citicards.citi.com Open in urlscan Pro
35.190.22.40 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.citi.com/fraudprevention
Effective URL:
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID...
Submission: On July 11 via api (July 11th 2023, 5:45:49 pm UTC) from US — Scanned from DE

Summary HTTP 163 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 31 IPs in 4 countries across 21 domains to perform 163 HTTP transactions. The main IP is 35.190.22.40, located in Kansas City, United States and belongs to GOOGLE, US. The main domain is citicards.citi.com. The Cisco Umbrella rank of the primary domain is 172881.
TLS certificate: Issued by DigiCert EV RSA CA G2 on March 14th 2023. Valid for: a year.

This is the only time citicards.citi.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	104.102.55.191 104.102.55.191	16625 (AKAMAI-AS) (AKAMAI-AS)
1 55	35.190.22.40 35.190.22.40	15169 (GOOGLE) (GOOGLE)
4	2606:4700::68... 2606:4700::6813:9408	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	108.157.177.44 108.157.177.44	16509 (AMAZON-02) (AMAZON-02)
1 3	34.254.104.147 34.254.104.147	16509 (AMAZON-02) (AMAZON-02)
8	3.124.119.57 3.124.119.57	16509 (AMAZON-02) (AMAZON-02)
3	34.107.138.236 34.107.138.236	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	54.171.207.236 54.171.207.236	16509 (AMAZON-02) (AMAZON-02)
1	63.140.62.164 63.140.62.164	15224 (OMNITURE) (OMNITURE)
1 1	34.251.46.32 34.251.46.32	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:25a... 2600:9000:25a2:8800:1:76cf:fe80:93a1	16509 (AMAZON-02) (AMAZON-02)
13	2a00:1450:400... 2a00:1450:4001:80b::2008	15169 (GOOGLE) (GOOGLE)
1	66.235.152.113 66.235.152.113	15224 (OMNITURE) (OMNITURE)
1	18.66.97.88 18.66.97.88	16509 (AMAZON-02) (AMAZON-02)
1	18.66.122.74 18.66.122.74	16509 (AMAZON-02) (AMAZON-02)
1	193.0.160.130 193.0.160.130	54312 (ROCKETFUEL) (ROCKETFUEL)
1	34.253.91.174 34.253.91.174	16509 (AMAZON-02) (AMAZON-02)
8	104.17.208.240 104.17.208.240	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.190.60.146 35.190.60.146	15169 (GOOGLE) (GOOGLE)
7	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2600:9000:225... 2600:9000:225e:f200:1d:bf0a:0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	13.225.33.74 13.225.33.74	16509 (AMAZON-02) (AMAZON-02)
1 2	52.46.155.104 52.46.155.104	16509 (AMAZON-02) (AMAZON-02)
1	54.156.57.223 54.156.57.223	14618 (AMAZON-AES) (AMAZON-AES)
9	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
2	34.206.177.80 34.206.177.80	14618 (AMAZON-AES) (AMAZON-AES)
1	13.249.9.46 13.249.9.46	16509 (AMAZON-02) (AMAZON-02)
1	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
9	2a00:1450:400... 2a00:1450:4001:803::2004	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
3	104.17.209.240 104.17.209.240	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	95.101.149.99 95.101.149.99	16625 (AKAMAI-AS) (AKAMAI-AS)
163	31

1 104.102.55.191 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-102-55-191.deploy.static.akamaitechnologies.com

www.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

55 35.190.22.40 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 40.22.190.35.bc.googleusercontent.com

citi.bridgetrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
citicards.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6813:9408 (United States)

ASN13335 (CLOUDFLARENET, US)

script.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 108.157.177.44 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-157-177-44.mxp53.r.cloudfront.net

nexus.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.254.104.147 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-254-104-147.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 3.124.119.57 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-119-57.eu-central-1.compute.amazonaws.com

tagmanager1.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
data.privacy.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.107.138.236 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 236.138.107.34.bc.googleusercontent.com

cdn.digitalmarketing.citibankonline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.171.207.236 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-207-236.eu-west-1.compute.amazonaws.com

citi.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.140.62.164 (United States)

ASN15224 (OMNITURE, US)
PTR: ip-63-140-62-164.data.adobedc.net

metrics1.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.251.46.32 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-251-46-32.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:25a2:8800:1:76cf:fe80:93a1 (United States)

ASN16509 (AMAZON-02, US)

c1.rfihub.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:80b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.235.152.113 (United States)

ASN15224 (OMNITURE, US)
PTR: ip-66-235-152-113.data.adobedc.net

citicorpcreditservic.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.97.88 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-88.fra56.r.cloudfront.net

pagestates-tracking.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.122.74 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-122-74.fra60.r.cloudfront.net

assets-tracking.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.130 (United States)

ASN54312 (ROCKETFUEL, US)

20766699p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.253.91.174 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-253-91-174.eu-west-1.compute.amazonaws.com

tracking.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 104.17.208.240 (None, )

ASN13335 (CLOUDFLARENET, US)

zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.60.146 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com

sr.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:225e:f200:1d:bf0a:0:93a1 (United States)

ASN16509 (AMAZON-02, US)

c.tvpixel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.33.74 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-33-74.cdg3.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.46.155.104 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.156.57.223 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-156-57-223.compute-1.amazonaws.com

prod.report.nacustomerexperience.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.206.177.80 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-206-177-80.compute-1.amazonaws.com

p.tvpixel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.249.9.46 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-249-9-46.cdg53.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:803::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.17.209.240 (None, )

ASN13335 (CLOUDFLARENET, US)

siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.101.149.99 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a95-101-149-99.deploy.static.akamaitechnologies.com

iad1.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
57	citi.com 1 redirects www.citi.com — Cisco Umbrella Rank: 25553 citicards.citi.com — Cisco Umbrella Rank: 172881 tagmanager1.citi.com — Cisco Umbrella Rank: 51910 metrics1.citi.com — Cisco Umbrella Rank: 22914 prod.report.nacustomerexperience.citi.com — Cisco Umbrella Rank: 19460	853 KB
21	ensighten.com nexus.ensighten.com — Cisco Umbrella Rank: 3097 data.privacy.ensighten.com — Cisco Umbrella Rank: 8355	350 KB
13	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 79	759 KB
12	qualtrics.com zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com — Cisco Umbrella Rank: 31778 siteintercept.qualtrics.com — Cisco Umbrella Rank: 899 iad1.qualtrics.com — Cisco Umbrella Rank: 10800	95 KB
9	google.de www.google.de — Cisco Umbrella Rank: 4752	1 KB
9	google.com www.google.com — Cisco Umbrella Rank: 10	1 KB
9	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 57	14 KB
7	bing.com bat.bing.com — Cisco Umbrella Rank: 390	14 KB
7	crazyegg.com script.crazyegg.com — Cisco Umbrella Rank: 2357 pagestates-tracking.crazyegg.com — Cisco Umbrella Rank: 5243 assets-tracking.crazyegg.com — Cisco Umbrella Rank: 5234 tracking.crazyegg.com — Cisco Umbrella Rank: 4635	33 KB
4	demdex.net 1 redirects dpm.demdex.net — Cisco Umbrella Rank: 218 citi.demdex.net — Cisco Umbrella Rank: 40382	6 KB
3	tvpixel.com c.tvpixel.com — Cisco Umbrella Rank: 9442 p.tvpixel.com — Cisco Umbrella Rank: 2065	32 KB
3	citibankonline.com cdn.digitalmarketing.citibankonline.com — Cisco Umbrella Rank: 73076	52 KB
2	amazon-adsystem.com 1 redirects s.amazon-adsystem.com — Cisco Umbrella Rank: 333	763 B
2	adsrvr.org js.adsrvr.org — Cisco Umbrella Rank: 1592 insight.adsrvr.org — Cisco Umbrella Rank: 603	3 KB
2	bridgetrack.com 1 redirects citi.bridgetrack.com — Cisco Umbrella Rank: 150541	1 KB
1	scorecardresearch.com sb.scorecardresearch.com — Cisco Umbrella Rank: 162	300 B
1	rlcdn.com sr.rlcdn.com — Cisco Umbrella Rank: 20572	98 B
1	rfihub.com 20766699p.rfihub.com — Cisco Umbrella Rank: 117813	684 B
1	omtrdc.net citicorpcreditservic.tt.omtrdc.net — Cisco Umbrella Rank: 31853	1 KB
1	rfihub.net c1.rfihub.net — Cisco Umbrella Rank: 5437	6 KB
1	everesttech.net 1 redirects cm.everesttech.net — Cisco Umbrella Rank: 1111	517 B
163	21

	Domain	Requested by
53	citicards.citi.com	nexus.ensighten.com citicards.citi.com
14	nexus.ensighten.com	citicards.citi.com nexus.ensighten.com
13	www.googletagmanager.com	nexus.ensighten.com
10	siteintercept.qualtrics.com	nexus.ensighten.com
9	www.google.de
9	www.google.com
9	googleads.g.doubleclick.net	nexus.ensighten.com
7	bat.bing.com	nexus.ensighten.com
7	data.privacy.ensighten.com	citicards.citi.com
4	script.crazyegg.com	citicards.citi.com script.crazyegg.com nexus.ensighten.com
3	cdn.digitalmarketing.citibankonline.com	citicards.citi.com
3	dpm.demdex.net	1 redirects citicards.citi.com
2	p.tvpixel.com	nexus.ensighten.com
2	s.amazon-adsystem.com	1 redirects
2	citi.bridgetrack.com	1 redirects citicards.citi.com
1	iad1.qualtrics.com
1	insight.adsrvr.org	nexus.ensighten.com
1	sb.scorecardresearch.com
1	prod.report.nacustomerexperience.citi.com	nexus.ensighten.com
1	js.adsrvr.org	nexus.ensighten.com
1	c.tvpixel.com	nexus.ensighten.com
1	sr.rlcdn.com	nexus.ensighten.com
1	zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com	nexus.ensighten.com
1	tracking.crazyegg.com	script.crazyegg.com
1	20766699p.rfihub.com	nexus.ensighten.com
1	assets-tracking.crazyegg.com	script.crazyegg.com
1	pagestates-tracking.crazyegg.com	script.crazyegg.com
1	citicorpcreditservic.tt.omtrdc.net	nexus.ensighten.com
1	c1.rfihub.net	nexus.ensighten.com
1	cm.everesttech.net	1 redirects
1	metrics1.citi.com	nexus.ensighten.com
1	citi.demdex.net	nexus.ensighten.com
1	tagmanager1.citi.com	nexus.ensighten.com
1	www.citi.com	1 redirects
163	34

This site contains links to these domains. Also see Links.

Domain
online.citi.com
citi.bridgetrack.com
www.lifeandmoney.citi.com
www.ftc.gov

Subject Issuer	Validity	Valid
citicards.citi.com DigiCert EV RSA CA G2	`2023-03-14` - `2024-04-13`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-03-09` - `2024-03-08`	a year	crt.sh
nexus.ensighten.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-07` - `2023-10-14`	a year	crt.sh
citi.bridgetrack.com Thawte EV RSA CA G2	`2023-03-20` - `2024-04-19`	a year	crt.sh
tagmanager1.citi.com DigiCert EV RSA CA G2	`2022-09-21` - `2023-09-22`	a year	crt.sh
cdn.digitalmarketing.citibankonline.com DigiCert EV RSA CA G2	`2023-05-23` - `2024-06-22`	a year	crt.sh
*.privacy.ensighten.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-03` - `2024-02-16`	a year	crt.sh
*.demdex.com DigiCert TLS RSA SHA256 2020 CA1	`2022-09-26` - `2023-10-27`	a year	crt.sh
metrics1.citi.com DigiCert EV RSA CA G2	`2022-07-22` - `2023-08-22`	a year	crt.sh
*.rfihub.net Amazon RSA 2048 M01	`2023-02-24` - `2023-12-29`	10 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.tt.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1	`2022-08-01` - `2023-09-01`	a year	crt.sh
crazyegg.com Amazon RSA 2048 M02	`2023-05-28` - `2024-06-26`	a year	crt.sh
*.rfihub.com Sectigo RSA Domain Validation Secure Server CA	`2023-04-27` - `2024-04-27`	a year	crt.sh
*.qualtrics.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-27` - `2024-03-26`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2023-02-02` - `2024-03-03`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2023-02-16` - `2023-08-16`	6 months	crt.sh
*.tvpixel.com Amazon RSA 2048 M01	`2023-02-21` - `2024-01-13`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
prod.report.nacustomerexperience.citi.com DigiCert EV RSA CA G2	`2023-05-19` - `2024-05-22`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.scorecardresearch.com Sectigo RSA Domain Validation Secure Server CA	`2022-12-15` - `2023-12-28`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh

This page contains 6 frames:

Primary Page: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Frame ID: 51BDE6EF37AA31EE9D9C142721059401
Requests: 153 HTTP requests in this frame

Frame: https://script.crazyegg.com/pages/data-scripts/0090/1567/site/citicards.citi.com.json?t=1
Frame ID: 765292ECE8028F6DCFB7B96F0CDBF5B0
Requests: 5 HTTP requests in this frame

Frame: https://citi.demdex.net/dest5.html?d_nsid=0
Frame ID: 12D384D2D0086FCC5FD60EA714735325
Requests: 1 HTTP requests in this frame

Frame: https://20766699p.rfihub.com/ca.html?ver=9&ra=508&rb=648&ca=20766699&_o=17169175&_t=citifraudpreventionlp&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=citifraudpreventionlp&pe=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0%21.SEOz.eGI.lYg.xG%21.Bj.SX.0f.E%26ProspectID%3D0882146DFC9C49AA904D7290BED13566&pf=&ra=12414812394357688
Frame ID: 85907D8ABAB334A8463C3D59B60B99B3
Requests: 1 HTTP requests in this frame

Frame: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Frame ID: 3AF5A4687B502ED0DEBD121AC8E92753
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=1jw5cvl&ref=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D0882146DFC9C49AA904D7290BED13566&upid=hqgowpz&upv=1.1.0&id=ttdUniversalPixelTag1689097543785&td1=Sapient_cbol_citi_fraud_prevention_lp
Frame ID: 737D261681192C5DA94CCB92072EB610
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Fraud Prevention | Citi.com

Page URL History Show full URLs

http://www.citi.com/fraudprevention HTTP 301
https://citi.bridgetrack.com/cbol/_spredir.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E HTTP 302
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.B... Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Akamai Bot Manager (Security) Expand

Overall confidence: 100%
Detected patterns

Crazy Egg (Analytics) Expand

Overall confidence: 100%
Detected patterns

script\.crazyegg\.com/pages/scripts/\d+/\d+\.js

Ensighten (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

//nexus\.ensighten\.com/

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

163
Requests

97 %
HTTPS

25 %
IPv6

21
Domains

34
Subdomains

31
IPs

4
Countries

2219 kB
Transfer

5283 kB
Size

48
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: https://online.citi.com/US/ag/security-center
Title: Learn More

Search URL Search Domain Scan URL

URL: https://citi.bridgetrack.com/track/?TGT=28718

Search URL Search Domain Scan URL

URL: https://citi.bridgetrack.com/track/?TGT=28715
Title: Terms & Conditions

Search URL Search Domain Scan URL

URL: https://citi.bridgetrack.com/track/?TGT=28717
Title: Privacy

Search URL Search Domain Scan URL

URL: https://citi.bridgetrack.com/track/?TGT=151056
Title: Notice at Collection

Search URL Search Domain Scan URL

URL: https://citi.bridgetrack.com/track/?TGT=151057
Title: CA Privacy Hub

Search URL Search Domain Scan URL

URL: https://citi.bridgetrack.com/track/?TGT=153112
Title: Accessibility

Search URL Search Domain Scan URL

URL: https://citi.bridgetrack.com/track/?TGT=28716
Title: Security

Search URL Search Domain Scan URL

URL: https://citi.bridgetrack.com/track/?TGT=143095
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://citi.bridgetrack.com/track/?TGT=143097

Search URL Search Domain Scan URL

URL: https://citi.bridgetrack.com/track/?TGT=143098

Search URL Search Domain Scan URL

URL: https://citi.bridgetrack.com/track/?TGT=143100

Search URL Search Domain Scan URL

URL: https://www.lifeandmoney.citi.com/money/finance-101/protect-your-information-online
Title: safeguard those details.

Search URL Search Domain Scan URL

URL: https://www.ftc.gov/
Title: FTC.Gov

Search URL Search Domain Scan URL

URL: https://www.lifeandmoney.citi.com/Money/Finance101/2022-Scams-to-Watch-For
Title: Read more on Life and Money

Search URL Search Domain Scan URL

URL: https://www.lifeandmoney.citi.com/money/finance-101/protecting-yourself-from-financial-scams
Title: Read More > 8 Financial Scams to Watch Out For

Search URL Search Domain Scan URL

URL: https://www.lifeandmoney.citi.com/money/finance-101/home-office-business-scams
Title: Read More > Working Remotely? Be Aware of these Home Office Scams

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.citi.com/fraudprevention HTTP 301
https://citi.bridgetrack.com/cbol/_spredir.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E HTTP 302
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3

https://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1689097542373 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1689097542373

Request Chain 13

https://cm.everesttech.net/cm/dd?d_uuid=52480327093194775913718884247007457891 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZK2VRgAAAOFuGANn

Request Chain 98

https://s.amazon-adsystem.com/iu3?pid=c3702eea-109e-48b0-9ef4-c856bdd405e2&event=PageView HTTP 302
https://s.amazon-adsystem.com/iu3?pid=c3702eea-109e-48b0-9ef4-c856bdd405e2&event=PageView&dcc=t

163 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request default.htm Show response
citicards.citi.com/cbol/fraudprevention/
Redirect Chain

http://www.citi.com/fraudprevention
https://citi.bridgetrack.com/cbol/_spredir.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566

102 KB
46 KB

240ms
142ms

Document
text/html

35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

40.22.190.35.bc.googleusercontent.com

Software

Resource Hash

20f8c21c42ac7f3d70dbb0adcac05cc6eef41a6b362162dc9b48a8930be04287

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: gzip
content-length: 46430
content-type: text/html
date: Tue, 11 Jul 2023 17:45:41 GMT
expires: Mon, 10 Jul 2023 17:45:42 GMT
p3p: CP="NON DSP COR DEVa PSAa IVAo CONo OUR IND UNI PUR NAV DEM LOC", policyref="http://citi.bridgetrack.com/w3c/p3p.xml"
vary: Accept-Encoding
via: 1.1 google
x-frame-options: DENY

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html
date: Tue, 11 Jul 2023 17:45:40 GMT
expires: Mon, 10 Jul 2023 17:45:41 GMT
location: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
p3p: CP="NON DSP COR DEVa PSAa IVAo CONo OUR IND UNI PUR NAV DEM LOC", policyref="http://citi.bridgetrack.com/w3c/p3p.xml"
via: 1.1 google

GET
H2 200 1567.js Show response
script.crazyegg.com/pages/scripts/0090/ 6 KB
2 KB 468ms
416ms Script
text/javascript 2606:4700::6813:9408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/scripts/0090/1567.js
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 69986c944ceb298eab5048f2a0d3f67289b91ac71adda7fe32b94c30c0fd0025

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:42 GMT
content-encoding: gzip
cf-cache-status: EXPIRED
last-modified: Tue, 11 Jul 2023 17:45:42 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/javascript
ce-version: 11.5.100
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7e52dc970d9b90dc-FRA
content-length: 2202

GET
H2 200 Bootstrap.js Show response
nexus.ensighten.com/citi/na_prod/ 612 KB
160 KB 97ms
29ms Script
application/javascript 108.157.177.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.177.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-177-44.mxp53.r.cloudfront.net
Software: CloudFront /
Resource Hash: f10adae49adfa818062a6eceb50629a68614fb3fc25b59b2f1d77d8850bfd7c8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 15:49:03 GMT
x-amz-version-id: T6oAT_f8G7Qoll54xuX0m31Qyk_NNISj
content-encoding: gzip
via: 1.1 a0adf1c6b3fbf8ce9abab2f3cbc02bca.cloudfront.net (CloudFront)
x-amz-cf-pop: MXP53-P1
age: 525399
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Wed, 05 Jul 2023 15:48:08 GMT
server: CloudFront
etag: W/"409dcdb02169e3668021846b3af7e6c0"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=300
x-amz-cf-id: AXzkXiqGVB4VvKZS0I_x2XxUxjbL8E8iuEdnoBcgAFij9iHorgdY7g==

