webspined.top Open in urlscan Pro
178.159.36.169 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://webspined.top/citi/authsys/
Submission: On April 02 via automatic, source openphish (April 2nd 2020, 12:44:16 am UTC)

Summary HTTP 232 Redirects Links 59 Behaviour Indicators

Summary

This website contacted 41 IPs in 7 countries across 31 domains to perform 232 HTTP transactions. The main IP is 178.159.36.169, located in Russian Federation and belongs to IHOR-AS, RU. The main domain is webspined.top.
TLS certificate: Issued by Let's Encrypt Authority X3 on March 28th 2020. Valid for: 3 months.

This is the only time webspined.top was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citibank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
106	178.159.36.169 178.159.36.169	35196 (IHOR-AS) (IHOR-AS)
1	2a00:1450:400... 2a00:1450:4001:821::200e	15169 (GOOGLE) (GOOGLE)
1	104.111.235.198 104.111.235.198	16625 (AKAMAI-AS) (AKAMAI-AS)
1	66.117.29.3 66.117.29.3	15224 (OMNITURE) (OMNITURE)
1 5	108.128.20.85 108.128.20.85	16509 (AMAZON-02) (AMAZON-02)
7	18.197.253.20 18.197.253.20	16509 (AMAZON-02) (AMAZON-02)
9 33	2a00:1450:400... 2a00:1450:4001:808::2004	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1	52.50.37.223 52.50.37.223	16509 (AMAZON-02) (AMAZON-02)
1	35.181.91.36 35.181.91.36	16509 (AMAZON-02) (AMAZON-02)
1 1	66.117.28.86 66.117.28.86	15224 (OMNITURE) (OMNITURE)
1	104.111.245.241 104.111.245.241	16625 (AKAMAI-AS) (AKAMAI-AS)
3	13.224.194.89 13.224.194.89	16509 (AMAZON-02) (AMAZON-02)
2 4	2a00:1450:400... 2a00:1450:4001:821::2013	15169 (GOOGLE) (GOOGLE)
2 2	52.29.85.133 52.29.85.133	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:815::200e	15169 (GOOGLE) (GOOGLE)
1	23.36.234.139 23.36.234.139	16625 (AKAMAI-AS) (AKAMAI-AS)
2	193.0.160.128 193.0.160.128	54312 (ROCKETFUEL) (ROCKETFUEL)
2	52.129.74.12 52.129.74.12	395492 (IOVATION3) (IOVATION3)
1	40.122.110.249 40.122.110.249	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	3.212.137.125 3.212.137.125	14618 (AMAZON-AES) (AMAZON-AES)
1	143.204.94.29 143.204.94.29	16509 (AMAZON-02) (AMAZON-02)
2	151.101.14.133 151.101.14.133	54113 (FASTLY) (FASTLY)
1	35.190.72.21 35.190.72.21	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:800::2008	15169 (GOOGLE) (GOOGLE)
3 4	172.217.18.166 172.217.18.166	15169 (GOOGLE) (GOOGLE)
1	2600:9000:21f... 2600:9000:21f3:a600:19:fc2c:a140:93a1	16509 (AMAZON-02) (AMAZON-02)
1 1	216.200.122.11 216.200.122.11	6461 (ZAYO-6461) (ZAYO-6461)
1	2a00:1450:400... 2a00:1450:4001:825::2002	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	151.101.14.109 151.101.14.109	54113 (FASTLY) (FASTLY)
10	91.235.134.21 91.235.134.21	30286 (THM) (THM)
2	23.45.237.36 23.45.237.36	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	172.217.22.98 172.217.22.98	15169 (GOOGLE) (GOOGLE)
1	54.246.153.43 54.246.153.43	16509 (AMAZON-02) (AMAZON-02)
1	151.101.13.175 151.101.13.175	54113 (FASTLY) (FASTLY)
9 14	2a00:1450:400... 2a00:1450:4001:81d::2002	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
1	35.241.45.82 35.241.45.82	15169 (GOOGLE) (GOOGLE)
4	192.193.179.248 192.193.179.248	25883 (CITIGROUP) (CITIGROUP)
2	91.235.132.130 91.235.132.130	30286 (THM) (THM)
1	91.235.134.131 91.235.134.131	30286 (THM) (THM)
232	41

106 178.159.36.169 (Russian Federation)

ASN35196 (IHOR-AS, RU)

webspined.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:821::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.235.198 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-235-198.deploy.static.akamaitechnologies.com

cdn.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.117.29.3 (United States)

ASN15224 (OMNITURE, US)

citicorpcreditservic.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 108.128.20.85 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-108-128-20-85.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 18.197.253.20 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com

nexus.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 2a00:1450:4001:808::2004 (Frankfurt am Main, Germany) 9 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com.pk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

api.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.50.37.223 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-50-37-223.eu-west-1.compute.amazonaws.com

citi.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.181.91.36 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-181-91-36.eu-west-3.compute.amazonaws.com

metrics1.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.117.28.86 (United States) 1 redirects

ASN15224 (OMNITURE, US)

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.245.241 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-245-241.deploy.static.akamaitechnologies.com

tags.bkrtx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.224.194.89 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-194-89.fra2.r.cloudfront.net

cdn.pbbl.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:821::2013 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

px0.pbbl.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.29.85.133 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-29-85-133.eu-central-1.compute.amazonaws.com

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:815::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cse.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.36.234.139 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-36-234-139.deploy.static.akamaitechnologies.com

c1.rfihub.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 193.0.160.128 (Netherlands)

ASN54312 (ROCKETFUEL, US)

a.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
20766699p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.129.74.12 (United States)

ASN395492 (IOVATION3, US)
PTR: mpsnare.iesnare.com

mpsnare.iesnare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 40.122.110.249 (Des Moines, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

cfr.us.v2.we-stats.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.212.137.125 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-212-137-125.compute-1.amazonaws.com

cyseal.cyveillance.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.94.29 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-94-29.fra50.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.14.133 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

resources.digital-cloud-citi.medallia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.72.21 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 21.72.190.35.bc.googleusercontent.com

sr.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:800::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.217.18.166 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s29-in-f6.1e100.net

