citicards.citi.com Open in urlscan Pro
35.190.22.40 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://citi.com/fraudprevention
Effective URL:
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID...
Submission: On July 11 via api (July 11th 2023, 5:43:51 pm UTC) from US — Scanned from DE

Summary HTTP 163 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 30 IPs in 4 countries across 21 domains to perform 163 HTTP transactions. The main IP is 35.190.22.40, located in Kansas City, United States and belongs to GOOGLE, US. The main domain is citicards.citi.com. The Cisco Umbrella rank of the primary domain is 172881.
TLS certificate: Issued by DigiCert EV RSA CA G2 on March 14th 2023. Valid for: a year.

This is the only time citicards.citi.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	192.193.218.80 192.193.218.80	32287 (SOLANA-CI...) (SOLANA-CITIPLEX)
1 1	23.45.98.135 23.45.98.135	16625 (AKAMAI-AS) (AKAMAI-AS)
1 55	35.190.22.40 35.190.22.40	15169 (GOOGLE) (GOOGLE)
4	2606:4700::68... 2606:4700::6813:9408	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	65.9.66.24 65.9.66.24	16509 (AMAZON-02) (AMAZON-02)
1 4	34.255.171.99 34.255.171.99	16509 (AMAZON-02) (AMAZON-02)
8	52.52.16.210 52.52.16.210	16509 (AMAZON-02) (AMAZON-02)
3	34.107.138.236 34.107.138.236	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	63.140.62.164 63.140.62.164	15224 (OMNITURE) (OMNITURE)
1 1	3.248.138.51 3.248.138.51	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:211... 2600:9000:211a:9200:1:76cf:fe80:93a1	16509 (AMAZON-02) (AMAZON-02)
13	2a00:1450:400... 2a00:1450:4001:80b::2008	15169 (GOOGLE) (GOOGLE)
1	18.66.97.121 18.66.97.121	16509 (AMAZON-02) (AMAZON-02)
1	18.66.122.57 18.66.122.57	16509 (AMAZON-02) (AMAZON-02)
1	18.213.250.165 18.213.250.165	14618 (AMAZON-AES) (AMAZON-AES)
1	66.235.152.107 66.235.152.107	15224 (OMNITURE) (OMNITURE)
1	193.0.160.130 193.0.160.130	54312 (ROCKETFUEL) (ROCKETFUEL)
8	104.17.209.240 104.17.209.240	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.190.60.146 35.190.60.146	15169 (GOOGLE) (GOOGLE)
7	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2600:9000:225... 2600:9000:225e:da00:1d:bf0a:0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	108.138.15.119 108.138.15.119	16509 (AMAZON-02) (AMAZON-02)
1 2	209.54.182.161 209.54.182.161	16509 (AMAZON-02) (AMAZON-02)
1	34.226.6.56 34.226.6.56	14618 (AMAZON-AES) (AMAZON-AES)
9	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
2	18.210.220.180 18.210.220.180	14618 (AMAZON-AES) (AMAZON-AES)
1	18.155.129.101 18.155.129.101	16509 (AMAZON-02) (AMAZON-02)
1	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
9	2a00:1450:400... 2a00:1450:4001:806::2004	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
3	104.17.208.240 104.17.208.240	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	184.30.20.101 184.30.20.101	16625 (AKAMAI-AS) (AKAMAI-AS)
163	30

1 192.193.218.80 (New York, United States) 1 redirects

ASN32287 (SOLANA-CITIPLEX, US)
PTR: citi.com

citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.45.98.135 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-45-98-135.deploy.static.akamaitechnologies.com

www.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

55 35.190.22.40 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 40.22.190.35.bc.googleusercontent.com

citi.bridgetrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
citicards.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6813:9408 (United States)

ASN13335 (CLOUDFLARENET, US)

script.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 65.9.66.24 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-24.fra56.r.cloudfront.net

nexus.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.255.171.99 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-255-171-99.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
citi.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 52.52.16.210 (San Jose, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-52-16-210.us-west-1.compute.amazonaws.com

tagmanager1.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
data.privacy.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.107.138.236 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 236.138.107.34.bc.googleusercontent.com

cdn.digitalmarketing.citibankonline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.140.62.164 (United States)

ASN15224 (OMNITURE, US)
PTR: ip-63-140-62-164.data.adobedc.net

metrics1.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.248.138.51 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-248-138-51.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:211a:9200:1:76cf:fe80:93a1 (United States)

ASN16509 (AMAZON-02, US)

c1.rfihub.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:80b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.97.121 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-121.fra56.r.cloudfront.net

pagestates-tracking.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.122.57 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-122-57.fra60.r.cloudfront.net

assets-tracking.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.213.250.165 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-213-250-165.compute-1.amazonaws.com

tracking.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.235.152.107 (United States)

ASN15224 (OMNITURE, US)
PTR: ip-66-235-152-107.data.adobedc.net

citicorpcreditservic.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.130 (United States)

ASN54312 (ROCKETFUEL, US)

20766699p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 104.17.209.240 (None, )

ASN13335 (CLOUDFLARENET, US)

zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.60.146 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com

sr.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:225e:da00:1d:bf0a:0:93a1 (United States)

ASN16509 (AMAZON-02, US)

c.tvpixel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.15.119 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-15-119.fra56.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 209.54.182.161 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.226.6.56 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-226-6-56.compute-1.amazonaws.com

prod.report.nacustomerexperience.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.210.220.180 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-210-220-180.compute-1.amazonaws.com

p.tvpixel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.155.129.101 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-155-129-101.cdg52.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:806::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.17.208.240 (None, )

ASN13335 (CLOUDFLARENET, US)

siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.30.20.101 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-20-101.deploy.static.akamaitechnologies.com

iad1.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
58	citi.com 2 redirects citi.com — Cisco Umbrella Rank: 11358 www.citi.com — Cisco Umbrella Rank: 25553 citicards.citi.com — Cisco Umbrella Rank: 172881 tagmanager1.citi.com — Cisco Umbrella Rank: 51910 metrics1.citi.com — Cisco Umbrella Rank: 22914 prod.report.nacustomerexperience.citi.com — Cisco Umbrella Rank: 19460	886 KB
21	ensighten.com nexus.ensighten.com — Cisco Umbrella Rank: 3097 data.privacy.ensighten.com — Cisco Umbrella Rank: 8355	338 KB
13	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 79	759 KB
12	qualtrics.com zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com — Cisco Umbrella Rank: 31778 siteintercept.qualtrics.com — Cisco Umbrella Rank: 899 iad1.qualtrics.com — Cisco Umbrella Rank: 10800	95 KB
9	google.de www.google.de — Cisco Umbrella Rank: 4752	1 KB
9	google.com www.google.com — Cisco Umbrella Rank: 10	1 KB
9	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 57	14 KB
7	bing.com bat.bing.com — Cisco Umbrella Rank: 390	14 KB
7	crazyegg.com script.crazyegg.com — Cisco Umbrella Rank: 2357 pagestates-tracking.crazyegg.com — Cisco Umbrella Rank: 5243 assets-tracking.crazyegg.com — Cisco Umbrella Rank: 5234 tracking.crazyegg.com — Cisco Umbrella Rank: 4635	33 KB
4	demdex.net 1 redirects dpm.demdex.net — Cisco Umbrella Rank: 218 citi.demdex.net — Cisco Umbrella Rank: 40382	6 KB
3	tvpixel.com c.tvpixel.com — Cisco Umbrella Rank: 9442 p.tvpixel.com — Cisco Umbrella Rank: 2065	32 KB
3	citibankonline.com cdn.digitalmarketing.citibankonline.com — Cisco Umbrella Rank: 73076	52 KB
2	amazon-adsystem.com 1 redirects s.amazon-adsystem.com — Cisco Umbrella Rank: 333	763 B
2	adsrvr.org js.adsrvr.org — Cisco Umbrella Rank: 1592 insight.adsrvr.org — Cisco Umbrella Rank: 603	3 KB
2	bridgetrack.com 1 redirects citi.bridgetrack.com — Cisco Umbrella Rank: 150541	1 KB
1	scorecardresearch.com sb.scorecardresearch.com — Cisco Umbrella Rank: 162	300 B
1	rlcdn.com sr.rlcdn.com — Cisco Umbrella Rank: 20572	98 B
1	rfihub.com 20766699p.rfihub.com — Cisco Umbrella Rank: 117813	684 B
1	omtrdc.net citicorpcreditservic.tt.omtrdc.net — Cisco Umbrella Rank: 31853	1 KB
1	rfihub.net c1.rfihub.net — Cisco Umbrella Rank: 5437	6 KB
1	everesttech.net 1 redirects cm.everesttech.net — Cisco Umbrella Rank: 1111	517 B
163	21

	Domain	Requested by
53	citicards.citi.com	nexus.ensighten.com citicards.citi.com
14	nexus.ensighten.com	citicards.citi.com nexus.ensighten.com
13	www.googletagmanager.com	nexus.ensighten.com
10	siteintercept.qualtrics.com	nexus.ensighten.com
9	www.google.de
9	www.google.com
9	googleads.g.doubleclick.net	nexus.ensighten.com
7	bat.bing.com	nexus.ensighten.com
7	data.privacy.ensighten.com	citicards.citi.com
4	script.crazyegg.com	citicards.citi.com script.crazyegg.com nexus.ensighten.com
3	cdn.digitalmarketing.citibankonline.com	citicards.citi.com
3	dpm.demdex.net	1 redirects citicards.citi.com
2	p.tvpixel.com	nexus.ensighten.com
2	s.amazon-adsystem.com	1 redirects
2	citi.bridgetrack.com	1 redirects citicards.citi.com
1	iad1.qualtrics.com
1	insight.adsrvr.org	nexus.ensighten.com
1	sb.scorecardresearch.com
1	prod.report.nacustomerexperience.citi.com	nexus.ensighten.com
1	js.adsrvr.org	nexus.ensighten.com
1	c.tvpixel.com	nexus.ensighten.com
1	sr.rlcdn.com	nexus.ensighten.com
1	zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com	nexus.ensighten.com
1	20766699p.rfihub.com	nexus.ensighten.com
1	citicorpcreditservic.tt.omtrdc.net	nexus.ensighten.com
1	tracking.crazyegg.com	script.crazyegg.com
1	assets-tracking.crazyegg.com	script.crazyegg.com
1	pagestates-tracking.crazyegg.com	script.crazyegg.com
1	c1.rfihub.net	nexus.ensighten.com
1	cm.everesttech.net	1 redirects
1	metrics1.citi.com	nexus.ensighten.com
1	citi.demdex.net	nexus.ensighten.com
1	tagmanager1.citi.com	nexus.ensighten.com
1	www.citi.com	1 redirects
1	citi.com	1 redirects
163	35

This site contains links to these domains. Also see Links.

Domain
online.citi.com
citi.bridgetrack.com
www.lifeandmoney.citi.com
www.ftc.gov

Subject Issuer	Validity	Valid
citicards.citi.com DigiCert EV RSA CA G2	`2023-03-14` - `2024-04-13`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-03-09` - `2024-03-08`	a year	crt.sh
nexus.ensighten.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-07` - `2023-10-14`	a year	crt.sh
citi.bridgetrack.com Thawte EV RSA CA G2	`2023-03-20` - `2024-04-19`	a year	crt.sh
tagmanager1.citi.com DigiCert EV RSA CA G2	`2022-09-21` - `2023-09-22`	a year	crt.sh
cdn.digitalmarketing.citibankonline.com DigiCert EV RSA CA G2	`2023-05-23` - `2024-06-22`	a year	crt.sh
*.privacy.ensighten.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-03` - `2024-02-16`	a year	crt.sh
*.demdex.com DigiCert TLS RSA SHA256 2020 CA1	`2022-09-26` - `2023-10-27`	a year	crt.sh
metrics1.citi.com DigiCert EV RSA CA G2	`2022-07-22` - `2023-08-22`	a year	crt.sh
*.rfihub.net Amazon RSA 2048 M01	`2023-02-24` - `2023-12-29`	10 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
crazyegg.com Amazon RSA 2048 M02	`2023-05-28` - `2024-06-26`	a year	crt.sh
*.tt.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1	`2022-08-01` - `2023-09-01`	a year	crt.sh
*.rfihub.com Sectigo RSA Domain Validation Secure Server CA	`2023-04-27` - `2024-04-27`	a year	crt.sh
*.qualtrics.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-27` - `2024-03-26`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2023-02-02` - `2024-03-03`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2023-02-16` - `2023-08-16`	6 months	crt.sh
*.tvpixel.com Amazon RSA 2048 M01	`2023-02-21` - `2024-01-13`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
prod.report.nacustomerexperience.citi.com DigiCert EV RSA CA G2	`2023-05-19` - `2024-05-22`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.scorecardresearch.com Sectigo RSA Domain Validation Secure Server CA	`2022-12-15` - `2023-12-28`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh

This page contains 6 frames:

Primary Page: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Frame ID: 318E0ED9CCA9C1ACFEC7537E73F581CF
Requests: 154 HTTP requests in this frame

Frame: https://script.crazyegg.com/pages/data-scripts/0090/1567/sampling/citicards.citi.com.json?t=469193
Frame ID: D94000EB0078F4803EEF2065A39EC762
Requests: 4 HTTP requests in this frame

Frame: https://citi.demdex.net/dest5.html?d_nsid=0
Frame ID: F2C05294BB4C65DEE78CB120FF629263
Requests: 1 HTTP requests in this frame

Frame: https://20766699p.rfihub.com/ca.html?ver=9&ra=571&rb=648&ca=20766699&_o=17169175&_t=citifraudpreventionlp&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=citifraudpreventionlp&pe=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0%21.SEOz.eGI.lYg.xG%21.Bj.SX.0f.E%26ProspectID%3D141192DFC58B4C938068143DDD521636&pf=&ra=4515015612570068
Frame ID: EED38BA522EFCC873B1B7587A70613D7
Requests: 1 HTTP requests in this frame

Frame: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Frame ID: C15ACD2275072357DEA1BFCCB3768A68
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=1jw5cvl&ref=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D141192DFC58B4C938068143DDD521636&upid=hqgowpz&upv=1.1.0&id=ttdUniversalPixelTag1689097425047&td1=Sapient_cbol_citi_fraud_prevention_lp
Frame ID: 9CEB94EBFDF5AF6A10F959E513CD290C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Fraud Prevention | Citi.com

Page URL History Show full URLs

http://citi.com/fraudprevention HTTP 301
http://www.citi.com/fraudprevention HTTP 301
https://citi.bridgetrack.com/cbol/_spredir.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E HTTP 302
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.B... Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Akamai Bot Manager (Security) Expand

Overall confidence: 100%
Detected patterns

Crazy Egg (Analytics) Expand

Overall confidence: 100%
Detected patterns

script\.crazyegg\.com/pages/scripts/\d+/\d+\.js

Ensighten (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

//nexus\.ensighten\.com/

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

163
Requests

97 %
HTTPS

25 %
IPv6

21
Domains

35
Subdomains

30
IPs

4
Countries

2240 kB
Transfer

5283 kB
Size

48
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: https://online.citi.com/US/ag/security-center
Title: Learn More

Search URL Search Domain Scan URL

URL: https://citi.bridgetrack.com/track/?TGT=28718

Search URL Search Domain Scan URL

URL: https://citi.bridgetrack.com/track/?TGT=28715
Title: Terms & Conditions

Search URL Search Domain Scan URL

URL: https://citi.bridgetrack.com/track/?TGT=28717
Title: Privacy

Search URL Search Domain Scan URL

URL: https://citi.bridgetrack.com/track/?TGT=151056
Title: Notice at Collection

Search URL Search Domain Scan URL

URL: https://citi.bridgetrack.com/track/?TGT=151057
Title: CA Privacy Hub

Search URL Search Domain Scan URL

URL: https://citi.bridgetrack.com/track/?TGT=153112
Title: Accessibility

Search URL Search Domain Scan URL

URL: https://citi.bridgetrack.com/track/?TGT=28716
Title: Security

Search URL Search Domain Scan URL

URL: https://citi.bridgetrack.com/track/?TGT=143095
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://citi.bridgetrack.com/track/?TGT=143097

Search URL Search Domain Scan URL

URL: https://citi.bridgetrack.com/track/?TGT=143098

Search URL Search Domain Scan URL

URL: https://citi.bridgetrack.com/track/?TGT=143100

Search URL Search Domain Scan URL

URL: https://www.lifeandmoney.citi.com/money/finance-101/protect-your-information-online
Title: safeguard those details.

Search URL Search Domain Scan URL

URL: https://www.ftc.gov/
Title: FTC.Gov

Search URL Search Domain Scan URL

URL: https://www.lifeandmoney.citi.com/Money/Finance101/2022-Scams-to-Watch-For
Title: Read more on Life and Money

Search URL Search Domain Scan URL

URL: https://www.lifeandmoney.citi.com/money/finance-101/protecting-yourself-from-financial-scams
Title: Read More > 8 Financial Scams to Watch Out For

Search URL Search Domain Scan URL

URL: https://www.lifeandmoney.citi.com/money/finance-101/home-office-business-scams
Title: Read More > Working Remotely? Be Aware of these Home Office Scams

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://citi.com/fraudprevention HTTP 301
http://www.citi.com/fraudprevention HTTP 301
https://citi.bridgetrack.com/cbol/_spredir.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E HTTP 302
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

https://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1689097422886 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1689097422886

Request Chain 26

https://cm.everesttech.net/cm/dd?d_uuid=43324389006468900221466889957537638330 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZK2UzwAAAHaW3QNn

Request Chain 98

https://s.amazon-adsystem.com/iu3?pid=c3702eea-109e-48b0-9ef4-c856bdd405e2&event=PageView HTTP 302
https://s.amazon-adsystem.com/iu3?pid=c3702eea-109e-48b0-9ef4-c856bdd405e2&event=PageView&dcc=t

163 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request default.htm Show response
citicards.citi.com/cbol/fraudprevention/
Redirect Chain

http://citi.com/fraudprevention
http://www.citi.com/fraudprevention
https://citi.bridgetrack.com/cbol/_spredir.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636

102 KB
46 KB

228ms
152ms

Document
text/html

35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

40.22.190.35.bc.googleusercontent.com

Software

Resource Hash

01794049bbbd97e17a007de3d2493a51f96a730b16120c260e60f60d23617245

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: gzip
content-length: 46430
content-type: text/html
date: Tue, 11 Jul 2023 17:43:42 GMT
expires: Mon, 10 Jul 2023 17:43:42 GMT
p3p: CP="NON DSP COR DEVa PSAa IVAo CONo OUR IND UNI PUR NAV DEM LOC", policyref="http://citi.bridgetrack.com/w3c/p3p.xml"
vary: Accept-Encoding
via: 1.1 google
x-frame-options: DENY

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html
date: Tue, 11 Jul 2023 17:43:41 GMT
expires: Mon, 10 Jul 2023 17:43:42 GMT
location: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
p3p: CP="NON DSP COR DEVa PSAa IVAo CONo OUR IND UNI PUR NAV DEM LOC", policyref="http://citi.bridgetrack.com/w3c/p3p.xml"
via: 1.1 google

GET
H2 200 1567.js Show response
script.crazyegg.com/pages/scripts/0090/ 6 KB
2 KB 103ms
30ms Script
text/javascript 2606:4700::6813:9408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/scripts/0090/1567.js
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 94bad9954c9dc33d05273f541c9f4ad8b7622eba628719cf61ff5969c3656b4f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:42 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 6660
cf-polished: origSize=6063
ce-version: 11.5.100
cf-bgj: minify
last-modified: Tue, 11 Jul 2023 15:52:42 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
cf-ray: 7e52d9acbb202bf8-FRA