GET
H2 200 /
citi.bridgetrack.com/track/ 43 B
403 B 136ms
135ms Image
image/gif 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citi.bridgetrack.com/track/?id=65345&random=6.50751137280036E+17
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 63b98a0c8568c08fd01a6946a147bca65eff26c8085f1ccb5330aafe0f0dcd15

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:42 GMT
via: 1.1 google
content-type: image/GIF
p3p: CP="NON DSP COR DEVa PSAa IVAo CONo OUR IND UNI PUR NAV DEM LOC", policyref="http://citi.bridgetrack.com/w3c/p3p.xml"
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 10 Jul 2023 17:45:42 GMT

GET
H/1.1

200
OK

rd Show response
dpm.demdex.net/id/
Redirect Chain

https://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1689097542373
https://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1689097542373

363 B
1 KB

49ms
48ms

XHR
application/json

34.254.104.147
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1689097542373

Requested by

Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566

Protocol

HTTP/1.1

Server

34.254.104.147 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-254-104-147.eu-west-1.compute.amazonaws.com

Software

Resource Hash

e6f98d87c7721bdc312177198efae237d6e30a3facb030aa924ca95a75485895

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v050-0b40121e0.edge-irl1.demdex.com 1 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: OjuV2cWvT1w=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://citicards.citi.com
Content-Type: application/json;charset=utf-8
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 306
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-1-v050-0a2868ca3.edge-irl1.demdex.com 0 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: 2IOKi230SVc=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://citicards.citi.com
Location: https://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1689097542373
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 430d3e594a046cfc3276d6d4dacdf0fedf24fd788d52bffb3582954a08025f07 Show response
tagmanager1.citi.com/one/v1/profiles/ 583 B
647 B 121ms
43ms XHR
application/json 3.124.119.57
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagmanager1.citi.com/one/v1/profiles/430d3e594a046cfc3276d6d4dacdf0fedf24fd788d52bffb3582954a08025f07
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.124.119.57 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-119-57.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e4dda841c731d19974cdfa6ad5694ac6d20e9c10817574afd354413a634981f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:42 GMT
content-encoding: gzip
server: nginx
x-ens-one-is-anonymous: true
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: *
access-control-allow-headers: *
x-ens-one-ttl: 1695627671
apigw-requestid: H6RDFim0FiAEJtQ=

GET
H2 200 serverComponent.php Show response
nexus.ensighten.com/citi/na_prod/ 2 KB
1 KB 55ms
55ms Script
text/javascript 108.157.177.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Wed%20Jul%2005%2015:48:04%20GMT%202023&ClientID=1129&PageID=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D0882146DFC9C49AA904D7290BED13566
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.177.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-177-44.mxp53.r.cloudfront.net
Software: CloudFront /
Resource Hash: 40823e46da70af79a0a5cb3b744cd8022291ed41343e53b0cae0acadaa9a583c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:42 GMT
content-encoding: gzip
via: 1.1 a0adf1c6b3fbf8ce9abab2f3cbc02bca.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: MXP53-P1
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/javascript
cache-control: no-cache, no-store
x-amz-cf-id: HVDAO9AP2_wShGmw8K2CIuhX3OLOUgwWtIGbZSEIwGmYV5TqAaljQA==
expires: Tue, 11 Jul 2023 17:45:41 GMT

GET
H2 200 851.bundle.js Show response
citicards.citi.com/cbol/fraudprevention/js/ 48 KB
12 KB 134ms
133ms Script
application/javascript 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://citicards.citi.com/cbol/fraudprevention/js/851.bundle.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 4bd2e97ff103e4087829ada73ed0a4f97639bd1cf5fe57744dbb1504e6217d2f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:42 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Mon, 17 Apr 2023 18:57:32 GMT
etag: "036e9765e71d91:0"
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12354

GET
H2 200 interstate-light.woff
cdn.digitalmarketing.citibankonline.com/fonts/ 17 KB
17 KB 100ms
22ms Font
application/x-woff 34.107.138.236
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.digitalmarketing.citibankonline.com/fonts/interstate-light.woff

Requested by

Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.107.138.236 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

236.138.107.34.bc.googleusercontent.com

Software

Resource Hash

0a747978746092df6f18fe90ef23b9896959f6a9bb0b58cbab2cbc851793e023

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://citicards.citi.com/
Origin: https://citicards.citi.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 12:57:40 GMT
via: 1.1 google
x-content-type-options: nosniff
last-modified: Mon, 10 Feb 2020 17:54:41 GMT
cross-origin-opener-policy: same-origin
age: 17282
content-type: application/x-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17596
x-xss-protection: 0

GET
H2 200 citicards.citi.com.json Show response
script.crazyegg.com/pages/data-scripts/0090/1567/site/ Frame 7652 9 KB
2 KB 76ms
33ms XHR
application/json 2606:4700::6813:9408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/data-scripts/0090/1567/site/citicards.citi.com.json?t=1
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0090/1567.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 42d4c49897bed678a83319fe6e4d1ae6df09f63888041b88aad384f02cc6d316

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:42 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 2823
ce-version: 11.5.100
content-length: 2144
last-modified: Tue, 11 Jul 2023 16:58:39 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7e52dc9a6b605b7a-FRA

GET
H2 204 r.rnc
data.privacy.ensighten.com/privacy/v1/b/ 0
107 B 63ms
21ms Image
text/plain 3.124.119.57
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.privacy.ensighten.com/privacy/v1/b/r.rnc?n=0&c=1129&i=5jrnsk&p=na_prod&s=354&d=8HB7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNjExIiwiY2xpZW50SWQiOjExMjksInB1Ymxpc2hQYXRoIjoibmFfcHJvZCIsImluc3RhbmNlSWQiOiI1anJuc2siLCJwYWNrZXQiOjAsIm1vZGUiOiJlbmZvcmNlWgDwCG9va2llcyI6eyJCQU5ORVJfTE9BREVEkQDyJyJ9LCJlbnZpcm9ubWVudCI6IkNCT0wgUHJpdmFjeSIsInJlcXVlc3RzIjpbeyJkZXN0aW5hdM4A8BkiLCJ0eXBlIjoiYmlsbGluZyIsInN0YXJ0IjoxNjg5MDk3NTQyNzM1YgDAZCI6LTEsInNvdXJjMgACKwBhdHVzIjoiZgBAYXNvbmUA1F0sImRhdGFQYXR0ZXISALBsaXN0IjpbXSwiaSAB8AA2ODkwOTc1NDI3MzV9XX0
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.124.119.57 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-119-57.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:42 GMT
cache-control: no-cache, no-store
server: nginx
expires: Tue, 11 Jul 2023 17:45:41 GMT

GET
H2 204 r.rnc
data.privacy.ensighten.com/privacy/v1/c/ 0
106 B 52ms
21ms Image
text/plain 3.124.119.57
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.privacy.ensighten.com/privacy/v1/c/r.rnc?n=0&c=1129&i=6nmcdx&p=na_prod&s=381&d=9Cd7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNjExIiwiY2xpZW50SWQiOjExMjkQAPAaTmFtZSI6ImNpdGkiLCJwdWJsaXNoUGF0aCI6Im5hX3Byb2QiLCJtb2QmAJBibGFja2xpc3RPAPAfb29raWVzIjp7IkNJVElfRU5TSUdIVEVOX1BSSVZBQ1lfQkFOTkVSX0xPQURFRJ0A8Q8ifSwiZHQiOjE2ODkwOTc1NDI3NDMsInNldHRpbmdLAPEqbW9kYWwiOiJlbnRlcnByaXNlIiwiZW52aXJvbm1lbnQiOiJDQk9MIFByaXZhY3kiLCJkZWZhdWx0PgD0CFBlcmZvcm1hbmNlLUFuYWx5dGljcyBDqgD5CDEsIkVzc2VudGlhbC1GdW5jdGlvbmFsIQDwAkFkdmVydGlzaW5nLVRhcmdlmwAHIgDwAH19LCJldmVudHMiOltdfQ
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.124.119.57 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-119-57.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:42 GMT
cache-control: no-cache, no-store
server: nginx
expires: Tue, 11 Jul 2023 17:45:41 GMT

GET
H/1.1 200
OK dest5.html Show response
citi.demdex.net/ Frame 12D3 7 KB
3 KB 189ms
47ms Document
text/html 54.171.207.236
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://citi.demdex.net/dest5.html?d_nsid=0

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.171.207.236 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-171-207-236.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://citicards.citi.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: text/html;charset=UTF-8
DCS: dcs-prod-irl1-1-v050-077f06c9c.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: t5X/0tIHSH8=
content-encoding: gzip
date: Tue, 11 Jul 2023 17:45:42 GMT
last-modified: Wed, 28 Jun 2023 12:57:16 GMT
transfer-encoding: chunked
vary: accept-encoding

GET
H2 200 id Show response
metrics1.citi.com/ 48 B
463 B 116ms
38ms XHR
application/x-javascript 63.140.62.164
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics1.citi.com/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&mid=47173400492960934284197279799300246464&ts=1689097542755

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.62.164 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

ip-63-140-62-164.data.adobedc.net

Software

jag /

Resource Hash

baf4a7a4ccd82a4f9c1d589247ad3d0603524ec90348633942409bd59e027528

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citicards.citi.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 11 Jul 2023 17:45:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: https://citicards.citi.com
p3p: CP="This is not a P3P policy"
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-length: 48
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=ZK2VRgAAAOFuGANn
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=52480327093194775913718884247007457891
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZK2VRgAAAOFuGANn

42 B
942 B

48ms
48ms

Image
image/gif

34.254.104.147
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZK2VRgAAAOFuGANn

Requested by

Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566

Protocol

HTTP/1.1

Server

34.254.104.147 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-254-104-147.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v050-093d863cb.edge-irl1.demdex.com 1 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 9j4cs3RlQRc=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZK2VRgAAAOFuGANn
Date: Tue, 11 Jul 2023 17:45:42 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H2 200 93935a4096516447172d9d3f1d23710d.js Show response
nexus.ensighten.com/citi/na_prod/code/ 1 KB
1 KB 30ms
29ms Script
application/javascript 108.157.177.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/93935a4096516447172d9d3f1d23710d.js?conditionId0=433072
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.177.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-177-44.mxp53.r.cloudfront.net
Software: CloudFront /
Resource Hash: f071110e088267097a0946520a2a08bd589f971f3ce4cb989feda1415026ac49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 20 May 2023 02:11:16 GMT
x-amz-version-id: .9Yu1fA6u9LpETfeDT0_cOHllcbsIoL2
content-encoding: gzip
via: 1.1 a0adf1c6b3fbf8ce9abab2f3cbc02bca.cloudfront.net (CloudFront)
x-amz-cf-pop: MXP53-P1
age: 4548867
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Jul 2021 20:01:11 GMT
server: CloudFront
etag: W/"22035994ea9f0b167d391afd37705f26"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: wVpi5MW0G4qpQo4OvLJaC-PmvxwaBlBa4CgAOsxZo93D4hWQ1w1MkQ==

GET
H2 200 7c8ae1f9c206930028672949c6703f6d.js Show response
nexus.ensighten.com/citi/na_prod/code/ 2 KB
2 KB 29ms
28ms Script
application/javascript 108.157.177.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/7c8ae1f9c206930028672949c6703f6d.js?conditionId0=4849963
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.177.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-177-44.mxp53.r.cloudfront.net
Software: CloudFront /
Resource Hash: 9a74546a8f511f31b5252f115d2db7aa69370ca5eeaf6828f60abb197f35a169

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 20 May 2023 07:10:05 GMT
x-amz-version-id: fn0OQIG24n9jjHSfN2OozphT08M6eW_x
content-encoding: gzip
via: 1.1 a0adf1c6b3fbf8ce9abab2f3cbc02bca.cloudfront.net (CloudFront)
x-amz-cf-pop: MXP53-P1
age: 4530938
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 18 Oct 2022 17:52:59 GMT
server: CloudFront
etag: W/"7df0440e45009010a99db868682aafb3"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: 25i3TXQgJqnX2Y0glTPsl5TT6XHYAI8RtyxXt9m2EQeyCpR9AHo7hQ==

GET
H2 200 a8e6e75645a478743701a0de29db4661.js Show response
nexus.ensighten.com/citi/na_prod/code/ 5 KB
2 KB 30ms
29ms Script
application/javascript 108.157.177.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/a8e6e75645a478743701a0de29db4661.js?conditionId0=4897099
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.177.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-177-44.mxp53.r.cloudfront.net
Software: CloudFront /
Resource Hash: d107585e5668bdc16163e383fd78e7a418f1eeb8a1093391dd69d7fd4f14450e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 25 May 2023 08:39:26 GMT
x-amz-version-id: wws6KB118wQQBLdhwHWaGrumLswtioTa
content-encoding: gzip
via: 1.1 a0adf1c6b3fbf8ce9abab2f3cbc02bca.cloudfront.net (CloudFront)
x-amz-cf-pop: MXP53-P1
age: 4093577
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Mon, 01 May 2023 19:21:07 GMT
server: CloudFront
etag: W/"b7b279129c64359bf0c1d6935957974f"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: afJO221VZAX0aDhr4LU7SIDkTrKkgYP7yCwk2E_kO0mvV_e15wa7pA==

GET
H2 200 c65a3609e1beed72955b88afac8cd31d.js Show response
nexus.ensighten.com/citi/na_prod/code/ 2 KB
1 KB 37ms
35ms Script
application/javascript 108.157.177.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/c65a3609e1beed72955b88afac8cd31d.js?conditionId0=480881
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.177.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-177-44.mxp53.r.cloudfront.net
Software: CloudFront /
Resource Hash: 686eb5d7c927dd741ef72adda5c719b478d36f1e29520ee16d5121854c174b10

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sun, 28 May 2023 06:20:43 GMT
x-amz-version-id: wXRQEmBG4QJsg2TZDdHUFOaVLJIZHKhf
content-encoding: gzip
via: 1.1 a0adf1c6b3fbf8ce9abab2f3cbc02bca.cloudfront.net (CloudFront)
x-amz-cf-pop: MXP53-P1
age: 3842700
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 15 Dec 2022 04:55:25 GMT
server: CloudFront
etag: W/"e9bda8e342fda2a02ffa59c9064942d8"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: 8Z4Ew7X-gEuTdOMRPzipjNMz_s9qZbl0mrp-ZDTkok-bNE9Rt3Z_mQ==

GET
H2 200 d795417d12c8f126e64e0009e16abb55.js Show response
nexus.ensighten.com/citi/na_prod/code/ 337 KB
45 KB 31ms
30ms Script
application/javascript 108.157.177.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/d795417d12c8f126e64e0009e16abb55.js?conditionId0=421908
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.177.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-177-44.mxp53.r.cloudfront.net
Software: CloudFront /
Resource Hash: 57708901f47a20f3fbe1aafedc530fbe49f01fb88714c9b4685426b94759f732

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 15:48:18 GMT
x-amz-version-id: xOcKYVNnwrtun1_P7HDELL7Ss9aSv6o7
content-encoding: br
via: 1.1 a0adf1c6b3fbf8ce9abab2f3cbc02bca.cloudfront.net (CloudFront)
x-amz-cf-pop: MXP53-P1
age: 525445
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Wed, 05 Jul 2023 15:48:08 GMT
server: CloudFront
etag: W/"6720564da36815a78cd072df37ce9d59"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: yzbegS55cFi8VoQvkT7Un4AxH-pVDAbd7r6JLMXCd913z4EyzmTePQ==

GET
H2 200 b169b5211abcb59597c2a50d0834dad6.js Show response
nexus.ensighten.com/citi/na_prod/code/ 1 KB
1 KB 36ms
35ms Script
application/javascript 108.157.177.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/b169b5211abcb59597c2a50d0834dad6.js?conditionId0=4854834
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.177.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-177-44.mxp53.r.cloudfront.net
Software: CloudFront /
Resource Hash: bfeb1411c94f38006c7a7c93992bfd348f825b5914c94ba2688060e77bd5f630

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 27 May 2023 10:42:44 GMT
x-amz-version-id: _QsuTAI24qIEiqD9TkI.fzr0FP874P0F
content-encoding: gzip
via: 1.1 a0adf1c6b3fbf8ce9abab2f3cbc02bca.cloudfront.net (CloudFront)
x-amz-cf-pop: MXP53-P1
age: 3913379
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 16 Aug 2022 21:43:05 GMT
server: CloudFront
etag: W/"b251770ce4b6edc0b43f8a7659567774"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: TIb8ryNPZaVyijuYBW2zfcH0SCE7I7iAk6SXfOTMkJxaolABfSV8nQ==

GET
H2 200 93bd1173e004c5f14c8c312774a177d6.js Show response
nexus.ensighten.com/citi/na_prod/code/ 1 KB
1 KB 37ms
36ms Script
application/javascript 108.157.177.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/93bd1173e004c5f14c8c312774a177d6.js?conditionId0=4936631
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.177.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-177-44.mxp53.r.cloudfront.net
Software: CloudFront /
Resource Hash: 07f6baeb3a16d7474a408bd4f6ae6bfe8c2538c41ba342f2431ddc64264b4fcf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 24 May 2023 01:25:34 GMT
x-amz-version-id: nLZ6xTlu1iMFXeMTTYN4VPX3Tv1cDtk4
content-encoding: gzip
via: 1.1 a0adf1c6b3fbf8ce9abab2f3cbc02bca.cloudfront.net (CloudFront)
x-amz-cf-pop: MXP53-P1
age: 4206009
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 04 Oct 2022 17:38:26 GMT
server: CloudFront
etag: W/"1a018458600589c4b560bd7be94993f2"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: LOyGiz-MgAi4NFlrGhImsDC0R9mk8zvPR79fqKjPquuuLAp6L3iqWA==

GET
H2 200 f9112c4f4cc2da7bc760957da1d0a476.js Show response
nexus.ensighten.com/citi/na_prod/code/ 27 KB
6 KB 38ms
37ms Script
application/javascript 108.157.177.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/f9112c4f4cc2da7bc760957da1d0a476.js?conditionId0=486757
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.177.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-177-44.mxp53.r.cloudfront.net
Software: CloudFront /
Resource Hash: 18fe0fbfef31b4ef603a5827ac377792d1a68b93710d285e88623a79ea0e6870

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sun, 28 May 2023 06:20:43 GMT
x-amz-version-id: _EGaJ0JRqXa7HXWsIS89V3k4kvtsyejg
content-encoding: gzip
via: 1.1 a0adf1c6b3fbf8ce9abab2f3cbc02bca.cloudfront.net (CloudFront)
x-amz-cf-pop: MXP53-P1
age: 3842700
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 16 Feb 2023 18:50:31 GMT
server: CloudFront
etag: W/"341b188f6c2fe2107f63f9a2f998bb29"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: vS0rGxlvrsIFkecgppbvHFFKbkJVkacfhCNMRd0ggNsqeq7lLBZHFA==

GET
H2 200 9d9a7667eda16421b759d3e4ae34d25f.js Show response
nexus.ensighten.com/citi/na_prod/code/ 27 KB
7 KB 38ms
37ms Script
application/javascript 108.157.177.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/9d9a7667eda16421b759d3e4ae34d25f.js?conditionId0=467299
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.177.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-177-44.mxp53.r.cloudfront.net
Software: CloudFront /
Resource Hash: 696482c2e2d088086d19d0fc4406632415e35b741ecc23151a75a39b8766a5d5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 09 May 2023 07:04:08 GMT
x-amz-version-id: iCANwNDAYzzLjFfP7PabUgezx4DdR6XE
content-encoding: gzip
via: 1.1 a0adf1c6b3fbf8ce9abab2f3cbc02bca.cloudfront.net (CloudFront)
x-amz-cf-pop: MXP53-P1
age: 5481695
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 16 Feb 2023 18:50:31 GMT
server: CloudFront
etag: W/"d7a7f92dbb8927a61cb31e29eea41b11"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: Vm3ssxONcFAg0RMtfpT8KlNOOqrzyvaiYtPx58gkyo-zybc0bP39wQ==