6260004.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21f3:a600:19:fc2c:a140:93a1 (United States)

ASN16509 (AMAZON-02, US)

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.200.122.11 (United States) 1 redirects

ASN6461 (ZAYO-6461, US)
PTR: 216.200.122.11.IPYX-141870-ZYO.zip.zayo.com

gwmtracking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:825::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.14.109 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

pt.ispot.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 91.235.134.21 (Netherlands)

ASN30286 (THM, US)

content22.online.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.45.237.36 (United States)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-45-237-36.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.22.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s18-in-f98.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.246.153.43 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-246-153-43.eu-west-1.compute.amazonaws.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.13.175 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

nebula-cdn.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:81d::2002 (Frankfurt am Main, Germany) 9 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.82 (Ascension Island)

ASN15169 (GOOGLE, US)
PTR: 82.45.241.35.bc.googleusercontent.com

udc-neb.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 192.193.179.248 (United States)

ASN25883 (CITIGROUP, US)

prod.report.nacustomerexperience.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 91.235.132.130 (Netherlands)

ASN30286 (THM, US)
PTR: h.online-metrix.net

h.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.235.134.131 (Netherlands)

ASN30286 (THM, US)

89oebq5ko2dae7iipqlrf55dqum7x5kazulxaynv29d4f1193d5652adam1.e.aa.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
106	webspined.top webspined.top	5 MB
35	google.com 9 redirects www.google.com cse.google.com adservice.google.com	202 KB
18	doubleclick.net 12 redirects 6260004.fls.doubleclick.net ad.doubleclick.net googleads.g.doubleclick.net	10 KB
15	citi.com metrics1.citi.com content22.online.citi.com prod.report.nacustomerexperience.citi.com	55 KB
14	google.de www.google.de	2 KB
14	google.com.pk www.google.com.pk	2 KB
7	pbbl.co 2 redirects cdn.pbbl.co px0.pbbl.co	10 KB
7	ensighten.com nexus.ensighten.com	66 KB
6	demdex.net 1 redirects dpm.demdex.net citi.demdex.net	4 KB
4	googletagmanager.com www.googletagmanager.com	114 KB
3	online-metrix.net h.online-metrix.net 89oebq5ko2dae7iipqlrf55dqum7x5kazulxaynv29d4f1193d5652adam1.e.aa.online-metrix.net	826 B
3	agkn.com 2 redirects aa.agkn.com d.agkn.com	1 KB
2	kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com	6 KB
2	bluekai.com stags.bluekai.com
2	medallia.com resources.digital-cloud-citi.medallia.com	57 KB
2	adsrvr.org js.adsrvr.org insight.adsrvr.org	2 KB
2	iesnare.com mpsnare.iesnare.com	14 KB
2	rfihub.com a.rfihub.com 20766699p.rfihub.com	686 B
2	rlcdn.com api.rlcdn.com sr.rlcdn.com
2	omtrdc.net cdn.tt.omtrdc.net citicorpcreditservic.tt.omtrdc.net	15 KB
1	googleadservices.com www.googleadservices.com	11 KB
1	ispot.tv pt.ispot.tv	314 B
1	facebook.com www.facebook.com	351 B
1	gwmtracking.com 1 redirects gwmtracking.com	387 B
1	cyveillance.com cyseal.cyveillance.com	226 B
1	we-stats.com cfr.us.v2.we-stats.com	375 B
1	rfihub.net c1.rfihub.net	7 KB
1	bkrtx.com tags.bkrtx.com	11 KB
1	everesttech.net 1 redirects cm.everesttech.net	554 B
1	ytimg.com s.ytimg.com	14 KB
0	Failed function sub() { [native code] }. Failed
232	31

	Domain	Requested by
106	webspined.top	webspined.top
33	www.google.com	9 redirects webspined.top cse.google.com
14	www.google.de
14	googleads.g.doubleclick.net	9 redirects www.googleadservices.com
14	www.google.com.pk	webspined.top
10	content22.online.citi.com	webspined.top content22.online.citi.com
7	nexus.ensighten.com	webspined.top
5	dpm.demdex.net	1 redirects webspined.top
4	prod.report.nacustomerexperience.citi.com	webspined.top
4	www.googletagmanager.com	webspined.top
4	px0.pbbl.co	2 redirects webspined.top
3	cdn.pbbl.co	webspined.top nexus.ensighten.com cdn.pbbl.co
2	h.online-metrix.net	content22.online.citi.com
2	stags.bluekai.com	tags.bkrtx.com webspined.top
2	ad.doubleclick.net	2 redirects
2	6260004.fls.doubleclick.net	1 redirects webspined.top
2	resources.digital-cloud-citi.medallia.com	nexus.ensighten.com webspined.top
2	mpsnare.iesnare.com	webspined.top mpsnare.iesnare.com
2	aa.agkn.com	2 redirects
1	89oebq5ko2dae7iipqlrf55dqum7x5kazulxaynv29d4f1193d5652adam1.e.aa.online-metrix.net
1	udc-neb.kampyle.com
1	nebula-cdn.kampyle.com	resources.digital-cloud-citi.medallia.com
1	insight.adsrvr.org	js.adsrvr.org
1	www.googleadservices.com	webspined.top
1	pt.ispot.tv
1	www.facebook.com
1	adservice.google.com
1	gwmtracking.com	1 redirects
1	d.agkn.com
1	sr.rlcdn.com	nexus.ensighten.com
1	js.adsrvr.org	webspined.top
1	cyseal.cyveillance.com	webspined.top
1	cfr.us.v2.we-stats.com	webspined.top
1	20766699p.rfihub.com	webspined.top
1	a.rfihub.com	webspined.top
1	c1.rfihub.net	nexus.ensighten.com
1	cse.google.com	webspined.top
1	tags.bkrtx.com	nexus.ensighten.com
1	cm.everesttech.net	1 redirects
1	metrics1.citi.com	webspined.top
1	citi.demdex.net	webspined.top
1	api.rlcdn.com	webspined.top
1	citicorpcreditservic.tt.omtrdc.net	webspined.top
1	cdn.tt.omtrdc.net	webspined.top
1	s.ytimg.com	webspined.top
0	localhost Failed	webspined.top
232	46

This site contains links to these domains. Also see Links.