GET
H2 200 Bootstrap.js Show response
nexus.ensighten.com/citi/na_prod/ 612 KB
160 KB 75ms
22ms Script
application/javascript 65.9.66.24
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-24.fra56.r.cloudfront.net
Software: CloudFront /
Resource Hash: f10adae49adfa818062a6eceb50629a68614fb3fc25b59b2f1d77d8850bfd7c8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 15:49:03 GMT
x-amz-version-id: T6oAT_f8G7Qoll54xuX0m31Qyk_NNISj
content-encoding: gzip
via: 1.1 673c96d1f19de21216629aa48d90ac92.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 525279
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Wed, 05 Jul 2023 15:48:08 GMT
server: CloudFront
etag: W/"409dcdb02169e3668021846b3af7e6c0"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=300
x-amz-cf-id: 5of6h-RLlRCA9FQHlQ7w2NBJfZl6O8VY2jovqvtreY6i8yQNlAhK8A==

GET
H2 200 /
citi.bridgetrack.com/track/ 43 B
380 B 138ms
138ms Image
image/gif 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citi.bridgetrack.com/track/?id=65345&random=3.10787705533015E+17
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 63b98a0c8568c08fd01a6946a147bca65eff26c8085f1ccb5330aafe0f0dcd15

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:43:42 GMT
via: 1.1 google
content-type: image/GIF
p3p: CP="NON DSP COR DEVa PSAa IVAo CONo OUR IND UNI PUR NAV DEM LOC", policyref="http://citi.bridgetrack.com/w3c/p3p.xml"
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 10 Jul 2023 17:43:42 GMT

GET
H2 200 citicards.citi.com.json Show response
script.crazyegg.com/pages/data-scripts/0090/1567/site/ 9 KB
2 KB 77ms
34ms XHR
application/json 2606:4700::6813:9408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/data-scripts/0090/1567/site/citicards.citi.com.json?t=1
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0090/1567.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dcc98ed15ff1c1615e63087bbc63be6986c64db729204db4c320c8cc709d39e2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:42 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 6660
ce-version: 11.5.100
content-length: 2143
last-modified: Tue, 11 Jul 2023 15:52:42 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7e52d9ad2e124dc3-FRA

GET
H/1.1

200
OK

rd Show response
dpm.demdex.net/id/
Redirect Chain

https://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1689097422886
https://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1689097422886

363 B
1 KB

60ms
60ms

XHR
application/json

34.255.171.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1689097422886

Requested by

Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636

Protocol

HTTP/1.1

Server

34.255.171.99 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-255-171-99.eu-west-1.compute.amazonaws.com

Software

Resource Hash

33a89ddbdb9b6f557fdf209c9146940080e7f1e6dec5f59258690e7a15d9f86b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v050-02495e23f.edge-irl1.demdex.com 10 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: Ld6xY/kfTEw=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://citicards.citi.com
Content-Type: application/json;charset=utf-8
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 308
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-1-v050-0a29368df.edge-irl1.demdex.com 0 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: vhu9TekXQdI=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://citicards.citi.com
Location: https://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1689097422886
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 430d3e594a046cfc3276d6d4dacdf0fedf24fd788d52bffb3582954a08025f07 Show response
tagmanager1.citi.com/one/v1/profiles/ 583 B
648 B 666ms
280ms XHR
application/json 52.52.16.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagmanager1.citi.com/one/v1/profiles/430d3e594a046cfc3276d6d4dacdf0fedf24fd788d52bffb3582954a08025f07
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.52.16.210 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-52-16-210.us-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e4dda841c731d19974cdfa6ad5694ac6d20e9c10817574afd354413a634981f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
content-encoding: gzip
server: nginx
x-ens-one-is-anonymous: true
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: *
access-control-allow-headers: *
x-ens-one-ttl: 1695627671
apigw-requestid: H6QwejYLvHcEJCw=

GET
H2 200 61f2689d95e94c6ef599202edd32401c.js Show response
script.crazyegg.com/pages/versioned/common-scripts/ 77 KB
27 KB 28ms
28ms Script
text/javascript 2606:4700::6813:9408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/versioned/common-scripts/61f2689d95e94c6ef599202edd32401c.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: db2ccc051fd7633008012ea29d2598c95d84c9a9c985db4359eb1982bd6f2b8b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 30 Jun 2023 09:34:40 GMT
server: cloudflare
age: 7262
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7e52d9b27b152bf8-FRA
content-length: 27037

GET
H2 200 serverComponent.php Show response
nexus.ensighten.com/citi/na_prod/ 2 KB
1 KB 38ms
38ms Script
text/javascript 65.9.66.24
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Wed%20Jul%2005%2015:48:04%20GMT%202023&ClientID=1129&PageID=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D141192DFC58B4C938068143DDD521636
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-24.fra56.r.cloudfront.net
Software: CloudFront /
Resource Hash: e9474e838269e255b0e780548e774f933d6ec6f122b892afefff77c361f8e67e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
content-encoding: gzip
via: 1.1 673c96d1f19de21216629aa48d90ac92.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-C1
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/javascript
cache-control: no-cache, no-store
x-amz-cf-id: AStoM5dXE8H0x2mhn9f0Uwzi9pPWEB0_w86Nkneidq373WyTdSiDBg==
expires: Tue, 11 Jul 2023 17:43:42 GMT

GET
H2 200 851.bundle.js Show response
citicards.citi.com/cbol/fraudprevention/js/ 48 KB
16 KB 129ms
129ms Script
application/javascript 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://citicards.citi.com/cbol/fraudprevention/js/851.bundle.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 4bd2e97ff103e4087829ada73ed0a4f97639bd1cf5fe57744dbb1504e6217d2f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Mon, 17 Apr 2023 18:57:32 GMT
etag: "036e9765e71d91:0"
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16169

GET
H2 200 interstate-light.woff
cdn.digitalmarketing.citibankonline.com/fonts/ 17 KB
17 KB 102ms
22ms Font
application/x-woff 34.107.138.236
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.digitalmarketing.citibankonline.com/fonts/interstate-light.woff

Requested by

Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.107.138.236 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

236.138.107.34.bc.googleusercontent.com

Software

Resource Hash

0a747978746092df6f18fe90ef23b9896959f6a9bb0b58cbab2cbc851793e023

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://citicards.citi.com/
Origin: https://citicards.citi.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 19:19:25 GMT
via: 1.1 google
x-content-type-options: nosniff
last-modified: Mon, 10 Feb 2020 17:54:41 GMT
cross-origin-opener-policy: same-origin
age: 2327058
content-type: application/x-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17596
x-xss-protection: 0

GET
H2 204 r.rnc
data.privacy.ensighten.com/privacy/v1/b/ 0
106 B 712ms
173ms Image
text/plain 52.52.16.210
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.privacy.ensighten.com/privacy/v1/b/r.rnc?n=0&c=1129&i=5yrs4w&p=na_prod&s=354&d=8HB7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNjExIiwiY2xpZW50SWQiOjExMjksInB1Ymxpc2hQYXRoIjoibmFfcHJvZCIsImluc3RhbmNlSWQiOiI1eXJzNHciLCJwYWNrZXQiOjAsIm1vZGUiOiJlbmZvcmNlWgDwCG9va2llcyI6eyJCQU5ORVJfTE9BREVEkQDyJyJ9LCJlbnZpcm9ubWVudCI6IkNCT0wgUHJpdmFjeSIsInJlcXVlc3RzIjpbeyJkZXN0aW5hdM4A8BkiLCJ0eXBlIjoiYmlsbGluZyIsInN0YXJ0IjoxNjg5MDk3NDIzNzcyYgDAZCI6LTEsInNvdXJjMgACKwBhdHVzIjoiZgBAYXNvbmUA1F0sImRhdGFQYXR0ZXISALBsaXN0IjpbXSwiaSAB8AA2ODkwOTc0MjM3NzJ9XX0
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.52.16.210 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-52-16-210.us-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:44 GMT
cache-control: no-cache, no-store
server: nginx
expires: Tue, 11 Jul 2023 17:43:43 GMT

GET
H2 204 r.rnc
data.privacy.ensighten.com/privacy/v1/c/ 0
107 B 707ms
172ms Image
text/plain 52.52.16.210
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.privacy.ensighten.com/privacy/v1/c/r.rnc?n=0&c=1129&i=6vlg4h&p=na_prod&s=381&d=9Cd7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNjExIiwiY2xpZW50SWQiOjExMjkQAPAaTmFtZSI6ImNpdGkiLCJwdWJsaXNoUGF0aCI6Im5hX3Byb2QiLCJtb2QmAJBibGFja2xpc3RPAPAfb29raWVzIjp7IkNJVElfRU5TSUdIVEVOX1BSSVZBQ1lfQkFOTkVSX0xPQURFRJ0A8Q8ifSwiZHQiOjE2ODkwOTc0MjM3NzgsInNldHRpbmdLAPEqbW9kYWwiOiJlbnRlcnByaXNlIiwiZW52aXJvbm1lbnQiOiJDQk9MIFByaXZhY3kiLCJkZWZhdWx0PgD0CFBlcmZvcm1hbmNlLUFuYWx5dGljcyBDqgD5CDEsIkVzc2VudGlhbC1GdW5jdGlvbmFsIQDwAkFkdmVydGlzaW5nLVRhcmdlmwAHIgDwAH19LCJldmVudHMiOltdfQ
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.52.16.210 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-52-16-210.us-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:44 GMT
cache-control: no-cache, no-store
server: nginx
expires: Tue, 11 Jul 2023 17:43:43 GMT

GET
H2 200 93935a4096516447172d9d3f1d23710d.js Show response
nexus.ensighten.com/citi/na_prod/code/ 1 KB
968 B 26ms
26ms Script
application/javascript 65.9.66.24
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/93935a4096516447172d9d3f1d23710d.js?conditionId0=433072
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-24.fra56.r.cloudfront.net
Software: CloudFront /
Resource Hash: f071110e088267097a0946520a2a08bd589f971f3ce4cb989feda1415026ac49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 01 Apr 2023 02:25:09 GMT
x-amz-version-id: .9Yu1fA6u9LpETfeDT0_cOHllcbsIoL2
content-encoding: br
via: 1.1 673c96d1f19de21216629aa48d90ac92.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 8781515
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Jul 2021 20:01:11 GMT
server: CloudFront
etag: W/"22035994ea9f0b167d391afd37705f26"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: QP2JRv2vQXrveyXneOwh7WEAqlU_d8OOKJu2liW7G9h_C3Q6PzRmWA==

GET
H2 200 7c8ae1f9c206930028672949c6703f6d.js Show response
nexus.ensighten.com/citi/na_prod/code/ 2 KB
2 KB 20ms
20ms Script
application/javascript 65.9.66.24
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/7c8ae1f9c206930028672949c6703f6d.js?conditionId0=4849963
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-24.fra56.r.cloudfront.net
Software: CloudFront /
Resource Hash: 9a74546a8f511f31b5252f115d2db7aa69370ca5eeaf6828f60abb197f35a169

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Apr 2023 04:30:09 GMT
x-amz-version-id: fn0OQIG24n9jjHSfN2OozphT08M6eW_x
content-encoding: gzip
via: 1.1 673c96d1f19de21216629aa48d90ac92.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 7910015
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 18 Oct 2022 17:52:59 GMT
server: CloudFront
etag: W/"7df0440e45009010a99db868682aafb3"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: zNzsA2N394ihYrhtI6-jWSPpLbMKh85xY5tdNuKopLL2VK6upvN4MQ==

GET
H2 200 a8e6e75645a478743701a0de29db4661.js Show response
nexus.ensighten.com/citi/na_prod/code/ 5 KB
2 KB 21ms
21ms Script
application/javascript 65.9.66.24
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/a8e6e75645a478743701a0de29db4661.js?conditionId0=4897099
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-24.fra56.r.cloudfront.net
Software: CloudFront /
Resource Hash: d107585e5668bdc16163e383fd78e7a418f1eeb8a1093391dd69d7fd4f14450e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 01 May 2023 19:24:26 GMT
x-amz-version-id: wws6KB118wQQBLdhwHWaGrumLswtioTa
content-encoding: gzip
via: 1.1 673c96d1f19de21216629aa48d90ac92.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 6128358
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Mon, 01 May 2023 19:21:07 GMT
server: CloudFront
etag: W/"b7b279129c64359bf0c1d6935957974f"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: WeTnLaGc0Yu3-yzCV7ot5RjpOr4mzDbS1TJs6sze8viq8R7pACRQKw==

GET
H2 200 c65a3609e1beed72955b88afac8cd31d.js Show response
nexus.ensighten.com/citi/na_prod/code/ 2 KB
1 KB 21ms
21ms Script
application/javascript 65.9.66.24
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/c65a3609e1beed72955b88afac8cd31d.js?conditionId0=480881
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-24.fra56.r.cloudfront.net
Software: CloudFront /
Resource Hash: 686eb5d7c927dd741ef72adda5c719b478d36f1e29520ee16d5121854c174b10

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Apr 2023 05:19:24 GMT
x-amz-version-id: wXRQEmBG4QJsg2TZDdHUFOaVLJIZHKhf
content-encoding: gzip
via: 1.1 673c96d1f19de21216629aa48d90ac92.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 8339059
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 15 Dec 2022 04:55:25 GMT
server: CloudFront
etag: W/"e9bda8e342fda2a02ffa59c9064942d8"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: 8sXX1DbWrjCGm_3D5q0NIm5kyJtyIGzMGFWRx1VOt7KPkDT04_rrXQ==

GET
H2 200 d795417d12c8f126e64e0009e16abb55.js Show response
nexus.ensighten.com/citi/na_prod/code/ 337 KB
45 KB 22ms
21ms Script
application/javascript 65.9.66.24
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/d795417d12c8f126e64e0009e16abb55.js?conditionId0=421908
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-24.fra56.r.cloudfront.net
Software: CloudFront /
Resource Hash: 57708901f47a20f3fbe1aafedc530fbe49f01fb88714c9b4685426b94759f732

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 15:48:18 GMT
x-amz-version-id: xOcKYVNnwrtun1_P7HDELL7Ss9aSv6o7
content-encoding: br
via: 1.1 673c96d1f19de21216629aa48d90ac92.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 525326
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Wed, 05 Jul 2023 15:48:08 GMT
server: CloudFront
etag: W/"6720564da36815a78cd072df37ce9d59"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: A0Xn6An8RY3rxvuKJyOlf8PHVabfYiDgY5SAPhM0pAgjuMsAxvdjmw==

GET
H2 200 b169b5211abcb59597c2a50d0834dad6.js Show response
nexus.ensighten.com/citi/na_prod/code/ 1 KB
1 KB 26ms
26ms Script
application/javascript 65.9.66.24
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/b169b5211abcb59597c2a50d0834dad6.js?conditionId0=4854834
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-24.fra56.r.cloudfront.net
Software: CloudFront /
Resource Hash: bfeb1411c94f38006c7a7c93992bfd348f825b5914c94ba2688060e77bd5f630

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Apr 2023 05:41:43 GMT
x-amz-version-id: _QsuTAI24qIEiqD9TkI.fzr0FP874P0F
content-encoding: gzip
via: 1.1 673c96d1f19de21216629aa48d90ac92.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 8424121
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 16 Aug 2022 21:43:05 GMT
server: CloudFront
etag: W/"b251770ce4b6edc0b43f8a7659567774"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: lDbLtQsRYUII8WSzbi4JVVvnpDtO6nYJbosXYhBd0Tz1QrQzGE_bQQ==

GET
H2 200 93bd1173e004c5f14c8c312774a177d6.js Show response
nexus.ensighten.com/citi/na_prod/code/ 1 KB
1 KB 26ms
26ms Script
application/javascript 65.9.66.24
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/93bd1173e004c5f14c8c312774a177d6.js?conditionId0=4936631
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-24.fra56.r.cloudfront.net
Software: CloudFront /
Resource Hash: 07f6baeb3a16d7474a408bd4f6ae6bfe8c2538c41ba342f2431ddc64264b4fcf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 03 Apr 2023 08:29:34 GMT
x-amz-version-id: nLZ6xTlu1iMFXeMTTYN4VPX3Tv1cDtk4
content-encoding: gzip
via: 1.1 673c96d1f19de21216629aa48d90ac92.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 8586850
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 04 Oct 2022 17:38:26 GMT
server: CloudFront
etag: W/"1a018458600589c4b560bd7be94993f2"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: h_g4wbQioBzRSJs-xPMr2OunCnbplflON9tF87HUMyqSnpL71yWDKw==

GET
H2 200 f9112c4f4cc2da7bc760957da1d0a476.js Show response
nexus.ensighten.com/citi/na_prod/code/ 27 KB
6 KB 26ms
26ms Script
application/javascript 65.9.66.24
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/f9112c4f4cc2da7bc760957da1d0a476.js?conditionId0=486757
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-24.fra56.r.cloudfront.net
Software: CloudFront /
Resource Hash: 18fe0fbfef31b4ef603a5827ac377792d1a68b93710d285e88623a79ea0e6870

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 15:25:13 GMT
x-amz-version-id: _EGaJ0JRqXa7HXWsIS89V3k4kvtsyejg
content-encoding: gzip
via: 1.1 673c96d1f19de21216629aa48d90ac92.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 7957111
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 16 Feb 2023 18:50:31 GMT
server: CloudFront
etag: W/"341b188f6c2fe2107f63f9a2f998bb29"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: WMYapimaZhir2yhJSO65m069TqaM1Yk63JyAVOtUByf00d1s2brSbA==

GET
H2 200 9d9a7667eda16421b759d3e4ae34d25f.js Show response
nexus.ensighten.com/citi/na_prod/code/ 27 KB
7 KB 27ms
27ms Script
application/javascript 65.9.66.24
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/9d9a7667eda16421b759d3e4ae34d25f.js?conditionId0=467299
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-24.fra56.r.cloudfront.net
Software: CloudFront /
Resource Hash: 696482c2e2d088086d19d0fc4406632415e35b741ecc23151a75a39b8766a5d5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 30 Mar 2023 13:50:09 GMT
x-amz-version-id: iCANwNDAYzzLjFfP7PabUgezx4DdR6XE
content-encoding: gzip
via: 1.1 673c96d1f19de21216629aa48d90ac92.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 8913214
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 16 Feb 2023 18:50:31 GMT
server: CloudFront
etag: W/"d7a7f92dbb8927a61cb31e29eea41b11"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: J3bvNEyeCqs02Ku3umEdP0weI-Ivjml8Xl0lyZrX_-y6J06GPDiS7Q==

GET
H2 200 ccb910f3b286651d23766cb6ef3edc43.js Show response
nexus.ensighten.com/citi/na_prod/code/ 396 KB
108 KB 27ms
27ms Script
application/javascript 65.9.66.24
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/ccb910f3b286651d23766cb6ef3edc43.js?conditionId0=3013337
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-24.fra56.r.cloudfront.net
Software: CloudFront /
Resource Hash: 040d3398f360907cc7ca1b942e2213e6f360d39bac4a5fa9140e3ae82731c747

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 16 May 2023 16:05:09 GMT
x-amz-version-id: 0bluFTYuI52H0CFwnZwsOCw1MVHJt6q6
content-encoding: br
via: 1.1 673c96d1f19de21216629aa48d90ac92.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 4844315
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Tue, 16 May 2023 16:05:00 GMT
server: CloudFront
etag: W/"4a011f25eec2f5bd4ab48351fa9a1e43"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: 5hg_rB5cw3xvu094sT0SVYDjaZc_NtVU7O8qEVifB1XE4EPHw-pm0A==

GET
H2 200 f79ae745264b43f3faaab87bf3cdb75b.js Show response
nexus.ensighten.com/citi/na_prod/code/ 3 KB
1 KB 37ms
37ms Script
application/javascript 65.9.66.24
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/f79ae745264b43f3faaab87bf3cdb75b.js?conditionId0=455897
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-24.fra56.r.cloudfront.net
Software: CloudFront /
Resource Hash: 40cefd284724286ec23670e16cc7b354c2cee0527edda1ae49eea62b8301bff4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Apr 2023 00:14:49 GMT
x-amz-version-id: 8CcfzS7DteGxKg7ZkR_HfOT6Gn8m3nM1
content-encoding: gzip
via: 1.1 673c96d1f19de21216629aa48d90ac92.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 8443734
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 21 Mar 2023 17:54:28 GMT
server: CloudFront
etag: W/"e2e34f527a64b278bef126c9ab6f0955"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: Mjj80Z38S4Kz_VSUH0wzPyyK22iR37ZINkj6ShyUrDHFcpmwRnHY_g==