GET
H2 200 ccb910f3b286651d23766cb6ef3edc43.js Show response
nexus.ensighten.com/citi/na_prod/code/ 396 KB
120 KB 39ms
39ms Script
application/javascript 108.157.177.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/ccb910f3b286651d23766cb6ef3edc43.js?conditionId0=3013337
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.177.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-177-44.mxp53.r.cloudfront.net
Software: CloudFront /
Resource Hash: 040d3398f360907cc7ca1b942e2213e6f360d39bac4a5fa9140e3ae82731c747

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 27 May 2023 00:11:27 GMT
x-amz-version-id: 0bluFTYuI52H0CFwnZwsOCw1MVHJt6q6
content-encoding: gzip
via: 1.1 a0adf1c6b3fbf8ce9abab2f3cbc02bca.cloudfront.net (CloudFront)
x-amz-cf-pop: MXP53-P1
age: 3951256
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 16 May 2023 16:05:00 GMT
server: CloudFront
etag: W/"4a011f25eec2f5bd4ab48351fa9a1e43"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: zak_vxEwEDFWjwh0LuMdYlGr-7_erX1OnDeM2OG4b6k55DQ4L1I3hg==

GET
H2 200 f79ae745264b43f3faaab87bf3cdb75b.js Show response
nexus.ensighten.com/citi/na_prod/code/ 3 KB
1 KB 55ms
55ms Script
application/javascript 108.157.177.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/f79ae745264b43f3faaab87bf3cdb75b.js?conditionId0=455897
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.177.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-177-44.mxp53.r.cloudfront.net
Software: CloudFront /
Resource Hash: 40cefd284724286ec23670e16cc7b354c2cee0527edda1ae49eea62b8301bff4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 06 Jun 2023 05:40:44 GMT
x-amz-version-id: 8CcfzS7DteGxKg7ZkR_HfOT6Gn8m3nM1
content-encoding: gzip
via: 1.1 a0adf1c6b3fbf8ce9abab2f3cbc02bca.cloudfront.net (CloudFront)
x-amz-cf-pop: MXP53-P1
age: 3067499
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 21 Mar 2023 17:54:28 GMT
server: CloudFront
etag: W/"e2e34f527a64b278bef126c9ab6f0955"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: RsXoWlOBP2XkegKwroOxqnLfL6xuj45PU3SzYIv7wPMfqpr-jlbAPw==

GET
H2 200 tc.min.js Show response
c1.rfihub.net/js/ 19 KB
6 KB 115ms
26ms Script
application/x-javascript 2600:9000:25a2:8800:1:76cf:fe80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.rfihub.net/js/tc.min.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:25a2:8800:1:76cf:fe80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Jetty(9.4.51.v20230217) /
Resource Hash: 7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:07:54 GMT
content-encoding: gzip
via: 1.1 20e88007b6f5218ef5942bc3581c73b8.cloudfront.net (CloudFront)
last-modified: Tue, 11 Jul 2023 17:07:44 GMT
server: Jetty(9.4.51.v20230217)
x-amz-cf-pop: ZRH55-P1
age: 2268
x-cache: Hit from cloudfront
content-type: application/x-javascript
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: public, max-age=3600
content-length: 6162
x-amz-cf-id: aqBN1hBGXlO424T1llzL_rL5PTqrJ1PWh6PlfYzBRJjoG7Sc2zfnbg==
expires: Tue, 11 Jul 2023 18:07:54 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 127 KB
49 KB 77ms
30ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6260004

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

63c932f7017993b8e223761c479a02330b4c28008dbdecf56268d5c69a6f0f72

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:42 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50048
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 17:23:07 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jul 2023 17:45:42 GMT

GET
H2 200 61f2689d95e94c6ef599202edd32401c.js Show response
script.crazyegg.com/pages/versioned/common-scripts/ 77 KB
27 KB 27ms
27ms Script
text/javascript 2606:4700::6813:9408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/versioned/common-scripts/61f2689d95e94c6ef599202edd32401c.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: db2ccc051fd7633008012ea29d2598c95d84c9a9c985db4359eb1982bd6f2b8b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:42 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 30 Jun 2023 09:34:40 GMT
server: cloudflare
age: 7398
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7e52dc9ab91b90dc-FRA
content-length: 27037

GET
H2 200 citicards.citi.com.json Show response
script.crazyegg.com/pages/data-scripts/0090/1567/sampling/ Frame 7652 152 B
236 B 28ms
28ms XHR
application/json 2606:4700::6813:9408
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/data-scripts/0090/1567/sampling/citicards.citi.com.json?t=469193
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/61f2689d95e94c6ef599202edd32401c.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9408 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1fa281e4dcbd2331514f3e107d332989ffb078ccf119b31dcd9b809ba809fbe6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:42 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 2821
ce-version: 11.5.100
content-length: 144
last-modified: Tue, 11 Jul 2023 16:58:41 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7e52dc9afbfe5b7a-FRA

GET
H3 200 225.bundle.js Show response
citicards.citi.com/cbol/fraudprevention/js/ 203 KB
60 KB 125ms
124ms Script
application/javascript 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://citicards.citi.com/cbol/fraudprevention/js/225.bundle.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: a8027ee9180a5a26fc10c906f300390608b2e6505153ea80390ae15bbe986732

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:42 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:52 GMT
etag: "078bbc7c65dd91:0"
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60917

GET
H3 200 283.bundle.js Show response
citicards.citi.com/cbol/fraudprevention/js/ 125 KB
17 KB 125ms
125ms Script
application/javascript 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://citicards.citi.com/cbol/fraudprevention/js/283.bundle.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 1cc998148cc12663c81cd4638e2dab2e75a52568104f426ab305c6773b4ec4ff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:42 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Mon, 17 Apr 2023 18:57:32 GMT
etag: "036e9765e71d91:0"
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17669

POST
H2 200 delivery Show response
citicorpcreditservic.tt.omtrdc.net/rest/v1/ 363 B
1 KB 168ms
54ms XHR
application/json 66.235.152.113
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL

https://citicorpcreditservic.tt.omtrdc.net/rest/v1/delivery?client=citicorpcreditservic&sessionId=4ee90495d32b45ef9914c3e712e74dcc&version=2.10.0

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.235.152.113 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

ip-66-235-152-113.data.adobedc.net

Software

jag /

Resource Hash

378dcad8452e76fdacf48e460bb52e37f3d2a531cd8b355c50c81ecc87eef4c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citicards.citi.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 11 Jul 2023 17:45:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
p3p: CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
x-xss-protection: 1; mode=block
x-request-id: 773eba10-9c5d-4718-9665-7dd182827d1a
referrer-policy: strict-origin-when-cross-origin
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List
server: jag
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://citicards.citi.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
timing-allow-origin: *

GET
H2 200 healthcheck Show response
pagestates-tracking.crazyegg.com/ Frame 7652 19 B
462 B 81ms
23ms XHR
application/json 18.66.97.88
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pagestates-tracking.crazyegg.com/healthcheck
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/61f2689d95e94c6ef599202edd32401c.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-88.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Apr 2023 11:18:30 GMT
via: 1.1 59d5785a1d012a54118141e7e216a492.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 8317633
x-cache: Hit from cloudfront
content-length: 19
last-modified: Fri, 08 Jul 2022 22:25:51 GMT
server: AmazonS3
etag: "d06f04fccf68d0b228a5923187ce1afd"
access-control-max-age: 31536000
access-control-allow-methods: GET, HEAD
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
accept-ranges: bytes
x-amz-cf-id: jOOYND2TgVYcsCFHa_OyZk8_SktP6JNL5F-zcD1kdHkrmdy4deWzMA==

GET
H2 200 healthcheck Show response
assets-tracking.crazyegg.com/ Frame 7652 19 B
387 B 75ms
20ms XHR
application/json 18.66.122.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets-tracking.crazyegg.com/healthcheck
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/61f2689d95e94c6ef599202edd32401c.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.122.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-122-74.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 05 Nov 2022 03:10:02 GMT
via: 1.1 0121ceb2efadb6db52d122a8b6b52f90.cloudfront.net (CloudFront)
last-modified: Fri, 08 Jul 2022 22:25:51 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 21479741
etag: "d06f04fccf68d0b228a5923187ce1afd"
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: *
accept-ranges: bytes
content-length: 19
x-amz-cf-id: 9D8lhJo6fm4dYqBOwFMRsZ-KTaPsB57_3QDE9Tvv8fpaEaTtFWK3xA==

GET
BLOB 200
OK d2ae3fb6-b71e-4ad2-96ae-8c72ad679bb3
https://citicards.citi.com/ 45 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://citicards.citi.com/d2ae3fb6-b71e-4ad2-96ae-8c72ad679bb3
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 86551808dbfbf8bc9b23ab3d0725794c2e1f2b4265c96715f2945638160edc2b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Length: 45
Content-Type: text/javascript

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 127 KB
49 KB 30ms
29ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6269322&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

088ec89b299ba2e9fc01f0ab2102a6ef825bd5ed3e3242f44188e67e0837c8a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:42 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50103
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 17:23:07 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jul 2023 17:45:42 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 127 KB
49 KB 52ms
51ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6256710&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4f932aaea7d501169b809fa6509d90084fed0b46a054422e1f1c3860885139d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:42 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50103
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 17:23:07 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jul 2023 17:45:42 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 127 KB
49 KB 40ms
40ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6415812&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8b6cb78db67e8cfb54daacd8a042e69776cff83fded3214b9c1a27f629bcec18

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:42 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50101
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 16:32:58 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jul 2023 17:45:42 GMT

GET
H/1.1 200
OK ca.html Show response
20766699p.rfihub.com/ Frame 8590 118 B
684 B 129ms
30ms Document
text/html 193.0.160.130
ROCKETFUEL

General

Check archive.org

Show headers Download Go to

Full URL: https://20766699p.rfihub.com/ca.html?ver=9&ra=508&rb=648&ca=20766699&_o=17169175&_t=citifraudpreventionlp&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=citifraudpreventionlp&pe=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0%21.SEOz.eGI.lYg.xG%21.Bj.SX.0f.E%26ProspectID%3D0882146DFC9C49AA904D7290BED13566&pf=&ra=12414812394357688
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 193.0.160.130 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.4.51.v20230217) /
Resource Hash: c437eb764a99e6cd5172d63c3fae564bbc51eda4981058d5edebd2bf0700eb76

Request headers

Referer: https://citicards.citi.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache
Content-Length: 118
Content-Type: text/html;charset=utf-8
Date: Tue, 11 Jul 2023 17:45:43 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server: Jetty(9.4.51.v20230217)

GET
H2 200 clock Show response
tracking.crazyegg.com/ Frame 7652 30 B
137 B 175ms
66ms XHR
text/plain 34.253.91.174
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.crazyegg.com/clock?t=1689097543032&tk=3353697c62395c48c0b0030a6d85efcd&s=340498&p=%2Fcbol%2Ffraudprevention%2Fdefault.htm&u=901567&v=1b66a5119f54405d0d32ebd47fa361c2b853bdbb&f=citicards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm&ul=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D0882146DFC9C49AA904D7290BED13566
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/61f2689d95e94c6ef599202edd32401c.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.91.174 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-253-91-174.eu-west-1.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash: 1a41484bb0aea891e2eb8f99efa8164f45ca0310fb0583df3b7d04febcedb343

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 11 Jul 2023 17:45:43 GMT
cache-control: no-store
server: awselb/2.0
content-length: 30
content-type: text/plain

GET
H3 200 fraud-hero-tab.jpg
citicards.citi.com/cbol/fraudprevention/images/ 81 KB
81 KB 125ms
125ms Image
image/jpeg 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/fraud-hero-tab.jpg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: fd6d62f4d67e7fda1a1402702346bc50fd7c172c18393a4e0210257b2adbe62d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:43 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/jpeg
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 82608

GET
H3 200 slide-0-mob.jpg
citicards.citi.com/cbol/fraudprevention/images/ 10 KB
10 KB 132ms
131ms Image
image/jpeg 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/slide-0-mob.jpg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 7b699b93e69fda495eb30c70f72207299c8f949accd7b1e8a935948d59d9af44

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:43 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:10 GMT
etag: "099d9375cfbd81:0"
content-type: image/jpeg
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10704

GET
H3 200 slide-1-mob.jpg
citicards.citi.com/cbol/fraudprevention/images/ 11 KB
11 KB 126ms
125ms Image
image/jpeg 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/slide-1-mob.jpg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: c55531a41c4e531e807f3b8bf2239d470626738ff131c50df61dee9d11779efd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:42 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:10 GMT
etag: "099d9375cfbd81:0"
content-type: image/jpeg
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11088

GET
H3 200 slide-2-mob.jpg
citicards.citi.com/cbol/fraudprevention/images/ 10 KB
10 KB 133ms
132ms Image
image/jpeg 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/slide-2-mob.jpg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 169497aeb22981c6c521fc664347e3d61bfa45949950fece4d1b094543bb64f9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:43 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:10 GMT
etag: "099d9375cfbd81:0"
content-type: image/jpeg
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10584

GET
H3 200 slide-3-mob.jpg
citicards.citi.com/cbol/fraudprevention/images/ 9 KB
9 KB 134ms
133ms Image
image/jpeg 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/slide-3-mob.jpg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 6424b26e1c9ad15f0ed6d53c59c7fc52b8265ae94a4f6ccbc65657a8ab6693b4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:42 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:10 GMT
etag: "099d9375cfbd81:0"
content-type: image/jpeg
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9250

GET
H3 200 slide-4-mob.jpg
citicards.citi.com/cbol/fraudprevention/images/ 8 KB
8 KB 138ms
137ms Image
image/jpeg 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/slide-4-mob.jpg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: b4574a5464bce4c31ea7e1ad1df26cc530c9aec80c6e9589bad98b2c490f53c3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:43 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:10 GMT
etag: "099d9375cfbd81:0"
content-type: image/jpeg
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8197

GET
H3 200 slide-5-mob.jpg
citicards.citi.com/cbol/fraudprevention/images/ 9 KB
9 KB 149ms
148ms Image
image/jpeg 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/slide-5-mob.jpg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 7e00d5a424ff85e9c4c39a0341813e09d662e1f61f128790a5abe1caefb46f92

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:42 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:10 GMT
etag: "099d9375cfbd81:0"
content-type: image/jpeg
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9495

GET
H3 200 phone-dsk.png
citicards.citi.com/cbol/fraudprevention/images/ 11 KB
11 KB 150ms
149ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/phone-dsk.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 372b67a92ab446419a50836bef8d4cb1e67c3c453635802b8e76851f97506a6a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:42 GMT
via: 1.1 google
last-modified: Tue, 06 Dec 2022 15:57:16 GMT
etag: "0968b698b9d91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11197

GET
H3 200 quicklock-icon.svg
citicards.citi.com/cbol/fraudprevention/images/ 1 KB
1 KB 152ms
151ms Image
image/svg+xml 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/quicklock-icon.svg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: c0fb20eb7da599c08ef260ec8603add33ea00a752146ebb8dcb1610c126ec746

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:43 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:08 GMT
etag: "06ca8365cfbd81:0"
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1415

GET
H3 200 authentication-icon.svg
citicards.citi.com/cbol/fraudprevention/images/ 1 KB
1 KB 160ms
158ms Image
image/svg+xml 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/authentication-icon.svg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: c63de0488dd3407907555cfe3e116489a04cb99057b5133442fb20be704d2876

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:43 GMT
via: 1.1 google
last-modified: Thu, 23 Jun 2022 22:00:24 GMT
etag: "0ca2a34c87d81:0"
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1351

GET
H3 200 warning-icon.svg
citicards.citi.com/cbol/fraudprevention/images/ 1 KB
1 KB 151ms
149ms Image
image/svg+xml 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/warning-icon.svg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 41d6ee7d6834807df0b1c075d37e868b03c8f6474f3d41971cdc660cf36790af

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:43 GMT
via: 1.1 google
last-modified: Thu, 23 Jun 2022 22:00:24 GMT
etag: "0ca2a34c87d81:0"
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1364

GET
H3 200 wallet-icon.svg
citicards.citi.com/cbol/fraudprevention/images/ 848 B
865 B 231ms
229ms Image
image/svg+xml 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/wallet-icon.svg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 5b67ef142e18bfb86f4dac4a466758f51db4171863f56925eb6ae2c242b416ff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:43 GMT
via: 1.1 google
last-modified: Thu, 23 Jun 2022 22:00:24 GMT
etag: "0ca2a34c87d81:0"
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 848

GET
H3 200 alert-icon.svg
citicards.citi.com/cbol/fraudprevention/images/ 2 KB
2 KB 231ms
228ms Image
image/svg+xml 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/alert-icon.svg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: b20679c2b5ac8bf42dcd693e1c324b1c7b7f597c9a54c3c6f5609a73c6f08916

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:43 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:08 GMT
etag: "06ca8365cfbd81:0"
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2039

GET
H3 200 sms-icon.svg
citicards.citi.com/cbol/fraudprevention/images/ 858 B
875 B 234ms
231ms Image
image/svg+xml 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/sms-icon.svg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 9b61a38abc0e343f9cdeb049ded0608b26d80ac51673dc59113c661e11b405f8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:43 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:08 GMT
etag: "06ca8365cfbd81:0"
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 858

GET
H3 200 phone-icon.svg
citicards.citi.com/cbol/fraudprevention/images/ 850 B
867 B 234ms
231ms Image
image/svg+xml 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/phone-icon.svg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: a3e459748cea4644f18f82a58e89526526ff2e4aa862f4013ef89240a728b9c0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:42 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:08 GMT
etag: "06ca8365cfbd81:0"
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 850

GET
H3 200 security-icon.svg
citicards.citi.com/cbol/fraudprevention/images/ 1 KB
1 KB 237ms
234ms Image
image/svg+xml 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/security-icon.svg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 61d1bb42616337c62614385e8a3045e00d5724568b0cbe1701e45b2c80eb5bc6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:42 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:08 GMT
etag: "06ca8365cfbd81:0"
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1463

GET
H3 200 pin-icon.svg
citicards.citi.com/cbol/fraudprevention/images/ 2 KB
2 KB 235ms
232ms Image
image/svg+xml 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/pin-icon.svg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 6038d7791fbab95f51c10c0c28a125aeffeca7474d5a8e03f77ad48ef69d2c2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:43 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:52 GMT
etag: "078bbc7c65dd91:0"
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1877

GET
H3 200 article-0-dsk.jpg
citicards.citi.com/cbol/fraudprevention/images/ 44 KB
44 KB 232ms
229ms Image
image/jpeg 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/article-0-dsk.jpg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: c090ca35fa296ca439f61d5a139459b3be5bb7c729086bdf268cdf27f236f7d6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:43 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:10 GMT
etag: "099d9375cfbd81:0"
content-type: image/jpeg
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44958

GET
H3 200 article-1-dsk.jpg
citicards.citi.com/cbol/fraudprevention/images/ 44 KB
44 KB 240ms
237ms Image
image/jpeg 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/article-1-dsk.jpg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 6790995e96e099f5fcb8e62a1c0bd602f44ddfd8189dd6ff6a0e1449eeb39978

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:43 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:10 GMT
etag: "099d9375cfbd81:0"
content-type: image/jpeg
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 45322

GET
H3 200 article-2-mob.jpg
citicards.citi.com/cbol/fraudprevention/images/ 28 KB
28 KB 305ms
301ms Image
image/jpeg 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/article-2-mob.jpg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 18e4bd3ec81538c19da48add5f6bcabe99cabf7279806624e3bdf630537e9447

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:42 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:08 GMT
etag: "06ca8365cfbd81:0"
content-type: image/jpeg
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28352

GET
H3 200 article-3-mob.jpg
citicards.citi.com/cbol/fraudprevention/images/ 41 KB
41 KB 337ms
334ms Image
image/jpeg 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/article-3-mob.jpg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: dcfe7c5333c1446a6d4b0b3d9cf9fdb5d6d4ad57c604b647475f6e315cfb2e23

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:42 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:08 GMT
etag: "06ca8365cfbd81:0"
content-type: image/jpeg
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42073