Domain
online.citi.com
www.citi.com
www.citicards.com
banking.citi.com
www.lifeandmoney.citi.com
www.citigroup.com
www.facebook.com
www.twitter.com
www.youtube.com
jobs.citi.com
citieasydeals.com
www.citiprivatepass.com
www.privatebank.citibank.com
itunes.apple.com
play.google.com
www.ipbus.citi.com
www.jdpower.com

Subject Issuer	Validity	Valid
webspined.top Let's Encrypt Authority X3	`2020-03-28` - `2020-06-26`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
*.tt.omtrdc.net DigiCert SHA2 High Assurance Server CA	`2017-10-26` - `2020-11-25`	3 years	crt.sh
*.demdex.net DigiCert SHA2 High Assurance Server CA	`2018-01-09` - `2021-02-12`	3 years	crt.sh
nexus.ensighten.com DigiCert SHA2 Secure Server CA	`2019-10-03` - `2020-10-02`	a year	crt.sh
www.google.com GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
*.google.com.pk GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2019-04-24` - `2020-04-23`	a year	crt.sh
metrics1.citi.com DigiCert SHA2 Extended Validation Server CA	`2018-08-31` - `2020-08-30`	2 years	crt.sh
*.bkrtx.com DigiCert SHA2 Secure Server CA	`2020-02-28` - `2021-05-29`	a year	crt.sh
*.pbbl.co Amazon	`2020-01-01` - `2021-02-01`	a year	crt.sh
px0.pbbl.co GTS CA 1D2	`2020-02-29` - `2020-05-29`	3 months	crt.sh
*.rfihub.net DigiCert SHA2 Secure Server CA	`2020-04-01` - `2021-07-01`	a year	crt.sh
*.rfihub.com DigiCert SHA2 Secure Server CA	`2019-08-27` - `2020-08-31`	a year	crt.sh
mpsnare.iesnare.com DigiCert SHA2 High Assurance Server CA	`2019-04-24` - `2020-05-26`	a year	crt.sh
*.us.v2.we-stats.com COMODO RSA Domain Validation Secure Server CA	`2018-10-11` - `2020-10-10`	2 years	crt.sh
cyseal.cyveillance.com Amazon	`2020-01-05` - `2021-02-05`	a year	crt.sh
*.adsrvr.org Trustwave Organization Validation SHA256 CA, Level 1	`2019-03-07` - `2021-04-19`	2 years	crt.sh
*.digital-cloud-citi.medallia.com SSL.com DV CA	`2018-11-13` - `2020-11-12`	2 years	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
*.doubleclick.net GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
*.agkn.com RapidSSL RSA CA 2018	`2018-06-21` - `2020-09-16`	2 years	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-03-01` - `2020-05-30`	3 months	crt.sh
f3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2019-05-29` - `2020-04-23`	a year	crt.sh
content22.online.citi.com DigiCert SHA2 Extended Validation Server CA	`2018-08-06` - `2020-08-06`	2 years	crt.sh
odc-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2020-01-10` - `2021-04-10`	a year	crt.sh
www.googleadservices.com GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
j.ssl.fastly.net GlobalSign Organization Validation CA - SHA256 - G2	`2020-02-28` - `2020-06-11`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
*.kampyle.com RapidSSL RSA CA 2018	`2020-02-11` - `2022-03-06`	2 years	crt.sh
prod.report.nacustomerexperience.citi.com DigiCert Global CA G2	`2018-07-05` - `2020-07-04`	2 years	crt.sh
h.online-metrix.net Trustwave Organization Validation SHA256 CA, Level 1	`2020-02-20` - `2021-02-19`	a year	crt.sh
*.e.aa.online-metrix.net Go Daddy Secure Certificate Authority - G2	`2019-09-13` - `2021-09-13`	2 years	crt.sh

This page contains 14 frames:

Primary Page: https://webspined.top/citi/authsys/
Frame ID: EF062E6B3AF5DC58FC8A7B2D3FD7C10E
Requests: 210 HTTP requests in this frame

Frame: https://citi.demdex.net/dest5.html?d_nsid=0
Frame ID: BF8F3E830C7427427A178B10929521DE
Requests: 1 HTTP requests in this frame

Frame: https://cdn.pbbl.co/i/pp.html
Frame ID: AC7B8CB260B4A211CB4369636988BDFB
Requests: 1 HTTP requests in this frame

Frame: https://20766699p.rfihub.com/ca.html?rfiidc=1871597494760436392&rfiaid=7e1840078edc45d1a35bd80f72e638f6&ver=9&ra=1023&rb=648&ca=20766699&_o=17169175&_t=noncookiedusernamepassword&ssv_cuuid=&ssv_pagename=noncookiedusernamepassword&pe=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&pf=&ra=22327014020368763
Frame ID: AC6D53E0D76DE5CACAB7AFDD5040FAB9
Requests: 1 HTTP requests in this frame

Frame: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Frame ID: 859AE103C81C0459607E949DF36F0E9C
Requests: 1 HTTP requests in this frame

Frame: https://6260004.fls.doubleclick.net/activityi;dc_pre=CMCHoMbByOgCFUQ-GwodHhUBBg;src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=1310435900374.1672;gtm=2od3i0;auiddc=1630767203.1585788241;~oref=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F
Frame ID: AD9DC3C59F663AA228042207A577C48B
Requests: 1 HTTP requests in this frame

Frame: https://content22.online.citi.com/fp/check.js;CIS3SID=E3115D3C2DEA06CEDEA53575A0B33A38?org_id=89oebq5k&session_id=dee744706fd062495a3eacc335976eb8b6a5971c0332489c5b7791fe3abfdf78&nonce=29d4f1193d5652ad&pageid=1&jb=333726246a736d753f4e696e777a2662736f3f4c696c777a246a7b603f436a7a6d6f65253a323736
Frame ID: AB0632B0169844CA2353E460367BDF17
Requests: 10 HTTP requests in this frame