GET
H2 200 citicards.citi.com.json Show response
script.crazyegg.com/pages/data-scripts/0090/1567/sampling/ Frame D940 152 B
255 B 33ms
33ms XHR
application/json 2606:4700::6813:9408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/data-scripts/0090/1567/sampling/citicards.citi.com.json?t=469193
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/61f2689d95e94c6ef599202edd32401c.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1fa281e4dcbd2331514f3e107d332989ffb078ccf119b31dcd9b809ba809fbe6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 6660
ce-version: 11.5.100
content-length: 144
last-modified: Tue, 11 Jul 2023 15:52:43 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7e52d9b2dc354dc3-FRA

GET
H/1.1 200
OK dest5.html Show response
citi.demdex.net/ Frame F2C0 7 KB
3 KB 204ms
50ms Document
text/html 34.255.171.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://citi.demdex.net/dest5.html?d_nsid=0

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.255.171.99 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-255-171-99.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://citicards.citi.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 2791
Content-Type: text/html;charset=UTF-8
DCS: dcs-prod-irl1-2-v050-05e724381.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: gLFBX4DlRTQ=
content-encoding: gzip
date: Tue, 11 Jul 2023 17:43:43 GMT
last-modified: Wed, 28 Jun 2023 13:20:51 GMT
vary: accept-encoding

GET
H2 200 id Show response
metrics1.citi.com/ 48 B
463 B 140ms
37ms XHR
application/x-javascript 63.140.62.164
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics1.citi.com/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&mid=38720929269430649652159733982831599129&ts=1689097423813

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.62.164 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

ip-63-140-62-164.data.adobedc.net

Software

jag /

Resource Hash

04048e2a346284f4c69d83789bc13182cc91424a8bfdb9890d80990777f3ebc6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citicards.citi.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: https://citicards.citi.com
p3p: CP="This is not a P3P policy"
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-length: 48
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=ZK2UzwAAAHaW3QNn
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=43324389006468900221466889957537638330
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZK2UzwAAAHaW3QNn

42 B
942 B

54ms
52ms

Image
image/gif

34.255.171.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZK2UzwAAAHaW3QNn

Requested by

Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636

Protocol

HTTP/1.1

Server

34.255.171.99 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-255-171-99.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v050-0fb6a4853.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: JiEYI3YiQmo=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZK2UzwAAAHaW3QNn
Date: Tue, 11 Jul 2023 17:43:43 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H2 200 tc.min.js Show response
c1.rfihub.net/js/ 19 KB
6 KB 130ms
31ms Script
application/x-javascript 2600:9000:211a:9200:1:76cf:fe80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.rfihub.net/js/tc.min.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211a:9200:1:76cf:fe80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Jetty(9.4.51.v20230217) /
Resource Hash: 7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:07:54 GMT
content-encoding: gzip
via: 1.1 47b3fa796fd76d32bef114d0b8ce8cac.cloudfront.net (CloudFront)
last-modified: Tue, 11 Jul 2023 17:07:44 GMT
server: Jetty(9.4.51.v20230217)
x-amz-cf-pop: VIE50-C2
age: 2149
x-cache: Hit from cloudfront
content-type: application/x-javascript
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: public, max-age=3600
content-length: 6162
x-amz-cf-id: TjzyfJBm-HNGV_vbbaepSaBGCKaUuQ4rVI01Z4tMl93Cnk5N_bwbSg==
expires: Tue, 11 Jul 2023 18:07:54 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 127 KB
49 KB 76ms
28ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6260004

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

63c932f7017993b8e223761c479a02330b4c28008dbdecf56268d5c69a6f0f72

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50048
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 17:23:07 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jul 2023 17:43:43 GMT

GET
H2 200 healthcheck Show response
pagestates-tracking.crazyegg.com/ Frame D940 19 B
460 B 91ms
20ms XHR
application/json 18.66.97.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pagestates-tracking.crazyegg.com/healthcheck
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/61f2689d95e94c6ef599202edd32401c.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-121.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Apr 2023 11:18:30 GMT
via: 1.1 3a3c1dcacd115187f53f40028ae4bd24.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 8317514
x-cache: Hit from cloudfront
content-length: 19
last-modified: Fri, 08 Jul 2022 22:25:51 GMT
server: AmazonS3
etag: "d06f04fccf68d0b228a5923187ce1afd"
access-control-max-age: 31536000
access-control-allow-methods: GET, HEAD
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
accept-ranges: bytes
x-amz-cf-id: TlzHH9GGEpInY80PtvYtJ2KrHmwbf3u_vbrcCyHl9Pd9DmLAlsZBFg==

GET
H2 200 healthcheck Show response
assets-tracking.crazyegg.com/ Frame D940 19 B
387 B 89ms
22ms XHR
application/json 18.66.122.57
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets-tracking.crazyegg.com/healthcheck
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/61f2689d95e94c6ef599202edd32401c.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.122.57 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-122-57.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 05 Nov 2022 03:10:02 GMT
via: 1.1 d4f777a2d5a6d5aeb7eb6201b41775ea.cloudfront.net (CloudFront)
last-modified: Fri, 08 Jul 2022 22:25:51 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 21479622
etag: "d06f04fccf68d0b228a5923187ce1afd"
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: *
accept-ranges: bytes
content-length: 19
x-amz-cf-id: xb5XNW9fdlcah5_49fFBntOkCHEG5xcLwNxYBeqZaqciHS_ssarh9Q==

GET
BLOB 200
OK f5233f5e-bcde-45eb-a41d-064b979806df
https://citicards.citi.com/ 45 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://citicards.citi.com/f5233f5e-bcde-45eb-a41d-064b979806df
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 86551808dbfbf8bc9b23ab3d0725794c2e1f2b4265c96715f2945638160edc2b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Length: 45
Content-Type: text/javascript

GET
H3 200 225.bundle.js Show response
citicards.citi.com/cbol/fraudprevention/js/ 203 KB
77 KB 150ms
150ms Script
application/javascript 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://citicards.citi.com/cbol/fraudprevention/js/225.bundle.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: a8027ee9180a5a26fc10c906f300390608b2e6505153ea80390ae15bbe986732

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:52 GMT
etag: "078bbc7c65dd91:0"
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3 200 283.bundle.js Show response
citicards.citi.com/cbol/fraudprevention/js/ 125 KB
26 KB 140ms
140ms Script
application/javascript 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://citicards.citi.com/cbol/fraudprevention/js/283.bundle.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 1cc998148cc12663c81cd4638e2dab2e75a52568104f426ab305c6773b4ec4ff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Mon, 17 Apr 2023 18:57:32 GMT
etag: "036e9765e71d91:0"
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26641

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 127 KB
49 KB 42ms
40ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6269322&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

088ec89b299ba2e9fc01f0ab2102a6ef825bd5ed3e3242f44188e67e0837c8a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50103
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 17:23:07 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jul 2023 17:43:43 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 127 KB
49 KB 51ms
50ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6256710&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4f932aaea7d501169b809fa6509d90084fed0b46a054422e1f1c3860885139d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50103
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 17:23:07 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jul 2023 17:43:43 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 127 KB
49 KB 29ms
29ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6415812&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

41d1bf0a177a3d8da29bcab2100746b37bf6694ca0da6225ebb97c30e4a4628f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50101
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 16:32:58 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jul 2023 17:43:43 GMT

GET
H2 200 clock Show response
tracking.crazyegg.com/ Frame D940 30 B
137 B 589ms
129ms XHR
text/plain 18.213.250.165
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.crazyegg.com/clock?t=1689097423953&tk=3353697c62395c48c0b0030a6d85efcd&s=340498&p=%2Fcbol%2Ffraudprevention%2Fdefault.htm&u=901567&v=7b4e626b6ec20c41008f75a092d2d0b7b805fbaf&f=citicards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm&ul=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D141192DFC58B4C938068143DDD521636
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/61f2689d95e94c6ef599202edd32401c.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.213.250.165 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-213-250-165.compute-1.amazonaws.com
Software: awselb/2.0 /
Resource Hash: e7b7028cfdb48f02d6cc82f87233e2976c1e1200b52310b2a6ce05a508a381c2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 11 Jul 2023 17:43:44 GMT
cache-control: no-store
server: awselb/2.0
content-length: 30
content-type: text/plain

POST
H2 200 delivery Show response
citicorpcreditservic.tt.omtrdc.net/rest/v1/ 363 B
1 KB 385ms
273ms XHR
application/json 66.235.152.107
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL

https://citicorpcreditservic.tt.omtrdc.net/rest/v1/delivery?client=citicorpcreditservic&sessionId=4ba4b9c12ab34ee8bbf3f1a1a8ef10c1&version=2.10.0

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.235.152.107 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

ip-66-235-152-107.data.adobedc.net

Software

jag /

Resource Hash

42617da7ed4e722500a131128eb251d735959e102798ae794e3001ba369f676a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citicards.citi.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 11 Jul 2023 17:43:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
p3p: CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
x-xss-protection: 1; mode=block
x-request-id: b5261081-dfdb-45f0-950b-f118228e5659
referrer-policy: strict-origin-when-cross-origin
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List
server: jag
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://citicards.citi.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
timing-allow-origin: *

GET
H/1.1 200
OK ca.html Show response
20766699p.rfihub.com/ Frame EED3 118 B
684 B 381ms
30ms Document
text/html 193.0.160.130
ROCKETFUEL

General

Check archive.org

Show headers Download Go to

Full URL: https://20766699p.rfihub.com/ca.html?ver=9&ra=571&rb=648&ca=20766699&_o=17169175&_t=citifraudpreventionlp&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=citifraudpreventionlp&pe=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0%21.SEOz.eGI.lYg.xG%21.Bj.SX.0f.E%26ProspectID%3D141192DFC58B4C938068143DDD521636&pf=&ra=4515015612570068
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 193.0.160.130 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.4.51.v20230217) /
Resource Hash: c437eb764a99e6cd5172d63c3fae564bbc51eda4981058d5edebd2bf0700eb76

Request headers

Referer: https://citicards.citi.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache
Content-Length: 118
Content-Type: text/html;charset=utf-8
Date: Tue, 11 Jul 2023 17:43:44 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server: Jetty(9.4.51.v20230217)

GET
H3 200 fraud-hero-tab.jpg
citicards.citi.com/cbol/fraudprevention/images/ 81 KB
81 KB 125ms
125ms Image
image/jpeg 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/fraud-hero-tab.jpg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: fd6d62f4d67e7fda1a1402702346bc50fd7c172c18393a4e0210257b2adbe62d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/jpeg
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 82608

GET
H3 200 slide-0-mob.jpg
citicards.citi.com/cbol/fraudprevention/images/ 10 KB
10 KB 140ms
132ms Image
image/jpeg 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/slide-0-mob.jpg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 7b699b93e69fda495eb30c70f72207299c8f949accd7b1e8a935948d59d9af44

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:10 GMT
etag: "099d9375cfbd81:0"
content-type: image/jpeg
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10704

GET
H3 200 slide-1-mob.jpg
citicards.citi.com/cbol/fraudprevention/images/ 11 KB
11 KB 146ms
139ms Image
image/jpeg 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/slide-1-mob.jpg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: c55531a41c4e531e807f3b8bf2239d470626738ff131c50df61dee9d11779efd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:10 GMT
etag: "099d9375cfbd81:0"
content-type: image/jpeg
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11088

GET
H3 200 slide-2-mob.jpg
citicards.citi.com/cbol/fraudprevention/images/ 10 KB
10 KB 148ms
141ms Image
image/jpeg 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/slide-2-mob.jpg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 169497aeb22981c6c521fc664347e3d61bfa45949950fece4d1b094543bb64f9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:10 GMT
etag: "099d9375cfbd81:0"
content-type: image/jpeg
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10584

GET
H3 200 slide-3-mob.jpg
citicards.citi.com/cbol/fraudprevention/images/ 9 KB
9 KB 142ms
135ms Image
image/jpeg 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/slide-3-mob.jpg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 6424b26e1c9ad15f0ed6d53c59c7fc52b8265ae94a4f6ccbc65657a8ab6693b4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:10 GMT
etag: "099d9375cfbd81:0"
content-type: image/jpeg
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9250

GET
H3 200 slide-4-mob.jpg
citicards.citi.com/cbol/fraudprevention/images/ 8 KB
8 KB 162ms
154ms Image
image/jpeg 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/slide-4-mob.jpg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: b4574a5464bce4c31ea7e1ad1df26cc530c9aec80c6e9589bad98b2c490f53c3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:10 GMT
etag: "099d9375cfbd81:0"
content-type: image/jpeg
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8197

GET
H3 200 slide-5-mob.jpg
citicards.citi.com/cbol/fraudprevention/images/ 9 KB
9 KB 163ms
155ms Image
image/jpeg 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/slide-5-mob.jpg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 7e00d5a424ff85e9c4c39a0341813e09d662e1f61f128790a5abe1caefb46f92

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:10 GMT
etag: "099d9375cfbd81:0"
content-type: image/jpeg
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9495

GET
H3 200 phone-dsk.png
citicards.citi.com/cbol/fraudprevention/images/ 11 KB
11 KB 158ms
150ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/phone-dsk.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 372b67a92ab446419a50836bef8d4cb1e67c3c453635802b8e76851f97506a6a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Tue, 06 Dec 2022 15:57:16 GMT
etag: "0968b698b9d91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11197

GET
H3 200 quicklock-icon.svg
citicards.citi.com/cbol/fraudprevention/images/ 1 KB
1 KB 157ms
149ms Image
image/svg+xml 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/quicklock-icon.svg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: c0fb20eb7da599c08ef260ec8603add33ea00a752146ebb8dcb1610c126ec746

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:08 GMT
etag: "06ca8365cfbd81:0"
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1415

GET
H3 200 authentication-icon.svg
citicards.citi.com/cbol/fraudprevention/images/ 1 KB
1 KB 156ms
148ms Image
image/svg+xml 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/authentication-icon.svg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: c63de0488dd3407907555cfe3e116489a04cb99057b5133442fb20be704d2876

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Thu, 23 Jun 2022 22:00:24 GMT
etag: "0ca2a34c87d81:0"
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1351

GET
H3 200 warning-icon.svg
citicards.citi.com/cbol/fraudprevention/images/ 1 KB
1 KB 164ms
156ms Image
image/svg+xml 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/warning-icon.svg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 41d6ee7d6834807df0b1c075d37e868b03c8f6474f3d41971cdc660cf36790af

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Thu, 23 Jun 2022 22:00:24 GMT
etag: "0ca2a34c87d81:0"
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1364

GET
H3 200 wallet-icon.svg
citicards.citi.com/cbol/fraudprevention/images/ 848 B
865 B 156ms
148ms Image
image/svg+xml 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/wallet-icon.svg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 5b67ef142e18bfb86f4dac4a466758f51db4171863f56925eb6ae2c242b416ff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Thu, 23 Jun 2022 22:00:24 GMT
etag: "0ca2a34c87d81:0"
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 848

GET
H3 200 alert-icon.svg
citicards.citi.com/cbol/fraudprevention/images/ 2 KB
2 KB 240ms
232ms Image
image/svg+xml 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/alert-icon.svg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: b20679c2b5ac8bf42dcd693e1c324b1c7b7f597c9a54c3c6f5609a73c6f08916

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:08 GMT
etag: "06ca8365cfbd81:0"
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2039

GET
H3 200 sms-icon.svg
citicards.citi.com/cbol/fraudprevention/images/ 858 B
875 B 238ms
230ms Image
image/svg+xml 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/sms-icon.svg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 9b61a38abc0e343f9cdeb049ded0608b26d80ac51673dc59113c661e11b405f8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:08 GMT
etag: "06ca8365cfbd81:0"
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 858

GET
H3 200 phone-icon.svg
citicards.citi.com/cbol/fraudprevention/images/ 850 B
867 B 237ms
229ms Image
image/svg+xml 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/phone-icon.svg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: a3e459748cea4644f18f82a58e89526526ff2e4aa862f4013ef89240a728b9c0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:08 GMT
etag: "06ca8365cfbd81:0"
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 850

GET
H3 200 security-icon.svg
citicards.citi.com/cbol/fraudprevention/images/ 1 KB
1 KB 241ms
233ms Image
image/svg+xml 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/security-icon.svg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 61d1bb42616337c62614385e8a3045e00d5724568b0cbe1701e45b2c80eb5bc6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:08 GMT
etag: "06ca8365cfbd81:0"
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1463

GET
H3 200 pin-icon.svg
citicards.citi.com/cbol/fraudprevention/images/ 2 KB
2 KB 237ms
229ms Image
image/svg+xml 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/pin-icon.svg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 6038d7791fbab95f51c10c0c28a125aeffeca7474d5a8e03f77ad48ef69d2c2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:52 GMT
etag: "078bbc7c65dd91:0"
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1877

GET
H3 200 article-0-dsk.jpg
citicards.citi.com/cbol/fraudprevention/images/ 44 KB
44 KB 238ms
230ms Image
image/jpeg 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/article-0-dsk.jpg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: c090ca35fa296ca439f61d5a139459b3be5bb7c729086bdf268cdf27f236f7d6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:10 GMT
etag: "099d9375cfbd81:0"
content-type: image/jpeg
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44958

GET
H3 200 article-1-dsk.jpg
citicards.citi.com/cbol/fraudprevention/images/ 44 KB
44 KB 248ms
241ms Image
image/jpeg 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/article-1-dsk.jpg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 6790995e96e099f5fcb8e62a1c0bd602f44ddfd8189dd6ff6a0e1449eeb39978

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:10 GMT
etag: "099d9375cfbd81:0"
content-type: image/jpeg
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 45322

GET
H3 200 article-2-mob.jpg
citicards.citi.com/cbol/fraudprevention/images/ 28 KB
28 KB 242ms
234ms Image
image/jpeg 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/article-2-mob.jpg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 18e4bd3ec81538c19da48add5f6bcabe99cabf7279806624e3bdf630537e9447

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:08 GMT
etag: "06ca8365cfbd81:0"
content-type: image/jpeg
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28352

GET
H3 200 article-3-mob.jpg
citicards.citi.com/cbol/fraudprevention/images/ 41 KB
41 KB 241ms
233ms Image
image/jpeg 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/article-3-mob.jpg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: dcfe7c5333c1446a6d4b0b3d9cf9fdb5d6d4ad57c604b647475f6e315cfb2e23

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:08 GMT
etag: "06ca8365cfbd81:0"
content-type: image/jpeg
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42073

GET
H3 200 article-4-mob.jpg
citicards.citi.com/cbol/fraudprevention/images/ 8 KB
8 KB 239ms
232ms Image
image/jpeg 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/article-4-mob.jpg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 94d185b092eb12a399becc1cf4fbd11ca29ee301156b298cbb16408b8f924702

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:10 GMT
etag: "099d9375cfbd81:0"
content-type: image/jpeg
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8135

GET
H2 200 interstate-bold.woff
cdn.digitalmarketing.citibankonline.com/fonts/ 17 KB
17 KB 28ms
22ms Font
application/x-woff 34.107.138.236
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.digitalmarketing.citibankonline.com/fonts/interstate-bold.woff

Requested by

Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.107.138.236 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

236.138.107.34.bc.googleusercontent.com

Software

Resource Hash

28ced8a7cb30e6f747ad8116dcd11d3dbf5848c2d49a9babbd7d8c94e0a29cf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://citicards.citi.com/
Origin: https://citicards.citi.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 19:19:25 GMT
via: 1.1 google
x-content-type-options: nosniff
last-modified: Mon, 10 Feb 2020 17:54:07 GMT
cross-origin-opener-policy: same-origin
age: 2327059
content-type: application/x-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17500
x-xss-protection: 0