GET
H3 200 article-4-mob.jpg
citicards.citi.com/cbol/fraudprevention/images/ 8 KB
8 KB 398ms
395ms Image
image/jpeg 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/article-4-mob.jpg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 94d185b092eb12a399becc1cf4fbd11ca29ee301156b298cbb16408b8f924702

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:42 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:10 GMT
etag: "099d9375cfbd81:0"
content-type: image/jpeg
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8135

GET
H2 200 interstate-bold.woff
cdn.digitalmarketing.citibankonline.com/fonts/ 17 KB
17 KB 26ms
23ms Font
application/x-woff 34.107.138.236
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.digitalmarketing.citibankonline.com/fonts/interstate-bold.woff

Requested by

Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.107.138.236 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

236.138.107.34.bc.googleusercontent.com

Software

Resource Hash

28ced8a7cb30e6f747ad8116dcd11d3dbf5848c2d49a9babbd7d8c94e0a29cf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://citicards.citi.com/
Origin: https://citicards.citi.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 18:31:27 GMT
via: 1.1 google
x-content-type-options: nosniff
last-modified: Mon, 10 Feb 2020 17:54:07 GMT
cross-origin-opener-policy: same-origin
age: 2330056
content-type: application/x-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17500
x-xss-protection: 0

GET
H2 200 interstate-regular.woff
cdn.digitalmarketing.citibankonline.com/fonts/ 17 KB
17 KB 30ms
28ms Font
application/x-woff 34.107.138.236
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.digitalmarketing.citibankonline.com/fonts/interstate-regular.woff

Requested by

Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.107.138.236 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

236.138.107.34.bc.googleusercontent.com

Software

Resource Hash

6896c70fd430a1ffe69dc778926e1866ca52a12bd341170522ad6278aafd7bcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://citicards.citi.com/
Origin: https://citicards.citi.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 18:31:27 GMT
via: 1.1 google
x-content-type-options: nosniff
last-modified: Mon, 10 Feb 2020 17:54:07 GMT
cross-origin-opener-policy: same-origin
age: 2330056
content-type: application/x-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17592
x-xss-protection: 0

GET
H3 200 ajax-loader.gif
citicards.citi.com/cbol/fraudprevention/images/ 4 KB
4 KB 228ms
228ms Image
image/gif 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/ajax-loader.gif
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: e7b44c86b050fca766a96ddac2d0932af0126da6f2305280342d909168dcce6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:42 GMT
via: 1.1 google
last-modified: Thu, 23 Jun 2022 22:00:24 GMT
etag: "0ca2a34c87d81:0"
content-type: image/gif
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4178

GET
H3 200 carousel-arrow.svg
citicards.citi.com/cbol/fraudprevention/images/ 375 B
392 B 225ms
224ms Image
image/svg+xml 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/carousel-arrow.svg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 0692d8f575c2522bf66816e9190859e9a1135ced06f09a9d4145c146abeaf46b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:42 GMT
via: 1.1 google
last-modified: Thu, 23 Jun 2022 22:00:24 GMT
etag: "0ca2a34c87d81:0"
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 375

GET
H3 200 slick.woff
citicards.citi.com/cbol/fraudprevention/images/ 1 KB
1 KB 222ms
220ms Font
application/x-woff 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/slick.woff
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 56500ab0cde6f2d4378a2b105d7f48f729f23b0b5186c2ae3fc80ab57b1e43b6

Request headers

Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Origin: https://citicards.citi.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:43 GMT
via: 1.1 google
last-modified: Thu, 23 Jun 2022 22:00:24 GMT
etag: "0ca2a34c87d81:0"
content-type: application/x-woff
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1356

GET
H3 200 close.svg
citicards.citi.com/cbol/fraudprevention/images/ 444 B
461 B 212ms
212ms Image
image/svg+xml 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/close.svg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: c115f10444ec77e06c3a78d333dcc36d1d9996c24ce7086c8cf39caed0dbbc9a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:43 GMT
via: 1.1 google
last-modified: Thu, 23 Jun 2022 22:00:24 GMT
etag: "0ca2a34c87d81:0"
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 444

GET
H3 200 header-citi-logo-dark.svg
citicards.citi.com/cbol/fraudprevention/images/ 4 KB
2 KB 195ms
194ms Image
image/svg+xml 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/header-citi-logo-dark.svg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 798d2817849805518cc159e3194bf87db2de912b5fb65d271d6ad35220b523e6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:43 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Thu, 23 Jun 2022 22:00:24 GMT
etag: "0ca2a34c87d81:0"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1547

GET
H3 200 icon-animation.gif
citicards.citi.com/cbol/fraudprevention/images/ 196 KB
196 KB 198ms
192ms Image
image/gif 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/icon-animation.gif
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 0155792b9a2663cd6b988cf1c1f79d8cacb5a412f37030d3b3dd310e41e80be6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:42 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:10 GMT
etag: "099d9375cfbd81:0"
content-type: image/gif
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 200242

GET
H3 200 spoof-screen-dsk.png
citicards.citi.com/cbol/fraudprevention/images/ 61 KB
61 KB 225ms
219ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/spoof-screen-dsk.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 70cfee2273cff08adc1de934c7ba4c26ef37c552c0265a619f7aaae84b366082

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:43 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62004

GET
H3 200 spoof-numbers-screen-dsk.png
citicards.citi.com/cbol/fraudprevention/images/ 69 KB
69 KB 339ms
333ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/spoof-numbers-screen-dsk.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: e2032422cf97795d878d7e8f6c5680b61003a0e7426d090ad76414416d5e109b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:43 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 71061

GET
H3 200 half-screen-dsk.png
citicards.citi.com/cbol/fraudprevention/images/ 19 KB
19 KB 234ms
228ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/half-screen-dsk.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 3563b6e04f40fe3731855ce09dfd2e5f9e2352a3fe1107ca4bd7be199be7a466

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:42 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19680

GET
H3 200 pin.png
citicards.citi.com/cbol/fraudprevention/images/ 2 KB
2 KB 303ms
298ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/pin.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: d3c368636acfbc1ad3110ecd7e83cd91201a25035eefb869f0ba53fc80556ae5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:43 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1973

GET
H3 200 zelle.png
citicards.citi.com/cbol/fraudprevention/images/ 1 KB
1 KB 237ms
231ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/zelle.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 9e99b16368b8c1087c20b7cfcd4d347ad8d9ad87e2f12c02bde98d77fb0f4aa3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:42 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1366

GET
H3 200 remote.png
citicards.citi.com/cbol/fraudprevention/images/ 669 B
685 B 256ms
251ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/remote.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 5bc08566dd8013e3cd19dfd6f84bfdd4158f10ccf58fcfb79d70a251a00f6244

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:43 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 669

GET
H3 200 personal-info.png
citicards.citi.com/cbol/fraudprevention/images/ 2 KB
2 KB 259ms
253ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/personal-info.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: d7e512037d471d67911554862fb8b410aefdefda17c8e82f8eb07d2416363d1f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:42 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1937

GET
H3 200 bank.png
citicards.citi.com/cbol/fraudprevention/images/ 654 B
670 B 237ms
232ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/bank.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 2584c6004529409e7de7c99038212f52c80abd0ea8433e69bae062fb2fbeeaf3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:42 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 654

GET
H3 200 fundraiser.png
citicards.citi.com/cbol/fraudprevention/images/ 1 KB
1 KB 236ms
231ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/fundraiser.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 676e54cdee3f1e714af561b2de2074adc44558f0af9228f6a6549591b77ee06d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:43 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1436

GET
H3 200 email.png
citicards.citi.com/cbol/fraudprevention/images/ 1 KB
1 KB 305ms
300ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/email.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: c239243e04a137032106c293cb8cfb93057add704fa7a1c6a6e6c577c400b7fa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:42 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1476

GET
H3 200 romance.png
citicards.citi.com/cbol/fraudprevention/images/ 2 KB
2 KB 237ms
232ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/romance.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: a4d1700a5722627ab817f154047da828c8eab3153daf0251fd4ec06e4a86acea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:43 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1819

GET
H3 200 mobile.png
citicards.citi.com/cbol/fraudprevention/images/ 2 KB
2 KB 378ms
373ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/mobile.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 25d29d4c6e744e54c9e16f2f27a9cea3d936047813399376dcc5bd852b506a38

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:42 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1893

GET
H3 200 grandparents.png
citicards.citi.com/cbol/fraudprevention/images/ 2 KB
2 KB 240ms
234ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/grandparents.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 8f1b37fd8027cd3572e65d86ff4abc177632d7a232bccfb149801e25412950df

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:43 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2309

GET
H3 200 surprise.png
citicards.citi.com/cbol/fraudprevention/images/ 3 KB
3 KB 309ms
304ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/surprise.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: d126d27ad49023fbb9eee98910b70ff75515eedb4c471a20a3d895e8bf160b43

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:43 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2723

GET
H3 200 irs.png
citicards.citi.com/cbol/fraudprevention/images/ 1 KB
1 KB 240ms
235ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/irs.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef30ea175304f6c549c4780d5bf6fd45c3ec79e1ec5dccbd54644231d5a30b88

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:42 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1401

GET
H3 200 security.png
citicards.citi.com/cbol/fraudprevention/images/ 4 KB
4 KB 379ms
374ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/security.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 1189d926238344b283108b3493cf0469d4fd851d185f22fd9366a225c44d3e7a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:43 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4077

GET
H3 200 data-compromise.png
citicards.citi.com/cbol/fraudprevention/images/ 3 KB
3 KB 263ms
258ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/data-compromise.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 465f3efefba82cfd554d95f93205978eeb3c075f3f56e790615ede3e0611411e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:42 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2882

GET
H3 200 text.png
citicards.citi.com/cbol/fraudprevention/images/ 733 B
749 B 311ms
306ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/text.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: d72fcc31881c8545b5d0a716d9b66404dfed56c11ec7f7304a50d94e3b80858a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:43 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 733

GET
H3 200 phone.png
citicards.citi.com/cbol/fraudprevention/images/ 2 KB
2 KB 621ms
616ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/phone.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: c892e3f2d2a1431a8ebae99542926bfedf2d7ece6652b04e556d6136cabd8295

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:43 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2373

GET
H3 200 lottery.png
citicards.citi.com/cbol/fraudprevention/images/ 3 KB
3 KB 622ms
617ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/lottery.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: d3032ff7e71a938ab86456c60267b219f399ee6e17588690b26707ac4ab33682

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:42 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2611

GET
H3 200 gimmick.png
citicards.citi.com/cbol/fraudprevention/images/ 2 KB
2 KB 633ms
628ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/gimmick.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: d908e0bbf3a80aa1e4108a7847f6a61c1acfb6dd43f7c2e997f9fdc107391577

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:43 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2150

GET
BLOB 200
OK 9cc3816a-85cc-4996-af9a-5c80155cc685
https://citicards.citi.com/ 241 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://citicards.citi.com/9cc3816a-85cc-4996-af9a-5c80155cc685
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=0882146DFC9C49AA904D7290BED13566
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a4feacf07f26856360c14267fa1d8edd0459996feb8ad471da273cbf7510e4cb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Length: 241
Content-Type: text/javascript

GET
H2 200 / Show response
zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com/SIE/ 8 KB
4 KB 97ms
39ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_3VI8kkudS0JJRFc

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

04ce45e70778ae8ff4eb970e620665a7e48552a96ddc99e92b8bf1c08592d985

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:43 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 66322
cf-polished: origSize=9073
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"2371-plMc4Vf+CGoqroHiYCmsJkLyNy0"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7e52dca11d55194b-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin: *

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 189 KB
69 KB 29ms
28ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-916451471

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4f525baeb9ab4830981c4d0d7ba7846b28a3105ebac8aa556fed6680ec82ce97

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:43 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 70211
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 17:23:07 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jul 2023 17:45:43 GMT

GET
H2 451 425466.html Show response
sr.rlcdn.com/ Frame 3AF5 0
98 B 195ms
134ms Document
text/plain 35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://citicards.citi.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Tue, 11 Jul 2023 17:45:43 GMT
via: 1.1 google

GET
H2 200 bat.js Show response
bat.bing.com/ 40 KB
12 KB 100ms
44ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

679804e244b4127b7ecd99a513b57d6a4f91866410e16da69ce02f98f534051d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Tue, 11 Jul 2023 17:45:43 GMT
last-modified: Thu, 11 May 2023 18:08:27 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: AFDD06B058F548D4B8EB123C52B9C4AE Ref B: FRA31EDGE0711 Ref C: 2023-07-11T17:45:43Z
etag: "80df77953384d91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 12183

GET
H2 200 dpm_pixel_min.js Show response
c.tvpixel.com/js/current/ 103 KB
32 KB 88ms
24ms Script
application/javascript 2600:9000:225e:f200:1d:bf0a:0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.tvpixel.com/js/current/dpm_pixel_min.js?aid=citi-d4f85824-1351-4554-91ff-fdb56f962c5c&comscore=true
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:f200:1d:bf0a:0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 61d8137d275f12306e177bc726c2b3e072f9efa4743a0ace6ecbcf7a0932fd07

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:11:18 GMT
x-amz-version-id: oMk5SFqHXboEDRm2.vDWImtx_4ARYxEl
content-encoding: gzip
last-modified: Thu, 16 Sep 2021 18:14:59 GMT
server: AmazonS3
via: 1.1 cfa647edefc0769e715b9781478b0626.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
etag: W/"08e770c8a17bf087d50cec01af0892c2"
age: 63266
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: VaXCkF54IvdDHpiHZfOWDnsToTNGgufPMGqAkqTP0H47ik918qfX5A==

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 4 KB
2 KB 99ms
30ms Script
application/x-javascript 13.225.33.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.33.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-33-74.cdg3.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Tue, 11 Jul 2023 02:17:21 GMT
Content-Encoding: gzip
Via: 1.1 712d13f439dbc19e06adfdbf33812a64.cloudfront.net (CloudFront)
Last-Modified: Thu, 24 Sep 2020 15:15:34 GMT
Server: AmazonS3
X-Amz-Cf-Pop: CDG3-C2
Age: 55703
ETag: W/"98d98b3499058b76d58073cf8ede2f10"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/x-javascript
X-Cache: Hit from cloudfront
Connection: keep-alive
X-Amz-Cf-Id: APY2tFCX2GDwQcZcO2-fksycnvIOdWuPfQ3DxoBqVKBfHjKtfrOPAA==

GET
H/1.1

200
OK

iu3
s.amazon-adsystem.com/
Redirect Chain

https://s.amazon-adsystem.com/iu3?pid=c3702eea-109e-48b0-9ef4-c856bdd405e2&event=PageView
https://s.amazon-adsystem.com/iu3?pid=c3702eea-109e-48b0-9ef4-c856bdd405e2&event=PageView&dcc=t

0
0

134ms
133ms

Image
text/html

52.46.155.104
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.amazon-adsystem.com/iu3?pid=c3702eea-109e-48b0-9ef4-c856bdd405e2&event=PageView&dcc=t
Protocol: HTTP/1.1
Server: 52.46.155.104 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Redirect headers

Pragma: no-cache
Date: Tue, 11 Jul 2023 17:45:44 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 041ZY0KMF58NP20FBB21
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/iu3?pid=c3702eea-109e-48b0-9ef4-c856bdd405e2&event=PageView&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 204 e.gif
nexus.ensighten.com/error/ 0
250 B 28ms
28ms Image
text/plain 108.157.177.44
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nexus.ensighten.com/error/e.gif?msg=%24%20is%20not%20defined&lnn=-1&fn=&cid=1129&client=citi&publishPath=na_prod&rid=2680754&did=572750&errorName=ReferenceError
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.177.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-177-44.mxp53.r.cloudfront.net
Software: CloudFront /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 05:41:03 GMT
via: 1.1 a0adf1c6b3fbf8ce9abab2f3cbc02bca.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: MXP53-P1
age: 43480
x-cache: Hit from cloudfront
cache-control: no-cache, no-store
x-amz-cf-id: gYNMjP5yGX4XRYbKUcgTc_QxSLAjwhnEjnU5BUFHLtDpbtORdjgU7A==

GET
H/1.1 200
OK cls_report Show response
prod.report.nacustomerexperience.citi.com/glassbox/reporting/798b2f12-9162-4a94-91ee-805d883ca266/ 5 KB
2 KB 484ms
103ms XHR
application/json 54.156.57.223
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://prod.report.nacustomerexperience.citi.com/glassbox/reporting/798b2f12-9162-4a94-91ee-805d883ca266/cls_report?_cls_s=ed34f7c5-35d7-4761-bfa6-5a1c4a87dd36%3A0&_cls_v=cfb8f2e1-918b-4dd3-8adb-16c29277f8c4&pv=2&f_cls_s=true

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.156.57.223 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-156-57-223.compute-1.amazonaws.com

Software

GlassBox Cligate /

Resource Hash

b15dda425ab68031ad80a49258350d242e6b3301f25ac06a1aecd4fb8ed9af66

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Tue, 11 Jul 2023 17:45:44 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
Content-Security-Policy: default-src 'self';
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 1191
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Server: GlassBox Cligate
X-Frame-Options: SAMEORIGIN
vary: origin
Content-Type: application/json
access-control-allow-origin: https://citicards.citi.com
access-control-allow-credentials: true
GB-Server: g5025
X-Robots-Tag: noindex

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/ 3 KB
2 KB 125ms
64ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1689097543854&cv=11&fst=1689097543854&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D0882146DFC9C49AA904D7290BED13566&hn=www.googleadservices.com&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&auid=775078116.1689097543&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

63185e63431a24deae169d1bf37793dfd860bf04706465528dfa9d43c0d57f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:43 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1440
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 189 KB
69 KB 28ms
28ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

df681803dc2c0d096df92ed464280c7bd9b1c42e3ff63e1ac0c654312c65ae8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:43 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 70298
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 17:23:07 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jul 2023 17:45:43 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 141 KB
54 KB 33ms
33ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f328cc6ab8c9e8e225306494eef433aa4bf385387485128c9ed9a664ffbd8dea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:43 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55343
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 17:23:07 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jul 2023 17:45:43 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 141 KB
54 KB 35ms
34ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

66081a77c453e3df7aa262aae2a749f065ab9b3cccd70c68a729973b6613d3f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:43 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55154
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 16:32:58 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jul 2023 17:45:43 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 202 KB
72 KB 37ms
36ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

696ee35029971a13037bc65a2311c1a3c5a187c055f114a67fde70a0d72d6cf3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:43 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 73515
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 16:32:58 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jul 2023 17:45:43 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 141 KB
54 KB 47ms
46ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3e0fdaf509585daad27478cbe29083f0ba6664fb1ec0ee8b57b4e7a785d295f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:43 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55206
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 17:23:07 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jul 2023 17:45:43 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 192 KB
69 KB 54ms
53ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a33cb36d57d7874607bf7d75461d7daea34725bf376be8ae37791c319a90bb22

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:43 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 70844
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 17:23:07 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jul 2023 17:45:43 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 141 KB
54 KB 61ms
60ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4cfa8da134e88f6ca6fd00a154999c9ee56de66a56563b202716d97694b9114b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:43 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55206
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 16:32:58 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jul 2023 17:45:43 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 189 KB
69 KB 66ms
66ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

821d840b59f946e3c8c69000255fde178299e4cbd11343bdc6720f165bb55cc9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:43 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 70295
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 16:32:58 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jul 2023 17:45:43 GMT

GET
H2 200 12.ab92b717dec244c92313.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 68 KB
21 KB 45ms
44ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/12.ab92b717dec244c92313.chunk.js?Q_CLIENTVERSION=1.95.0&Q_CLIENTTYPE=web&Q_BRANDID=citicards.citi.com

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1aa2b97a967263d27c2f5591098fdae938891217f7288d1bf03b800963c3d270

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:43 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 85054
cf-polished: origSize=70533
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 29 Jun 2023 19:16:39 GMT
cf-bgj: minify
server: cloudflare
etag: W/"11385-18908960dd8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7e52dca15db1194b-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin: *