Frame: https://stags.bluekai.com/site/63068?ret=html&phint=language%3Denglish&phint=product%3D&phint=event&phint=category%3Dpre-login%20Sign%20on%20page&phint=page%3DNon%20Cookied%20Username%20Password%20&phint=section1%3DPublic&phint=section2%3DSignOn&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DOnline%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&phint=__bk_k%3Dbanking%2C%20citi%2C%20financial%20services%2C%20checking%20account%2C%20savings%20account%2C%20credit%20cards&phint=__bk_l%3Dhttps%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&phint=__bk_v%3D3.1.4&limit=10&r=56311178
Frame ID: 0EC943818C1AB3891E864124F550D1AC
Requests: 1 HTTP requests in this frame

Frame: https://stags.bluekai.com/site/63068?ret=html&phint=language%3Denglish&phint=product%3D&phint=event&phint=category%3Dpre-login%20Sign%20on%20page&phint=page%3DNon%20Cookied%20Username%20Password%20&phint=section1%3DPublic&phint=section2%3DSignOn&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DOnline%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&phint=__bk_k%3Dbanking%2C%20citi%2C%20financial%20services%2C%20checking%20account%2C%20savings%20account%2C%20credit%20cards&phint=__bk_l%3Dhttps%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&phint=__bk_v%3D3.1.4&limit=10&r=85498098
Frame ID: 680CA3EC7F396D3253F8949549CB8075
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=1jw5cvl&ref=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&upid=t1sl5ty&upv=1.1.0&orderid={orderid}&v={v}&vf={vf}&td1=jUSCBOL_Loginpage_Uncookied&td2=undefined&td3=undefined&td4=Non%20Cookied%20Username%20Password%20&td5=https://webspined.top/citi/authsys/&td6={td6}&td7={td7}&td8={td8}&td9={td9}&td10={td10}
Frame ID: 6799198439E448796B4D8FF0F4C5940E
Requests: 1 HTTP requests in this frame

Frame: https://cdn.pbbl.co/i/pp.html
Frame ID: DBEDA6F9031499C51C1EB6872F5058B6
Requests: 1 HTTP requests in this frame

Frame: https://content22.online.citi.com/fp/ls_fp.html;CIS3SID=E19ECDE603DE58F29C8F7BCF825C1BAA?org_id=89oebq5k&session_id=dee744706fd062495a3eacc335976eb8b6a5971c0332489c5b7791fe3abfdf78&nonce=29d4f1193d5652ad&pageid=1
Frame ID: 6B2BF0FD6A7D50E9CB3F4CB7DED10C4F
Requests: 1 HTTP requests in this frame

Frame: https://h.online-metrix.net/fp/sid_fp.html;CIS3SID=E19ECDE603DE58F29C8F7BCF825C1BAA?org_id=89oebq5k&session_id=dee744706fd062495a3eacc335976eb8b6a5971c0332489c5b7791fe3abfdf78&nonce=29d4f1193d5652ad&pageid=1
Frame ID: AFC1836A164DB4F3A54BBFDCF549EDE8
Requests: 1 HTTP requests in this frame

Frame: https://content22.online.citi.com/fp/top_fp.html;CIS3SID=E19ECDE603DE58F29C8F7BCF825C1BAA?org_id=89oebq5k&session_id=dee744706fd062495a3eacc335976eb8b6a5971c0332489c5b7791fe3abfdf78&nonce=29d4f1193d5652ad&pageid=1
Frame ID: C9E63167E09EF72D0C6C198E9CEA44D0
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Ensighten (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

script /\/\/nexus\.ensighten\.com\//i

Page Statistics

232
Requests

99 %
HTTPS

26 %
IPv6

31
Domains

46
Subdomains

41
IPs

7
Countries

5208 kB
Transfer

6664 kB
Size

15
Cookies

59 Outgoing links

These are links going to different origins than the main page.

URL: https://online.citi.com/US/login.do?locale=es_US
Title: Espa�ol

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/open-a-bank-account
Title: Open an Account

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/citibank-location-finder
Title: ATM / Branch

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/login.do
Title: Citi Bank Logo Citi Bank Logo

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare-credit-cards/citi.action?ID=view-all-credit-cards
Title: View All Credit Cards

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare-credit-cards/citi.action?ID=low-interest-credit-card
Title: 0% Intro APR Credit Cards

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare-credit-cards/citi.action?ID=balance-transfer-credit-cards
Title: Balance Transfer Credit Cards

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare-credit-cards/citi.action?ID=reward-credit-cards
Title: Rewards Credit Cards

Search URL Search Domain Scan URL

URL: https://www.citicards.com/cards/credit/application/flow.action?isInvitation=N&OC=CC-CITI-3D5
Title: See If You're Pre-Qualified

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare-credit-cards/citi.action?ID=all-small-business-credit-cards&m=f
Title: Small Business Credit Cards

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/banking/citi.action?ID=banking-overview
Title: Banking Overview

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/banking/citi.action?ID=checking-account-overview
Title: Checking

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/banking/citi.action?ID=savings-account-overview
Title: Savings

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/banking/citi.action?ID=cd-ira-account-overview
Title: Certificates of Deposit

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/banking/cd-ira/citi.action?ID=citi-ira
Title: Banking IRAs

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/current-interest-rates/checking-saving-accounts
Title: Rates

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/small-business-banking
Title: Small Business

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/personal-loan
Title: Personal Loans & Lines of Credit

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=mortgage_home_mortgage
Title: Mortgage

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=mortgage_heloc
Title: Home Equity

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=FinancialGoals
Title: Your Financial Goals

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=InvestingCiti
Title: Investing with Citi

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=InsightsTools
Title: Insights and Tools

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=CitigoldOverview
Title: Citigold

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=ScamAlert
Title: Learn more about how to protect yourself.

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare-credit-cards/citi.action?ID=view-all-credit-cards&afc=105
Title:

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JSO/uidn/RequestUserIDReminder.do?fuipFlowInd=userID&JFP_TOKEN=ULK8PAZG
Title: Forgot User ID?