GET
H2 200 interstate-regular.woff
cdn.digitalmarketing.citibankonline.com/fonts/ 17 KB
17 KB 34ms
28ms Font
application/x-woff 34.107.138.236
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.digitalmarketing.citibankonline.com/fonts/interstate-regular.woff

Requested by

Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.107.138.236 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

236.138.107.34.bc.googleusercontent.com

Software

Resource Hash

6896c70fd430a1ffe69dc778926e1866ca52a12bd341170522ad6278aafd7bcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://citicards.citi.com/
Origin: https://citicards.citi.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 19:19:25 GMT
via: 1.1 google
x-content-type-options: nosniff
last-modified: Mon, 10 Feb 2020 17:54:07 GMT
cross-origin-opener-policy: same-origin
age: 2327059
content-type: application/x-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17592
x-xss-protection: 0

GET
H3 200 ajax-loader.gif
citicards.citi.com/cbol/fraudprevention/images/ 4 KB
4 KB 220ms
220ms Image
image/gif 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/ajax-loader.gif
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: e7b44c86b050fca766a96ddac2d0932af0126da6f2305280342d909168dcce6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Thu, 23 Jun 2022 22:00:24 GMT
etag: "0ca2a34c87d81:0"
content-type: image/gif
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4178

GET
H3 200 carousel-arrow.svg
citicards.citi.com/cbol/fraudprevention/images/ 375 B
392 B 222ms
221ms Image
image/svg+xml 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/carousel-arrow.svg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 0692d8f575c2522bf66816e9190859e9a1135ced06f09a9d4145c146abeaf46b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Thu, 23 Jun 2022 22:00:24 GMT
etag: "0ca2a34c87d81:0"
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 375

GET
H3 200 slick.woff
citicards.citi.com/cbol/fraudprevention/images/ 1 KB
1 KB 217ms
215ms Font
application/x-woff 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/slick.woff
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 56500ab0cde6f2d4378a2b105d7f48f729f23b0b5186c2ae3fc80ab57b1e43b6

Request headers

Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Origin: https://citicards.citi.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Thu, 23 Jun 2022 22:00:24 GMT
etag: "0ca2a34c87d81:0"
content-type: application/x-woff
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1356

GET
H3 200 close.svg
citicards.citi.com/cbol/fraudprevention/images/ 444 B
461 B 219ms
218ms Image
image/svg+xml 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/close.svg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: c115f10444ec77e06c3a78d333dcc36d1d9996c24ce7086c8cf39caed0dbbc9a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Thu, 23 Jun 2022 22:00:24 GMT
etag: "0ca2a34c87d81:0"
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 444

GET
H3 200 header-citi-logo-dark.svg
citicards.citi.com/cbol/fraudprevention/images/ 4 KB
4 KB 192ms
191ms Image
image/svg+xml 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/header-citi-logo-dark.svg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 798d2817849805518cc159e3194bf87db2de912b5fb65d271d6ad35220b523e6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Thu, 23 Jun 2022 22:00:24 GMT
etag: "0ca2a34c87d81:0"
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4067

GET
H3 200 icon-animation.gif
citicards.citi.com/cbol/fraudprevention/images/ 196 KB
196 KB 201ms
196ms Image
image/gif 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/icon-animation.gif
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 0155792b9a2663cd6b988cf1c1f79d8cacb5a412f37030d3b3dd310e41e80be6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:10 GMT
etag: "099d9375cfbd81:0"
content-type: image/gif
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 200242

GET
H3 200 spoof-screen-dsk.png
citicards.citi.com/cbol/fraudprevention/images/ 61 KB
61 KB 220ms
215ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/spoof-screen-dsk.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 70cfee2273cff08adc1de934c7ba4c26ef37c552c0265a619f7aaae84b366082

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62004

GET
H3 200 spoof-numbers-screen-dsk.png
citicards.citi.com/cbol/fraudprevention/images/ 69 KB
69 KB 232ms
227ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/spoof-numbers-screen-dsk.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: e2032422cf97795d878d7e8f6c5680b61003a0e7426d090ad76414416d5e109b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 71061

GET
H3 200 half-screen-dsk.png
citicards.citi.com/cbol/fraudprevention/images/ 19 KB
19 KB 243ms
238ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/half-screen-dsk.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 3563b6e04f40fe3731855ce09dfd2e5f9e2352a3fe1107ca4bd7be199be7a466

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19680

GET
H3 200 pin.png
citicards.citi.com/cbol/fraudprevention/images/ 2 KB
2 KB 241ms
237ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/pin.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: d3c368636acfbc1ad3110ecd7e83cd91201a25035eefb869f0ba53fc80556ae5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1973

GET
H3 200 zelle.png
citicards.citi.com/cbol/fraudprevention/images/ 1 KB
1 KB 241ms
237ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/zelle.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 9e99b16368b8c1087c20b7cfcd4d347ad8d9ad87e2f12c02bde98d77fb0f4aa3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1366

GET
H3 200 remote.png
citicards.citi.com/cbol/fraudprevention/images/ 669 B
685 B 238ms
234ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/remote.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 5bc08566dd8013e3cd19dfd6f84bfdd4158f10ccf58fcfb79d70a251a00f6244

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 669

GET
H3 200 personal-info.png
citicards.citi.com/cbol/fraudprevention/images/ 2 KB
2 KB 236ms
232ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/personal-info.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: d7e512037d471d67911554862fb8b410aefdefda17c8e82f8eb07d2416363d1f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1937

GET
H3 200 bank.png
citicards.citi.com/cbol/fraudprevention/images/ 654 B
670 B 234ms
230ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/bank.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 2584c6004529409e7de7c99038212f52c80abd0ea8433e69bae062fb2fbeeaf3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 654

GET
H3 200 fundraiser.png
citicards.citi.com/cbol/fraudprevention/images/ 1 KB
1 KB 243ms
239ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/fundraiser.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 676e54cdee3f1e714af561b2de2074adc44558f0af9228f6a6549591b77ee06d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1436

GET
H3 200 email.png
citicards.citi.com/cbol/fraudprevention/images/ 1 KB
1 KB 241ms
237ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/email.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: c239243e04a137032106c293cb8cfb93057add704fa7a1c6a6e6c577c400b7fa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1476

GET
H3 200 romance.png
citicards.citi.com/cbol/fraudprevention/images/ 2 KB
2 KB 237ms
233ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/romance.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: a4d1700a5722627ab817f154047da828c8eab3153daf0251fd4ec06e4a86acea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1819

GET
H3 200 mobile.png
citicards.citi.com/cbol/fraudprevention/images/ 2 KB
2 KB 242ms
238ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/mobile.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 25d29d4c6e744e54c9e16f2f27a9cea3d936047813399376dcc5bd852b506a38

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1893

GET
H3 200 grandparents.png
citicards.citi.com/cbol/fraudprevention/images/ 2 KB
2 KB 243ms
239ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/grandparents.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 8f1b37fd8027cd3572e65d86ff4abc177632d7a232bccfb149801e25412950df

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2309

GET
H3 200 surprise.png
citicards.citi.com/cbol/fraudprevention/images/ 3 KB
3 KB 236ms
232ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/surprise.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: d126d27ad49023fbb9eee98910b70ff75515eedb4c471a20a3d895e8bf160b43

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2723

GET
H3 200 irs.png
citicards.citi.com/cbol/fraudprevention/images/ 1 KB
1 KB 623ms
619ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/irs.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef30ea175304f6c549c4780d5bf6fd45c3ec79e1ec5dccbd54644231d5a30b88

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:44 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1401

GET
H3 200 security.png
citicards.citi.com/cbol/fraudprevention/images/ 4 KB
4 KB 237ms
233ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/security.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 1189d926238344b283108b3493cf0469d4fd851d185f22fd9366a225c44d3e7a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4077

GET
H3 200 data-compromise.png
citicards.citi.com/cbol/fraudprevention/images/ 3 KB
3 KB 239ms
235ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/data-compromise.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 465f3efefba82cfd554d95f93205978eeb3c075f3f56e790615ede3e0611411e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2882

GET
H3 200 text.png
citicards.citi.com/cbol/fraudprevention/images/ 733 B
751 B 243ms
239ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/text.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: d72fcc31881c8545b5d0a716d9b66404dfed56c11ec7f7304a50d94e3b80858a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 733

GET
H3 200 phone.png
citicards.citi.com/cbol/fraudprevention/images/ 2 KB
2 KB 241ms
237ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/phone.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: c892e3f2d2a1431a8ebae99542926bfedf2d7ece6652b04e556d6136cabd8295

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2373

GET
H3 200 lottery.png
citicards.citi.com/cbol/fraudprevention/images/ 3 KB
3 KB 237ms
233ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/lottery.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: d3032ff7e71a938ab86456c60267b219f399ee6e17588690b26707ac4ab33682

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2611

GET
H3 200 gimmick.png
citicards.citi.com/cbol/fraudprevention/images/ 2 KB
2 KB 238ms
234ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/gimmick.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: d908e0bbf3a80aa1e4108a7847f6a61c1acfb6dd43f7c2e997f9fdc107391577

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:43 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2150

GET
BLOB 200
OK ddd92fb0-1518-4d30-ac1b-f0e486699f50
https://citicards.citi.com/ 241 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://citicards.citi.com/ddd92fb0-1518-4d30-ac1b-f0e486699f50
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=141192DFC58B4C938068143DDD521636
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a4feacf07f26856360c14267fa1d8edd0459996feb8ad471da273cbf7510e4cb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Length: 241
Content-Type: text/javascript

GET
H2 200 / Show response
zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com/SIE/ 8 KB
4 KB 130ms
40ms Script
application/javascript 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_3VI8kkudS0JJRFc

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

04ce45e70778ae8ff4eb970e620665a7e48552a96ddc99e92b8bf1c08592d985

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 66198
cf-polished: origSize=9073
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"2371-plMc4Vf+CGoqroHiYCmsJkLyNy0"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7e52d9bb2ce09223-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin: *

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 189 KB
69 KB 35ms
35ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-916451471

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4f525baeb9ab4830981c4d0d7ba7846b28a3105ebac8aa556fed6680ec82ce97

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:45 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 70211
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 17:23:07 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jul 2023 17:43:45 GMT

GET
H2 451 425466.html Show response
sr.rlcdn.com/ Frame C15A 0
98 B 215ms
136ms Document
text/plain 35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://citicards.citi.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Tue, 11 Jul 2023 17:43:45 GMT
via: 1.1 google

GET
H2 200 bat.js Show response
bat.bing.com/ 40 KB
12 KB 100ms
43ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

679804e244b4127b7ecd99a513b57d6a4f91866410e16da69ce02f98f534051d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Tue, 11 Jul 2023 17:43:44 GMT
last-modified: Thu, 11 May 2023 18:08:27 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EA4C8B9A28424B949CF91F20E32E1551 Ref B: FRA31EDGE0720 Ref C: 2023-07-11T17:43:45Z
etag: "80df77953384d91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 12183

GET
H2 200 dpm_pixel_min.js Show response
c.tvpixel.com/js/current/ 103 KB
32 KB 80ms
24ms Script
application/javascript 2600:9000:225e:da00:1d:bf0a:0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.tvpixel.com/js/current/dpm_pixel_min.js?aid=citi-d4f85824-1351-4554-91ff-fdb56f962c5c&comscore=true
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:da00:1d:bf0a:0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 61d8137d275f12306e177bc726c2b3e072f9efa4743a0ace6ecbcf7a0932fd07

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:11:18 GMT
x-amz-version-id: oMk5SFqHXboEDRm2.vDWImtx_4ARYxEl
content-encoding: gzip
last-modified: Thu, 16 Sep 2021 18:14:59 GMT
server: AmazonS3
via: 1.1 12e62b05f63a1a2118cca20014b15012.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
etag: W/"08e770c8a17bf087d50cec01af0892c2"
age: 63148
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: rD-RNX3GdLUxbXDVDGMgUjoumDXELO4PywTOtQH5DODV5HacJgkZBg==

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 4 KB
2 KB 95ms
22ms Script
application/x-javascript 108.138.15.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.15.119 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-15-119.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Tue, 11 Jul 2023 09:05:50 GMT
Content-Encoding: gzip
Via: 1.1 d76db2cbee553c8bb2de7fd88a960646.cloudfront.net (CloudFront)
Last-Modified: Thu, 24 Sep 2020 15:15:34 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA56-P7
Age: 36187
ETag: W/"98d98b3499058b76d58073cf8ede2f10"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/x-javascript
X-Cache: Hit from cloudfront
Connection: keep-alive
X-Amz-Cf-Id: JWnqhSk2CmqhRXz5BLA22mpdO_4hdGhtQiCejf2Mmu6PzQgp02UQHg==

GET
H/1.1

200
OK

iu3
s.amazon-adsystem.com/
Redirect Chain

https://s.amazon-adsystem.com/iu3?pid=c3702eea-109e-48b0-9ef4-c856bdd405e2&event=PageView
https://s.amazon-adsystem.com/iu3?pid=c3702eea-109e-48b0-9ef4-c856bdd405e2&event=PageView&dcc=t

0
0

134ms
134ms

Image
text/html

209.54.182.161
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.amazon-adsystem.com/iu3?pid=c3702eea-109e-48b0-9ef4-c856bdd405e2&event=PageView&dcc=t
Protocol: HTTP/1.1
Server: 209.54.182.161 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Redirect headers

Pragma: no-cache
Date: Tue, 11 Jul 2023 17:43:45 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 0454W9G9Y2ZYQMEG5QA9
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/iu3?pid=c3702eea-109e-48b0-9ef4-c856bdd405e2&event=PageView&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 204 e.gif
nexus.ensighten.com/error/ 0
249 B 19ms
19ms Image
text/plain 65.9.66.24
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nexus.ensighten.com/error/e.gif?msg=%24%20is%20not%20defined&lnn=-1&fn=&cid=1129&client=citi&publishPath=na_prod&rid=2680754&did=572750&errorName=ReferenceError
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-24.fra56.r.cloudfront.net
Software: CloudFront /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 05:41:03 GMT
via: 1.1 673c96d1f19de21216629aa48d90ac92.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-C1
age: 43362
x-cache: Hit from cloudfront
cache-control: no-cache, no-store
x-amz-cf-id: uanrkr4k_oYIWu6cTGPwPARK1135Oo4dEGrvJ2eJmjYfgVDUawPyQg==

GET
H/1.1 200
OK cls_report Show response
prod.report.nacustomerexperience.citi.com/glassbox/reporting/798b2f12-9162-4a94-91ee-805d883ca266/ 5 KB
2 KB 526ms
107ms XHR
application/json 34.226.6.56
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://prod.report.nacustomerexperience.citi.com/glassbox/reporting/798b2f12-9162-4a94-91ee-805d883ca266/cls_report?_cls_s=92183c20-a081-465f-b608-58983e7ecd25%3A0&_cls_v=87a5491b-9ddb-4439-a731-66bf8faf4ad7&pv=2&f_cls_s=true

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.226.6.56 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-226-6-56.compute-1.amazonaws.com

Software

GlassBox Cligate /

Resource Hash

5e94db262e170051f4d2c5cef1acc095d26f6b45fe85750f8267106959303805

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Tue, 11 Jul 2023 17:43:45 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
Content-Security-Policy: default-src 'self';
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 1193
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Server: GlassBox Cligate
X-Frame-Options: SAMEORIGIN
vary: origin
Content-Type: application/json
access-control-allow-origin: https://citicards.citi.com
access-control-allow-credentials: true
GB-Server: g5095
X-Robots-Tag: noindex

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/ 3 KB
2 KB 121ms
71ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1689097425125&cv=11&fst=1689097425125&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D141192DFC58B4C938068143DDD521636&hn=www.googleadservices.com&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&auid=576882318.1689097424&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6f75d0d567ede4cc624997e6f4cad1c547567ee18be81507b7517001d2aa6eb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:43:45 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1440
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 189 KB
69 KB 43ms
42ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

df681803dc2c0d096df92ed464280c7bd9b1c42e3ff63e1ac0c654312c65ae8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:45 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 70298
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 17:23:07 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jul 2023 17:43:45 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 141 KB
54 KB 30ms
29ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f328cc6ab8c9e8e225306494eef433aa4bf385387485128c9ed9a664ffbd8dea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:45 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55343
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 17:23:07 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jul 2023 17:43:45 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 141 KB
54 KB 50ms
49ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6a27d0c728a8ebac81655c3803d3ecf9f9247f8251f0d16c772f1353e573517e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:45 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55155
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 17:23:07 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jul 2023 17:43:45 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 202 KB
72 KB 57ms
55ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1a224be29776180e562029c49f7a98763e860e0f66ae70bdb995407fde910ffb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:45 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 73524
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 16:32:58 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jul 2023 17:43:45 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 141 KB
54 KB 33ms
32ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3e0fdaf509585daad27478cbe29083f0ba6664fb1ec0ee8b57b4e7a785d295f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:45 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55206
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 17:23:07 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jul 2023 17:43:45 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 192 KB
69 KB 36ms
35ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5280108ae653da44cdbb08213f07ae6d7add633fe5b3bc6e234d31e7bb9594bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:45 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 70846
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 17:23:07 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jul 2023 17:43:45 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 141 KB
54 KB 58ms
57ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

239fe2b60b3b6d73e341eaece2ee9c8c8dd3cb3cbf69d025349b80feccc7b014

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:45 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55210
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 17:23:07 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jul 2023 17:43:45 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 189 KB
69 KB 60ms
59ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

821d840b59f946e3c8c69000255fde178299e4cbd11343bdc6720f165bb55cc9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:45 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 70295
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 16:32:58 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jul 2023 17:43:45 GMT

OPTIONS
H2 200 tp2
p.tvpixel.com/com.snowplowanalytics.snowplow/ Frame 0
0 332ms
105ms Preflight 18.210.220.180
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://p.tvpixel.com/com.snowplowanalytics.snowplow/tp2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.210.220.180 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-210-220-180.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://citicards.citi.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, SP-Anonymous
access-control-allow-origin: https://citicards.citi.com
access-control-max-age: 600
content-length: 0
date: Tue, 11 Jul 2023 17:43:45 GMT
server: nginx

POST
H2 200 tp2 Show response
p.tvpixel.com/com.snowplowanalytics.snowplow/ 2 B
330 B 317ms
106ms XHR
text/plain 18.210.220.180
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://p.tvpixel.com/com.snowplowanalytics.snowplow/tp2
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.210.220.180 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-210-220-180.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://citicards.citi.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

access-control-allow-origin: https://citicards.citi.com
date: Tue, 11 Jul 2023 17:43:45 GMT
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
server: nginx
content-length: 2
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"

GET
H2 200 p
sb.scorecardresearch.com/ 43 B
300 B 115ms
41ms Image
image/gif 18.155.129.101
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/p?c1=2&c2=34402982&ns_type=hidden&ns_event=page_view&c6=citi-d4f85824-1351-4554-91ff-fdb56f962c5c&c7=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D141192DFC58B4C938068143DDD521636&c8=Fraud%20Prevention%20%7C%20Citi.com&c9=&rn=1689097425144
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.155.129.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-155-129-101.cdg52.r.cloudfront.net
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:45 GMT
via: 1.1 0a58752d78fb248f2488304f0f93599a.cloudfront.net (CloudFront)
accept-ch: UA, Platform, Arch, Model, Mobile
x-amz-cf-pop: CDG52-P4
x-cache: Miss from cloudfront
content-type: image/gif
content-length: 43
x-amz-cf-id: v72l2XaJ4zAnghCqHLxxb-emGE5wOz8mDCLh4hBpwnFRV3PMge5i9Q==

GET
H2 200 up Show response
insight.adsrvr.org/track/ Frame 9CEB 0
182 B 152ms
47ms Document
text/html 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=1jw5cvl&ref=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D141192DFC58B4C938068143DDD521636&upid=hqgowpz&upv=1.1.0&id=ttdUniversalPixelTag1689097425047&td1=Sapient_cbol_citi_fraud_prevention_lp
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://citicards.citi.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private,no-cache, must-revalidate
content-type: text/html
date: Tue, 11 Jul 2023 17:43:45 GMT
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

