2F%2Fauth007-secure07b.serveirc.com%2F&phint=__bk_l%3Dhttps%3A%2F%2Fauth007-secure07b.serveirc.com%2FLogin%2F%3Ftoken%3D&phint=__bk_v%3D3.1.10&limit=10&r=36007401
Requested by
Host: tags.bkrtx.com
URL: https://tags.bkrtx.com/js/bk-coretag.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.215.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-215-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
53350525edba0b889e87ea52a16ed843a928a2557e9f8d6747acd7ff991c95c3

Request headers

Referer
https://auth007-secure07b.serveirc.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

BK-Server
d2a4
Connection
keep-alive
Content-Length
71
Content-Type
text/html
Date
Fri, 27 May 2022 14:37:39 GMT
P3P
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
X-N
S
conversion_async.js
www.googleadservices.com/pagead/ 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-916451471
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.162 -, , ASN (),
Reverse DNS
Software
cafe /
Resource Hash
439bb68e4b99a7037363e3c9671380459a2e0aa1c8276fb1c68823da04608a3d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 14:37:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14847
x-xss-protection
0
server
cafe
etag
14193202862953550909
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 27 May 2022 14:37:39 GMT
js
www.googletagmanager.com/gtag/ 		108 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-916451471
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f202858f822f252af02cae9db0c8644de3288b9da218b56aad7b8a947b85f8b7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 14:37:39 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43214
x-xss-protection
0
last-modified
Fri, 27 May 2022 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 27 May 2022 14:37:39 GMT
js
www.googletagmanager.com/gtag/ 		108 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-916451471
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
6ff032656721991b67f3ddd2dacfd315b51ee6940010a81d781d9a8e0f24af2c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 14:37:39 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43191
x-xss-protection
0
last-modified
Fri, 27 May 2022 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 27 May 2022 14:37:39 GMT
js
www.googletagmanager.com/gtag/ 		108 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-916451471
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b4809fc362daef23bf8d8051bb8d3804ec6411fbc813d3d016055ef7ff383fed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 14:37:39 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43215
x-xss-protection
0
last-modified
Fri, 27 May 2022 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 27 May 2022 14:37:39 GMT
js
www.googletagmanager.com/gtag/ 		107 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-916451471
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f7db6a04694b3c8ad470ffcb6afcc7d99e9b1b1b6f2d606b515382e7f01cfaa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 14:37:39 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43113
x-xss-protection
0
last-modified
Fri, 27 May 2022 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 27 May 2022 14:37:39 GMT
js
www.googletagmanager.com/gtag/ 		108 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-916451471
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
ff6e394cabd65a0024b450e7797f4a7679abe1cffe7cd2a08227da5a66e056ab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 14:37:39 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43222
x-xss-protection
0
last-modified
Fri, 27 May 2022 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 27 May 2022 14:37:39 GMT
js
www.googletagmanager.com/gtag/ 		108 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-916451471
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
5acd74a5eaab3ff9dcad398ff2318a35dbf4c8b5380a9e9dd5e6718039247e90
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 14:37:39 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43136
x-xss-protection
0
last-modified
Fri, 27 May 2022 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 27 May 2022 14:37:39 GMT
js
www.googletagmanager.com/gtag/ 		107 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-916451471
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
48f6cd06d49a1e415cf942f754a74da4b8196fad43f721e1c32635c5ab2ffa6a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 14:37:39 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43116
x-xss-protection
0
last-modified
Fri, 27 May 2022 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 27 May 2022 14:37:39 GMT
__cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 		0
317 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEwMi4wLjUwMDUuNjEgU2FmYXJpLzUzNy4zNiIsInNlc3Npb25fcGxhdGZvcm0iOiAiTGludXggeDg2XzY0IiwicmVmZXJyaW5nX3VybCI6ICJodHRwczovL2F1dGgwMDctc2VjdXJlMDdiLnNlcnZlaXJjLmNvbS8iLCJyZWZlcnJpbmdfZG9tYWluIjogImF1dGgwMDctc2VjdXJlMDdiLnNlcnZlaXJjLmNvbSIsInBhZ2VfdGl0bGUiOiAiU2lnbiBPbiB0byBZb3VyIENpdGkgQWNjb3VudCAtIENpdGliYW5rIiwicGFnZV91cmwiOiAiaHR0cHM6Ly9hdXRoMDA3LXNlY3VyZTA3Yi5zZXJ2ZWlyYy5jb20vTG9naW4vP3Rva2VuPSIsInRyYWNrZXJfdHlwZSI6ICJqYXZhc2NyaXB0IiwidHJhY2tlcl92ZXJzaW9uIjogIjIuMi4yMyIsImV2ZW50X25hbWUiOiAibmVidWxhX3BhZ2VfdmlldyIsImV2ZW50X3RpbWVzdGFtcF9lcG9jaCI6ICIxNjUzNjYyMjU5NDk3IiwiZXZlbnRfdGltZXpvbmVfb2Zmc2V0IjogMCwidXNlcl9pZCI6ICIxODEwNWYzOTkxZjYxNS0wZTYwODQwMGYyNjgyYy0xNzM3MzA3OS0xZDRjMDAtMTgxMDVmMzk5MjBjNjMiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cHM6Ly9hdXRoMDA3LXNlY3VyZTA3Yi5zZXJ2ZWlyYy5jb20vTG9naW4vP3Rva2VuPSIsIndlYnNpdGVJZCI6IDUwLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICI0OWYyLTkwNmMtNTA3Zi1jODlhLTVlZWUtZmY2Ni03YzFiLTlkODAiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY1MzY2MjI1OTQ5NCIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiAzNDAsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQ1LjAiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQ1LjAiLCJoaXN0b3J5X2xlbmd0aCI6IDMsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NTM2NjIyNTk0OTcsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.45.82 -, , ASN (),