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JSO/uidn/RequestUserIDReminder.do?fuipFlowInd=pwd&JFP_TOKEN=ULK8PAZG
Title: Forgot Password?

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/activate/index
Title: Activate a Card

Search URL Search Domain Scan URL

URL: https://online.citi.com/JSO/reg/Setup.do?JFP_TOKEN=ULK8PAZG
Title: Register for Online Access

Search URL Search Domain Scan URL

URL: https://banking.citi.com/cbol/17/checking/basic/generic/default.htm?Promo_ID=CZ92&intc=1~1~52~6~BANR~2~BasicChk_081017~XPX
Title: Banking Made Easy

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/banking/savings/citi.action?ID=citi-savings&intc=1~1~52~6~BANR~2~Generic_Save~XPX
Title: Simplify Your Savings

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/credit-card-details/citi.action?ID=citi-double-cash-credit-card&afc=106&intc=1~1~52~6~BANR~1~dc_citicomREDPE_oct2016
Title: Earn Cash Back Twice

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=compare-savings-checking-cds-and-money-market-accounts&intc=1~1~52~6~BANR~2~Save_Hub2~HP

Search URL Search Domain Scan URL

URL: https://www.lifeandmoney.citi.com/money/family/personal-financial-planning-for-families

Search URL Search Domain Scan URL

URL: https://www.citigroup.com/citi/progress-maker-stories/#CITI-WELCOME

Search URL Search Domain Scan URL

URL: https://www.facebook.com/citi
Title:

Search URL Search Domain Scan URL

URL: https://www.twitter.com/citi
Title:

Search URL Search Domain Scan URL

URL: https://www.youtube.com/citi
Title:

Search URL Search Domain Scan URL

URL: http://www.citigroup.com/citi/
Title: Our Story

Search URL Search Domain Scan URL

URL: https://jobs.citi.com/
Title: Careers

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=ServicesOverview
Title: Benefits and Services

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=Rewards
Title: Rewards

Search URL Search Domain Scan URL

URL: https://citieasydeals.com/
Title: Citi Easy DealsSM

Search URL Search Domain Scan URL

URL: http://www.citiprivatepass.com/
Title: Citi EntertainmentSM

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=SpecialOffers
Title: Special Offers

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=CitiPriorityOverview
Title: Citi Priority

Search URL Search Domain Scan URL

URL: https://www.privatebank.citibank.com/
Title: Citi Private Bank

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=CitiCommercialBanking
Title: Commercial Accounts

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=todays_mortgage_rates&type=buy
Title: Mortgage

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=home_equity_rates
Title: Home Equity

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/current-interest-rates/personal-loans-and-lines-of-credit
Title: Lending

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/contactus
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/helpcenter/main.do
Title: Help & FAQs

Search URL Search Domain Scan URL

URL: https://online.citi.com/JRS/pands/detail.do?ID=SecurityCenter
Title: Security Center

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/app/citi-mobile-sm/id301724680?mt=8
Title:

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.citi.citimobile
Title:

Search URL Search Domain Scan URL

URL: https://www.ipbus.citi.com/
Title: International Personal Bank U.S.

Search URL Search Domain Scan URL

URL: http://www.jdpower.com/awards
Title: jdpower.com/awards

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 91

https://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1585788239168 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1585788239168

Request Chain 131

https://cm.everesttech.net/cm/dd?d_uuid=14190249290536906613135271964089787484 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=XoU1TwAAAXIU0RTJ

Request Chain 147

https://px0.pbbl.co/ns/__p2.gif?ppid=0ec9441a-9ab1-4179-9169-71687f24b119&chk=false&brid=&brcid=&email=&orderId=&orderValue=&productId=&offerCode=&label=&pageUrl=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&referrerUrl=&targetUrl=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&sessionId=&markerType=seg&rand=JsOcVbr5mkbwWhcL&iabOptOut=-&jsVer=3.2.1&frVer=1.1&markerId=348192 HTTP 302
https://aa.agkn.com/adscores/g.pixel?sid=9212282598&_ppid=0ec9441a-9ab1-4179-9169-71687f24b119&_segid=99&iid=fbd4e1bc-12b8-4f26-85b3-3e4a2dedb45d HTTP 302
https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=0ec9441a-9ab1-4179-9169-71687f24b119&_segid=99&_zip=&hk=&iid=fbd4e1bc-12b8-4f26-85b3-3e4a2dedb45d&mt=&bd=

Request Chain 173

https://6260004.fls.doubleclick.net/activityi;src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=1310435900374.1672;gtm=2od3i0;auiddc=1630767203.1585788241;~oref=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F HTTP 302
https://6260004.fls.doubleclick.net/activityi;dc_pre=CMCHoMbByOgCFUQ-GwodHhUBBg;src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=1310435900374.1672;gtm=2od3i0;auiddc=1630767203.1585788241;~oref=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F

Request Chain 175

https://gwmtracking.com/p/v/1/5c54c477f870814b6fd57129/format/img HTTP 302
https://ad.doubleclick.net/ddm/activity/src=8825552;type=invmedia;cat=citio0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1 HTTP 302
https://ad.doubleclick.net/ddm/activity/src=8825552;dc_pre=CP3QzsbByOgCFYbgGwodVGAO5A;type=invmedia;cat=citio0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1 HTTP 302
https://adservice.google.com/ddm/fls/z/src=8825552;dc_pre=CP3QzsbByOgCFYbgGwodVGAO5A;type=invmedia;cat=citio0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1

Request Chain 195

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1585788240867&cv=9&fst=1585788240867&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.googleadservices.com&async=1 HTTP 302
https://www.google.com/pagead/1p-user-list/975701947/?random=1585788240867&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=2483620994&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-user-list/975701947/?random=1585788240867&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=2483620994&resp=GooglemKTybQhCsO&ipr=y&ezwbk=AZuM4hCnpBi4DYWBAc9UZunEaORnDwgYji9FzIC2AUc06YWrgV7lPbJAi8S-W7kj2USYyHnYqDM5UurQt7iBvv0b6Qml