GET
H2 204 16001692.js Show response
bat.bing.com/p/action/ 0
118 B 127ms
127ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/16001692.js

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Tue, 11 Jul 2023 17:43:44 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1DF52F88210846849E551F0797C195DF Ref B: FRA31EDGE0720 Ref C: 2023-07-11T17:43:45Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
287 B 43ms
43ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=16001692&Ver=2&mid=0d77edc9-6af6-4adc-a2e1-419e107d5594&sid=7baf6090201211eea3e02d764019b629&vid=7bafbab0201211ee852fef9a3b75b67c&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Fraud%20Prevention%20%7C%20Citi.com&p=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D141192DFC58B4C938068143DDD521636&r=&lt=3612&evt=pageLoad&sv=1&rn=60906

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 11 Jul 2023 17:43:44 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0B411DB87511477D837D31E6046B80A4 Ref B: FRA31EDGE0720 Ref C: 2023-07-11T17:43:45Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 0
bat.bing.com/action/ 0
232 B 101ms
101ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=16001692&Ver=2&mid=0d77edc9-6af6-4adc-a2e1-419e107d5594&sid=7baf6090201211eea3e02d764019b629&vid=7bafbab0201211ee852fef9a3b75b67c&vids=0&msclkid=N&ec=Sapient_cbol_citi_fraud_prevention_lp&ea=Application&p=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm&sw=1600&sh=1200&sc=24&evt=custom&rn=883743

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 11 Jul 2023 17:43:44 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E7FCAB46AD4D4200921FEE094BC9C32A Ref B: FRA31EDGE0720 Ref C: 2023-07-11T17:43:45Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 16003743.js Show response
bat.bing.com/p/action/ 0
118 B 119ms
117ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/16003743.js

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Tue, 11 Jul 2023 17:43:44 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7F2ECD1207BE45BBB2505605D560EA0A Ref B: FRA31EDGE0720 Ref C: 2023-07-11T17:43:45Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
231 B 96ms
95ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=16003743&Ver=2&mid=96eac215-d3b4-4abd-97f7-2f615f7dc3cf&sid=7baf6090201211eea3e02d764019b629&vid=7bafbab0201211ee852fef9a3b75b67c&vids=0&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Fraud%20Prevention%20%7C%20Citi.com&p=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D141192DFC58B4C938068143DDD521636&r=&lt=3612&evt=pageLoad&sv=1&rn=485433

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 11 Jul 2023 17:43:44 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0D560C47002D4FB79C6CEB67DDC68DF3 Ref B: FRA31EDGE0720 Ref C: 2023-07-11T17:43:45Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 0
bat.bing.com/action/ 0
231 B 95ms
95ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=16003743&Ver=2&mid=96eac215-d3b4-4abd-97f7-2f615f7dc3cf&sid=7baf6090201211eea3e02d764019b629&vid=7bafbab0201211ee852fef9a3b75b67c&vids=0&msclkid=N&ec=Sapient_cbol_citi_fraud_prevention_lp&ea=Application&p=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm&sw=1600&sh=1200&sc=24&evt=custom&rn=609688

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 11 Jul 2023 17:43:44 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7D7B3C5E080A4A5689CAB9190522E8A9 Ref B: FRA31EDGE0720 Ref C: 2023-07-11T17:43:45Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 12.ab92b717dec244c92313.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 68 KB
21 KB 40ms
39ms Script
application/javascript 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/12.ab92b717dec244c92313.chunk.js?Q_CLIENTVERSION=1.95.0&Q_CLIENTTYPE=web&Q_BRANDID=citicards.citi.com

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1aa2b97a967263d27c2f5591098fdae938891217f7288d1bf03b800963c3d270

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 84925
cf-polished: origSize=70533
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 29 Jun 2023 19:16:39 GMT
cf-bgj: minify
server: cloudflare
etag: W/"11385-18908960dd8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7e52d9bb7d2b9223-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin: *

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/ 3 KB
2 KB 80ms
80ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1689097425217&cv=11&fst=1689097425217&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D141192DFC58B4C938068143DDD521636&hn=www.googleadservices.com&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&auid=576882318.1689097424&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9c2b4989f8983674fadd31b02acad3b368db13284db8022c748f011140277a4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:43:45 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1439
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/ 3 KB
2 KB 89ms
89ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1689097425243&cv=11&fst=1689097425243&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D141192DFC58B4C938068143DDD521636&hn=www.googleadservices.com&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&auid=576882318.1689097424&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dc8ddb1ae2050e8d977a4ec97ee679301b9d8dab1903d63fa296467a354ece01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:43:45 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1438
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/ 3 KB
2 KB 66ms
65ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1689097425266&cv=11&fst=1689097425266&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D141192DFC58B4C938068143DDD521636&hn=www.googleadservices.com&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&auid=576882318.1689097424&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

93bb78a6dccb8271fe4bf892874fbd47d43640c6071dcc4a9a823bacc4b0ffcc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:43:45 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1426
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/ 3 KB
1 KB 72ms
72ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1689097425287&cv=11&fst=1689097425287&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D141192DFC58B4C938068143DDD521636&hn=www.googleadservices.com&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&auid=576882318.1689097424&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

db26e6871df268714720104be0681cf350be96a51d4db4332c8d33d737dc3620

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:43:45 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1436
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/ 3 KB
1 KB 69ms
69ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1689097425308&cv=11&fst=1689097425308&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D141192DFC58B4C938068143DDD521636&hn=www.googleadservices.com&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&auid=576882318.1689097424&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

99b5f1f00945084cdc4423b43a267c30090132f6b0985c6a36fda333c595d117

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:43:45 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1439
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/ 3 KB
1 KB 66ms
66ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/?random=1689097425332&cv=11&fst=1689097425332&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D141192DFC58B4C938068143DDD521636&hn=www.googleadservices.com&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&auid=576882318.1689097424&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3e01224869b0406a6326985de8c3e6b990132a8095bd5eee45d26bb1b52cc1c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:43:45 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1441
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/ 3 KB
1 KB 68ms
68ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1689097425345&cv=11&fst=1689097425345&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D141192DFC58B4C938068143DDD521636&hn=www.googleadservices.com&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&auid=576882318.1689097424&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

21ccb9322d405b6e66387f50d80d9b40099fadf1208e095995ea1ef88c0d429a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:43:45 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1439
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/ 3 KB
1 KB 64ms
64ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1689097425386&cv=11&fst=1689097425386&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D141192DFC58B4C938068143DDD521636&hn=www.googleadservices.com&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&auid=576882318.1689097424&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a0f8c9d451a458e8c8d14eee6a60a16f5af34fd7502a1ece07bdf0604e5e4795

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:43:45 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1428
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 Targeting.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 9 KB
2 KB 224ms
223ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_3VI8kkudS0JJRFc&Q_CLIENTVERSION=1.95.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e2978a88575201e7522c4ad0ab918414fca5bfb63c3cbc47a2b812abff6e449d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://citicards.citi.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Tue, 11 Jul 2023 17:43:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://citicards.citi.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
permissions-policy: camera=(), geolocation=(), microphone=()
trace-id: a76a76327ca3fda6
cf-ray: 7e52d9bcde4a9223-FRA
timing-allow-origin: *

GET
H2 200 /
www.google.com/pagead/1p-user-list/916451471/ 42 B
108 B 86ms
34ms Image
image/gif 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/916451471/?random=1689097425125&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D141192DFC58B4C938068143DDD521636&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=925758226&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:43:45 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/916451471/ 42 B
455 B 85ms
32ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/916451471/?random=1689097425125&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D141192DFC58B4C938068143DDD521636&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=925758226&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:43:45 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/644574043/ 42 B
108 B 86ms
34ms Image
image/gif 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/644574043/?random=1689097425217&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D141192DFC58B4C938068143DDD521636&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4251103155&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:43:45 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/644574043/ 42 B
108 B 87ms
36ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/644574043/?random=1689097425217&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D141192DFC58B4C938068143DDD521636&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4251103155&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:43:45 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/819500023/ 42 B
108 B 86ms
35ms Image
image/gif 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/819500023/?random=1689097425266&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D141192DFC58B4C938068143DDD521636&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3891832488&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:43:45 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/819500023/ 42 B
108 B 84ms
33ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/819500023/?random=1689097425266&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D141192DFC58B4C938068143DDD521636&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3891832488&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:43:45 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/695231162/ 42 B
108 B 88ms
37ms Image
image/gif 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/695231162/?random=1689097425243&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D141192DFC58B4C938068143DDD521636&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3118549827&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:43:45 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/695231162/ 42 B
108 B 85ms
35ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/695231162/?random=1689097425243&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D141192DFC58B4C938068143DDD521636&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3118549827&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:43:45 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/10955006959/ 42 B
455 B 83ms
34ms Image
image/gif 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10955006959/?random=1689097425332&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D141192DFC58B4C938068143DDD521636&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2417470169&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:43:45 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/10955006959/ 42 B
108 B 36ms
35ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/10955006959/?random=1689097425332&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D141192DFC58B4C938068143DDD521636&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2417470169&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:43:45 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/959299794/ 42 B
108 B 37ms
36ms Image
image/gif 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/959299794/?random=1689097425287&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D141192DFC58B4C938068143DDD521636&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=698900627&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:43:45 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/959299794/ 42 B
108 B 40ms
39ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/959299794/?random=1689097425287&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D141192DFC58B4C938068143DDD521636&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=698900627&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:43:45 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/960621875/ 42 B
108 B 34ms
33ms Image
image/gif 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/960621875/?random=1689097425308&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D141192DFC58B4C938068143DDD521636&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3016639473&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:43:45 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/960621875/ 42 B
108 B 35ms
34ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/960621875/?random=1689097425308&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D141192DFC58B4C938068143DDD521636&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3016639473&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:43:45 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/975701947/ 42 B
108 B 35ms
34ms Image
image/gif 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/975701947/?random=1689097425345&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D141192DFC58B4C938068143DDD521636&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3431395763&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:43:45 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/975701947/ 42 B
108 B 36ms
35ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/975701947/?random=1689097425345&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D141192DFC58B4C938068143DDD521636&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3431395763&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:43:45 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/830907969/ 42 B
108 B 33ms
32ms Image
image/gif 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/830907969/?random=1689097425386&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D141192DFC58B4C938068143DDD521636&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1480133479&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:43:45 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/830907969/ 42 B
108 B 36ms
36ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/830907969/?random=1689097425386&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D141192DFC58B4C938068143DDD521636&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1480133479&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:43:45 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 CoreModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 102 KB
32 KB 37ms
37ms Script
application/javascript 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.95.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b9265f44392cf6867327d090d6553738c6ce2223ffa70dd3bf82885f6b2d7be6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 84937
cf-polished: origSize=105216
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 29 Jun 2023 19:16:39 GMT
cf-bgj: minify
server: cloudflare
etag: W/"19b00-18908960dd8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7e52d9be3fc39223-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin: *

GET
H2 200 7.cff97ca457c7bcbf778b.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 2 KB
919 B 40ms
39ms Script
application/javascript 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/7.cff97ca457c7bcbf778b.chunk.js?Q_CLIENTVERSION=1.95.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f2f6e980489a52d69fd72e2bc3c3eeb96bf851d0df449fc865637d63ee4775ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 84936
cf-polished: origSize=2522
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 29 Jun 2023 19:16:39 GMT
cf-bgj: minify
server: cloudflare
etag: W/"9da-18908960dd8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7e52d9be98149223-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin: *

GET
H2 200 1.0c5a57685cec0137b83a.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 28 KB
7 KB 44ms
43ms Script
application/javascript 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/1.0c5a57685cec0137b83a.chunk.js?Q_CLIENTVERSION=1.95.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2bab576a1654b30cbc8ea7514784fe81dd0d35450205e30f0a66498faf577757

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 84936
cf-polished: origSize=29374
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 29 Jun 2023 19:16:39 GMT
cf-bgj: minify
server: cloudflare
etag: W/"72be-18908960dd8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7e52d9be98159223-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin: *

GET
H2 200 FeedbackButtonModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 63 KB
23 KB 40ms
40ms Script
application/javascript 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/FeedbackButtonModule.js?Q_CLIENTVERSION=1.95.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b24c5b325810b01a60487c8a42151b8f6ac44d1173722ec526c54fe7c4b7c762

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 84904
cf-polished: origSize=65177
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 29 Jun 2023 19:16:39 GMT
cf-bgj: minify
server: cloudflare
etag: W/"fe99-18908960dd8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7e52d9be98189223-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin: *

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 5 KB
2 KB 572ms
527ms XHR
application/json 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_0AioryRkl8bxHM2&Version=21&Q_ORIGIN=https://citicards.citi.com&Q_CLIENTVERSION=1.95.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25ca4a79f782688bb53814c6f6d6a4c97838c77c6629837c873571f0b511253e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

servershortname
date: Tue, 11 Jul 2023 17:43:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
content-encoding: br
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 11 Jul 2023 17:43:46 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7e52d9beea319207-FRA
expires: Fri, 08 Jul 2033 17:43:46 GMT

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 2 KB
702 B 629ms
584ms XHR
application/json 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_6sPqDX4wKQujPO6&Version=1&Q_InterceptID=SI_0AioryRkl8bxHM2&Q_ORIGIN=https://citicards.citi.com&Q_CLIENTVERSION=1.95.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d606706bc014b445cce648ddb3b4a05c10e012317100eb36ef6080580515a0bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

servershortname
date: Tue, 11 Jul 2023 17:43:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
content-encoding: br
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 11 Jul 2023 17:43:46 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7e52d9beea339207-FRA
expires: Fri, 08 Jul 2033 17:43:46 GMT

GET
H2 204 r.rnc
data.privacy.ensighten.com/privacy/v1/b/ 0
106 B 175ms
175ms Image
text/plain 52.52.16.210
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.privacy.ensighten.com/privacy/v1/b/r.rnc?n=1&c=1129&i=5yrs4w&p=na_prod&s=15679&d=8HB7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNjExIiwiY2xpZW50SWQiOjExMjksInB1Ymxpc2hQYXRoIjoibmFfcHJvZCIsImluc3RhbmNlSWQiOiI1eXJzNHciLCJwYWNrZXQiOjEsIm1vZGUiOiJlbmZvcmNlWgDwCG9va2llcyI6eyJCQU5ORVJfTE9BREVEkQDyJyJ9LCJlbnZpcm9ubWVudCI6IkNCT0wgUHJpdmFjeSIsInJlcXVlc3RzIjpbeyJkZXN0aW5hdM4A8Q5odHRwczovL2NpdGkuYnJpZGdldHJhY2suY29tLwoA8CsvP2lkPTY1MzQ1JnJhbmRvbT0zLjEwNzg3NzA1NTMzMDE1RSsxNyIsInR5cGUiOiJpbWciLCJzdGFyywDANjg5MDk3NDIzNzY5pgAAGwEGFACQNzAsInNvdXJjOQAxbXV0lgCiT2JzZXJ2ZXJDTEgAoXR1cyI6ImxvYWTLAEBhc29uygDUXSwiZGF0YVBhdHRlchIAsWxpc3QiOltdLCJpagDfOTAxNjMxMTM4MDB9LPwABfEAc2NyaXB0LmNyYXp5ZWdn-wBjcGFnZXMv9gGiZWQvY29tbW9uLSsA9hZzLzYxZjI2ODlkOTVlOTRjNmVmNTk5MjAyZWRkMzI0MDFjLmpzEgECNQACzQALFQEtNDYVAS84MBUBTb84ODMwMDUwNzEyOBUBB_EAbmV4dXMuZW5zaWdodGVuFQEAJQIiL27GAhMvpQHwFm9tcG9uZW50LnBocD9uYW1lc3BhY2U9Qm9vdHN0cmFwcGVyJnPZATBjSnMIAx89WQAOY2NvZGUvJjsD8h5lZE9uPVdlZCUyMEp1bCUyMDA1JTIwMTU6NDg6MDQlMjBHTVQlMjAyMDIzJkN-AyBEPX0DgSZQYWdlSUQ94QKQJTNBJTJGJTJGwgBgY2FyZHMuCgAA1QAAFQDwAmJvbCUyRmZyYXVkcHJldmVuHQP_aCUyRmRlZmF1bHQuaHRtJTNGQlREYXRhJTNERUZlLkIuZ0FCNGYuQi5CMCEuU0VPei5lR0kubFlnLnhHIS5Cai5TWC4wZi5FJTI2UHJvc3BlY3RJRCUzRDE0MTE5MkRGQzU4QjRDOTM4MDY4MTQzRERENTIxNjM2NwITHzc3AgAfNEwDTo84ODIwODgwOUwDCIVtZXRyaWNzMWAB8BsvaWQ_ZF92aXNpZF92ZXI9NC40LjAmZF9maWVsZGdyb3VwPUEmbWNvcmdnBPREMTgzNEQ5QjUyMjhBNzQzMEE0OTBENDUlNDBBZG9iZU9yZyZtaWQ9Mzg3MjA5MjkyNjk0MzA2NDk2NTIxNTk3MzM5ODI4MzE1OTkxMjkmdHM9MTaBBDY4MTNcAT94aHKQAwE-ODEzWQEAFAAFpQSyWEhSX01BTkFHRVJBAAKeBG9hbGxvd2WhBCCvODkwMDUzMjYwMIwDCA9VAf9DD4gEE_AaN2M4YWUxZjljMjA2OTMwMDI4NjcyOTQ5YzY3MDNmNmQuanM_Y29uZGkzBKdJZDA9NDg0OTk2awIP_gUHPjgwMm4CGDLHA8hpbnNlcnRCZWZvcmVvAg8NByO_ODkxMjczNTgyMjL4BSgBnwUPFwFLHzQXAQwPKghBBh0BHzQdAS3_EWE4ZTZlNzU2NDVhNDc4NzQzNzAxYTBkZTI5ZGI0NjYxNAIAVjk3MDk5nwQPNAIdFzX7BQ80AjyfNzk0MzQ4NDYyFwGMDzQCAQgXAQ80AkIFHQEfNjQCLf8QYzY1YTM2MDllMWJlZWQ3Mjk1NWI4OGFmYWM4Y2QzMWgEATAwODh0DAN3Cw8zAh0fNzMCSI84NDI0Mjc4MdMGCA9-BRMPFgFKDzICAQgWAQ8yAkMDHAEfMkQJCA8cARP_EDkzOTM1YTQwOTY1MTY0NDcxNzJkOWQzZjFkMjM3MTAyAgBfMzMwNzJlBBMfMYIFAB85MgJJfzUwMjQ4MjVlBC4PFgFKDzICAQgWAQ8yAkQDHAEfN2QELf8RYjE2OWI1MjExYWJjYjU5NTk3YzJhNTBkMDgzNGRhZDaYBgBfNTQ4MzQzAhMPOgsAAAMRBToLD5gGO685MTEyODU2MjUwzAguDxcBSw80AmEGHQEfMzQCLf8POTNiZDExNzNlMDA0YzVmMTRjOGMzMTI3NzRhMTc3NAIBXzkzNjYzmQYUDzQCABgz_hAPNAI7vzg3NTA3Mzg4ODc1FwGLDzQCAAkXAQ9oBEMEHQEPzAguEGaAAv8LYzRmNGNjMmRhN2JjNzYwOTU3ZGExZDBhNDdoBAE3Njc1QxQPzAgJDzMCAR8xmgZHnzk3NjI0MjkxMX4FLg8WAUoPMgIBCBYBDzICQgUcAQ_oCS7-ETlkOWE3NjY3ZWRhMTY0MjFiNzU5ZDNlNGFlMzRkMjVmmgYAhg8PMQ0UDzICAR8yMgJHnzgyNDk0MTU0OJkGLg8WAUoPMgIBCBYBDzICQgUcAQ-YBi7wB2Q3OTU0MTdkMTJjOGYxMjZlNjRlMDBADW42YWJiNTUyAl8yMTkwOMsIEw-XEQAfNpcRSJ83MDI3MTk0NTb-Ci4PFgFKDzICAAkWAQ8yAkIFHAEPlgYu4WNjYjkxMGYzYjI4NjY1Jg3dNjZjYjZlZjNlZGM0MzICbzMwMTMzM5cGJy84NmUERgCQBm82ODIwMDcXAYwPNAIACRcBDzQCQQYdAQ-0By_9EDc5YWU3NDUyNjRiNDNmM2ZhYWFiODdiZjNjZGI3NWI0Al80NTU4OTMCFA8cAQAnOTgzAg8cAUGfODc2NDAwMjM4OQIJABsbCiUbay9jYm9sLyEb7y9qcy84NTEuYnVuZGxl8hwVLTY4WxAoOTAqAwAzHGBuZENoaWxPGQA7HA8AHii_ODkxNzIwMDk3MTHzCwcP8ABLDvceCvAAD-cBQgX3AA-FCAjwBXd3dy5nb29nbGV0YWdtYW5hZ2VyEh2AL2d0YWcvanP4H0BEQy02nRofMAUQEx4zOgcvOTVWCE6PNzYxNjE1NzNwFAkB5AGQb3JwY3JlZGl0vB7yE2ljLnR0Lm9tdHJkYy5uZXQvcmVzdC92MS9kZWxpdmVyeT_OIR89OwABQCZzZXMQIvMVSWQ9NGJhNGI5YzEyYWIzNGVlOGJiZjNmMWExYThlZjEwYzEmRSBCPTIuMToiA7IVD4QcBC45NrEKARQABUoRD4QcPa85MDMzODk0NTcxLgIIDwYBAQ9BAZkIwAkPQQFjgTEucmZpaHVibQKfanMvdGMubWluOAUUPjgyNTgFAFMjBRYCD0gEQ381MTYyMDExzQwJD0gEFZA0MTU4MTImbD23I69MYXllciZjeD1jkwsRAUUEIWVu0yMD0B8_NDAx4Q5OjzgxMzg2MTEwZBQJABgDcS5kZW1kZXjZAQBfJRA1MiK_bD9kX25zaWQ9MCOEIg0GAwFTaWZyYW3rHQorJC04MEkGKTQwYRUPOQc7jzgxNjc2MzY2-gEJD_wAVh0xJyUL_AAP_QJCBQMBHzk8CAcP_QIVbzI1NjcxMP0CJA2OGTg0MDOqGg8nFTyfODcwMTExMTMx-ABtDU4IC_gAD_YBQwP-AA-iGwkP9gEWTzY5MzLzBCUP9gEAGDQgDA_2ATswOTAzGRc_NTM4zhMID_gAUg_2AQAJ-AAP9gFBBv4AD_QCCADvBA8YDRQ_MjgzGA0bLTkw4Ac4NDA1tQgP9wBBrzg3NzI1NzczMzL3ADQvMjX3AC8oNDIPDg_3AEOPNjUyMzQxNTmIFAiUMjA3NjY2OTlwtwkAEi0iY2HbBwDKKPQEOSZyYT01NzEmcmI9NjQ4JmNhPTQA8QAmX289MTcxNjkxNzUmX3RDDAs-D8BscCZfcmV2PTEmX3BTJQAJAPEFb3JkZXJpZD0xJnNzdl9jdXVpZD0LAMJwYWNrYWdlPW51bGwRADByb2TsLAcSADBhZ2V_Kw9sAAQvcGUKK1E8JTIxDCsAEwAPDisnQCZwZj1nAfcANDUxNTAxNTYxMjU3MDA2yBUPMgkHLTk2Jis4NDQ2NQoPQgU9fzYzNzkyOTNXLQkEIgIPVgL_qQ6ICwpWAg-yBEEjOTBcAh8zOCQID6AGFSFpbd0wcGhlYWRlci02ANAtbG9nby1kYXJrLnN2vzEDoxAPzDEDPjQ0MQQBHzaPDVCPNTYxMzA5MDMoGQgAzgAPpAcRAwQBUHNwb29m1jGvZWVuLW1vYi5wbv8AEB4ymwk_NjQzuxVOfzAyODkxOTYqLgkP_wAcT2JhbmvzABQOlgkvNjVgKU6POTQ2MjUzMjiFDg0P8gEYD_MAGA2hFx808wBZD-UCN99wZXJzb25hbC1pbmZv7wEUD_wAAQhzDg_lBEEgODlyCU8yNjg1uRkID-ICHA_8ACEP6wIBD_wAVw-cJAgP_AAcj3N1cnByaXNl8wEoCHAOD_MBQ481ODM5MzgyNKAZMATUBQ_3ABsNbhc_NDY19wBXD88HN29yb21hbmPtARUP5AIBD8sqT381OTY1NTkyjRsxA-0BD_YAGw_WBAEP9gBXD20OCA_aAxxfcmVtb3TrARUP9QAAGDZlKQ_YA0PANzk0NDI4NjM4fV19
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.52.16.210 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-52-16-210.us-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:46 GMT
cache-control: no-cache, no-store
server: nginx
expires: Tue, 11 Jul 2023 17:43:45 GMT