Reverse DNS
Software
Jetty(9.2.11.v20150529) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-me
prod-instance-gatewayservice-blue-859h
date
Fri, 27 May 2022 14:37:39 GMT
via
1.1 google
server
Jetty(9.2.11.v20150529)
access-control-allow-headers
X-Requested-With, Origin, Content-Type, Accept
access-control-max-age
1800
access-control-allow-methods
GET, POST, PUT, DELETE
content-type
image/gif; charset=UTF-8
access-control-allow-origin
*
access-control-allow-credentials
true
alt-svc
clear
content-length
0
x-application-context
application:9090
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1653662259632&cv=9&fst=1653662259632&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa5p1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauth007-secure07b.serveirc.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauth007-secure07b.serveirc.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
669dec0c080854f09bb510f015db1a1ec90335a227e0ea7cf84b15ac100f60bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1080
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1653662259634&cv=9&fst=1653662259634&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa5p1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauth007-secure07b.serveirc.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauth007-secure07b.serveirc.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8da2fd9ab978006ebc40db3095a95971fa83f6a4c4b11e87c2435febe4a297c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1081
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1653662259635&cv=9&fst=1653662259635&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa5p1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauth007-secure07b.serveirc.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauth007-secure07b.serveirc.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
815eec9921ddc87cc20d2eca3f7416e186d2b0bd07dabeac7cccc297737cd722
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1080
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/959299794/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1653662259635&cv=9&fst=1653662259635&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=12...
  • https://www.google.com/pagead/1p-user-list/959299794/?random=1653662259635&cv=9&fst=1653660000000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=f...
  • https://www.google.de/pagead/1p-user-list/959299794/?random=1653662259635&cv=9&fst=1653660000000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=fa...
42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/959299794/?random=1653662259635&cv=9&fst=1653660000000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa5p1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauth007-secure07b.serveirc.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauth007-secure07b.serveirc.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&is_vtc=1&random=3949932360&resp=GooglemKTybQhCsO&ipr=y
Protocol
H3
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:39 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:39 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
image/gif
location
https://www.google.de/pagead/1p-user-list/959299794/?random=1653662259635&cv=9&fst=1653660000000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa5p1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauth007-secure07b.serveirc.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauth007-secure07b.serveirc.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&is_vtc=1&random=3949932360&resp=GooglemKTybQhCsO&ipr=y
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1653662259636&cv=9&fst=1653662259636&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa5p1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauth007-secure07b.serveirc.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauth007-secure07b.serveirc.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
51bd8838c375142c6cee09bad813a03048fef4f683e827c18b903416f27e863e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1080
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1653662259637&cv=9&fst=1653662259637&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa5p1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauth007-secure07b.serveirc.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauth007-secure07b.serveirc.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a7d6bcacc7d59b0445a60f8e05e4300f45eb032b3b6bc967e437ef413567c214
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1080
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/975701947/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1653662259637&cv=9&fst=1653662259637&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=12...