OPTIONS
H2 200 tp2
p.tvpixel.com/com.snowplowanalytics.snowplow/ Frame 0
0 327ms
104ms Preflight 34.206.177.80
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://p.tvpixel.com/com.snowplowanalytics.snowplow/tp2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.206.177.80 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-206-177-80.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://citicards.citi.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, SP-Anonymous
access-control-allow-origin: https://citicards.citi.com
access-control-max-age: 600
content-length: 0
date: Tue, 11 Jul 2023 17:45:44 GMT
server: nginx

POST
H2 200 tp2 Show response
p.tvpixel.com/com.snowplowanalytics.snowplow/ 2 B
329 B 312ms
104ms XHR
text/plain 34.206.177.80
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://p.tvpixel.com/com.snowplowanalytics.snowplow/tp2
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.206.177.80 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-206-177-80.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://citicards.citi.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

access-control-allow-origin: https://citicards.citi.com
date: Tue, 11 Jul 2023 17:45:44 GMT
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
server: nginx
content-length: 2
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"

GET
H2 200 p
sb.scorecardresearch.com/ 43 B
300 B 115ms
40ms Image
image/gif 13.249.9.46
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/p?c1=2&c2=34402982&ns_type=hidden&ns_event=page_view&c6=citi-d4f85824-1351-4554-91ff-fdb56f962c5c&c7=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D0882146DFC9C49AA904D7290BED13566&c8=Fraud%20Prevention%20%7C%20Citi.com&c9=&rn=1689097543885
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.249.9.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-249-9-46.cdg53.r.cloudfront.net
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:43 GMT
via: 1.1 ebc2f999559db1a05f6ebf1e799bb574.cloudfront.net (CloudFront)
accept-ch: UA, Platform, Arch, Model, Mobile
x-amz-cf-pop: CDG53-C1
x-cache: Miss from cloudfront
content-type: image/gif
content-length: 43
x-amz-cf-id: IphxlW_J4c2faWhJrvyOXDEBnPqpqRalp7ie-UNVrLqK3yw9pCOxOg==

GET
H2 200 up Show response
insight.adsrvr.org/track/ Frame 737D 0
182 B 145ms
45ms Document
text/html 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=1jw5cvl&ref=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D0882146DFC9C49AA904D7290BED13566&upid=hqgowpz&upv=1.1.0&id=ttdUniversalPixelTag1689097543785&td1=Sapient_cbol_citi_fraud_prevention_lp
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://citicards.citi.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private,no-cache, must-revalidate
content-type: text/html
date: Tue, 11 Jul 2023 17:45:44 GMT
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

GET
H2 204 16001692.js Show response
bat.bing.com/p/action/ 0
118 B 46ms
45ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/16001692.js

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Tue, 11 Jul 2023 17:45:43 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 80D0931DFB6D47C9AC74EAEA1D041C88 Ref B: FRA31EDGE0711 Ref C: 2023-07-11T17:45:43Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
231 B 103ms
103ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=16001692&Ver=2&mid=9f18403e-67b9-40c2-b677-b4360aa3262e&sid=c2755b20201211ee8d4439dbb92657ae&vid=c2758a50201211ee9fe353f30b300669&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Fraud%20Prevention%20%7C%20Citi.com&p=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D0882146DFC9C49AA904D7290BED13566&r=&lt=2757&evt=pageLoad&sv=1&rn=363650

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 11 Jul 2023 17:45:43 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B46965A92C8146A2B8ACB6BEE47065C0 Ref B: FRA31EDGE0711 Ref C: 2023-07-11T17:45:43Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 0
bat.bing.com/action/ 0
288 B 102ms
102ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=16001692&Ver=2&mid=9f18403e-67b9-40c2-b677-b4360aa3262e&sid=c2755b20201211ee8d4439dbb92657ae&vid=c2758a50201211ee9fe353f30b300669&vids=0&msclkid=N&ec=Sapient_cbol_citi_fraud_prevention_lp&ea=Application&p=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm&sw=1600&sh=1200&sc=24&evt=custom&rn=168089

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 11 Jul 2023 17:45:43 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B52CC64EC9514CA9A4783B7DD3A33D27 Ref B: FRA31EDGE0711 Ref C: 2023-07-11T17:45:43Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 16003743.js Show response
bat.bing.com/p/action/ 0
119 B 119ms
119ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/16003743.js

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Tue, 11 Jul 2023 17:45:43 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 479D77D855754C509FF6F2E7477F5C79 Ref B: FRA31EDGE0711 Ref C: 2023-07-11T17:45:43Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
230 B 98ms
97ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=16003743&Ver=2&mid=d050813e-5505-4710-a0dd-43beebe31250&sid=c2755b20201211ee8d4439dbb92657ae&vid=c2758a50201211ee9fe353f30b300669&vids=0&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Fraud%20Prevention%20%7C%20Citi.com&p=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D0882146DFC9C49AA904D7290BED13566&r=&lt=2757&evt=pageLoad&sv=1&rn=178038

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 11 Jul 2023 17:45:43 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B209A4F5B02742778E7FBE8F86471D10 Ref B: FRA31EDGE0711 Ref C: 2023-07-11T17:45:43Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 0
bat.bing.com/action/ 0
229 B 98ms
97ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=16003743&Ver=2&mid=d050813e-5505-4710-a0dd-43beebe31250&sid=c2755b20201211ee8d4439dbb92657ae&vid=c2758a50201211ee9fe353f30b300669&vids=0&msclkid=N&ec=Sapient_cbol_citi_fraud_prevention_lp&ea=Application&p=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm&sw=1600&sh=1200&sc=24&evt=custom&rn=768241

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 11 Jul 2023 17:45:43 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 14743B27FD0E4132824130746D3C7066 Ref B: FRA31EDGE0711 Ref C: 2023-07-11T17:45:43Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 Targeting.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 9 KB
2 KB 246ms
245ms XHR
application/json 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_3VI8kkudS0JJRFc&Q_CLIENTVERSION=1.95.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

384eb62ae7754536af61ed6d5c9d21d8d851b90b61989a2cc1e5e3d530ee508e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://citicards.citi.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Tue, 11 Jul 2023 17:45:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://citicards.citi.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
permissions-policy: camera=(), geolocation=(), microphone=()
trace-id: b890ad3467da2f8b
cf-ray: 7e52dca1be52194b-FRA
timing-allow-origin: *

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/ 3 KB
2 KB 61ms
61ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1689097543955&cv=11&fst=1689097543955&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D0882146DFC9C49AA904D7290BED13566&hn=www.googleadservices.com&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&auid=775078116.1689097543&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

326a0d8ac363daa76c9b2938d275fa59477ef4ee35f9801d830ed4981f2da6fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:43 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1441
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/ 3 KB
2 KB 65ms
64ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1689097543974&cv=11&fst=1689097543974&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D0882146DFC9C49AA904D7290BED13566&hn=www.googleadservices.com&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&auid=775078116.1689097543&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

daf423a441cc07e2f181037bd4f35a8ba4e00d2113d1e92728f25e13559b4a8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:44 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1437
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/ 3 KB
2 KB 65ms
64ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1689097543997&cv=11&fst=1689097543997&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D0882146DFC9C49AA904D7290BED13566&hn=www.googleadservices.com&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&auid=775078116.1689097543&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

84987cdedcc90cb0a9923016915b0c3b087cf65387a89c5cc734c17a02c10971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:44 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1439
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/ 3 KB
2 KB 64ms
64ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1689097544015&cv=11&fst=1689097544015&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D0882146DFC9C49AA904D7290BED13566&hn=www.googleadservices.com&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&auid=775078116.1689097543&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa70a74d0109a75da1868b3371a164439a85e2fc4a74639be6c853cc17dd73a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:44 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1437
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/ 3 KB
2 KB 64ms
63ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1689097544035&cv=11&fst=1689097544035&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D0882146DFC9C49AA904D7290BED13566&hn=www.googleadservices.com&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&auid=775078116.1689097543&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

917e71cb6123948f331dd80b1305232e5e6798c369a1ca9446817dd76b35a0f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:44 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1437
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/ 3 KB
1 KB 68ms
67ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1689097544058&cv=11&fst=1689097544058&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D0882146DFC9C49AA904D7290BED13566&hn=www.googleadservices.com&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&auid=775078116.1689097543&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

806230a0b18d2e9b919ae00db912bb2f58bed92315579bd117e1066f615c17ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:44 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1438
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/ 3 KB
1 KB 64ms
64ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1689097544085&cv=11&fst=1689097544085&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D0882146DFC9C49AA904D7290BED13566&hn=www.googleadservices.com&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&auid=775078116.1689097543&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f7e343246f16227d366385e7b2355ed3a702c2a22cae73f6fa8b124a7913fd3c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:44 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1439
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/ 3 KB
1 KB 77ms
77ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/?random=1689097544120&cv=11&fst=1689097544120&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D0882146DFC9C49AA904D7290BED13566&hn=www.googleadservices.com&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&auid=775078116.1689097543&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

77154acfd74ddb901fc061e679dbe38c543fab911d9d46a4066360746ee5514e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:44 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1442
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/916451471/ 42 B
455 B 92ms
38ms Image
image/gif 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/916451471/?random=1689097543854&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D0882146DFC9C49AA904D7290BED13566&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2610911061&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:44 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/916451471/ 42 B
108 B 88ms
34ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/916451471/?random=1689097543854&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D0882146DFC9C49AA904D7290BED13566&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2610911061&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:44 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/644574043/ 42 B
108 B 92ms
39ms Image
image/gif 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/644574043/?random=1689097543955&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D0882146DFC9C49AA904D7290BED13566&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2117990470&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:44 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/644574043/ 42 B
455 B 86ms
33ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/644574043/?random=1689097543955&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D0882146DFC9C49AA904D7290BED13566&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2117990470&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:44 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/960621875/ 42 B
108 B 94ms
41ms Image
image/gif 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/960621875/?random=1689097543974&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D0882146DFC9C49AA904D7290BED13566&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1714176514&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:44 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/960621875/ 42 B
108 B 86ms
34ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/960621875/?random=1689097543974&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D0882146DFC9C49AA904D7290BED13566&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1714176514&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:44 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/819500023/ 42 B
108 B 94ms
42ms Image
image/gif 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/819500023/?random=1689097544058&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D0882146DFC9C49AA904D7290BED13566&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3852112189&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:44 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/819500023/ 42 B
108 B 87ms
35ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/819500023/?random=1689097544058&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D0882146DFC9C49AA904D7290BED13566&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3852112189&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:44 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/975701947/ 42 B
108 B 91ms
40ms Image
image/gif 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/975701947/?random=1689097543997&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D0882146DFC9C49AA904D7290BED13566&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=322205535&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:44 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/975701947/ 42 B
108 B 38ms
37ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/975701947/?random=1689097543997&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D0882146DFC9C49AA904D7290BED13566&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=322205535&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:44 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/959299794/ 42 B
108 B 41ms
40ms Image
image/gif 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/959299794/?random=1689097544015&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D0882146DFC9C49AA904D7290BED13566&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1785264985&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:44 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/959299794/ 42 B
108 B 35ms
35ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/959299794/?random=1689097544015&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D0882146DFC9C49AA904D7290BED13566&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1785264985&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:44 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/695231162/ 42 B
108 B 42ms
41ms Image
image/gif 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/695231162/?random=1689097544035&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D0882146DFC9C49AA904D7290BED13566&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3368424155&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:44 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/695231162/ 42 B
108 B 36ms
36ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/695231162/?random=1689097544035&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D0882146DFC9C49AA904D7290BED13566&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3368424155&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:44 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/830907969/ 42 B
108 B 40ms
39ms Image
image/gif 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/830907969/?random=1689097544085&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D0882146DFC9C49AA904D7290BED13566&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=708063959&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:44 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/830907969/ 42 B
108 B 37ms
36ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/830907969/?random=1689097544085&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D0882146DFC9C49AA904D7290BED13566&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=708063959&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:44 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 CoreModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 102 KB
32 KB 40ms
36ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.95.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b9265f44392cf6867327d090d6553738c6ce2223ffa70dd3bf82885f6b2d7be6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 85052
cf-polished: origSize=105216
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 29 Jun 2023 19:16:39 GMT
cf-bgj: minify
server: cloudflare
etag: W/"19b00-18908960dd8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7e52dca3a8b2194b-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin: *

GET
H2 200 /
www.google.com/pagead/1p-user-list/10955006959/ 42 B
108 B 49ms
48ms Image
image/gif 2a00:1450:4001:803::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10955006959/?random=1689097544120&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D0882146DFC9C49AA904D7290BED13566&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2793143237&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:44 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/10955006959/ 42 B
108 B 51ms
51ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/10955006959/?random=1689097544120&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D0882146DFC9C49AA904D7290BED13566&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2793143237&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:44 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 7.cff97ca457c7bcbf778b.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 2 KB
919 B 46ms
45ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/7.cff97ca457c7bcbf778b.chunk.js?Q_CLIENTVERSION=1.95.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f2f6e980489a52d69fd72e2bc3c3eeb96bf851d0df449fc865637d63ee4775ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 85029
cf-polished: origSize=2522
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 29 Jun 2023 19:16:39 GMT
cf-bgj: minify
server: cloudflare
etag: W/"9da-18908960dd8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7e52dca3f947194b-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin: *

GET
H2 200 1.0c5a57685cec0137b83a.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 28 KB
7 KB 52ms
52ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/1.0c5a57685cec0137b83a.chunk.js?Q_CLIENTVERSION=1.95.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2bab576a1654b30cbc8ea7514784fe81dd0d35450205e30f0a66498faf577757

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 85029
cf-polished: origSize=29374
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 29 Jun 2023 19:16:39 GMT
cf-bgj: minify
server: cloudflare
etag: W/"72be-18908960dd8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7e52dca3f948194b-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin: *

GET
H2 200 FeedbackButtonModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 63 KB
23 KB 34ms
34ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/FeedbackButtonModule.js?Q_CLIENTVERSION=1.95.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b24c5b325810b01a60487c8a42151b8f6ac44d1173722ec526c54fe7c4b7c762

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 85013
cf-polished: origSize=65177
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 29 Jun 2023 19:16:39 GMT
cf-bgj: minify
server: cloudflare
etag: W/"fe99-18908960dd8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7e52dca3f949194b-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin: *

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 5 KB
2 KB 79ms
33ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_0AioryRkl8bxHM2&Version=21&Q_ORIGIN=https://citicards.citi.com&Q_CLIENTVERSION=1.95.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25ca4a79f782688bb53814c6f6d6a4c97838c77c6629837c873571f0b511253e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

servershortname
date: Tue, 11 Jul 2023 17:45:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 118
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 11 Jul 2023 17:43:46 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7e52dca44a6930cc-FRA
expires: Fri, 08 Jul 2033 17:43:46 GMT

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 2 KB
703 B 79ms
34ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_6sPqDX4wKQujPO6&Version=1&Q_InterceptID=SI_0AioryRkl8bxHM2&Q_ORIGIN=https://citicards.citi.com&Q_CLIENTVERSION=1.95.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d606706bc014b445cce648ddb3b4a05c10e012317100eb36ef6080580515a0bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

servershortname
date: Tue, 11 Jul 2023 17:45:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 118
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 11 Jul 2023 17:43:46 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7e52dca44a6c30cc-FRA
expires: Fri, 08 Jul 2033 17:43:46 GMT

GET
H2 200 Graphic.php
iad1.qualtrics.com/WRQualtricsSiteIntercept/ 2 KB
3 KB 120ms
41ms Image
image/png 95.101.149.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://iad1.qualtrics.com/WRQualtricsSiteIntercept/Graphic.php?IM=IM_2ghDuHHjeSOirNc

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.149.99 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-101-149-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

25f4eeb23f67fe1d74534ed37230ecd54ab4f57524276970dcbeaaf3b0fc64f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy-report-only: report-uri https://sjc1.qualtrics.com/csp-report
content-disposition: inline; filename=feedback.png
content-length: 2196
x-request-id: fc891558-1f10-4ab0-b181-ff81a30b9c1c
referrer-policy: strict-origin-when-cross-origin
etag: "e6ed675f115fb1568bb1aabc00aa3f30"
content-type: image/png
access-control-allow-origin: *
x-transaction-id: 70acd2c9-7609-4879-825b-795b352bb100
cache-control: public, max-age=48
permissions-policy: camera=(), geolocation=(), microphone=()
x-robots-tag: noindex
expires: Tue, 11 Jul 2023 17:46:32 GMT

POST
H2 200 / Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 45 B
215 B 143ms
142ms XHR
text/plain 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_Impress=1&Q_CID=CR_6sPqDX4wKQujPO6&Q_SIID=SI_0AioryRkl8bxHM2&Q_ASID=AS_etUBT4QUD9Btyf4&Q_CLIENTVERSION=1.95.0&Q_CLIENTTYPE=web&r=1689097544520

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f47f21063dfdcbdeffed3d97689b45efae7a52401cd7fc5b8d07c42d2f232ab9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://citicards.citi.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Tue, 11 Jul 2023 17:45:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: strict-origin-when-cross-origin
cf-cache-status: DYNAMIC
content-encoding: br
x-content-type-options: nosniff
server: cloudflare
vary: Accept-Encoding
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://citicards.citi.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
permissions-policy: camera=(), geolocation=(), microphone=()
trace-id: 5512615a7220b743
cf-ray: 7e52dca55b7630cc-FRA

GET
H2 200 wr-dialog-close-btn-white.png
siteintercept.qualtrics.com/WRQualtricsShared/Graphics/siteintercept/ 254 B
525 B 44ms
43ms Image
image/png 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://siteintercept.qualtrics.com/WRQualtricsShared/Graphics/siteintercept/wr-dialog-close-btn-white.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cd5496f75a7c1029bc681f639794b83f034d5ecd884e8514ae12b13eee9eec70

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires: Sun, 24 Apr 2033 13:06:48 GMT
date: Tue, 11 Jul 2023 17:45:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 6496736
cf-polished: origSize=759
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
content-length: 254
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 18 Apr 2023 16:10:58 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=315360000, public
permissions-policy: camera=(), geolocation=(), microphone=()
accept-ranges: bytes
cf-ray: 7e52dca55b50194b-FRA
trace-id: ad81c6c45a4781b0
servershortname