Request Chain 196

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/770961656/?random=1585788240867&cv=9&fst=1585788240867&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.googleadservices.com&async=1 HTTP 302
https://www.google.com/pagead/1p-user-list/770961656/?random=1585788240867&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=2392277057&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-user-list/770961656/?random=1585788240867&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=2392277057&resp=GooglemKTybQhCsO&ipr=y&ezwbk=AZuM4hAPLTJrs449403j7k1BVVKsKjQ7Rrv85E5-aTn6FkRomAzAYtAmqolby55N56azEZFstbSgo2fn9l15LqEmj0JN

Request Chain 197

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1585788240867&cv=9&fst=1585788240867&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.googleadservices.com&async=1 HTTP 302
https://www.google.com/pagead/1p-user-list/819500023/?random=1585788240867&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=3591176530&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-user-list/819500023/?random=1585788240867&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=3591176530&resp=GooglemKTybQhCsO&ipr=y&ezwbk=AZuM4hAU4BCBd1QMCBVjxvCQjaYgn0L2uw3BiC5pWSKcd1uROWgbRNZf69H-4Dg2Z1hoE2FSVBfR68w7FDTwS8V5KOGN

Request Chain 198

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/763960929/?random=1585788240867&cv=9&fst=1585788240867&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.googleadservices.com&async=1 HTTP 302
https://www.google.com/pagead/1p-user-list/763960929/?random=1585788240867&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=2615480674&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-user-list/763960929/?random=1585788240867&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=2615480674&resp=GooglemKTybQhCsO&ipr=y&ezwbk=AZuM4hCz8Xfwj3myxj4QCzB1Vp4lT3dSDNrgGic4aj952KfSfX091CG4o2z9R3oai1lYmBTnWZ8eX1ZWjrT0BH1R2A2j

Request Chain 199

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1585788240868&cv=9&fst=1585788240868&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.googleadservices.com&async=1 HTTP 302
https://www.google.com/pagead/1p-user-list/960621875/?random=1585788240868&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=724926823&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-user-list/960621875/?random=1585788240868&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=724926823&resp=GooglemKTybQhCsO&ipr=y&ezwbk=AZuM4hCiYuuD2tb8H6V0hS4DfU0x2C8z6DBKbObyUs8P60qPg5_XIVoxVcGrnqrc6AlHBy87alWcBm-2oShXv3PB7w2b

Request Chain 200

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1585788240868&cv=9&fst=1585788240868&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.googleadservices.com&async=1 HTTP 302
https://www.google.com/pagead/1p-user-list/916451471/?random=1585788240868&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=3923891799&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-user-list/916451471/?random=1585788240868&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=3923891799&resp=GooglemKTybQhCsO&ipr=y&ezwbk=AZuM4hDAlpYLfKy9yAszMT-hp5irYtBeTKRhfUGOaz1HdM0qH1MRAgGw2NF-N_ZBKx4i7_2KFFr1cWcx5E9q20EO0smg

Request Chain 201

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1585788240868&cv=9&fst=1585788240868&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.googleadservices.com&async=1 HTTP 302
https://www.google.com/pagead/1p-user-list/975701947/?random=1585788240868&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=2704608859&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-user-list/975701947/?random=1585788240868&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=2704608859&resp=GooglemKTybQhCsO&ipr=y&ezwbk=AZuM4hAWI1atug4zwMKSWU3nSYeXCUkcO4XcxOY5izTa4zs9igxPj3c0f6P2M0luRXPIpUPSSzAYwJ0VaR1-GB6tK9pd

Request Chain 202

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/770961656/?random=1585788240868&cv=9&fst=1585788240868&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.googleadservices.com&async=1 HTTP 302
https://www.google.com/pagead/1p-user-list/770961656/?random=1585788240868&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=2806183770&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-user-list/770961656/?random=1585788240868&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=2806183770&resp=GooglemKTybQhCsO&ipr=y&ezwbk=AZuM4hAwws_C472qtdWzNXA7KoAXfw2EBAMPyANYKOS7L3qFJp9eG15IxK_u1hrOGmABW9EHFoCsXNcZzG_-q7wj_HTm

Request Chain 203

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1585788240868&cv=9&fst=1585788240868&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.googleadservices.com&async=1 HTTP 302
https://www.google.com/pagead/1p-user-list/819500023/?random=1585788240868&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=1514269801&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-user-list/819500023/?random=1585788240868&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=1514269801&resp=GooglemKTybQhCsO&ipr=y&ezwbk=AZuM4hCh1fbT2Nb8YFP7-qcjBtBcBTTZw_9pRPnKdI_Z17v0S_YJ9-8nARvKtpIKPWPBN3QH0_EvoSb-RZSx6UFAPmQW

Request Chain 217

https://px0.pbbl.co/ns/__p2.gif?ppid=3e1c0eee-246a-4e02-bab7-f5ca1be77834&chk=false&brid=1560&brcid=&email=&orderId=&orderValue=&productId=&offerCode=&label=&pageUrl=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&referrerUrl=&targetUrl=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&sessionId=&markerType=seg&rand=y1WEypPJ52dFJdXw&iabOptOut=-&jsVer=3.2.1&frVer=1.1&markerId=348192 HTTP 302
https://aa.agkn.com/adscores/g.pixel?sid=9212282598&_ppid=3e1c0eee-246a-4e02-bab7-f5ca1be77834&_segid=99&iid=e52750fc-fb4b-4cd3-a468-74c77d315adc HTTP 302
https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=3e1c0eee-246a-4e02-bab7-f5ca1be77834&_segid=99&_zip=&hk=&iid=e52750fc-fb4b-4cd3-a468-74c77d315adc&mt=&bd=

232 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
webspined.top/citi/authsys/ 340 KB
341 KB 1721ms
247ms Document
text/html 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: d586553c1682e2a6d1807a141d67bb3913f69970be78e7a59f3ab8f688289c89

Request headers

Host: webspined.top
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: document
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: document

Response headers

Date: Thu, 02 Apr 2020 00:43:57 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK cool-2.js Show response
webspined.top/citi/authsys/citi_files/ 14 KB
14 KB 76ms
75ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/cool-2.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:58 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 13891