  • https://www.google.com/pagead/1p-user-list/975701947/?random=1653662259637&cv=9&fst=1653660000000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=f...
  • https://www.google.de/pagead/1p-user-list/975701947/?random=1653662259637&cv=9&fst=1653660000000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=fa...
42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/975701947/?random=1653662259637&cv=9&fst=1653660000000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa5p1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauth007-secure07b.serveirc.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauth007-secure07b.serveirc.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&is_vtc=1&random=2069269356&resp=GooglemKTybQhCsO&ipr=y
Protocol
H3
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:39 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:39 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
image/gif
location
https://www.google.de/pagead/1p-user-list/975701947/?random=1653662259637&cv=9&fst=1653660000000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa5p1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauth007-secure07b.serveirc.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauth007-secure07b.serveirc.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&is_vtc=1&random=2069269356&resp=GooglemKTybQhCsO&ipr=y
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1653662259638&cv=9&fst=1653662259638&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa5p1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauth007-secure07b.serveirc.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauth007-secure07b.serveirc.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4491364d220f9bdf87231eab63d0125d967d6ce6c1ffc14a23254886d871f0df
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1080
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/695231162/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/695231162/?random=1653662259632&cv=9&fst=1653660000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa5p1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauth007-secure07b.serveirc.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauth007-secure07b.serveirc.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=4166656588&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:39 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/695231162/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/695231162/?random=1653662259632&cv=9&fst=1653660000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa5p1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauth007-secure07b.serveirc.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauth007-secure07b.serveirc.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=4166656588&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:39 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/916451471/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/916451471/?random=1653662259634&cv=9&fst=1653660000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa5p1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauth007-secure07b.serveirc.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauth007-secure07b.serveirc.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1298587417&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:39 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/916451471/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/916451471/?random=1653662259634&cv=9&fst=1653660000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa5p1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauth007-secure07b.serveirc.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauth007-secure07b.serveirc.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1298587417&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:39 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/960621875/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/960621875/?random=1653662259635&cv=9&fst=1653660000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa5p1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauth007-secure07b.serveirc.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauth007-secure07b.serveirc.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1205015680&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:39 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/960621875/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/960621875/?random=1653662259635&cv=9&fst=1653660000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa5p1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauth007-secure07b.serveirc.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauth007-secure07b.serveirc.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1205015680&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:39 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/819500023/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/819500023/?random=1653662259636&cv=9&fst=1653660000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa5p1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauth007-secure07b.serveirc.