GET
H2 204 r.rnc
data.privacy.ensighten.com/privacy/v1/b/ 0
106 B 23ms
22ms Image
text/plain 3.124.119.57
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.privacy.ensighten.com/privacy/v1/b/r.rnc?n=1&c=1129&i=5jrnsk&p=na_prod&s=15768&d=8HB7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNjExIiwiY2xpZW50SWQiOjExMjksInB1Ymxpc2hQYXRoIjoibmFfcHJvZCIsImluc3RhbmNlSWQiOiI1anJuc2siLCJwYWNrZXQiOjEsIm1vZGUiOiJlbmZvcmNlWgDwCG9va2llcyI6eyJCQU5ORVJfTE9BREVEkQDyJyJ9LCJlbnZpcm9ubWVudCI6IkNCT0wgUHJpdmFjeSIsInJlcXVlc3RzIjpbeyJkZXN0aW5hdM4A8Q5odHRwczovL2NpdGkuYnJpZGdldHJhY2suY29tLwoA8CsvP2lkPTY1MzQ1JnJhbmRvbT02LjUwNzUxMTM3MjgwMDM2RSsxNyIsInR5cGUiOiJpbWciLCJzdGFyywDANjg5MDk3NTQyNzIxpgAAGwEHFACAMywic291cmM5ADFtdXSWAKJPYnNlcnZlckNMSAChdHVzIjoibG9hZMsAQGFzb27KANRdLCJkYXRhUGF0dGVyEgCzbGlzdCI6W10sImlqAL84Njk3ODU5Njd9LPwABZFtZXRyaWNzMS4FAQD5APAaaWQ_ZF92aXNpZF92ZXI9NC40LjAmZF9maWVsZGdyb3VwPUEmbWNvcmcbAfVEMTgzNEQ5QjUyMjhBNzQzMEE0OTBENDUlNDBBZG9iZU9yZyZtaWQ9NDcxNzM0MDA0OTI5NjA5MzQyODQxOTcyNzk3OTkzMDAyNDY0NjQmdHM9MTY1ASY1NVkBMnhochEBC1kBLjU1WQEAFAAFWQGyWEhSX01BTkFHRVJBAAJSAW9hbGxvd2VVASGvODAwMTA0NjExMFUB_13xAG5leHVzLmVuc2lnaHRlbqUDALUCIi9uWwQTLzoD8BZvbXBvbmVudC5waHA_bmFtZXNwYWNlPUJvb3RzdHJhcHBlciZzbgMwY0pznQQfPVkADmNjb2RlLybQBPIeZWRPbj1XZWQlMjBKdWwlMjAwNSUyMDE1OjQ4OjA0JTIwR01UJTIwMjAyMyZDEwUgRD0SBYEmUGFnZUlEPXYEkCUzQSUyRiUyRsIAVWNhcmRzgQMAFQDwAmJvbCUyRmZyYXVkcHJldmVusgT2aCUyRmRlZmF1bHQuaHRtJTNGQlREYXRhJTNERUZlLkIuZ0FCNGYuQi5CMCEuU0VPei5lR0kubFlnLnhHIS5Cai5TWC4wZi5FJTI2UHJvc3BlY3RJRCUzRDA4ODIxNDZERkM5QzQ5QUE5MDRENzI5MEJFRDEzNTY2hQNic2NyaXB0RwMKiAM-NjkziAMYNuEEwmluc2VydEJlZm9yZUIAAokDD9sEI785MDEwNjc3MDgzMoYDBw_YAQ4PMQL_ax80MQIMDxIHQQY3Ah8zNwIoAQ8EwTdjOGFlMWY5YzIwNsIG8Ak4NjcyOTQ5YzY3MDNmNmQuanM_Y29uZGm6A79JZDA9NDg0OTk2M04DET43NjAdASc5MS8ID04DO684OTEyNzQ3NzE41AYID04DDg8XAVAfMhcBDA80AkEGHQEPawQpAR0B4DkzOTM1YTQwOTY1MTY0FAnfMmQ5ZDNmMWQyMzcxMDQCAF8zMzA3MjMCJx8yMwJHnzc4NTAzNjcyMUoDLg8WAUoPMgIBCBYBDzICQgUcAR81ZgQt_xFhOGU2ZTc1NjQ1YTQ3ODc0MzcwMWEwZGUyOWRiNDY2MWYEAF85NzA5OTMCg485NDM2MDM1OEkDLg8XAUsPywgAHzk0Ak8EHQEPNAIu_xFiMTY5YjUyMTFhYmNiNTk1OTdjMmE1MGQwODM0ZGFkNjQCAF81NDgzNDQCEw_JDgAvOThnBEavOTExMjg2ODE0NpoGLg8XAUsPNAIBCBcBD2gEQQYdAQ9RAy7_EGM2NWEzNjA5ZTFiZWVkNzI5NTViODhhZmFjOGNkMzGaBgBAODA4OPYRA_kQDxsMBy83NjMCAR85MwJGrzg3ODQyNTQ2Nzf2EAgPzQgTDxYBSg8yAgEIFgEPMgJBBhwBHzmaBi3_DzkzYmQxMTczZTAwNGM1ZjE0YzhjMzEyNzc0YTE3N2YEAV85MzY2MzMCJj84MDAzAkgA1BNPMDc4M80IMA8XAUkONAIKFwEPNAJDBB0BD5oGLhBmsgT_C2M0ZjRjYzJkYTdiYzc2MDk1N2RhMWQwYTQ3mgYBNzY3NV8VD2YEGy84MDMNSY83NjI1NDgwNxYBiw8yAgEIFgEPMgJCFDkcAQ-CBS7-ETlkOWE3NjY3ZWRhMTY0MjFiNzU5ZDNlNGFlMzRkMjVmzAgAhg8P_woUDhwMLzgwsxJHvzg4MjQ5NTM0NDQxfAUuDxYBSQ8yAgEIFgEPMgJCBRwBD8oILvAHZDc5NTQxN2QxMmM4ZjEyNmU2NGUwMNoIbjZhYmI1NTICXzIxOTA4_QolPzgxN5cGSI8wMjczMTM1MpcGLg8WAUoPMgIACRYBDzICQhQ3HAEPgAUu4WNjYjkxMGYzYjI4NjY1jBHdNjZjYjZlZjNlZGM0MzICbzMwMTMzM5cGFA9lBAAvNDYzAkavOTExNzY5MzkwMxcBjA80AgAJFwEPNAJBBh0BHzaCBS39EWY3OWFlNzQ1MjY0YjQzZjNmYWFhYjg3YmYzY2RiNzViNAJfNDU1ODkzAoK_ODc2NDAxNDI4MzQWAYoPMgJhBhwBD08DCAKVCpEuY3JhenllZ2eYHGNwYWdlcy84IaJlZC9jb21tb24tKwD_FnMvNjFmMjY4OWQ5NWU5NGM2ZWY1OTkyMDJlZGQzMjQwMWMuanORBhE9ODI2ERc3ODY1XgQPRwNBvzg4MzAwNjI2MjA4MQIHDtccay9jYm9sL9Mc7y9qcy84NTEuYnVuZGxl9wAULjcyHxk3ODc09wAA5R1gbmRDaGls4h8A7R0fdUchKTAxNzKHEh82hwcID_AASw5CEQrwAA_nAUIUOfcADxgECAH3AJBvcnBjcmVkaXRQHfITaWMudHQub210cmRjLm5ldC9yZXN0L3YxL2RlbGl2ZXJ5PygkHz07AAFAJnNlc2ok8xVJZD00ZWU5MDQ5NWQzMmI0NWVmOTkxNGMzZTcxMmU3NGRjYyZdA0I9Mi4xlCQDihIPKiIELzg4RQEAABQADyoiR583MTM0ODQyNzFtEQgPBgEBD0EB_xvxBXd3dy5nb29nbGV0YWdtYW5hZ2VygwVwZ3RhZy9qc8Eln0RDLTYyNjAwMOQWEgEFDiNlbkMlAsElKDky5wsPbwNCnzc2MTYyNzYyOC4CCYExLnJmaWh1YloDn2pzL3RjLm1pbjgFFQDGGAzZAB8z2hhOnzk1MTYzMjAxNNkACQCCJ2FkZW1kZXjbAACoJxA15iK_bD9kX25zaWQ9MCM4Iw0GMgdTaWZyYW1mIgqoIi43NQYELzk1OwZHnzgxNjc3NTU2MkQFDB8u_ABSHTguCAr8AA_YAkIEAwEfM_cQCA_FAxdwOTMyMiZsPf0opkxheWVyJmN4PWP6AQJhCQJgJAr6AR85LAkAKDk4_QIPVCE7UDkwMzg4sh0PNggJD_gAUh439gEJ-AAP9gFBBv4AD_kCCA_-ABVfNDE1ODH2ASUN_gA4MzAzShgP_gBBnzg4MTM4NzI5OYMaCQ_-ABVvMjU2NzEw9AIkD_4AAB80IAxPjzcwMTIzMDI5NQ0IAfgICfcoDyAMBj8yODMgDBstODcsDj8zMDTBB0-PNzI1ODkyMjn2FggP9wAZLzI19wAvGTHcBg_sAkKfNzY1MjQ2MDU24AUIlDIwNzY2Njk5cL8IAGguImNh4QcAZS70BDkmcmE9NTA4JnJiPTY0OCZjYT00APEAJl9vPTE3MTY5MTc1Jl90OAwLRg7AbHAmX3Jldj0xJl9waSUACQDxBW9yZGVyaWQ9MSZzc3ZfY3V1aWQ9CwDCcGFja2FnZT1udWxsEQAwcm9kOy8HEgAwYWdlOSwPbAAEL3BlxCtRPCUyMcYrABMAD8grJ0AmcGY9ZwH3ATEyNDE0ODEyMzk0MzU3Njj8Fg85CQctOTM5CTgzMjBLBA8_Bz2PNjQ4MTU5MDZBBggEIwIPVwL_qg0gFwtXAg-0BEEAVgICXQIPogYwIWlt7BNwaGVhZGVyLeEF0C1sb2dvLWRhcmsuc3YQNAOaEA8dNAMgMzH5FgqXDT8zMzSlHU6PODU2MTQyNze4BQkAzgAKnTAPpgcDBAQBMGFsZuQUr2Vlbi1tb2IucG7-ABAdNc0TPzMzOHEcTwBpFT80MzduDwo_aXRp_gAYX3plbGxl9AAUDk0FKDM4TQUP9gJBnzg4MDgwNDk0OJgJMQPyAQ_0ABkP6AEBD_QAVw9HBggP5gIcr2Z1bmRyYWlzZXLtARQP-QBjfzQ4MTY2NzbhAjgP-QAeDtwFD-YCUQP5AB85kAoID_IBHE9iYW5r7AGJQDk0NjJTMA-TOAkP8wBHD8wEYgXzAA_mATdvcm9tYW5jwgUpCNgfD8IFQtA3NTk2Njc3OTQwfV19
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.124.119.57 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-119-57.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:45 GMT
cache-control: no-cache, no-store
server: nginx
expires: Tue, 11 Jul 2023 17:45:44 GMT

GET
H2 204 r.rnc
data.privacy.ensighten.com/privacy/v1/b/ 0
106 B 23ms
23ms Image
text/plain 3.124.119.57
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.privacy.ensighten.com/privacy/v1/b/r.rnc?n=2&c=1129&i=5jrnsk&p=na_prod&s=15650&d=8HB7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNjExIiwiY2xpZW50SWQiOjExMjksInB1Ymxpc2hQYXRoIjoibmFfcHJvZCIsImluc3RhbmNlSWQiOiI1anJuc2siLCJwYWNrZXQiOjEsIm1vZGUiOiJlbmZvcmNlWgDwCG9va2llcyI6eyJCQU5ORVJfTE9BREVEkQDyJyJ9LCJlbnZpcm9ubWVudCI6IkNCT0wgUHJpdmFjeSIsInJlcXVlc3RzIjpbeyJkZXN0aW5hdM4A8ANodHRwczovL2NpdGljYXJkcy4KAPAGLmNvbS9jYm9sL2ZyYXVkcHJldmVuMgDwEC9pbWFnZXMvcm9tYW5jZS5wbmciLCJ0eXBlIjoiaW0NAEBzdGFyxQDANjg5MDk3NTQzMTUyoAAAFQEFFACgMzg2LCJzb3VyYzkAMW11dJAA8QtPYnNlcnZlckNMIiwic3RhdHVzIjoibG9hZMUAQGFzb27EANRdLCJkYXRhUGF0dGVyEgCybGlzdCI6W10sImlqAM83NTk2Njc3OTQxfSz2ADTPZ3JhbmRwYXJlbnRz-wAUHzH7AAAfOPsATp8zOTQ1OTQyMDT7AGkP9gEBD_sAVx81-wA2L2ly7QEVD_IAAR857QFNrzk0MzgyMjg2MDjyAGAP3wIBD_IAVx838gA2X3JlbW90zwQVHTDUAz80MDTnAU6PNzk0NTQ3MzbUAzcP9QAaDuoBD_UAWQ_OAzffcGVyc29uYWwtaW5mb8UFFA_xAQEPwAZOrzk3NjY3NDU1ODPmAjYP_AAhD_gBAQ_8AFcP7QI3ADIIry1jb21wcm9taXPrAxUO0gU_NDEy6wNOnzkwMzA5MTg1OfoBNg_-ACMP_AEAD_4AWA_QBjf_AXNwb29mLXNjcmVlbi1tb2L3AxMuNDnoBR80-wJOrzcwMjkwMzgzMzb9ATY_cGlu8gATHzXpBAAAFAAPqQtKrzkxMDkzNTA3MTHpBDgP8gAWD-MCAA_yAFgP3wQ3X2VtYWls5gEoHzPVBE2vNzE4Nzg4NTA0MNgCNg_0ABkPyQUAHzX0AFcfMvQANl9zdXJwcsAGKh81hA1Onzk1ODQwNTY5NsAGNw_3ABwP1gMBD_cAVw-5BjdPdGV4dNUDFA_zAAAvNjDVA0yvOTAzMTgxMTcxOa0GNw_zABgP1AMAD_MAWA99DjdfbW9iaWySChUO6AE_NTI36AFOfzkyNzI3NDJMEzgP9QAaDuoBD_UAWQ--BTh_ZWN1cml0edQDFA_3AAEPXhFNnzkwODE3OTcyMGkQOB9z9wAbD-MCAQ_3AFcPhgo3kWljb24tYW5pbd0WTy5naWYsFw8tNDd1DC81NXUMTa85MDEwOTQ1MjU46wI4AXQNf251bWJlcnN8DTE_NjA15wRMrzg5OTg3MjgyNDAEAjcgbG-lGA_xAycvNzemCk6fOTgyNTEzOTI5ZRM3D_YAGw7wAw_2AFkPhA03T3Bob27HBycvNzdEFk6fODMzMzQzNjA5mQs3D_QAGQ7PBg_0AFcvMTB4Djd_Z2ltbWlja8UHFA_eAgAfONQDTa85MDY2NDIzMjI50QU3D_YAGw5KEh839gBYD_MdOA_sARoP4gIAD_YAWA-2BggAeCDwCi5yZXBvcnQubmFjdXN0b21lcmV4cGVyaWXJHwX2H5JnbGFzc2JveC8uAPIeaW5nLzc5OGIyZjEyLTkxNjItNGE5NC05MWVlLTgwNWQ4ODNjYTI2Ni9jbHNfMwAgP18MAPEccz1lZDM0ZjdjNS0zNWQ3LTQ3NjEtYmZhNi01YTFjNGE4N2RkMzYlM0EwJjAA8R52PWNmYjhmMmUxLTkxOGItNGRkMy04YWRiLTE2YzI5Mjc3ZjhjNCZwdj0yJmYyAGZzPXRydWVTCTJ4aHI3IAp_IC83OYIDAAAUAAXWFLJYSFJfTUFOQUdFUkEAAnggb2FsbG93ZXsgIZ84NjA0Nzg3OTJcBggPkgH_gPEFd3d3Lmdvb2dsZXRhZ21hbmFnZXIJI9BndGFnL2pzP2lkPUFXBQNQNDUxNDfwIwP5ImJzY3JpcHQ8Agt9Ai04NdALKDg2ixKwaW5zZXJ0QmVmb3LMAg_2IiyvOTExMDY5NTU3NZIRCA_pAEIeOfIFCukAD-UjQQXvAB828gUI8AN6bjN2aThra3VkczBqanJmYy3tBPERZmVlZGJhY2suc2l0ZWludGVyY2VwdC5xdWFsdHJpY3P6AfECU0lFLz9RX1pJRD1aTl8zVklHAHZTMEpKUkZjegQPAAIJHjQAAhg46QmgYXBwZW5kQ2hpbGoED_8BLEA4Nzk1-iMfNqkRCQ8QAWsOVRsZOBABDycCQQYXAQ8WAwiRcC50dnBpeGVs-gHwA2NvbS5zbm93cGxvd2FuYWx5dBQCBBIARi90cDL_AQ95BgQ-ODk2_AEAFAAPeQZHnzcxODU3Nzk1Mp0UCA_oAEAOtBAoODmUFA9hBz4F6AAPaxcJCdABYGpzL2N1cronUS9kcG1f6QHAX21pbi5qcz9haWQ9EwTwAy1kNGY4NTgyNC0xMzUxLTQ1NekI-wlmZi1mZGI1NmY5NjJjNWMmY29tc2NvcmV-CA8EBAkfOAgCAAggAQ8EBjyfMDQyMjgxMjUxHgGSDzkGAQk-Ag8SBEEUOSQBHzIXDgjxHWluc2lnaHQuYWRzcnZyLm9yZy90cmFjay91cD9hZHY9MWp3NWN2bCZyZWY9SCuQJTNBJTJGJTJGTgIKTisAFQBrYm9sJTJGUivwkCUyRmRlZmF1bHQuaHRtJTNGQlREYXRhJTNERUZlLkIuZ0FCNGYuQi5CMCEuU0VPei5lR0kubFlnLnhHIS5Cai5TWC4wZi5FJTI2UHJvc3BlY3RJRCUzRDA4ODIxNDZERkM5QzQ5QUE5MDRENzI5MEJFRDEzNTY2JnVwaWQ9aHFnb3dweiZ1cHY9MS4xLjAmaWQ9dHRkVW5pdmVyc2FsUBEFRVRhZzG6K7A3ODUmdGQxPVNhcOwsEF8mLBBf8AARX9kAFl8sLDZfbHAkBVNpZnJhbeEICiMJLzg5EwYAABQAFHMfLPIISFRNTElGUkFNRV9TRVRBVFRSSUJVVEVwCQ-sCy2fOTcyNDA2MjYwFBEIKGpzBAIwdXBfkywxZXIuMwE2Lmpz5wAPBgQJD-cADQ8GBDtQODcxMzkEEB8x4gIID9kAMg_BAwIPsBdNBt8AD_oJCIFiYXQuYmluZ9IHIWFjwS7wIjA_dGk9MTYwMDE2OTImVmVyPTImbWlkPTlmMTg0MDNlLTY3YjktNDBjMi1iNjc3LWIxE5BhYTMyNjJlJnMqBvMSMjc1NWIyMDIwMTIxMWVlOGQ0NDM5ZGJiOTI2NTdhZSZ2JQA1OGE1JQDwATlmZTM1M2YzMGIzMDA2NjklAPEYcz0xJm1zY2xraWQ9TiZwaT0xMjAwMTAxNTI1JmxnPWVuLVVTJnN3rQAxJnNoHwCwJnNjPTI0JnRsPUaZL0UlMjBQnC_QJTIwJTdDJTIwQ2l0afMALyZwlwSf8BZyPSZsdD0yNzU3JmV2dD1wYWdlTG9hZCZzdj0xJnJuPTM2MzY1fzEDew0PdDAEEDktGCJlbgowA4gwARQAClUEAM0wD1QEP685MDk1NTY0MTk4ewMID5wCjRcwnAIvZWPvBROhJmVhPUFwcGxpY_IaD4ACNw8HAwQAIgICzBIAGwJmMTY4MDg5jAUPGwIGDpcLKDkwYxsBcAYPGwJDrzg3MTgzMTYxMzEbEggJGwIADQAPYgYVDmgKCtkAD2IGPJ84OTQ0MTg2ODXnAhUPzAAYD1UGAArMAA8WCkEVONIADzcXCADFAA9VBgZHMzc0M1UG_xVkMDUwODEzZS01NTA1LTQ3MTAtYTBkZC00M2JlZWJlMzEyNTBVBj0IuQMPVQb_FW8xNzgwMzg6BBAOwwkoOTDqCA86BEp_NTUyNTkwNdsRCQ-cApkPVQaTVzc2ODI06xUPVQYFHjFlGBA5FAAPcAhTjzgzMjk2MjM1wh8ID-cUCXRXUlNpdGVJBRXQRW5naW5lL1RhcmdldD8LMHBocAYVP29uZQkVAvUIJlFfQ0xJRU5UVkVSU0lPTj0xLjk1LjAXAIZUWVBFPXdlYmEDDzITBC45NEEbARQABUYBD0oSPp85MDg3Mzk5NzcsEQgPOwH_BsAwODczOTk3Nzh9XX0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.124.119.57 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-119-57.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:45 GMT
cache-control: no-cache, no-store
server: nginx
expires: Tue, 11 Jul 2023 17:45:44 GMT