GET
H/1.1 200
OK conversion_async.js Show response
webspined.top/citi/authsys/citi_files/ 26 KB
26 KB 290ms
71ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/conversion_async.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: c3a8ca323bec5421ae00b96c3ea90ad575cda46fd7f7157522b42427dcb4aa22

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:58 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 26694

GET
H/1.1 200
OK js_002 Show response
webspined.top/citi/authsys/citi_files/ 75 KB
75 KB 202ms
73ms Script
text/plain 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/js_002
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: eca1d20a663a7e242fa10ee2c58c742eb6292c898df29e16734ac7d0df29f277

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:58 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 76912

GET
H/1.1 200
OK js Show response
webspined.top/citi/authsys/citi_files/ 75 KB
75 KB 203ms
70ms Script
text/plain 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: b2fc35bcf7ad38c6cbc6d170cc5bf15a688ba76d282272c3f0af4c6b31eb0631

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:58 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 76912

GET
H/1.1 200
OK js_003 Show response
webspined.top/citi/authsys/citi_files/ 75 KB
75 KB 204ms
70ms Script
text/plain 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/js_003
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: ca7048dd1a1d15f42c04c8f3db2d3bcffc6c7eb1be4506ca9fe2651b07766641

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:58 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 76912

GET
H/1.1 200
OK tc.js Show response
webspined.top/citi/authsys/citi_files/ 20 KB
20 KB 160ms
71ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/tc.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: cb2bb21705b9cce9781d02c9223f3344a65bd5314027d11c5a8518ad4bd84e84

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:58 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:16 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 20028

GET
H/1.1 200
OK 1560.js Show response
webspined.top/citi/authsys/citi_files/ 33 KB
33 KB 67ms
67ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/1560.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 8e60e8edaca8a3167fe48e62f9b53ba1989a5b6a23283555f09ab12175fed96e

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:16 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 33629

GET
H/1.1 200
OK up_loader.js Show response
webspined.top/citi/authsys/citi_files/ 4 KB
4 KB 67ms
67ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/up_loader.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 0615974c40d602afdbf9759533e352bc17b0458c85aad6694b1a1ad20659625b

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=87
Content-Length: 4091

GET
H/1.1 200
OK www-widgetapi.js Show response
webspined.top/citi/authsys/citi_files/ 38 KB
38 KB 68ms
67ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/www-widgetapi.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 575d697f703ea404e1a023022aaeaaa81e98d1873cf2e7687238bd1606e4f625

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=92
Content-Length: 38521

GET
H/1.1 200
OK bk-coretag.js Show response
webspined.top/citi/authsys/citi_files/ 30 KB
30 KB 71ms
71ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/bk-coretag.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 7b8cd61f9d36175fe1b2fc50dfd1585716b9e55a87a82e8ec3c5d9739d6fb939

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=91
Content-Length: 30800

GET
H/1.1 200
OK iframe_api Show response
webspined.top/citi/authsys/citi_files/ 859 B
1 KB 218ms
72ms Script
text/plain 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/iframe_api
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 2e7fac07c1498796cf73dca06ee162b3d56a40908c857ca881b03f67db2fcbe9

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:58 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 859

GET
H/1.1 404
Not Found cyss.js
webspined.top/citi/authsys/citi_files/ 0
0 72ms
71ms Script
text/html 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/cyss.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=91
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK cse.js Show response
webspined.top/citi/authsys/citi_files/ 11 KB
11 KB 67ms
67ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/cse.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: dcaf84b08d6e019948a2b3c463d900cdb61edb7c9da998e3f56bd49075e1f870

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=93
Content-Length: 10772

GET
H/1.1 200
OK 557566dc60916e3de69e006bef252459.js Show response
webspined.top/citi/authsys/citi_files/ 2 KB
2 KB 67ms
67ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/557566dc60916e3de69e006bef252459.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 31b00ff4929696dfca06885da68e58c3e09f6ecb4ae0fe1ae287e99a3fd1f716

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:16 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=86
Content-Length: 2183

GET
H/1.1 200
OK 48070ca8866144aeed1d66dda4fe04f2.js Show response
webspined.top/citi/authsys/citi_files/ 2 KB
3 KB 67ms
66ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/48070ca8866144aeed1d66dda4fe04f2.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: a9cebaefb3003c4944d0d59f71afdca3509d3975af5ff213d2750fdf8f719146

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=91
Content-Length: 2396

GET
H/1.1 200
OK ee55763bbebca7805817a98103ec6f50.js Show response
webspined.top/citi/authsys/citi_files/ 1 KB
1 KB 73ms
73ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/ee55763bbebca7805817a98103ec6f50.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: a612a8f640434c7aaee47569897c1fee79df6f146ec26115e2a8c9be645592b7

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:18 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=90
Content-Length: 1061

GET
H/1.1 200
OK c85faa5c0b8da7b1a58cd22d5430c4c5.js Show response
webspined.top/citi/authsys/citi_files/ 2 KB
2 KB 71ms
71ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/c85faa5c0b8da7b1a58cd22d5430c4c5.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: f82e13743e667ec749b08d88f08a2a2ea1f688de0b2724b9c0b0b61ca6d680e3

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=90
Content-Length: 2110

GET
H/1.1 200
OK d136239f021c14bd86738c333b8132f8.js Show response
webspined.top/citi/authsys/citi_files/ 7 KB
7 KB 73ms
73ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/d136239f021c14bd86738c333b8132f8.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 1d6b802e59b40aa8540347ab5a754ef472500480deeeea720385753ba96cc8e8

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=92
Content-Length: 7362

GET
H/1.1 200
OK 2906f06ed928da15ec22eab16f8f3588.js Show response
webspined.top/citi/authsys/citi_files/ 448 B
702 B 68ms
67ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/2906f06ed928da15ec22eab16f8f3588.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 3cb1f89cca21255888919872c51263c08dfc181d2600d2375bdbd8fda57788ce

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=90
Content-Length: 448

GET
H/1.1 200
OK 8637af7c210f4e79436bc39f71b49bfa.js Show response
webspined.top/citi/authsys/citi_files/ 1 KB
1 KB 68ms
67ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/8637af7c210f4e79436bc39f71b49bfa.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 06dfb367edf9bbff810def9f75f8695b3ccfbcb2813306609fc6e18fcacfc17e