GET
H2 204 r.rnc
data.privacy.ensighten.com/privacy/v1/b/ 0
106 B 174ms
173ms Image
text/plain 52.52.16.210
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.privacy.ensighten.com/privacy/v1/b/r.rnc?n=2&c=1129&i=5yrs4w&p=na_prod&s=15685&d=8HB7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNjExIiwiY2xpZW50SWQiOjExMjksInB1Ymxpc2hQYXRoIjoibmFfcHJvZCIsImluc3RhbmNlSWQiOiI1eXJzNHciLCJwYWNrZXQiOjEsIm1vZGUiOiJlbmZvcmNlWgDwCG9va2llcyI6eyJCQU5ORVJfTE9BREVEkQDyJyJ9LCJlbnZpcm9ubWVudCI6IkNCT0wgUHJpdmFjeSIsInJlcXVlc3RzIjpbeyJkZXN0aW5hdM4A8ANodHRwczovL2NpdGljYXJkcy4KAPAGLmNvbS9jYm9sL2ZyYXVkcHJldmVuMgDwDy9pbWFnZXMvcmVtb3RlLnBuZyIsInR5cGUiOiJpbQ0AQHN0YXLEAMA2ODkwOTc0MjQ0MjKfAAAUAQUUAKA2NjAsInNvdXJjOQAxbXV0jwDxC09ic2VydmVyQ0wiLCJzdGF0dXMiOiJsb2FkxABAYXNvbsMA1F0sImRhdGFQYXR0ZXISALNsaXN0IjpbXSwiaWoAvzc5NDQyODYzNn0s9QA0j3NlY3VyaXR59wAUHzT3AAAfMfcATJ85MDgxNzg1MzP3AGcfM_cAah817gE2IGxvYAIP7QEVHzX2AAAfMu0BTL84OTgyNTAyMDU2OPYAZA_sAQEP9gBXD9oDN39naW1taWNr2QMUD-wBAR8z7AFMrzkwNjY0MTEzNTb2AGUPxgUBD_YAVx8z4gI2D-wBGw_iAgEP9gBXHzT2ADYAMgevLWNvbXByb21pc7oHFQ_qAmG_ODk5MDI5NzMxMzL-AGwP_AFhBv4AHzD-ADY_cGlu2gQUD-QDYp8xMDkzMzg4Mzi8BzcP8gAXD-QBYRU58gAPzAU3T3plbGzWAxUP5gEBHzTABkyfODgwODAzNzYxwAY4D_QAGQ_oAQEP9ABXHzfMAzb_AGhhbGYtc2NyZWVuLW1vYtgDKA_-AE-fMzIzOTI1MDYx_gA2X2VtYWls9ACJnzcxODc3NjYzMbwGNw_0ABkPcw4BD-gBTgX0AA-uCDdPbW9iac8EFg_1AAEfNc8ETK85MDkyNzE1NTUx9QBkD9AEAQ_1AFcPjgs3T3Bob264BhUPjgoBD_QATa84ODMzMzMxNzM39ABjD-gBYQb0AA-6BTevZnVuZHJhaXNlcr8FKA_tAU9_NDgxNTQ4ObMGOA_5AB4PzwRhJDg4-QAP5gI3z2dyYW5kcGFyZW50c_QBFA_tAmKfNzM5NDQ3NTQ3jQs3D_sAIA_2AWIF-wAPoAo3T3RleHTuAYifOTAzMTc5OTg0MxU4D_MAGA_CBmEF8wAfN1IQN5FpY29uLWFuaW24GU8uZ2lmBxoPLTE5IxcvNzMQGU8BbA8_Mzg1qAk333Nwb29mLW51bWJlcnOMDR8eMQcBLzQ4rwpMrzg5OTg3MTYzNjdkETcvaXLXBRUN3AQ_NTA0ywdOnzk0MzgxMDk4OPYCOA_yABYNyQYP8gBZLzc5cA8HAIAe9g0ucmVwb3J0Lm5hY3VzdG9tZXJleHBlcmllbmNl_h2SZ2xhc3Nib3gvLgDyHmluZy83OThiMmYxMi05MTYyLTRhOTQtOTFlZS04MDVkODgzY2EyNjYvY2xzXzMAID9fDADxHHM9OTIxODNjMjAtYTA4MS00NjVmLWI2MDgtNTg5ODNlN2VjZDI1JTNBMCYwAPEedj04N2E1NDkxYi05ZGRiLTQ0MzktYTczMS02NmJmOGZhZjRhZDcmcHY9MiZmMgBmcz10cnVlgQQyeGhyQB4JiB49NTA1fgUCFAAFiB6yWEhSX01BTkFHRVJBAAKBHm9hbGxvd2WEHiGfNzEyNDc3ODQ4kgH_m_EFd3d3Lmdvb2dsZXRhZ21hbmFnZXIRIdBndGFnL2pzP2lkPUFXBQNQNDUxNDf4IQMCIWJzY3JpcHQ8Agt9Aiw0N_cFRzUxMzf3BbBpbnNlcnRCZWZvcswCD_8gLK85MTEwNjgzNzAxGx4ID-kAQh41_AQK6QAP7iFBBe8AHzLnBwiRcC50dnBpeGVszQH1BmNvbS5zbm93cGxvd2FuYWx5dGljcxIATy90cDJSBA4vMTXVAQAAFAAPUgRJfzg1NjYwNzjXAQgP6ABAHji9Ahg1tAgPOgVAA-gADzoFCBlj0AFganMvY3Vybg5RL2RwbV_pAcBfbWluLmpzP2FpZD3XJPADLWQ0Zjg1ODI0LTEzNTEtNDU1wgb7CWZmLWZkYjU2Zjk2MmM1YyZjb21zY29yZVcGD90DCB01UhkpNTEgAQ_dAzyfMDQyMjY5Mzc4ZhYJDx4Bdw4ACgoeAQ8SBEIFJAEPEgQI8R1pbnNpZ2h0LmFkc3J2ci5vcmcvdHJhY2svdXA_YWR2PTFqdzVjdmwmcmVmPSknkCUzQSUyRiUyRk4CCi8nABUAa2JvbCUyRjMn8GQlMkZkZWZhdWx0Lmh0bSUzRkJURGF0YSUzREVGZS5CLmdBQjRmLkIuQjAhLlNFT3ouZUdJLmxZZy54RyEuQmouU1guMGYuRSUyNlByb3NwZWN0SUQlM0QxNDExOTJERkM1OEI0QzkzODA2ODE0M0RERDUy6gvwEiZ1cGlkPWhxZ293cHomdXB2PTEuMS4wJmlkPXR0ZFVuadIoMGFsUBEFRFRhZzGcJ8A1MDQ3JnRkMT1TYXDNKBBfBygQX_AAEV_ZABZfDSg2X2xwJAVTaWZyYW26Bgr8BhAx7ScjZW6XJwEVKBE1FAAUcwEo8ghIVE1MSUZSQU1FX1NFVEFUVFJJQlVURUkHD4UJLK85MDI4Njg4NDI5CQIIKGpzBAIwdXBfdSgxZXIuMwE2Lmpz5wAPBgQJD_oGAAD7AAXnAA8GBDuvODcxMzkzMDQ0N9kATg_BAwAJ2QAPwQNBBt8AD7MOCIFiYXQuYmluZ9IHIWFjoirxojA_dGk9MTYwMDE2OTImVmVyPTImbWlkPTBkNzdlZGM5LTZhZjYtNGFkYy1hMmUxLTQxOWUxMDdkNTU5NCZzaWQ9N2JhZjYwOTAyMDEyMTFlZWEzZTAyZDc2NDAxOWI2MjkmdmlkPTdiYWZiYWIwMjAxMjExZWU4NTJmZWY5YTNiNzViNjdjJnZpZHM9MSZtc2Nsa2lkPU4mcGk9MTIwMDEwMTUyNSZsZz1lbi1VUyZzd60AQCZzaD0fALAmc2M9MjQmdGw9RnorRSUyMFB9K9AlMjAlN0MlMjBDaXRp8wAvJnCXBJ_wEXI9Jmx0PTM2MTImZXZ0PXBhZ2VMb2FkJnN2PTEmcm49egEWNnADD1UsAz81MTaTCAAAFAAFbQMBVAQArSwPUwRBjzU1MDY2NTQzIBkID5sCjRcwmwIvZWPuBROhJmVhPUFwcGxpY_gTD38CNx8mBgMDACECAqQQABoCbzg4Mzc0MxsCDy43MK4KGDdpFA8bAkivODcyMjE0NjIzN5sJCAkbAgANAA9hBhUNOxQpNTHZAA9hBjyfODk0NDA2ODExFRoIAL8ABYIFAA0AD8wAFQ8tBwAJzAAPVAZCBdIAD1QGJQCCAgdUBv8VOTZlYWMyMTUtZDNiNC00YWJkLTk3ZjctMmY2MTVmN2RjM2NmVAY9CLkDH3BUBv8UXzQ4NTQzOgQRD-kIABg3QCMPOgRJnzk3MTMyNDg3M24DFQzwCA-cAnwPVQaTbzYwOTY4OFUGEA_rEQAYN8ATDxsCSRA41zNPNjk2NaMeCAB8BQ-JBSIPvBAACdkAD1UGRQ-2DAgPzAAmD8ADAQilAQ9VBksPngEI8AN6bjN2aThra3VkczBqanJmYy1SD_AOZmVlZGJhY2suc2l0ZWludGVyY2VwdC5xdWFsdHKPFACHN_ECU0lFLz9RX1pJRD1aTl8zVklHAHZTMEpKUkZjuQIPmQ4ILjQ2EQkYOMUwoGFwcGVuZENoaWzmGA97FixAODc5NVEhLzkwyQQIDxABag-jFgEYOOcFDycCQgQXAR8xkRwID5IXFMA2NDQ1NzQwNDMmbD3ZMZ9MYXllciZjeD0QAhIuMTMnAxAyrjoFPA0P8wM-bzkxOTM4MkgKCQ_6AFQOxgUK-gAP-gFCIzg5AAEPIQQIDwABFY85NTIzMTE2MvoBJA4DHT8yNTaGGkbgODk4MTIwMDI2OTh9XX0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.52.16.210 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-52-16-210.us-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:46 GMT
cache-control: no-cache, no-store
server: nginx
expires: Tue, 11 Jul 2023 17:43:45 GMT

GET
H2 204 r.rnc
data.privacy.ensighten.com/privacy/v1/b/ 0
106 B 177ms
177ms Image
text/plain 52.52.16.210
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.privacy.ensighten.com/privacy/v1/b/r.rnc?n=3&c=1129&i=5yrs4w&p=na_prod&s=14789&d=8HB7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNjExIiwiY2xpZW50SWQiOjExMjksInB1Ymxpc2hQYXRoIjoibmFfcHJvZCIsImluc3RhbmNlSWQiOiI1eXJzNHciLCJwYWNrZXQiOjEsIm1vZGUiOiJlbmZvcmNlWgDwCG9va2llcyI6eyJCQU5ORVJfTE9BREVEkQDyJyJ9LCJlbnZpcm9ubWVudCI6IkNCT0wgUHJpdmFjeSIsInJlcXVlc3RzIjpbeyJkZXN0aW5hdM4A-GZodHRwczovL3d3dy5nb29nbGV0YWdtYW5hZ2VyLmNvbS9ndGFnL2pzP2lkPUFXLTY5NTIzMTE2MiZsPWRhdGFMYXllciZjeD1jIiwidHlwZSI6InNjcmlwdCIsInN0YXJ0IjoxNjg5MDk3NDI1MTM3LCJlbmQUAKAyNTYsInNvdXJjPAAxbXV0mgCiT2JzZXJ2ZXJDTEgAoXR1cyI6ImxvYWTPAEBhc29uzgAwXSwihgBkUGF0dGVyEgCwbGlzdCI6W10sImmJAe82ODk4MTIwMDI3MDB9LAABBYFiYXQuYmluZ_QAIGFjHgHwpC8wP3RpPTE2MDAxNjkyJlZlcj0yJm1pZD0wZDc3ZWRjOS02YWY2LTRhZGMtYTJlMS00MTllMTA3ZDU1OTQmc2lkPTdiYWY2MDkwMjAxMjExZWVhM2UwMmQ3NjQwMTliNjI5JnZpZD03YmFmYmFiMDIwMTIxMWVlODUyZmVmOWEzYjc1YjY3YyZ2aWRzPTEmbXNjbGtpZD1OJnBpPTEyMDAxMDE1MjUmbGc9ZW4tVVMmc3c9rQAxJnNoHwDwCSZzYz0yNCZ0bD1GcmF1ZCUyMFByZXZlbtsA0CUyMCU3QyUyMENpdGnzADEmcD0KAvAEJTNBJTJGJTJGY2l0aWNhcmRzLgoAACMAABUAcGJvbCUyRmZQABdwTQD2jEZkZWZhdWx0Lmh0bSUzRkJURGF0YSUzREVGZS5CLmdBQjRmLkIuQjAhLlNFT3ouZUdJLmxZZy54RyEuQmouU1guMGYuRSUyNlByb3NwZWN0SUQlM0QxNDExOTJERkM1OEI0QzkzODA2ODE0M0RERDUyMTYzNiZyPSZsdD0zNjEyJmV2dD1wYWdlTG9hZCZzdj0xJnJuPTYwOTA2lwIyaW1nTAILlAIgNzE-AwMqAgKoAg-UAgsSQUcAApMCX2Vycm9ylAIfvzkwNTUwNjY1NDM0lAIHD5QDFJ84MTk1MDAwMjOUAyQeNgABJzc3lAPIaW5zZXJ0QmVmb3Jl-wAPjgMkrzg1ODU2Njk3Mjb6AG4PjgQACfoAD44EQgUAAR83AAEunzk1OTI5OTc5NPoBNy85OPoBR685MDE3NzcwOTcz-gBuD_oBAAn6AA_6AUIFAAEP9AMvnzk2MDYyMTg3NfoBJB009AM_MzIw-gFHrzgyMDE0NDUwMjj6AS8P-gAsDu4ECvoAD_oBQgQAAR8zgggID-4FFL8xMDk1NTAwNjk1OfwBJA8CAQAfNPwBSK85MzQ5ODMwOTY5_AEuD_wALw74Axkz_AAP_gFCBAIBHzf-AS-fOTc1NzAxOTQ3_AEkHjX4Ax817AdHvzkxMjQwNTI1NjYy_AEuD_oALQ_6AQAJ-gAP-gFBBgABD_IFLwBDA08wNzk29gMlD_oBAB85-gFHrzg3MDQzMDIxMDnmCTA_MzA5-gApD_oBAAn6AA_6AUEGAAEP8gYI8AhzaXRlaW50ZXJjZXB0LnF1YWx0cmljc20NhC9XUlNpdGVJHgDQRW5naW5lL1RhcmdldKcO9SdwaHA_UV9ab25lSUQ9Wk5fM1ZJOGtrdWRTMEpKUkZjJlFfQ0xJRU5UVkVSU0lPTj0xLjk1LjAXAIZUWVBFPXdlYh8NIHhoxwwcc7MPPTQwMDMEARQABbMPuFhIUl9NQU5BR0VSHgxvYWxsb3dlrw8ijzA4NzI4MTIzOwIIDzsB_0X_HWR4anNtb2R1bGUvMTIuYWI5MmI3MTdkZWMyNDRjOTIzMTMuY2h1bmsuanM_YgIUsCZRX0JSQU5ESUQ9ShAKVBAGfwIPNRIILzgzggIAFzGtCg_BA0R_MzYxMTY2NLcICIFzci5ybGNkbrIDYDQyNTQ2NgMR9iZsP2VzPTgwNjc2JnU9ZGEzOWEzZWU1ZTZiNGIwZDMyNTViZmVmOTU2MDE4OTBhZmQ4MDcwOQsBU2lmcmFtag8KrBA-MDQ4CwEnMTkLAaBhcHBlbmRDaGlsegMyc3RhphAPqw8ljzgxMjc4MDAzvwcIDwQBXh81DwIACQQBDw8CQhQ4CwEPtg8ID0QUjSYwJkQUYGVjPVNhcK4WYF9jYm9sX5wDEV_ZExZf2hPRX2xwJmVhPUFwcGxpY5gVDygUNw-vFAQAyhP3AWN1c3RvbSZybj04ODM3NDMbAw_EExcfNBQCCg_EEzGfODcyMjE0NjIz0BAJDxQCCgDdAAdYFv8VOTZlYWMyMTUtZDNiNC00YWJkLTk3ZjctMmY2MTVmN2RjM2NmWBY9DxQCn282MDk2ODgUAhAO-AkPFAJQnzg5MDgxNjk2Nb0ICA8UApkPbBj_FV80ODU0M6kEEQ-VAmKPOTcxMzI0ODdSCwn_HGluc2lnaHQuYWRzcnZyLm9yZy90cmFjay91cD9hZHY9MWp3NWN2bCZyZWYrGp_wEXVwaWQ9aHFnb3dweiZ1cHY9MS4xLjAmaWQ9dHRkVW5p3h2mYWxQaXhlbFRhZ7EcfzA0NyZ0ZDErBxMHkwQPwgkGLzE2Tw0ACXoVD8IJOq85MDI4Njg4NDI5gRAID_oB_1YOaBwZNPoBD7gKQQYBAh81ghMHAvgf8AdhZHMuZy5kb3VibGVjbGljay5uZXQvVh3wAmFkL3ZpZXd0aHJvdWdoY29uLwP2B2lvbi85MTY0NTE0NzEvP3JhbmRvbT07A9sxMjUmY3Y9MTEmZnN0GABBYmc9ZgEA8xEmZ3VpZD1PTiZhc3luYz0xJmd0bT00NWJlMzdhMCZ1X9IeI3Vf0x4_dXJsfQSfNmhuPdwXIGFk2SAxaWNl5xG_JmZybT0wJnRpYmGmHxIQYS8BpTU3Njg4MjMxOC5uAfAANCZ1YW1iPTAmdWF3PTAmFCERPewfMCUzRMEh8AAuY29uZmlnJnJmbXQ9MyYGABY0rwQPfA8IHzNtDQAYMnwPD68EOq84Nzg3NzU2Njg3cQ4ID64C__8LDtsaGTSuAg9jBUEGtQIPYwUICfMLI3AvYSQAryMAXCQ_LmpzjgMSHzaOAwEfMv8RRa85MDQyODA3NTU02QBOD4QjACg0MtkAD7kBQQXgAB81kCAID7kBBwC9Dw-5ARUfN7kBWq84NzkzMjE1Njk1fRgID9kANA_QDAAPuQFOBeAAD1ccCQ8nBiafNjQ0NTc0MDQz1QgATzIxNybVCAEAGAAP1Qj_ly8yMkYXAAm1Ah9hRhc5nzkwNDM0NTU2NP8fCQ-uAv__Cx459BkJrgIPHAdEA7UCHzE4DkAFsioPYwUBLzY2YwUDPzY2JmMF_5gfN4oLAR8zqgpFrzg3NDAwNzY0ODDKCQgPYwUmD64C_9EPxgoBCK4CD2MFQQa1Ag-cFQgPtQImBakzD2MFAT80MybGCgIvNDNjBf-ZHjXSJyg0MrUCD8YKOq84OTU3OTM1MTgzECMID64C__8LDxEIDQ9jBULQOTU3OTM1MTg0MH1dfQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.52.16.210 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-52-16-210.us-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:46 GMT
cache-control: no-cache, no-store
server: nginx
expires: Tue, 11 Jul 2023 17:43:45 GMT