GET
H2 204 r.rnc
data.privacy.ensighten.com/privacy/v1/b/ 0
106 B 23ms
22ms Image
text/plain 3.124.119.57
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.privacy.ensighten.com/privacy/v1/b/r.rnc?n=3&c=1129&i=5jrnsk&p=na_prod&s=14923&d=8HB7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNjExIiwiY2xpZW50SWQiOjExMjksInB1Ymxpc2hQYXRoIjoibmFfcHJvZCIsImluc3RhbmNlSWQiOiI1anJuc2siLCJwYWNrZXQiOjEsIm1vZGUiOiJlbmZvcmNlWgDwCG9va2llcyI6eyJCQU5ORVJfTE9BREVEkQDyJyJ9LCJlbnZpcm9ubWVudCI6IkNCT0wgUHJpdmFjeSIsInJlcXVlc3RzIjpbeyJkZXN0aW5hdM4A8JxodHRwczovL3NpdGVpbnRlcmNlcHQucXVhbHRyaWNzLmNvbS9keGpzbW9kdWxlLzEyLmFiOTJiNzE3ZGVjMjQ0YzkyMzEzLmNodW5rLmpzP1FfQ0xJRU5UVkVSU0lPTj0xLjk1LjAmUV9DTElFTlRUWVBFPXdlYiZRX0JSQU5ESUQ9Y2l0aWNhcmRzLmNpdGkuY29tIiwidHlwZSI6InNjcmlwdCIsInN0YXIaAcA2ODkwOTc1NDM4ODT1AABqAQUUAPECOTQzLCJzb3VyY2UiOiJtdXTlALFPYnNlcnZlckNMIkgAoXR1cyI6ImxvYWQaAUBhc29uGQHUXSwiZGF0YVBhdHRlchIAsmxpc3QiOltdLCJpagDPNzAzNjIzNTM1MH0sSwEF8QV3d3cuZ29vZ2xldGFnbWFuYWdlckgB8AtndGFnL2pzP2lkPUFXLTY0NDU3NDA0MyZsPXoAv0xheWVyJmN4PWMiAAERLjYzAAEnNjUAAc9pbnNlcnRCZWZvcmX6ADCvODk5MjA1Njk0MvoAbh84-gAMD_oBQgUAAR83AAEunzk2MDYyMTg3NfoBNy84MvoBSI8yMDE1NjM3NfoAbw_6AQAJ-gAP-gFDAwABHzb6Ai-fOTc1NzAxOTQ3-gEkDfQETzQwMDf6AUa_OTEyNDA2NDQzOTH0Ai8P-gAsDfoBC_oAD_oBQQYAAR81AAEvjzU5Mjk5Nzk0-gEkHDf0BD80MDL6AUe_ODkwMTc4ODk3MDT6AG4P-gEACfoAD_oBQQYAAQ_6AS-fNjk1MjMxMTYy-gEkHjX6AR806AdIrzk4MTIxMjE0Mjj6AS4P-gAtD_oBAAn6AA_6AUMDAAEfM_QEL484MTk1MDAwMuIJJR42-gEvNjjuBUa_ODg1ODU3ODg0NTb6AS4P-gAtD_oBAAn6AA_6AUIFAAEP-gIvnzgzMDkwNzk2OfQDNx857gVInzcwNDMxMzk4MvoBMA_6ACwP-gEACfoAD_oBQgUAAR85-gIurzEwOTU1MDA2OTX8ASUO6gc_MTMw9gNHnzkzNDk5NDk3MNIOLw_8AC8O_gEK_AAP_gFCBQIBD_IFCIFiYXQuYmluZ8gPQHAvYWM_Ec8vMTYwMDE2OTIuanO0DxE9OTAy0gU3MTM23AGgYXBwZW5kQ2hpbJ0QP3N0Ya0QKa85MDQyODE5NDI4xQkID9kANA6rBgrZAA-5AUEG4AAPsQUIgXNyLnJsY2RuuQH2MDQyNTQ2Ni5odG1sP2VzPTgwNjc2JnU9ZGEzOWEzZWU1ZTZiNGIwZDMyNTViZmVmOTU2MDE4OTBhZmQ4MDcwOeQBU2lmcmFtVhEZcpgSLzc4CwEAHzTkAUavODg4MTI4OTg3N78DCA8EAV4uOTDoAgkEAQ8PAkEGCwEP7wIVA8YDVDA_dGk9ywPySCZWZXI9MiZtaWQ9OWYxODQwM2UtNjdiOS00MGMyLWI2NzctYjQzNjBhYTMyNjJlJnNpZD1jMjc1NWIyMDIwMTIxMWVlOGQ0NDM5ZGJiOTI2NTdhZSZ2aSUANThhNSUA8Bk5ZmUzNTNmMzBiMzAwNjY5JnZpZHM9MCZtc2Nsa2lkPU4mZWM9U2FwURbwCF9jYm9sX2NpdGlfZnJhdWRfcHJldmVuhATRX2xwJmVhPUFwcGxpY_AUMSZwPdUVkCUzQSUyRiUyRjgAGWNhFQAVAGFib2wlMkZPAAZOAKAlMkZkZWZhdWx0JQMxJnN3GAH3FCZzaD0xMjAwJnNjPTI0JmV2dD1jdXN0b20mcm49MTY4MDg5GwMibWduFAoYAy85MBgDAB81sBUJEkFHAAICBV9lcnJvcrAVIY8xODMxNjEzMRQCqBcxFAIhcGmKAf8AMTAxNTI1JmxnPWVuLVVTqQEEQHRsPUYvAkUlMjBQMQKjJTIwJTdDJTIwQ24XDzACN_BmJTNGQlREYXRhJTNERUZlLkIuZ0FCNGYuQi5CMCEuU0VPei5lR0kubFlnLnhHIS5Cai5TWC4wZi5FJTI2UHJvc3BlY3RJRCUzRDA4ODIxNDZERkM5QzQ5QUE5MDRENzI5MEJFRDEzNTY2JnI9Jmx0PTI3NTcmjgLQcGFnZUxvYWQmc3Y9MZUCUDM2MzY1pRkDSBgfaZUCeRA5IwpfNjQxOThxCBUMqQRHMzc0M6kE_xVkMDUwODEzZS01NTA1LTQ3MTAtYTBkZC00M2JlZWJlMzEyNTCpBEkPlQL_FW8xNzgwMzgqBQ8uMTE-Bw8qBVCfNTUyNTkwNTQzBA0HCS0KD5UCjA8-B5NQNzY4MjQ6Hg-pBAwPFAJiYDkwODMyOfAcDwYVCP8caW5zaWdodC5hZHNydnIub3JnL3RyYWNrL3VwP2Fkdj0xanc1Y3ZsJnJlZpgINQ9oBlfwEXVwaWQ9aHFnb3dweiZ1cHY9MS4xLjAmaWQ9dHRkVW5pFiC1YWxQaXhlbFRhZzGKHn83ODUmdGQxwAkTBxIED1cMBj84OTkVBAwPOw46MDg5N_sZPzI2MBIRCA_6Af9ULzkwTQ0AJzU0NRAPTQ1CBAECHzFYDggC5SDwB2Fkcy5nLmRvdWJsZWNsaWNrLm5ldC-TCfACYWQvdmlld3Rocm91Z2hjb24vA_AGaW9uLzkxNjQ1MTQ3MS8_cmFuZG9tRgwE2SHLNTQmY3Y9MTEmZnN0GABBYmc9ZgEA8xEmZ3VpZD1PTiZhc3luYz0xJmd0bT00NWJlMzdhMCZ1X7gMI3VfuQw_dXJsfQSfNmhuPUsiIGFkxiIxaWNlkyO_JmZybT0wJnRpYmHjCxIQYS8Bpjc3NTA3ODExNi6pBOAmdWFtYj0wJnVhdz0wJociET1aDjAlM0SuIvAALmNvbmZpZyZyZm10PTMmBgAWNK8EH3OeIwcfNuoSABg1thoPrwQ6rzkwODQ0NzE2NDGjIAgPrgL__wsPeBYACa4CD2MFQQW1Ah8ycgsVCXgWAAQOD3gWFg_gAA0PjgM6rzg3OTMyMjc1NjnZAE4PFwsCCGcED7kBQQbgAA8vGwgPbgQmBRcoDxwHAD85NTUcBwIAGAAPHAf_ly45NsYlGTFuBA-OAzyPMTkxMTk3NTMmGQgPrgL__wsOgCQKrgIPYwVDBLUCD4AOCA-1AiYFgCsPYwUBHzd_DANPOTc0JmMF_5gfOEMVAQ-FHUefNzc4ODMzMDI1ZhoID64C__8LDy0PAQiuAg9jBUMEtQIP3RUID7UCJgUBKA5jBU80MDU4xgoBARgAD2MF_5Y_NDA2qCYAGDWkKA-1AkJAODYwN60mHzaXFEIEpDAOtQJPMzk5N7UCAQEYAA-1Av-YAC0zImVuyzcCcBYvNDG1Ak_QOTc5MzM1NTIxN31dfQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.124.119.57 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-119-57.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:45 GMT
cache-control: no-cache, no-store
server: nginx
expires: Tue, 11 Jul 2023 17:45:44 GMT

GET
H2 204 r.rnc
data.privacy.ensighten.com/privacy/v1/b/ 0
106 B 20ms
19ms Image
text/plain 3.124.119.57
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.privacy.ensighten.com/privacy/v1/b/r.rnc?n=4&c=1129&i=5jrnsk&p=na_prod&s=9414&d=8HB7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNjExIiwiY2xpZW50SWQiOjExMjksInB1Ymxpc2hQYXRoIjoibmFfcHJvZCIsImluc3RhbmNlSWQiOiI1anJuc2siLCJwYWNrZXQiOjEsIm1vZGUiOiJlbmZvcmNlWgDwCG9va2llcyI6eyJCQU5ORVJfTE9BREVEkQDyJyJ9LCJlbnZpcm9ubWVudCI6IkNCT0wgUHJpdmFjeSIsInJlcXVlc3RzIjpbeyJkZXN0aW5hdM4A8ypodHRwczovL2dvb2dsZWFkcy5nLmRvdWJsZWNsaWNrLm5ldC9wYWdlYWQvdmlld3Rocm91Z2hjb24RAfsbLzk1OTI5OTc5NC8_cmFuZG9tPTE2ODkwOTc1NDQwMTUmY3Y9MTEmZnN0GABBYmc9ZgEA8BYmZ3VpZD1PTiZhc3luYz0xJmd0bT00NWJlMzdhMCZ1X3c9MTYwCQBAaD0xMgkAMXJsPbYA8AQlM0ElMkYlMkZjaXRpY2FyZHMuCgBALmNvbRUA8AJib2wlMkZmcmF1ZHByZXZlbvIA9XAlMkZkZWZhdWx0Lmh0bSUzRkJURGF0YSUzREVGZS5CLmdBQjRmLkIuQjAhLlNFT3ouZUdJLmxZZy54RyEuQmouU1guMGYuRSUyNlByb3NwZWN0SUQlM0QwODgyMTQ2REZDOUM0OUFBOTA0RDcyOTBCRUQxMzU2NiZobj13d3cuZgFwZXJ2aWNlc6wA0CZmcm09MCZ0aWJhPUauAEclMjBQsQCxMCU3QyUyMENpdGkvABBhLwGlNzc1MDc4MTE2Lm4B8QUzJnVhbWI9MCZ1YXc9MCZkYXRhPfcA8AclM0RndGFnLmNvbmZpZyZyZm10PTMmBgDwCTQiLCJ0eXBlIjoic2NyaXB0Iiwic3RhcoQCBsUBIDI2XwIA1AIFFACgMTU4LCJzb3VyYzwAsmFwcGVuZENoaWxkQQCQdHVzIjoibG9hEABgcmVhc29ufAIwXSwilgBkUGF0dGVyEgCybGlzdCI6W10sImljAM84OTIyNzIxNzU4fSyuAv__Ix83rgIMMW11dP0Er09ic2VydmVyQ0y1AjkfObUCQJ82OTUyMzExNjJjBQEfM2MFBD8zNSZjBf-YLzQ0tQIMD2MFOr85MDc4NjA4NDA5NK4C__8lHzWuAgwPYwVBBrUCHzW1AkCfODMwOTA3OTY5YwUBHzhjBQQfOGMF_5ofOcYKAC82M8YKRq83ODg1MjcwNjY2rgL__yUPxgoACa4CD2MFQRU4tQIfN7UCQK8xMDk1NTAwNjk1ZQUBPzEyMCsQAgAYAA_ICv-XPTEzMBoINzIwOWUFD7cCQQBtEm8zNTQ4MzjPCgjxB3NpdGVpbnRlcmNlcHQucXVhbHRyaWOBEfECL2R4anNtb2R1bGUvQ29yZU0LAPQMLmpzP1FfQ0xJRU5UVkVSU0lPTj0xLjk1LjAmFwDwBFRZUEU9d2ViJlFfQlJBTkRJRD2BEo9mZWVkYmFja10RET0yMDEyARAzFAAPXRFDvzkxMTQxNzk5MTEy4gMHDysBhh8yKwEMD10CQgUyAR8zMgEjdFdSU2l0ZUl7AvICRW5naW5lL0Fzc2V0LnBocD9uAvIGPVNJXzBBaW9yeVJrbDhieEhNMiZWcxbCPTIxJlFfT1JJR0lO-RQwOi8vaAIK8xQFlgIPrQIMBpYCMnhocvoQCvATEDOxAyJlbo0TAFwDMTU0NBQABZMCslhIUl9NQU5BR0VSQQAC8BNvYWxsb3dl8xMhnzkzNjM1Njc2NC0JCA-WAgkPZAH_efUDQ1JfNnNQcURYNHdLUXVqUE82yAIAxwIFCAMvSUTzAgEP6AJaHjGtBhAzFAAP6AJGvzkwMjU0Njg4NDUwTARKD4QB_0sHLQgTRukHYkJ1dHRvbskFDzcIUz4zMDgMByc1NmkJDzEUOq84OTk0NTc2ODg3fBEID6EFCQ81AXMA3QMM2QYJNQEPQQhBBjwBD1UNCA88ART_DTcuY2ZmOTdjYTQ1N2M3YmNiZjc3OGIuY2h1bmt5AlUOmQ4oMzXiCw95AjuvNzkwNjUxMTE5MTIFIwd5Ag89AXAPgQICCD0BD4ECQgVEAQ8fDS9gMS4wYzVhCwTPNWNlYzAxMzdiODNhgQJbD_oEAAkaEQ-BAjufOTQwNDM3NTk2PQGyD4ECAQk9AQ-BAkIFRAEP3ws6sD9RX0ltcHJlc3M9WgpPQ0lEPfkIAE9RX1NJbAoF_whBU0lEPUFTX2V0VUJUNFFVRDlCdHlmNEoNFScmctMiIDUyFCQDTSEPWg0ELjUycgoBFAAPcgpIwDUzNTgzMTYyMX1dfQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.124.119.57 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-119-57.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:47 GMT
cache-control: no-cache, no-store
server: nginx
expires: Tue, 11 Jul 2023 17:45:46 GMT

GET
H2 204 r.rnc
data.privacy.ensighten.com/privacy/v1/b/ 0
106 B 20ms
20ms Image
text/plain 3.124.119.57
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.privacy.ensighten.com/privacy/v1/b/r.rnc?n=5&c=1129&i=5jrnsk&p=na_prod&s=1147&d=8HB7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNjExIiwiY2xpZW50SWQiOjExMjksInB1Ymxpc2hQYXRoIjoibmFfcHJvZCIsImluc3RhbmNlSWQiOiI1anJuc2siLCJwYWNrZXQiOjQsIm1vZGUiOiJlbmZvcmNlWgDwCG9va2llcyI6eyJCQU5ORVJfTE9BREVEkQDyJyJ9LCJlbnZpcm9ubWVudCI6IkNCT0wgUHJpdmFjeSIsInJlcXVlc3RzIjpbeyJkZXN0aW5hdM4A9BxodHRwczovL3NpdGVpbnRlcmNlcHQucXVhbHRyaWNzLmNvbS9XUlNpdGVJHgDwaEVuZ2luZS8_UV9JbXByZXNzPTEmUV9DSUQ9Q1JfNnNQcURYNHdLUXVqUE82JlFfU0lJRD1TSV8wQWlvcnlSa2w4YnhITTImUV9BU0lEPUFTX2V0VUJUNFFVRDlCdHlmNCZRX0NMSUVOVFZFUlNJT049MS45NS4wZAAQTBcA8AhUWVBFPXdlYiZyPTE2ODkwOTc1NDQ1MpQB-QV0eXBlIjoieGhyIiwic3RhcnQiOiQAACkBAJ4BCDgAcCwic291cmM5ALJYSFJfTUFOQUdFUkEA0XR1cyI6ImFsbG93ZWRKAUBhc29uSQHUXSwiZGF0YVBhdHRlchIAsWxpc3QiOltdLCJpZgDfOTA1MzU4MzE2MjF9LHsBIxRRiwH6AFNoYXJlZC9HcmFwaGljc7IB8xIvd3ItZGlhbG9nLWNsb3NlLWJ0bi13aGl0ZS5wbmciLCIaASBpbQ0ADxoBEyc2NxoBoGFwcGVuZENoaWwHATJzdGEaATBsb2EQAC9yZRcBGr84Njk4NzY0Mjc5MBcBjB4xMQIJFwExbXV0SgOoT2JzZXJ2ZXJDTDgCDx4BJcA5ODc2NDI3OTF9XX0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.124.119.57 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-119-57.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:47 GMT
cache-control: no-cache, no-store
server: nginx
expires: Tue, 11 Jul 2023 17:45:46 GMT