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauth007-secure07b.serveirc.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3316775222&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:39 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/819500023/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/819500023/?random=1653662259636&cv=9&fst=1653660000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa5p1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauth007-secure07b.serveirc.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauth007-secure07b.serveirc.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3316775222&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:39 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/830907969/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/830907969/?random=1653662259637&cv=9&fst=1653660000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa5p1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauth007-secure07b.serveirc.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauth007-secure07b.serveirc.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3483336968&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:39 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/830907969/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/830907969/?random=1653662259637&cv=9&fst=1653660000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa5p1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauth007-secure07b.serveirc.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauth007-secure07b.serveirc.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3483336968&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:39 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/644574043/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/644574043/?random=1653662259638&cv=9&fst=1653660000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa5p1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauth007-secure07b.serveirc.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauth007-secure07b.serveirc.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3522987091&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:39 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/644574043/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/644574043/?random=1653662259638&cv=9&fst=1653660000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa5p1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fauth007-secure07b.serveirc.com%2FLogin%2F%3Ftoken%3D&ref=https%3A%2F%2Fauth007-secure07b.serveirc.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3522987091&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth007-secure07b.serveirc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 14:37:39 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.googleadservices.com
URL
http://www.googleadservices.com/pagead/conversion_async.js
Domain
www.googleadservices.com
URL
http://www.googleadservices.com/pagead/conversion_async.js
Domain
www.googleadservices.com
URL
http://www.googleadservices.com/pagead/conversion_async.js
Domain
www.googleadservices.com
URL
http://www.googleadservices.com/pagead/conversion_async.js
Domain
www.googleadservices.com
URL
http://www.googleadservices.com/pagead/conversion_async.js
Domain
www.googleadservices.com
URL
http://www.googleadservices.com/pagead/conversion_async.js
Domain
www.googleadservices.com
URL
http://www.googleadservices.com/pagead/conversion_async.js
Domain
www.googletagmanager.com
URL
http://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c
Domain
www.googletagmanager.com
URL
http://www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c
Domain
www.googletagmanager.com
URL
http://www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c
Domain
www.googletagmanager.com
URL
http://www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c
Domain
www.googletagmanager.com
URL
http://www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c
Domain
www.googletagmanager.com
URL
http://www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c
Domain
www.googletagmanager.com
URL
http://www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c
Domain
www.googleadservices.com
URL
http://www.googleadservices.com/pagead/conversion_async.js
Domain
cdn.pbbl.co
URL
http://cdn.pbbl.co/r/1560.js
Domain
nexus.ensighten.com
URL
http://nexus.ensighten.com/citi/na_prod/code/d139e7d35fc18934e03ae7d1eb3769bf.js?conditionId0=486757
Domain
nexus.ensighten.com
URL
http://nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153
Domain
nexus.ensighten.com
URL
http://nexus.ensighten.com/citi/na_prod/code/c942fa5b036f63cf515027e22894e5aa.js?conditionId0=421908
Domain
nexus.ensighten.com
URL
http://nexus.ensighten.com/citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456
Domain
nexus.ensighten.com