GET
H2 200 Graphic.php
iad1.qualtrics.com/WRQualtricsSiteIntercept/ 2 KB
3 KB 127ms
28ms Image
image/png 184.30.20.101
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://iad1.qualtrics.com/WRQualtricsSiteIntercept/Graphic.php?IM=IM_2ghDuHHjeSOirNc

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.30.20.101 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-20-101.deploy.static.akamaitechnologies.com

Software

Resource Hash

25f4eeb23f67fe1d74534ed37230ecd54ab4f57524276970dcbeaaf3b0fc64f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy-report-only: report-uri https://sjc1.qualtrics.com/csp-report
content-disposition: inline; filename=feedback.png
content-length: 2196
x-request-id: 0abce294-f95c-4583-81bd-0a0bb9ba8dd6
referrer-policy: strict-origin-when-cross-origin
etag: "e6ed675f115fb1568bb1aabc00aa3f30"
content-type: image/png
access-control-allow-origin: *
x-transaction-id: fa71c5b9-a10a-4214-9451-3ae8bec5ef21
cache-control: public, max-age=44
permissions-policy: camera=(), geolocation=(), microphone=()
x-robots-tag: noindex
expires: Tue, 11 Jul 2023 17:44:30 GMT

POST
H2 200 / Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 45 B
217 B 133ms
132ms XHR
text/plain 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_Impress=1&Q_CID=CR_6sPqDX4wKQujPO6&Q_SIID=SI_0AioryRkl8bxHM2&Q_ASID=AS_etUBT4QUD9Btyf4&Q_CLIENTVERSION=1.95.0&Q_CLIENTTYPE=web&r=1689097426457

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f47f21063dfdcbdeffed3d97689b45efae7a52401cd7fc5b8d07c42d2f232ab9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://citicards.citi.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Tue, 11 Jul 2023 17:43:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: strict-origin-when-cross-origin
cf-cache-status: DYNAMIC
content-encoding: br
x-content-type-options: nosniff
server: cloudflare
vary: Accept-Encoding
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://citicards.citi.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
permissions-policy: camera=(), geolocation=(), microphone=()
trace-id: e0e89efbfc48fe82
cf-ray: 7e52d9c36d969207-FRA

GET
H2 200 wr-dialog-close-btn-white.png
siteintercept.qualtrics.com/WRQualtricsShared/Graphics/siteintercept/ 254 B
571 B 43ms
43ms Image
image/png 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://siteintercept.qualtrics.com/WRQualtricsShared/Graphics/siteintercept/wr-dialog-close-btn-white.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cd5496f75a7c1029bc681f639794b83f034d5ecd884e8514ae12b13eee9eec70

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires: Fri, 23 Jan 2032 09:42:17 GMT
date: Tue, 11 Jul 2023 17:43:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 45993689
cf-polished: origSize=759
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
x-envoy-upstream-service-time: 4
content-length: 254
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 10 Jan 2022 17:59:44 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=315360000, public
accept-ranges: bytes
cf-ray: 7e52d9c36cca9223-FRA
trace-id: 352ac693724f814b
servershortname

GET
H2 204 r.rnc
data.privacy.ensighten.com/privacy/v1/b/ 0
106 B 173ms
173ms Image
text/plain 52.52.16.210
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.privacy.ensighten.com/privacy/v1/b/r.rnc?n=4&c=1129&i=5yrs4w&p=na_prod&s=9160&d=8HB7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNjExIiwiY2xpZW50SWQiOjExMjksInB1Ymxpc2hQYXRoIjoibmFfcHJvZCIsImluc3RhbmNlSWQiOiI1eXJzNHciLCJwYWNrZXQiOjEsIm1vZGUiOiJlbmZvcmNlWgDwCG9va2llcyI6eyJCQU5ORVJfTE9BREVEkQDyJyJ9LCJlbnZpcm9ubWVudCI6IkNCT0wgUHJpdmFjeSIsInJlcXVlc3RzIjpbeyJkZXN0aW5hdM4A8ypodHRwczovL2dvb2dsZWFkcy5nLmRvdWJsZWNsaWNrLm5ldC9wYWdlYWQvdmlld3Rocm91Z2hjb24RAfsdLzEwOTU1MDA2OTU5Lz9yYW5kb209MTY4OTA5NzQyNTMzMiZjdj0xMSZmc3QYAEFiZz1mAQDwFiZndWlkPU9OJmFzeW5jPTEmZ3RtPTQ1YmUzN2EwJnVfdz0xNjAJAEBoPTEyCQAxcmw9uADwBCUzQSUyRiUyRmNpdGljYXJkcy4KAEAuY29tFQDwAmJvbCUyRmZyYXVkcHJldmVu9AD1cCUyRmRlZmF1bHQuaHRtJTNGQlREYXRhJTNERUZlLkIuZ0FCNGYuQi5CMCEuU0VPei5lR0kubFlnLnhHIS5Cai5TWC4wZi5FJTI2UHJvc3BlY3RJRCUzRDE0MTE5MkRGQzU4QjRDOTM4MDY4MTQzRERENTIxNjM2JmhuPXd3dy5oAXBlcnZpY2VzrADQJmZybT0wJnRpYmE9Rq4ARyUyMFCxALEwJTdDJTIwQ2l0aS8AEGEvAaU1NzY4ODIzMTgubgHxBTQmdWFtYj0wJnVhdz0wJmRhdGE99wDwByUzRGd0YWcuY29uZmlnJnJmbXQ9MyYGAPAJNCIsInR5cGUiOiJzY3JpcHQiLCJzdGFyhgIHxQEQOWECANYCBRQAoDQyNCwic291cmM8ALJhcHBlbmRDaGlsZEEAkHR1cyI6ImxvYRAAYHJlYXNvbn4CMF0sIpYAZFBhdHRlchIAsmxpc3QiOltdLCJpYwDPODM2NjA4NjAyM30ssAL__yQvNDCwAgwxbXV0AQWvT2JzZXJ2ZXJDTLcCOR80twJAnzk1OTI5OTc5NGUFAE8yODcmZQUBABgAD2UF_5c_Mjk4tQJhrzk5MDA3ODYzNjC1AkGPNjA2MjE4NzW1AgA_MzA4tQICABgAD7UC_5cvMzEaCAEfNRoIRkA3MDIwGAgPrgL__yYfMhgIAQiuAg8YCEIFtQIfMWMFQY83NTcwMTk0N2MFAS80NWMFAz80NSZjBf-YLzU2GAgAHzdjBUW_OTA4OTAyNDIzNTiuAv__JR83rgIMD2MFQQa1Ah85tQJAjzgzMDkwNzk24BICLzg2YwUDLzg2YwX_mR85YwUAHzbgEkifNTIzMjM5ODg2rgL__yUPYwUACa4CD2MFQSQ4OLUCHze1AgfxB3NpdGVpbnRlcmNlcHQucXVhbHRyaWPkFvECL2R4anNtb2R1bGUvQ29yZU0LAPQMLmpzP1FfQ0xJRU5UVkVSU0lPTj0xLjk1LjAmFwDwBFRZUEU9d2ViJlFfQlJBTkRJRD3kF49mZWVkYmFja8AWES42MlsRNzY3OUMJDzIBQa85MTE0MTY4MDUzlQYIDzIBCXRXUlNpdGVJUAHyAkVuZ2luZS9Bc3NldC5waHA_QwHyBj1TSV8wQWlvcnlSa2w4YnhITTImVq0awj0yMSZRX09SSUdJTjEZMDovLz0BCisZBWsBD4IBDAZrATJ4aHIwFQooGC42OEgFARQABSgYslhIUl9NQU5BR0VSQQACKBhvYWxsb3dlKxghfzkzNjM0NDkrGAoPZAG8Dv4DKDY4DwwPZAFHD9gWCA9kATD1A0NSXzZzUHFEWDR3S1F1alBPNsgCAMcCBQgDL0lE8wIBD-gCWw-EAV2vOTAyNTQ1Njk4Mn4FJA9MBBQPhAH_SwcCB_8NNy5jZmY5N2NhNDU3YzdiY2JmNzc4Yi5jaHVuaxQHVC04NakNNzcyNhQHD9QdO583OTA2MzkyNTYNByQPPQF8DlEICj0BD1EIQRQ4RAEvNzKDCS4TRj8JYkJ1dHRvbkoID3kCVQ4lCC83M3kCR9A5OTQ1NjUwMjUzfV19
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.52.16.210 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-52-16-210.us-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:48 GMT
cache-control: no-cache, no-store
server: nginx
expires: Tue, 11 Jul 2023 17:43:47 GMT

GET
H2 204 r.rnc
data.privacy.ensighten.com/privacy/v1/b/ 0
106 B 174ms
173ms Image
text/plain 52.52.16.210
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.privacy.ensighten.com/privacy/v1/b/r.rnc?n=5&c=1129&i=5yrs4w&p=na_prod&s=2483&d=8HB7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNjExIiwiY2xpZW50SWQiOjExMjksInB1Ymxpc2hQYXRoIjoibmFfcHJvZCIsImluc3RhbmNlSWQiOiI1eXJzNHciLCJwYWNrZXQiOjQsIm1vZGUiOiJlbmZvcmNlWgDwCG9va2llcyI6eyJCQU5ORVJfTE9BREVEkQDyJyJ9LCJlbnZpcm9ubWVudCI6IkNCT0wgUHJpdmFjeSIsInJlcXVlc3RzIjpbeyJkZXN0aW5hdM4A8DBodHRwczovL3NpdGVpbnRlcmNlcHQucXVhbHRyaWNzLmNvbS9keGpzbW9kdWxlL0ZlZWRiYWNrQnV0dG9uTW8VAPQMLmpzP1FfQ0xJRU5UVkVSU0lPTj0xLjk1LjAmFwDzCVRZUEU9d2ViJlFfQlJBTkRJRD1jaXRpZk4A8BgiLCJ0eXBlIjoic2NyaXB0Iiwic3RhcnQiOjE2ODkwOTc0MjU2ODjmAABbAQUUAKA3MzYsInNvdXJjPAAxbXV01gCiT2JzZXJ2ZXJDTEgAoXR1cyI6ImxvYWQLAUBhc29uCgHUXSwiZGF0YVBhdHRlchIAs2xpc3QiOltdLCJpagC_OTQ1NjUwMjU1fSw8ASz_DTEuMGM1YTU3Njg1Y2VjMDEzN2I4M2EuY2h1bmtEAVUfNUQBABc3RAGgYXBwZW5kQ2hpbC0BP3N0YT0BK580MDQyNTczNDE9AbIPgQIBCD0BD4ECQwREAR80RAEjdFdSU2l0ZUnbA_AERW5naW5lLz9RX0ltcHJlc3M9MaYD8DpJRD1DUl82c1BxRFg0d0tRdWpQTzYmUV9TSUlEPVNJXzBBaW9yeVJrbDhieEhNMiZRX0FTSUQ9QVNfZXRVQlQ0UVVEOUJ0eWY0TQAPCgQSJXI93ANGNjQ1NwMEMnhocrgDCQAEACQADLwCAhQABQAEslhIUl9NQU5BR0VSQQACvAJgYWxsb3dlzwIvcmX8Axq_OTA1MDUyOTYwODZ7Af-hFFHDBvoAU2hhcmVkL0dyYXBoaWNz6gb2Dy93ci1kaWFsb2ctY2xvc2UtYnRuLXdoaXRlLnBuZ5UCIGltDQAMlQZNNjQ1NpUCPzUwMlEFRp82OTg3NTI0NzKSAiYPFwFUHzcXAQwPKwVC0DY5ODc1MjQ3Mjd9XX0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 52.52.16.210 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-52-16-210.us-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:43:48 GMT
cache-control: no-cache, no-store
server: nginx
expires: Tue, 11 Jul 2023 17:43:47 GMT