Verdicts & Comments Add Verdict or Comment

86 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

48 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
prod.report.nacustomerexperience.citi.com/glassbox/reporting/798b2f12-9162-4a94-91ee-805d883ca266	1969-12-31 23:59:59	Name: _cls_cfgver Value: 5a59ddc9
prod.report.nacustomerexperience.citi.com/glassbox/reporting/798b2f12-9162-4a94-91ee-805d883ca266	1969-12-31 23:59:59	Name: _cls_s Value: ed34f7c5-35d7-4761-bfa6-5a1c4a87dd36:0
prod.report.nacustomerexperience.citi.com/glassbox/reporting/798b2f12-9162-4a94-91ee-805d883ca266	1969-12-31 23:59:59	Name: _cls_v Value: cfb8f2e1-918b-4dd3-8adb-16c29277f8c4
.citi.com/	1970-01-20 13:11:44	Name: ak_bmsc Value: 8D1D6F4EA4B34556F065F653BD102A46~000000000000000000000000000000~YAAQovAQAvdqxkOJAQAANRgPRhRYxusKdLz/ie4PB+fK/1xsCEXhyV2HUmDh9Fbje47FS/AUfvRVGLUnZo6sNbSDDlnGUnE9aeiw1kOqRgyMZakfYCSgC+9BqHy58v3Eu3jTiUdrbMFTjs7LTEHNDJC5xqXqPxAcL3zmVvMs8A3s6MFWp59wC4UgyIpb2l+fMFOhXQl9OHx+SmiGx6hap55HoxCR8MozyKfaIXG8kFEA73kNeDu+V+g9SB0iJE0/CHo9jwRkAV5oz1ZMAUw+pROew6YooXNOPTnX46bZ0vqWvdFNXkweRTmD5tlFPYkr5yiKAHk=
.citi.bridgetrack.com/	1970-01-20 21:50:01	Name: ATC1 Value: 53876\|ZRzV2.B.iAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.C.E
.citi.bridgetrack.com/	1970-01-20 21:49:12	Name: CitiBT Value: GUID=832361C946EC4B7B83D0408C769834B8
.citi.bridgetrack.com/	1969-12-31 23:59:59	Name: CitiBTSES Value: SID=99F2C4E15278438EB4F3672B1FC973AD
citicards.citi.com/	1969-12-31 23:59:59	Name: CitiBTSES Value: SID=948CACD371C74800A3A706C23F523284
.citi.com/	1970-01-20 13:11:44	Name: ensighten_conentSync_timestamp Value: 1
.citi.bridgetrack.com/	1970-01-20 21:49:12	Name: CitiBT%5F1 Value: GUID=832361C946EC4B7B83D0408C769834B8&SID=0882146DFC9C49AA904D7290BED13566
.demdex.net/	1970-01-20 17:30:49	Name: demdex Value: 52480327093194775913718884247007457891
.citi.com/	1970-01-20 21:57:13	Name: CITI_ENSIGHTEN_PRIVACY_BANNER_LOADED Value: 1
.citi.com/	1969-12-31 23:59:59	Name: CITI_ENSIGHTEN_CC_SYNC Value: 0
.citi.com/	1969-12-31 23:59:59	Name: at_check Value: true
.citi.com/	1969-12-31 23:59:59	Name: AMCVS_61834D9B5228A7430A490D45%40AdobeOrg Value: 1
citicards.citi.com/	1970-01-20 13:11:39	Name: 7830 Value: error
citicards.citi.com/	1970-01-20 13:11:39	Name: 7018 Value:
citicards.citi.com/	1970-01-20 15:21:13	Name: 64072 Value:
.citi.com/	1970-01-20 22:47:37	Name: _cls_v Value: cfb8f2e1-918b-4dd3-8adb-16c29277f8c4
.citi.com/	1969-12-31 23:59:59	Name: _cls_s Value: ed34f7c5-35d7-4761-bfa6-5a1c4a87dd36:0
.citi.com/	1970-01-20 22:47:37	Name: s_ecid Value: MCMID%7C47173400492960934284197279799300246464
.citi.com/	1969-12-31 23:59:59	Name: cebs Value: 1
.citi.com/	1970-01-20 15:21:13	Name: _gcl_au Value: 1.1.775078116.1689097543
.everesttech.net/	1970-01-20 21:57:13	Name: everest_g_v2 Value: g_surferid~ZK2VRgAAAOFuGANn
.dpm.demdex.net/	1970-01-20 17:30:49	Name: dpm Value: 52480327093194775913718884247007457891
.citi.com/	1970-01-20 13:13:03	Name: _ce.clock_event Value: 1
.citi.com/	1970-01-20 22:47:37	Name: AMCV_61834D9B5228A7430A490D45%40AdobeOrg Value: 1585540135%7CMCIDTS%7C19550%7CMCMID%7C47173400492960934284197279799300246464%7CMCAAMLH-1689702342%7C6%7CMCAAMB-1689702342%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1689104742s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19557%7CvVersion%7C4.4.0
.citicorpcreditservic.tt.omtrdc.net/	1970-01-20 13:11:39	Name: citicorpcreditservic!mboxSession Value: 4ee90495d32b45ef9914c3e712e74dcc
.citicorpcreditservic.tt.omtrdc.net/	1970-01-20 22:47:37	Name: citicorpcreditservic!mboxPC Value: 4ee90495d32b45ef9914c3e712e74dcc.37_0
.rfihub.com/	1970-01-20 22:33:13	Name: rud Value: H4sIAAAAAAAA_-MSNjU0MjE2MjI2Mjc2NTA1NLMwNhTiM9TNK_bIqnL2LAo3ycoDAMGTo2wlAAAA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAA_-MSNjU0MjE2MjI2Mjc2NTA1NLMwNhTiM9TNK_bIqnL2LAo3ycoDAMGTo2wlAAAA
.citi.com/	1970-01-20 13:11:39	Name: mboxEdgeCluster Value: 37
.citi.com/	1970-01-20 22:47:37	Name: mbox Value: session#4ee90495d32b45ef9914c3e712e74dcc#1689099404\|PC#4ee90495d32b45ef9914c3e712e74dcc.37_0#1752342344
.citi.com/	1970-01-20 13:13:03	Name: _ce.clock_data Value: 35%2C217.114.218.23%2C1%2Cdc0a08e416cd7f8471c71ad711523ca3
.citi.com/	1969-12-31 23:59:59	Name: cebsp_ Value: 1
.citi.com/	1970-01-20 21:57:13	Name: _ce.s Value: v~1b66a5119f54405d0d32ebd47fa361c2b853bdbb~lcw~1689097542910~vpv~0~v11.rlc~1689097543214~lcw~1689097543214
.citi.com/	1970-01-20 13:11:39	Name: _dpm_ses.d03c Value: *
.citi.com/	1970-01-20 21:57:13	Name: _dpm_id.d03c Value: 0da8b972-73e3-408d-9665-a83cdee0b218.1689097544.1.1689097544.1689097544.6f2ffa26-84c6-4d7d-8e7e-91f0a4536c90
.citi.com/	1970-01-20 13:13:03	Name: _uetsid Value: c2755b20201211ee8d4439dbb92657ae
.citi.com/	1970-01-20 22:33:13	Name: _uetvid Value: c2758a50201211ee9fe353f30b300669
.bing.com/	1970-01-20 22:33:13	Name: MUID Value: 2224B7373E9860441746A47C3F346115
.doubleclick.net/	1970-01-20 22:33:13	Name: IDE Value: AHWqTUneqLK3ukCSiDvTCUH5K7QlNpJbDnOCezOlUddFOn7B2fpthMhu-5j5_5hY
prod.report.nacustomerexperience.citi.com/	1970-01-20 13:21:42	Name: AWSALB Value: 41FmDiwbg12XztO8wmwxG8/Vh2n1IzWJlAxv5u78a5l1VC3bLJXa66XI9BrK76iPrDIPsLC4TdpxZXdKaMDRv3qAKLx5iymDahne3YMMgo3EoDO8yKb7Z1Qqdyxf
prod.report.nacustomerexperience.citi.com/	1970-01-20 13:21:42	Name: AWSALBCORS Value: 41FmDiwbg12XztO8wmwxG8/Vh2n1IzWJlAxv5u78a5l1VC3bLJXa66XI9BrK76iPrDIPsLC4TdpxZXdKaMDRv3qAKLx5iymDahne3YMMgo3EoDO8yKb7Z1Qqdyxf
prod.report.nacustomerexperience.citi.com/	1969-12-31 23:59:59	Name: ROUTEID Value: .cligate1
.amazon-adsystem.com/	1970-01-20 19:33:13	Name: ad-id Value: AwP1UXD2zkMvuS7s78FDgUY
.amazon-adsystem.com/	1970-01-20 22:47:37	Name: ad-privacy Value: 0
.tvpixel.com/	1970-01-20 21:57:13	Name: sp Value: ca3de4ae-130d-49a9-a194-8015f4993131

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709 Message: Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

20766699p.rfihub.com
assets-tracking.crazyegg.com
bat.bing.com
c.tvpixel.com
c1.rfihub.net
cdn.digitalmarketing.citibankonline.com
citi.bridgetrack.com
citi.demdex.net
citicards.citi.com
citicorpcreditservic.tt.omtrdc.net
cm.everesttech.net
data.privacy.ensighten.com
dpm.demdex.net
googleads.g.doubleclick.net
iad1.qualtrics.com
insight.adsrvr.org
js.adsrvr.org
metrics1.citi.com
nexus.ensighten.com
p.tvpixel.com
pagestates-tracking.crazyegg.com
prod.report.nacustomerexperience.citi.com
s.amazon-adsystem.com
sb.scorecardresearch.com
script.crazyegg.com
siteintercept.qualtrics.com
sr.rlcdn.com
tagmanager1.citi.com
tracking.crazyegg.com
www.citi.com
www.google.com
www.google.de
www.googletagmanager.com
zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com
104.102.55.191
104.17.208.240
104.17.209.240
108.157.177.44
13.225.33.74
13.249.9.46
18.66.122.74
18.66.97.88
193.0.160.130
2600:9000:225e:f200:1d:bf0a:0:93a1
2600:9000:25a2:8800:1:76cf:fe80:93a1
2606:4700::6813:9408
2620:1ec:c11::200
2a00:1450:4001:803::2004
2a00:1450:4001:80b::2008
2a00:1450:4001:80e::2003
2a00:1450:4001:80f::2002
3.124.119.57
34.107.138.236
34.206.177.80
34.251.46.32
34.253.91.174
34.254.104.147
35.190.22.40
35.190.60.146
35.71.131.137
52.46.155.104
54.156.57.223
54.171.207.236
63.140.62.164
66.235.152.113
95.101.149.99
0155792b9a2663cd6b988cf1c1f79d8cacb5a412f37030d3b3dd310e41e80be6
040d3398f360907cc7ca1b942e2213e6f360d39bac4a5fa9140e3ae82731c747
04ce45e70778ae8ff4eb970e620665a7e48552a96ddc99e92b8bf1c08592d985
0692d8f575c2522bf66816e9190859e9a1135ced06f09a9d4145c146abeaf46b
07f6baeb3a16d7474a408bd4f6ae6bfe8c2538c41ba342f2431ddc64264b4fcf
088ec89b299ba2e9fc01f0ab2102a6ef825bd5ed3e3242f44188e67e0837c8a6
0a747978746092df6f18fe90ef23b9896959f6a9bb0b58cbab2cbc851793e023
1189d926238344b283108b3493cf0469d4fd851d185f22fd9366a225c44d3e7a
169497aeb22981c6c521fc664347e3d61bfa45949950fece4d1b094543bb64f9
18e4bd3ec81538c19da48add5f6bcabe99cabf7279806624e3bdf630537e9447
18fe0fbfef31b4ef603a5827ac377792d1a68b93710d285e88623a79ea0e6870
1a41484bb0aea891e2eb8f99efa8164f45ca0310fb0583df3b7d04febcedb343
1aa2b97a967263d27c2f5591098fdae938891217f7288d1bf03b800963c3d270
1cc998148cc12663c81cd4638e2dab2e75a52568104f426ab305c6773b4ec4ff
1fa281e4dcbd2331514f3e107d332989ffb078ccf119b31dcd9b809ba809fbe6
20f8c21c42ac7f3d70dbb0adcac05cc6eef41a6b362162dc9b48a8930be04287
2584c6004529409e7de7c99038212f52c80abd0ea8433e69bae062fb2fbeeaf3
25ca4a79f782688bb53814c6f6d6a4c97838c77c6629837c873571f0b511253e
25d29d4c6e744e54c9e16f2f27a9cea3d936047813399376dcc5bd852b506a38
25f4eeb23f67fe1d74534ed37230ecd54ab4f57524276970dcbeaaf3b0fc64f9
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
28ced8a7cb30e6f747ad8116dcd11d3dbf5848c2d49a9babbd7d8c94e0a29cf7
2bab576a1654b30cbc8ea7514784fe81dd0d35450205e30f0a66498faf577757
326a0d8ac363daa76c9b2938d275fa59477ef4ee35f9801d830ed4981f2da6fd
3563b6e04f40fe3731855ce09dfd2e5f9e2352a3fe1107ca4bd7be199be7a466
372b67a92ab446419a50836bef8d4cb1e67c3c453635802b8e76851f97506a6a
378dcad8452e76fdacf48e460bb52e37f3d2a531cd8b355c50c81ecc87eef4c8
384eb62ae7754536af61ed6d5c9d21d8d851b90b61989a2cc1e5e3d530ee508e
3e0fdaf509585daad27478cbe29083f0ba6664fb1ec0ee8b57b4e7a785d295f7
40823e46da70af79a0a5cb3b744cd8022291ed41343e53b0cae0acadaa9a583c
40cefd284724286ec23670e16cc7b354c2cee0527edda1ae49eea62b8301bff4
41d6ee7d6834807df0b1c075d37e868b03c8f6474f3d41971cdc660cf36790af
42d4c49897bed678a83319fe6e4d1ae6df09f63888041b88aad384f02cc6d316
465f3efefba82cfd554d95f93205978eeb3c075f3f56e790615ede3e0611411e
4bd2e97ff103e4087829ada73ed0a4f97639bd1cf5fe57744dbb1504e6217d2f
4cfa8da134e88f6ca6fd00a154999c9ee56de66a56563b202716d97694b9114b
4f525baeb9ab4830981c4d0d7ba7846b28a3105ebac8aa556fed6680ec82ce97
4f932aaea7d501169b809fa6509d90084fed0b46a054422e1f1c3860885139d7
56500ab0cde6f2d4378a2b105d7f48f729f23b0b5186c2ae3fc80ab57b1e43b6
57708901f47a20f3fbe1aafedc530fbe49f01fb88714c9b4685426b94759f732
5b67ef142e18bfb86f4dac4a466758f51db4171863f56925eb6ae2c242b416ff
5bc08566dd8013e3cd19dfd6f84bfdd4158f10ccf58fcfb79d70a251a00f6244
6038d7791fbab95f51c10c0c28a125aeffeca7474d5a8e03f77ad48ef69d2c2a
61d1bb42616337c62614385e8a3045e00d5724568b0cbe1701e45b2c80eb5bc6
61d8137d275f12306e177bc726c2b3e072f9efa4743a0ace6ecbcf7a0932fd07
63185e63431a24deae169d1bf37793dfd860bf04706465528dfa9d43c0d57f27
63b98a0c8568c08fd01a6946a147bca65eff26c8085f1ccb5330aafe0f0dcd15
63c932f7017993b8e223761c479a02330b4c28008dbdecf56268d5c69a6f0f72
6424b26e1c9ad15f0ed6d53c59c7fc52b8265ae94a4f6ccbc65657a8ab6693b4
66081a77c453e3df7aa262aae2a749f065ab9b3cccd70c68a729973b6613d3f9
676e54cdee3f1e714af561b2de2074adc44558f0af9228f6a6549591b77ee06d
6790995e96e099f5fcb8e62a1c0bd602f44ddfd8189dd6ff6a0e1449eeb39978
679804e244b4127b7ecd99a513b57d6a4f91866410e16da69ce02f98f534051d
686eb5d7c927dd741ef72adda5c719b478d36f1e29520ee16d5121854c174b10
6896c70fd430a1ffe69dc778926e1866ca52a12bd341170522ad6278aafd7bcf
696482c2e2d088086d19d0fc4406632415e35b741ecc23151a75a39b8766a5d5
696ee35029971a13037bc65a2311c1a3c5a187c055f114a67fde70a0d72d6cf3
69986c944ceb298eab5048f2a0d3f67289b91ac71adda7fe32b94c30c0fd0025
70cfee2273cff08adc1de934c7ba4c26ef37c552c0265a619f7aaae84b366082
77154acfd74ddb901fc061e679dbe38c543fab911d9d46a4066360746ee5514e
798d2817849805518cc159e3194bf87db2de912b5fb65d271d6ad35220b523e6
7b699b93e69fda495eb30c70f72207299c8f949accd7b1e8a935948d59d9af44
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7e00d5a424ff85e9c4c39a0341813e09d662e1f61f128790a5abe1caefb46f92
7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f
806230a0b18d2e9b919ae00db912bb2f58bed92315579bd117e1066f615c17ab
821d840b59f946e3c8c69000255fde178299e4cbd11343bdc6720f165bb55cc9
830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375
84987cdedcc90cb0a9923016915b0c3b087cf65387a89c5cc734c17a02c10971
86551808dbfbf8bc9b23ab3d0725794c2e1f2b4265c96715f2945638160edc2b
8aa70a74d0109a75da1868b3371a164439a85e2fc4a74639be6c853cc17dd73a
8b6cb78db67e8cfb54daacd8a042e69776cff83fded3214b9c1a27f629bcec18
8f1b37fd8027cd3572e65d86ff4abc177632d7a232bccfb149801e25412950df
917e71cb6123948f331dd80b1305232e5e6798c369a1ca9446817dd76b35a0f9
94d185b092eb12a399becc1cf4fbd11ca29ee301156b298cbb16408b8f924702
9a74546a8f511f31b5252f115d2db7aa69370ca5eeaf6828f60abb197f35a169
9b61a38abc0e343f9cdeb049ded0608b26d80ac51673dc59113c661e11b405f8
9e99b16368b8c1087c20b7cfcd4d347ad8d9ad87e2f12c02bde98d77fb0f4aa3
a33cb36d57d7874607bf7d75461d7daea34725bf376be8ae37791c319a90bb22
a3e459748cea4644f18f82a58e89526526ff2e4aa862f4013ef89240a728b9c0
a4d1700a5722627ab817f154047da828c8eab3153daf0251fd4ec06e4a86acea
a4feacf07f26856360c14267fa1d8edd0459996feb8ad471da273cbf7510e4cb
a8027ee9180a5a26fc10c906f300390608b2e6505153ea80390ae15bbe986732
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b15dda425ab68031ad80a49258350d242e6b3301f25ac06a1aecd4fb8ed9af66
b20679c2b5ac8bf42dcd693e1c324b1c7b7f597c9a54c3c6f5609a73c6f08916
b24c5b325810b01a60487c8a42151b8f6ac44d1173722ec526c54fe7c4b7c762
b4574a5464bce4c31ea7e1ad1df26cc530c9aec80c6e9589bad98b2c490f53c3
b9265f44392cf6867327d090d6553738c6ce2223ffa70dd3bf82885f6b2d7be6
baf4a7a4ccd82a4f9c1d589247ad3d0603524ec90348633942409bd59e027528
bfeb1411c94f38006c7a7c93992bfd348f825b5914c94ba2688060e77bd5f630
c090ca35fa296ca439f61d5a139459b3be5bb7c729086bdf268cdf27f236f7d6
c0fb20eb7da599c08ef260ec8603add33ea00a752146ebb8dcb1610c126ec746
c115f10444ec77e06c3a78d333dcc36d1d9996c24ce7086c8cf39caed0dbbc9a
c239243e04a137032106c293cb8cfb93057add704fa7a1c6a6e6c577c400b7fa
c437eb764a99e6cd5172d63c3fae564bbc51eda4981058d5edebd2bf0700eb76
c55531a41c4e531e807f3b8bf2239d470626738ff131c50df61dee9d11779efd
c63de0488dd3407907555cfe3e116489a04cb99057b5133442fb20be704d2876
c892e3f2d2a1431a8ebae99542926bfedf2d7ece6652b04e556d6136cabd8295
cd5496f75a7c1029bc681f639794b83f034d5ecd884e8514ae12b13eee9eec70
d107585e5668bdc16163e383fd78e7a418f1eeb8a1093391dd69d7fd4f14450e
d126d27ad49023fbb9eee98910b70ff75515eedb4c471a20a3d895e8bf160b43
d3032ff7e71a938ab86456c60267b219f399ee6e17588690b26707ac4ab33682
d3c368636acfbc1ad3110ecd7e83cd91201a25035eefb869f0ba53fc80556ae5
d606706bc014b445cce648ddb3b4a05c10e012317100eb36ef6080580515a0bc
d72fcc31881c8545b5d0a716d9b66404dfed56c11ec7f7304a50d94e3b80858a
d7e512037d471d67911554862fb8b410aefdefda17c8e82f8eb07d2416363d1f
d908e0bbf3a80aa1e4108a7847f6a61c1acfb6dd43f7c2e997f9fdc107391577
daf423a441cc07e2f181037bd4f35a8ba4e00d2113d1e92728f25e13559b4a8b
db2ccc051fd7633008012ea29d2598c95d84c9a9c985db4359eb1982bd6f2b8b
dcfe7c5333c1446a6d4b0b3d9cf9fdb5d6d4ad57c604b647475f6e315cfb2e23
df681803dc2c0d096df92ed464280c7bd9b1c42e3ff63e1ac0c654312c65ae8e
e2032422cf97795d878d7e8f6c5680b61003a0e7426d090ad76414416d5e109b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4dda841c731d19974cdfa6ad5694ac6d20e9c10817574afd354413a634981f2
e6f98d87c7721bdc312177198efae237d6e30a3facb030aa924ca95a75485895
e7b44c86b050fca766a96ddac2d0932af0126da6f2305280342d909168dcce6b
ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef30ea175304f6c549c4780d5bf6fd45c3ec79e1ec5dccbd54644231d5a30b88
f071110e088267097a0946520a2a08bd589f971f3ce4cb989feda1415026ac49
f10adae49adfa818062a6eceb50629a68614fb3fc25b59b2f1d77d8850bfd7c8
f2f6e980489a52d69fd72e2bc3c3eeb96bf851d0df449fc865637d63ee4775ae
f328cc6ab8c9e8e225306494eef433aa4bf385387485128c9ed9a664ffbd8dea
f47f21063dfdcbdeffed3d97689b45efae7a52401cd7fc5b8d07c42d2f232ab9
f7e343246f16227d366385e7b2355ed3a702c2a22cae73f6fa8b124a7913fd3c
fd6d62f4d67e7fda1a1402702346bc50fd7c172c18393a4e0210257b2adbe62d

citicards.citi.com Open in urlscan Pro 35.190.22.40 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

163 Requests

97 %HTTPS

25 %IPv6

21 Domains

34 Subdomains

31 IPs

4 Countries

2219 kBTransfer

5283 kBSize

48 Cookies

17 Outgoing links

Page URL History

Redirected requests

163 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

citicards.citi.com Open in urlscan Pro
35.190.22.40 Public Scan

Screenshot
Live screenshot

Full Image

163
Requests

97 %
HTTPS

25 %
IPv6

21
Domains

34
Subdomains

31
IPs

4
Countries

2219 kB
Transfer

5283 kB
Size

48
Cookies

163 HTTP transactions
0 data transactions