URL
http://nexus.ensighten.com/citi/na_prod/code/42d4d669434e7d621371bd59ca097dbf.js?conditionId0=4897099
Domain
nexus.ensighten.com
URL
http://nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963
Domain
nexus.ensighten.com
URL
http://nexus.ensighten.com/citi/na_prod/serverComponent.php?r=197721.56227406068&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2
Domain
resources.digital-cloud-citi.medallia.com
URL
http://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1642092206405.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citibank (Banking)

86 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation object| google_tag_manager object| dataLayer object| ensBootstraps object| Bootstrapper function| Visitor object| s_c_il number| s_c_in object| adobe_visitor function| targetPageParams object| adobe function| mboxCreate function| mboxDefine function| mboxUpdate number| getOfferCount object| citiData object| tags object| BKTAG function| bk_addUserCtx function| bk_addPageCtx function| bk_addEmailHash function| bk_addPhoneHash function| bk_doJSTag function| bk_doJSTag2 function| bk_doCarsJSTag function| bk_doPartnerAltTag function| bk_doCallbackTag function| bk_doCallbackTagWithTimeOut object| ttMETA function| ttMBX object| KAMPYLE_EMBED function| gtag function| _rfi function| bk_async object| val boolean| bk_use_multiple_iframes boolean| bk_allow_multiple_calls function| extend function| RocketfuelBCPInclude function| RocketfuelBCPClass function| RocketfuelUtils object| RocketfuelBCP object| google_tag_data undefined| CCSID undefined| citiLocale boolean| citiNGA undefined| pageID object| _pp object| MDIGITAL object| KAMPYLE_CONSTANT object| KAMPYLE_FUNC object| KAMPYLE_DATA object| KAMPYLE_TARGETING object| KAMPYLE_ANIMATION object| KAMPYLE_VIEW object| KAMPYLE_MESSAGE object| KAMPYLE_UTILS object| KAMPYLE_EVENT_DISPATCHER object| KAMPYLE_GA object| MDIGITAL_ELEMENT_BUILDER object| COOLADATA_CODE object| KAMPYLE_COOLADATA object| KAMPYLE_COMMON object| KAMPYLE_THERMO_TEALEAF_FUNC object| KAMPYLE_ADOBE_ANALYTICS object| KAMPYLE_CLICKTALE_FUNC object| KAMPYLE_SESSIONCAM object| KAMPYLE_SCREEN_CAPTURE object| KAMPYLE_ONSITE_SDK undefined| KAMPYLE_POLYFILLS object| KAMPYLE_INTEGRATION object| cooladata

13 Cookies

Domain/Path Name / Value
auth007-secure07b.serveirc.com/ Name: PHPSESSID
Value: 7acb0d76e3ab4d317ae2f80743aeb4fa
.doubleclick.net/ Name: IDE
Value: AHWqTUnLcXcYDX2EREtd9wtTVtUijFfSeh1mbNrc-7UZW95Ry9w1T8IWMTFrRT33
auth007-secure07b.serveirc.com/ Name: 7830
Value: error
auth007-secure07b.serveirc.com/ Name: 7018
Value:
auth007-secure07b.serveirc.com/ Name: 64072
Value:
.auth007-secure07b.serveirc.com/ Name: _gcl_au
Value: 1.1.1434041339.1653662259
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAAAOMSNjU0MTI2NjM3tDA1MzE3NrIwMBXiM9R1Ks9KNzcPCQ4z83UFAK5IGN0lAAAA
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAAAOMSNjU0MTI2NjM3tDA1MzE3NrIwMBXiM9R1Ks9KNzcPCQ4z83UFAK5IGN0lAAAA
auth007-secure07b.serveirc.com/ Name: mdLogger
Value: false
auth007-secure07b.serveirc.com/ Name: kampyle_userid
Value: 49f2-906c-507f-c89a-5eee-ff66-7c1b-9d80
auth007-secure07b.serveirc.com/ Name: kampyleUserSession
Value: 1653662259494
auth007-secure07b.serveirc.com/ Name: kampyleUserSessionsCount
Value: 1
auth007-secure07b.serveirc.com/ Name: kampyleSessionPageCounter
Value: 1

30 Console Messages

Source Level URL
Text
network error URL: https://auth007-secure07b.serveirc.com/A/css/other/cf.css
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
security error URL: https://auth007-secure07b.serveirc.com/Login/?token=
Message:
Mixed Content: The page at 'https://auth007-secure07b.serveirc.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://www.googleadservices.com/pagead/conversion_async.js'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://auth007-secure07b.serveirc.com/Login/?token=
Message:
Mixed Content: The page at 'https://auth007-secure07b.serveirc.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://www.googleadservices.com/pagead/conversion_async.js'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://auth007-secure07b.serveirc.com/Login/?token=
Message:
Mixed Content: The page at 'https://auth007-secure07b.serveirc.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://www.googleadservices.com/pagead/conversion_async.js'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://auth007-secure07b.serveirc.com/Login/?token=
Message:
Mixed Content: The page at 'https://auth007-secure07b.serveirc.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://www.googleadservices.com/pagead/conversion_async.js'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://auth007-secure07b.serveirc.com/Login/?token=
Message:
Mixed Content: The page at 'https://auth007-secure07b.serveirc.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://www.googleadservices.com/pagead/conversion_async.js'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://auth007-secure07b.serveirc.com/Login/?token=
Message:
Mixed Content: The page at 'https://auth007-secure07b.serveirc.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://www.googleadservices.com/pagead/conversion_async.js'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://auth007-secure07b.serveirc.com/Login/?token=
Message:
Mixed Content: The page at 'https://auth007-secure07b.serveirc.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://www.googleadservices.com/pagead/conversion_async.js'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://auth007-secure07b.serveirc.com/Login/?token=
Message:
Mixed Content: The page at 'https://auth007-secure07b.serveirc.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://auth007-secure07b.serveirc.com/Login/?token=
Message:
Mixed Content: The page at 'https://auth007-secure07b.serveirc.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://auth007-secure07b.serveirc.com/Login/?token=
Message:
Mixed Content: The page at 'https://auth007-secure07b.serveirc.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://auth007-secure07b.serveirc.com/Login/?token=
Message:
Mixed Content: The page at 'https://auth007-secure07b.serveirc.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://auth007-secure07b.serveirc.com/Login/?token=
Message:
Mixed Content: The page at 'https://auth007-secure07b.serveirc.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://auth007-secure07b.serveirc.com/Login/?token=
Message:
Mixed Content: The page at 'https://auth007-secure07b.serveirc.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://auth007-secure07b.serveirc.com/Login/?token=
Message:
Mixed Content: The page at 'https://auth007-secure07b.serveirc.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://auth007-secure07b.serveirc.com/Login/?token=
Message:
Mixed Content: The page at 'https://auth007-secure07b.serveirc.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://www.googleadservices.com/pagead/conversion_async.js'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://auth007-secure07b.serveirc.com/Login/?token=
Message:
Mixed Content: The page at 'https://auth007-secure07b.serveirc.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://cdn.pbbl.co/r/1560.js'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://auth007-secure07b.serveirc.com/Login/?token=
Message:
Mixed Content: The page at 'https://auth007-secure07b.serveirc.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://nexus.ensighten.com/citi/na_prod/code/d139e7d35fc18934e03ae7d1eb3769bf.js?conditionId0=486757'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://auth007-secure07b.serveirc.com/Login/?token=
Message:
Mixed Content: The page at 'https://auth007-secure07b.serveirc.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://auth007-secure07b.serveirc.com/Login/?token=
Message:
Mixed Content: The page at 'https://auth007-secure07b.serveirc.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://nexus.ensighten.com/citi/na_prod/code/c942fa5b036f63cf515027e22894e5aa.js?conditionId0=421908'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://auth007-secure07b.serveirc.com/Login/?token=
Message:
Mixed Content: The page at 'https://auth007-secure07b.serveirc.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://nexus.ensighten.com/citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://auth007-secure07b.serveirc.com/Login/?token=
Message:
Mixed Content: The page at 'https://auth007-secure07b.serveirc.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://nexus.ensighten.com/citi/na_prod/code/42d4d669434e7d621371bd59ca097dbf.js?conditionId0=4897099'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://auth007-secure07b.serveirc.com/Login/?token=
Message:
Mixed Content: The page at 'https://auth007-secure07b.serveirc.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://auth007-secure07b.serveirc.com/Login/?token=
Message:
Mixed Content: The page at 'https://auth007-secure07b.serveirc.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://nexus.ensighten.com/citi/na_prod/serverComponent.php?r=197721.56227406068&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://auth007-secure07b.serveirc.com/Login/?token=
Message:
Mixed Content: The page at 'https://auth007-secure07b.serveirc.com/Login/?token=' was loaded over HTTPS, but requested an insecure script 'http://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1642092206405.js'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://auth007-secure07b.serveirc.com/Login/?token=(Line 9240)
Message:
Mixed Content: The page at 'https://auth007-secure07b.serveirc.com/Login/?token=' was loaded over HTTPS, but requested an insecure frame 'http://fast.citi.demdex.net/dest5.html?d_nsid=0#http%3A%2F%2Flocalhost%2Fskemas%2FCiti%2520antis%2520upgraded%2520%40VixxxYZ%2Flogin%2Fses%2F%3Fresponse_type%3Dcode%26client_id%3DMOBI%2540AMER.OAUTHAP%26Auth_key%3D6a09773ace2bd074cd40eceabfc311eaa037e8a2'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://auth007-secure07b.serveirc.com/Login/?token=(Line 9240)
Message:
Mixed Content: The page at 'https://auth007-secure07b.serveirc.com/Login/?token=' was loaded over HTTPS, but requested an insecure frame 'http://cdn.pbbl.co/i/pp.html'. This request has been blocked; the content must be served over HTTPS.
network error URL: https://auth007-secure07b.serveirc.com/Login/img/Citi-Branding-Sprite.png
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://cdn.pbbl.co/r/1560.js
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Message:
Failed to load resource: the server responded with a status of 451 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

20766699p.rfihub.com
auth007-secure07b.serveirc.com
bid.g.doubleclick.net
c1.rfihub.net
cdn.pbbl.co
googleads.g.doubleclick.net
nebula-cdn.kampyle.com
nexus.ensighten.com
resources.digital-cloud-citi.medallia.com
sr.rlcdn.com
stags.bluekai.com
tags.bkrtx.com
udc-neb.kampyle.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
cdn.pbbl.co
nexus.ensighten.com
resources.digital-cloud-citi.medallia.com
www.googleadservices.com
www.googletagmanager.com
104.111.215.191
142.250.185.162
151.101.1.175
151.101.2.133
172.253.120.156
18.197.253.20
18.66.122.27
193.0.160.129
2600:9000:223c:d400:1:76cf:fe80:93a1
2a00:1450:4001:813::2004
2a00:1450:4001:827::2003
2a00:1450:4001:828::2008
2a00:1450:4001:829::2002
35.190.60.146
35.241.45.82
40.78.153.232
96.16.135.39
03c577a8029b7cf968a01cd6b6cd433a8d3d4861e7f839a74033ee8f113e5ee9
045cd226594cb32ddf9d4db8ee45611f4d0788675ae50180b68da975e66fe1fe
0ddb989a367c72a77f123d47bb4074f3c8245273e7bd6a5a4e1e5d019e653cae
176078acf95925030c4e9b30530e20df88d737449b844668c3e92ba6824667f0
1e2c4ca10994e15df5513cafc1fce27b9441f3f93941b853284386a3c0d4dea2
2a2d6ef797a68cfbefbe164ec6d70bec615b87b2f1dfcf568c92bd41faf8e10f
2cc61e4818467df63fe1fdf04520c82b209e50732b5238328e3dbbdc07540ce3
3072098291dd55e6fdbd6dcb77a2fd7e5c997d3356d2281275d91fc54bf639bd
31b00ff4929696dfca06885da68e58c3e09f6ecb4ae0fe1ae287e99a3fd1f716
3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1
439bb68e4b99a7037363e3c9671380459a2e0aa1c8276fb1c68823da04608a3d
4491364d220f9bdf87231eab63d0125d967d6ce6c1ffc14a23254886d871f0df
48e89b7e40e096b89d864a5c8ee340ce44ca60fe9675310ef2f3f40a53a7d593
48f6cd06d49a1e415cf942f754a74da4b8196fad43f721e1c32635c5ab2ffa6a
51bd8838c375142c6cee09bad813a03048fef4f683e827c18b903416f27e863e
53350525edba0b889e87ea52a16ed843a928a2557e9f8d6747acd7ff991c95c3
5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837
5acd74a5eaab3ff9dcad398ff2318a35dbf4c8b5380a9e9dd5e6718039247e90
5cbb5852d6dd001b4defb3f6ace7f8beb88d0f19d20d00ebfd086a24c31988db
6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b
669dec0c080854f09bb510f015db1a1ec90335a227e0ea7cf84b15ac100f60bc
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452
6ff032656721991b67f3ddd2dacfd315b51ee6940010a81d781d9a8e0f24af2c
70f3cacfaa80a9d270cf98ce26fef532b1004bc471a20611f35bc70cd6d8d899
7df13706eaab8ce9a3dcd2a501f60bc66987c83834d07dfaf07ae56ef814c110
7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f
815eec9921ddc87cc20d2eca3f7416e186d2b0bd07dabeac7cccc297737cd722
82c6add3f5ea5a65f93e576e953fb1079e748ffee52b271cd6a08d9eea180b43
88cd43c3f5453f7b4db2cbe884b47db3c8317860a2ce6e9b2bc934ff4b8e32eb
8b84143daf14daef3c3d40ee52ca34661923f713fc7099b7345084217d30bb4e
8da2fd9ab978006ebc40db3095a95971fa83f6a4c4b11e87c2435febe4a297c1
9779de4a1526892bf9e5929f3d68f33a43d19ed08f3cac5b557044899c274e8b
a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f
a7d6bcacc7d59b0445a60f8e05e4300f45eb032b3b6bc967e437ef413567c214
b4809fc362daef23bf8d8051bb8d3804ec6411fbc813d3d016055ef7ff383fed
b8e446605f92c29a178dd6494688103ac268004592afe06643df46f4bff68577
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8
c437eb764a99e6cd5172d63c3fae564bbc51eda4981058d5edebd2bf0700eb76
c66572861cbc68f1d2cde6c1f9c79fad6ac40b3f4b8886b2eee46aa888beedf6
c73e69a929ce513e05bba4a3359296cf41064aaff3355d900b971ca39175a935
cb79d957593c026e8328a5bc61e0a886e73318c2d1633e7fe44be9369dccf930
cd3f5d6992b4491b8df72c11c1129ab3f3522bb5b86e3d1ea9ae1b2688b140af
cf2bccfb622454069a9e5dc2ecb9fd50e77b64a917eb28883b624408da000c50
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
d96096e5d0015d2911819c14b38a00daecb670777d1cbb4661a44d165b34ceac
dce306cc7125d829747f2e313bc52c840b5e1a0be61c315ad0a2e601b77afe9e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3f35e704f782885238c81edc4d12b020a5402115edc8fa684ef0879722045f6
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f202858f822f252af02cae9db0c8644de3288b9da218b56aad7b8a947b85f8b7
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296
f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631
f466fefcfa7d8042306f8bf5c739670b8b20f3622cbc43e1e482263d95dd3ce5
f534bbe848e198496928fc4ce0e9b7fcebe9eba6126cb2d6091c5931a8444cd5
f636737ba1207aba7c37329e48607498971707a15b0493fadcdf1249a1775200
f7db6a04694b3c8ad470ffcb6afcc7d99e9b1b1b6f2d606b515382e7f01cfaa4
f94cb7cab7413f3e828c469111e3f9ee7bf21ac163cea343be2cdef866160d40
fd1b4bf5f51cea1129ec833e6dcc4213514ffb01ca67e2a1bfc5c82c2e3bbb2c
ff6e394cabd65a0024b450e7797f4a7679abe1cffe7cd2a08227da5a66e056ab