Verdicts & Comments Add Verdict or Comment

86 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

48 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
prod.report.nacustomerexperience.citi.com/glassbox/reporting/798b2f12-9162-4a94-91ee-805d883ca266	1969-12-31 23:59:59	Name: _cls_cfgver Value: 5a59ddc9
prod.report.nacustomerexperience.citi.com/glassbox/reporting/798b2f12-9162-4a94-91ee-805d883ca266	1969-12-31 23:59:59	Name: _cls_v Value: 87a5491b-9ddb-4439-a731-66bf8faf4ad7
prod.report.nacustomerexperience.citi.com/glassbox/reporting/798b2f12-9162-4a94-91ee-805d883ca266	1969-12-31 23:59:59	Name: _cls_s Value: 92183c20-a081-465f-b608-58983e7ecd25:0
.citi.com/	1970-01-20 13:11:44	Name: ak_bmsc Value: AC65306E01C76F4822C58D9A9F02A592~000000000000000000000000000000~YAAQGihDF8XiDEKJAQAAw0UNRhRLjKTLGhAJK51lZ/YFo9pFN24Bpyk48wKt3EfNnCDumPbeefMD3V/GoTjkuUO6qdbZqikqz8TpcC/XAPC2/oUqwAQqBS9JziE5iYKX/Hz1PoiLCMmFVOkbPb+beDDomGL57t7ss4asR3uAW6ApAK5SlTPq452OMwPHYjDPUQPk+3y0wKY/m5ivG/NfQyEXDK4Q76LGQOyj+cSZT1Wpz39MVvhlKl/08qR1+Ztt02Un9Rrv8boaVCA9KmlbZc65zzoI3c4Cewr0w5ThBluYOKKgpgJJj7gmwPgX5gauQppB/ZQ=
.citi.bridgetrack.com/	1970-01-20 21:50:01	Name: ATC1 Value: 27774\|ZRzT!.B.iAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.C.E
.citi.bridgetrack.com/	1970-01-20 21:49:12	Name: CitiBT Value: GUID=A37AB21AA53C4C488158E797967D42E6
.citi.bridgetrack.com/	1969-12-31 23:59:59	Name: CitiBTSES Value: SID=2CF6F0CB5E824F4582A0D2FC67DFFF59
citicards.citi.com/	1969-12-31 23:59:59	Name: CitiBTSES Value: SID=6AAE1C15C8894FF2924D08C8E6A2A039
.citi.com/	1970-01-20 13:11:44	Name: ensighten_conentSync_timestamp Value: 1
.citi.bridgetrack.com/	1970-01-20 21:49:12	Name: CitiBT%5F1 Value: GUID=A37AB21AA53C4C488158E797967D42E6&SID=141192DFC58B4C938068143DDD521636
.demdex.net/	1970-01-20 17:30:49	Name: demdex Value: 43324389006468900221466889957537638330
.citi.com/	1970-01-20 21:57:13	Name: CITI_ENSIGHTEN_PRIVACY_BANNER_LOADED Value: 1
.citi.com/	1969-12-31 23:59:59	Name: CITI_ENSIGHTEN_CC_SYNC Value: 0
.citi.com/	1969-12-31 23:59:59	Name: at_check Value: true
.citi.com/	1969-12-31 23:59:59	Name: AMCVS_61834D9B5228A7430A490D45%40AdobeOrg Value: 1
.citi.com/	1969-12-31 23:59:59	Name: cebs Value: 1
.citi.com/	1970-01-20 22:47:37	Name: _cls_v Value: 87a5491b-9ddb-4439-a731-66bf8faf4ad7
.citi.com/	1969-12-31 23:59:59	Name: _cls_s Value: 92183c20-a081-465f-b608-58983e7ecd25:0
citicards.citi.com/	1970-01-20 13:11:39	Name: 7830 Value: error
citicards.citi.com/	1970-01-20 13:11:39	Name: 7018 Value:
citicards.citi.com/	1970-01-20 15:21:13	Name: 64072 Value:
.citi.com/	1970-01-20 15:21:13	Name: _gcl_au Value: 1.1.576882318.1689097424
.citi.com/	1970-01-20 13:13:03	Name: _ce.clock_event Value: 1
.citi.com/	1970-01-20 22:47:37	Name: s_ecid Value: MCMID%7C38720929269430649652159733982831599129
.everesttech.net/	1970-01-20 21:57:13	Name: everest_g_v2 Value: g_surferid~ZK2UzwAAAHaW3QNn
.dpm.demdex.net/	1970-01-20 17:30:49	Name: dpm Value: 43324389006468900221466889957537638330
.citi.com/	1970-01-20 22:47:37	Name: AMCV_61834D9B5228A7430A490D45%40AdobeOrg Value: 1585540135%7CMCIDTS%7C19550%7CMCMID%7C38720929269430649652159733982831599129%7CMCAAMLH-1689702223%7C6%7CMCAAMB-1689702223%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1689104623s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19557%7CvVersion%7C4.4.0
.citicorpcreditservic.tt.omtrdc.net/	1970-01-20 13:11:39	Name: citicorpcreditservic!mboxSession Value: 4ba4b9c12ab34ee8bbf3f1a1a8ef10c1
.citicorpcreditservic.tt.omtrdc.net/	1970-01-20 22:47:37	Name: citicorpcreditservic!mboxPC Value: 4ba4b9c12ab34ee8bbf3f1a1a8ef10c1.37_0
.rfihub.com/	1970-01-20 22:33:13	Name: rud Value: H4sIAAAAAAAA_-MSNjU0NjY2sjQ1MjO1tDS1MDY2MBPiM9Q1TPbRzfJP9E118jACAJFTT14lAAAA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAA_-MSNjU0NjY2sjQ1MjO1tDS1MDY2MBPiM9Q1TPbRzfJP9E118jACAJFTT14lAAAA
.citi.com/	1970-01-20 13:11:39	Name: mboxEdgeCluster Value: 37
.citi.com/	1970-01-20 22:47:37	Name: mbox Value: session#4ba4b9c12ab34ee8bbf3f1a1a8ef10c1#1689099285\|PC#4ba4b9c12ab34ee8bbf3f1a1a8ef10c1.37_0#1752342225
.citi.com/	1970-01-20 13:13:03	Name: _ce.clock_data Value: 69%2C217.114.218.23%2C1%2Cdc0a08e416cd7f8471c71ad711523ca3
.citi.com/	1969-12-31 23:59:59	Name: cebsp_ Value: 1
.citi.com/	1970-01-20 21:57:13	Name: _ce.s Value: v~7b4e626b6ec20c41008f75a092d2d0b7b805fbaf~lcw~1689097423849~vpv~0~v11.rlc~1689097424548~lcw~1689097424548
.citi.com/	1970-01-20 13:11:39	Name: _dpm_ses.d03c Value: *
.citi.com/	1970-01-20 21:57:13	Name: _dpm_id.d03c Value: 4461e2fb-d40c-4acf-9a43-eb2445c670ed.1689097425.1.1689097425.1689097425.3bab5b87-3f39-4bdd-82ce-4ccd2561c56c
.citi.com/	1970-01-20 13:13:03	Name: _uetsid Value: 7baf6090201211eea3e02d764019b629
.citi.com/	1970-01-20 22:33:13	Name: _uetvid Value: 7bafbab0201211ee852fef9a3b75b67c
.bing.com/	1970-01-20 22:33:13	Name: MUID Value: 3605AED730D86AE6384BBD9C31746B66
.doubleclick.net/	1970-01-20 22:33:13	Name: IDE Value: AHWqTUntQE2medASuqoRE9tEB5lDSHcWPZtQ-jeNUZWTJN8LdzBqtauqPCbEx7pX
prod.report.nacustomerexperience.citi.com/	1970-01-20 13:21:42	Name: AWSALB Value: 3zNSc46zvkzuyMKJXE4AKeiI7I0xJ+sJ+ZNrPdaFCAd0y3zq2zr7yhxXIxafgO14vbuKpjB6F+McHXWcVR2M/KHdwGzXHyP37JgBmNN/fF7ezvUf56Ry29KrSUMo
prod.report.nacustomerexperience.citi.com/	1970-01-20 13:21:42	Name: AWSALBCORS Value: 3zNSc46zvkzuyMKJXE4AKeiI7I0xJ+sJ+ZNrPdaFCAd0y3zq2zr7yhxXIxafgO14vbuKpjB6F+McHXWcVR2M/KHdwGzXHyP37JgBmNN/fF7ezvUf56Ry29KrSUMo
prod.report.nacustomerexperience.citi.com/	1969-12-31 23:59:59	Name: ROUTEID Value: .cligate1
.amazon-adsystem.com/	1970-01-20 19:33:13	Name: ad-id Value: AxfGHyJtoEE7lzyfYJhnNmo
.amazon-adsystem.com/	1970-01-20 22:47:37	Name: ad-privacy Value: 0
.tvpixel.com/	1970-01-20 21:57:13	Name: sp Value: 2fd794e3-1772-48ad-83ed-257c81d33346

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709 Message: Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

20766699p.rfihub.com
assets-tracking.crazyegg.com
bat.bing.com
c.tvpixel.com
c1.rfihub.net
cdn.digitalmarketing.citibankonline.com
citi.bridgetrack.com
citi.com
citi.demdex.net
citicards.citi.com
citicorpcreditservic.tt.omtrdc.net
cm.everesttech.net
data.privacy.ensighten.com
dpm.demdex.net
googleads.g.doubleclick.net
iad1.qualtrics.com
insight.adsrvr.org
js.adsrvr.org
metrics1.citi.com
nexus.ensighten.com
p.tvpixel.com
pagestates-tracking.crazyegg.com
prod.report.nacustomerexperience.citi.com
s.amazon-adsystem.com
sb.scorecardresearch.com
script.crazyegg.com
siteintercept.qualtrics.com
sr.rlcdn.com
tagmanager1.citi.com
tracking.crazyegg.com
www.citi.com
www.google.com
www.google.de
www.googletagmanager.com
zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com
104.17.208.240
104.17.209.240
108.138.15.119
18.155.129.101
18.210.220.180
18.213.250.165
18.66.122.57
18.66.97.121
184.30.20.101
192.193.218.80
193.0.160.130
209.54.182.161
23.45.98.135
2600:9000:211a:9200:1:76cf:fe80:93a1
2600:9000:225e:da00:1d:bf0a:0:93a1
2606:4700::6813:9408
2620:1ec:c11::200
2a00:1450:4001:806::2004
2a00:1450:4001:80b::2008
2a00:1450:4001:80e::2003
2a00:1450:4001:82b::2002
3.248.138.51
34.107.138.236
34.226.6.56
34.255.171.99
35.190.22.40
35.190.60.146
35.71.131.137
52.52.16.210
63.140.62.164
65.9.66.24
66.235.152.107
0155792b9a2663cd6b988cf1c1f79d8cacb5a412f37030d3b3dd310e41e80be6
01794049bbbd97e17a007de3d2493a51f96a730b16120c260e60f60d23617245
04048e2a346284f4c69d83789bc13182cc91424a8bfdb9890d80990777f3ebc6
040d3398f360907cc7ca1b942e2213e6f360d39bac4a5fa9140e3ae82731c747
04ce45e70778ae8ff4eb970e620665a7e48552a96ddc99e92b8bf1c08592d985
0692d8f575c2522bf66816e9190859e9a1135ced06f09a9d4145c146abeaf46b
07f6baeb3a16d7474a408bd4f6ae6bfe8c2538c41ba342f2431ddc64264b4fcf
088ec89b299ba2e9fc01f0ab2102a6ef825bd5ed3e3242f44188e67e0837c8a6
0a747978746092df6f18fe90ef23b9896959f6a9bb0b58cbab2cbc851793e023
1189d926238344b283108b3493cf0469d4fd851d185f22fd9366a225c44d3e7a
169497aeb22981c6c521fc664347e3d61bfa45949950fece4d1b094543bb64f9
18e4bd3ec81538c19da48add5f6bcabe99cabf7279806624e3bdf630537e9447
18fe0fbfef31b4ef603a5827ac377792d1a68b93710d285e88623a79ea0e6870
1a224be29776180e562029c49f7a98763e860e0f66ae70bdb995407fde910ffb
1aa2b97a967263d27c2f5591098fdae938891217f7288d1bf03b800963c3d270
1cc998148cc12663c81cd4638e2dab2e75a52568104f426ab305c6773b4ec4ff
1fa281e4dcbd2331514f3e107d332989ffb078ccf119b31dcd9b809ba809fbe6
21ccb9322d405b6e66387f50d80d9b40099fadf1208e095995ea1ef88c0d429a
239fe2b60b3b6d73e341eaece2ee9c8c8dd3cb3cbf69d025349b80feccc7b014
2584c6004529409e7de7c99038212f52c80abd0ea8433e69bae062fb2fbeeaf3
25ca4a79f782688bb53814c6f6d6a4c97838c77c6629837c873571f0b511253e
25d29d4c6e744e54c9e16f2f27a9cea3d936047813399376dcc5bd852b506a38
25f4eeb23f67fe1d74534ed37230ecd54ab4f57524276970dcbeaaf3b0fc64f9
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
28ced8a7cb30e6f747ad8116dcd11d3dbf5848c2d49a9babbd7d8c94e0a29cf7
2bab576a1654b30cbc8ea7514784fe81dd0d35450205e30f0a66498faf577757
33a89ddbdb9b6f557fdf209c9146940080e7f1e6dec5f59258690e7a15d9f86b
3563b6e04f40fe3731855ce09dfd2e5f9e2352a3fe1107ca4bd7be199be7a466
372b67a92ab446419a50836bef8d4cb1e67c3c453635802b8e76851f97506a6a
3e01224869b0406a6326985de8c3e6b990132a8095bd5eee45d26bb1b52cc1c3
3e0fdaf509585daad27478cbe29083f0ba6664fb1ec0ee8b57b4e7a785d295f7
40cefd284724286ec23670e16cc7b354c2cee0527edda1ae49eea62b8301bff4
41d1bf0a177a3d8da29bcab2100746b37bf6694ca0da6225ebb97c30e4a4628f
41d6ee7d6834807df0b1c075d37e868b03c8f6474f3d41971cdc660cf36790af
42617da7ed4e722500a131128eb251d735959e102798ae794e3001ba369f676a
465f3efefba82cfd554d95f93205978eeb3c075f3f56e790615ede3e0611411e
4bd2e97ff103e4087829ada73ed0a4f97639bd1cf5fe57744dbb1504e6217d2f
4f525baeb9ab4830981c4d0d7ba7846b28a3105ebac8aa556fed6680ec82ce97
4f932aaea7d501169b809fa6509d90084fed0b46a054422e1f1c3860885139d7
5280108ae653da44cdbb08213f07ae6d7add633fe5b3bc6e234d31e7bb9594bd
56500ab0cde6f2d4378a2b105d7f48f729f23b0b5186c2ae3fc80ab57b1e43b6
57708901f47a20f3fbe1aafedc530fbe49f01fb88714c9b4685426b94759f732
5b67ef142e18bfb86f4dac4a466758f51db4171863f56925eb6ae2c242b416ff
5bc08566dd8013e3cd19dfd6f84bfdd4158f10ccf58fcfb79d70a251a00f6244
5e94db262e170051f4d2c5cef1acc095d26f6b45fe85750f8267106959303805
6038d7791fbab95f51c10c0c28a125aeffeca7474d5a8e03f77ad48ef69d2c2a
61d1bb42616337c62614385e8a3045e00d5724568b0cbe1701e45b2c80eb5bc6
61d8137d275f12306e177bc726c2b3e072f9efa4743a0ace6ecbcf7a0932fd07
63b98a0c8568c08fd01a6946a147bca65eff26c8085f1ccb5330aafe0f0dcd15
63c932f7017993b8e223761c479a02330b4c28008dbdecf56268d5c69a6f0f72
6424b26e1c9ad15f0ed6d53c59c7fc52b8265ae94a4f6ccbc65657a8ab6693b4
676e54cdee3f1e714af561b2de2074adc44558f0af9228f6a6549591b77ee06d
6790995e96e099f5fcb8e62a1c0bd602f44ddfd8189dd6ff6a0e1449eeb39978
679804e244b4127b7ecd99a513b57d6a4f91866410e16da69ce02f98f534051d
686eb5d7c927dd741ef72adda5c719b478d36f1e29520ee16d5121854c174b10
6896c70fd430a1ffe69dc778926e1866ca52a12bd341170522ad6278aafd7bcf
696482c2e2d088086d19d0fc4406632415e35b741ecc23151a75a39b8766a5d5
6a27d0c728a8ebac81655c3803d3ecf9f9247f8251f0d16c772f1353e573517e
6f75d0d567ede4cc624997e6f4cad1c547567ee18be81507b7517001d2aa6eb9
70cfee2273cff08adc1de934c7ba4c26ef37c552c0265a619f7aaae84b366082
798d2817849805518cc159e3194bf87db2de912b5fb65d271d6ad35220b523e6
7b699b93e69fda495eb30c70f72207299c8f949accd7b1e8a935948d59d9af44
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7e00d5a424ff85e9c4c39a0341813e09d662e1f61f128790a5abe1caefb46f92
7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f
821d840b59f946e3c8c69000255fde178299e4cbd11343bdc6720f165bb55cc9
830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375
86551808dbfbf8bc9b23ab3d0725794c2e1f2b4265c96715f2945638160edc2b
8f1b37fd8027cd3572e65d86ff4abc177632d7a232bccfb149801e25412950df
93bb78a6dccb8271fe4bf892874fbd47d43640c6071dcc4a9a823bacc4b0ffcc
94bad9954c9dc33d05273f541c9f4ad8b7622eba628719cf61ff5969c3656b4f
94d185b092eb12a399becc1cf4fbd11ca29ee301156b298cbb16408b8f924702
99b5f1f00945084cdc4423b43a267c30090132f6b0985c6a36fda333c595d117
9a74546a8f511f31b5252f115d2db7aa69370ca5eeaf6828f60abb197f35a169
9b61a38abc0e343f9cdeb049ded0608b26d80ac51673dc59113c661e11b405f8
9c2b4989f8983674fadd31b02acad3b368db13284db8022c748f011140277a4b
9e99b16368b8c1087c20b7cfcd4d347ad8d9ad87e2f12c02bde98d77fb0f4aa3
a0f8c9d451a458e8c8d14eee6a60a16f5af34fd7502a1ece07bdf0604e5e4795
a3e459748cea4644f18f82a58e89526526ff2e4aa862f4013ef89240a728b9c0
a4d1700a5722627ab817f154047da828c8eab3153daf0251fd4ec06e4a86acea
a4feacf07f26856360c14267fa1d8edd0459996feb8ad471da273cbf7510e4cb
a8027ee9180a5a26fc10c906f300390608b2e6505153ea80390ae15bbe986732
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b20679c2b5ac8bf42dcd693e1c324b1c7b7f597c9a54c3c6f5609a73c6f08916
b24c5b325810b01a60487c8a42151b8f6ac44d1173722ec526c54fe7c4b7c762
b4574a5464bce4c31ea7e1ad1df26cc530c9aec80c6e9589bad98b2c490f53c3
b9265f44392cf6867327d090d6553738c6ce2223ffa70dd3bf82885f6b2d7be6
bfeb1411c94f38006c7a7c93992bfd348f825b5914c94ba2688060e77bd5f630
c090ca35fa296ca439f61d5a139459b3be5bb7c729086bdf268cdf27f236f7d6
c0fb20eb7da599c08ef260ec8603add33ea00a752146ebb8dcb1610c126ec746
c115f10444ec77e06c3a78d333dcc36d1d9996c24ce7086c8cf39caed0dbbc9a
c239243e04a137032106c293cb8cfb93057add704fa7a1c6a6e6c577c400b7fa
c437eb764a99e6cd5172d63c3fae564bbc51eda4981058d5edebd2bf0700eb76
c55531a41c4e531e807f3b8bf2239d470626738ff131c50df61dee9d11779efd
c63de0488dd3407907555cfe3e116489a04cb99057b5133442fb20be704d2876
c892e3f2d2a1431a8ebae99542926bfedf2d7ece6652b04e556d6136cabd8295
cd5496f75a7c1029bc681f639794b83f034d5ecd884e8514ae12b13eee9eec70
d107585e5668bdc16163e383fd78e7a418f1eeb8a1093391dd69d7fd4f14450e
d126d27ad49023fbb9eee98910b70ff75515eedb4c471a20a3d895e8bf160b43
d3032ff7e71a938ab86456c60267b219f399ee6e17588690b26707ac4ab33682
d3c368636acfbc1ad3110ecd7e83cd91201a25035eefb869f0ba53fc80556ae5
d606706bc014b445cce648ddb3b4a05c10e012317100eb36ef6080580515a0bc
d72fcc31881c8545b5d0a716d9b66404dfed56c11ec7f7304a50d94e3b80858a
d7e512037d471d67911554862fb8b410aefdefda17c8e82f8eb07d2416363d1f
d908e0bbf3a80aa1e4108a7847f6a61c1acfb6dd43f7c2e997f9fdc107391577
db26e6871df268714720104be0681cf350be96a51d4db4332c8d33d737dc3620
db2ccc051fd7633008012ea29d2598c95d84c9a9c985db4359eb1982bd6f2b8b
dc8ddb1ae2050e8d977a4ec97ee679301b9d8dab1903d63fa296467a354ece01
dcc98ed15ff1c1615e63087bbc63be6986c64db729204db4c320c8cc709d39e2
dcfe7c5333c1446a6d4b0b3d9cf9fdb5d6d4ad57c604b647475f6e315cfb2e23
df681803dc2c0d096df92ed464280c7bd9b1c42e3ff63e1ac0c654312c65ae8e
e2032422cf97795d878d7e8f6c5680b61003a0e7426d090ad76414416d5e109b
e2978a88575201e7522c4ad0ab918414fca5bfb63c3cbc47a2b812abff6e449d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4dda841c731d19974cdfa6ad5694ac6d20e9c10817574afd354413a634981f2
e7b44c86b050fca766a96ddac2d0932af0126da6f2305280342d909168dcce6b
e7b7028cfdb48f02d6cc82f87233e2976c1e1200b52310b2a6ce05a508a381c2
e9474e838269e255b0e780548e774f933d6ec6f122b892afefff77c361f8e67e
ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef30ea175304f6c549c4780d5bf6fd45c3ec79e1ec5dccbd54644231d5a30b88
f071110e088267097a0946520a2a08bd589f971f3ce4cb989feda1415026ac49
f10adae49adfa818062a6eceb50629a68614fb3fc25b59b2f1d77d8850bfd7c8
f2f6e980489a52d69fd72e2bc3c3eeb96bf851d0df449fc865637d63ee4775ae
f328cc6ab8c9e8e225306494eef433aa4bf385387485128c9ed9a664ffbd8dea
f47f21063dfdcbdeffed3d97689b45efae7a52401cd7fc5b8d07c42d2f232ab9
fd6d62f4d67e7fda1a1402702346bc50fd7c172c18393a4e0210257b2adbe62d

citicards.citi.com Open in urlscan Pro 35.190.22.40 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

163 Requests

97 %HTTPS

25 %IPv6

21 Domains

35 Subdomains

30 IPs

4 Countries

2240 kBTransfer

5283 kBSize

48 Cookies

17 Outgoing links

Page URL History

Redirected requests

163 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

citicards.citi.com Open in urlscan Pro
35.190.22.40 Public Scan

Screenshot
Live screenshot

Full Image

163
Requests

97 %
HTTPS

25 %
IPv6

21
Domains

35
Subdomains

30
IPs

4
Countries

2240 kB
Transfer

5283 kB
Size

48
Cookies

163 HTTP transactions
0 data transactions