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:18 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=85
Content-Length: 1042

GET
H/1.1 200
OK 98eab123fd6eeaefc94916fb10ff0a06.js Show response
webspined.top/citi/authsys/citi_files/ 30 KB
30 KB 67ms
67ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/98eab123fd6eeaefc94916fb10ff0a06.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 972256d3bce669df3ed0d7060d4b6897500a1a144c4891700370b6de287ac3d9

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:18 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=92
Content-Length: 30384

GET
H/1.1 200
OK c7fb8fdcd5c59e67afe63c97ddb163c5.js Show response
webspined.top/citi/authsys/citi_files/ 253 KB
254 KB 71ms
71ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/c7fb8fdcd5c59e67afe63c97ddb163c5.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 147d5785b25331ac266f34841b05b4401ec78b0e0de6f85d63993ab0a9b5a253

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:18 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=86
Content-Length: 259429

GET
H/1.1 200
OK 298eff2fda6a766b160eb3fd281b83a1.js Show response
webspined.top/citi/authsys/citi_files/ 126 KB
126 KB 68ms
67ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/298eff2fda6a766b160eb3fd281b83a1.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 470006833167eb6002e768cbe0865a86338c1fec3955d551e0f4f1d6a0ef7fa6

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:20 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=82
Content-Length: 129236

GET
H/1.1 200
OK ac1983fb1741bbd6bf2b1d3952ef4733.js Show response
webspined.top/citi/authsys/citi_files/ 234 B
488 B 67ms
67ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/ac1983fb1741bbd6bf2b1d3952ef4733.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: c8d8089cd33d869efa694df91d860ce8b4f88135e1f2b590906799dc7a19a65a

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=87
Content-Length: 234

GET
H/1.1 200
OK fdf45a7c15c1cee06bb71e10dac4e26e.js Show response
webspined.top/citi/authsys/citi_files/ 989 B
1 KB 73ms
73ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/fdf45a7c15c1cee06bb71e10dac4e26e.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 7df13706eaab8ce9a3dcd2a501f60bc66987c83834d07dfaf07ae56ef814c110

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:18 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=88
Content-Length: 989

GET
H/1.1 200
OK 4b2c20707c9c91f3047831e7c4145026.js Show response
webspined.top/citi/authsys/citi_files/ 97 KB
97 KB 67ms
67ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/4b2c20707c9c91f3047831e7c4145026.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 880960ba5b705083263a8a5329436c1e436a4c5bd618e2551e3c313d18ef88e2

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:16 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=88
Content-Length: 99106

GET
H/1.1 200
OK f1c71c10d3e2f87f440821ca1f9e2e65.js Show response
webspined.top/citi/authsys/citi_files/ 2 KB
2 KB 71ms
71ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/f1c71c10d3e2f87f440821ca1f9e2e65.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: e226935ba96b671378a7552d0669729f2b4733fab20624ed8018e86bad35401e

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=85
Content-Length: 1585

GET
H/1.1 200
OK serverComponent.php Show response
webspined.top/citi/authsys/citi_files/ 2 KB
2 KB 297ms
151ms Script
text/html 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/serverComponent.php
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 60530e65137696fe313bb53b8b09544fae9ee82b9634f3b16af4438297dd143d

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:58 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK tagging.js Show response
webspined.top/citi/authsys/citi_files/ 49 KB
49 KB 251ms
67ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/tagging.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: c713f9fee9d1408520f0badbe1fc24a6b395d2bbf4725aea52b495152aa96375

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:58 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 50115

GET
H/1.1 200
OK main.css
webspined.top/citi/authsys/citi_files/ 45 KB
45 KB 93ms
71ms Stylesheet
text/css 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/main.css
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: c9e01597adbb69b5680a9e8e70ea1eed8b96c729653b96d7ace857baf0dda3f1

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

Date: Thu, 02 Apr 2020 00:43:58 GMT
Last-Modified: Tue, 31 Mar 2020 18:02:10 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 46261

GET
H/1.1 200
OK ddl.css
webspined.top/citi/authsys/citi_files/ 624 KB
624 KB 110ms
67ms Stylesheet
text/css 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/ddl.css
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 6177c6163dc1ad67fb596a94ef3d18a277bfd437dbb3c1a928cd6caacefeff2e

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

Date: Thu, 02 Apr 2020 00:43:58 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 638750

GET
H/1.1 200
OK jfpm.js Show response
webspined.top/citi/authsys/citi_files/ 1 KB
1 KB 67ms
67ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/jfpm.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 9dad502247a8488c21ef5beb32aed1a78b17b748711bec817c472911f76b4ead

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=86
Content-Length: 1035

GET
H/1.1 200
OK main_branding.css
webspined.top/citi/authsys/citi_files/ 272 KB
272 KB 132ms
73ms Stylesheet
text/css 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/main_branding.css
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 8fce07f6ce4b67e852cbde1f7ea1be5347ccedd87527d471edeacffa73e58850

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

Date: Thu, 02 Apr 2020 00:43:58 GMT
Last-Modified: Tue, 31 Mar 2020 20:24:40 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 278501

GET
H/1.1 200
OK vendor.js Show response
webspined.top/citi/authsys/citi_files/ 204 KB
204 KB 285ms
72ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/vendor.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: f2dd1ff20c3df202418f9d59c76f40bdb304d7a85d7163fc9935391528f3dee8

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:58 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 208841

GET
H/1.1 200
OK Bootstrap.js Show response
webspined.top/citi/authsys/citi_files/ 327 KB
327 KB 288ms
67ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/Bootstrap.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: ae76982e42ad8bf33cc3a66ed389810d245242bcfa3dd2e3f05baf330f28098f

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:58 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:20 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 335094

GET
H/1.1 200
OK target.js Show response
webspined.top/citi/authsys/citi_files/ 43 KB
43 KB 320ms
67ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/target.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 7ecf3bf86151cd72036fb67feb8fcbd8c80359e0ca871e1aeb955428ed43c26d

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:58 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:16 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 43582

GET
H/1.1 200
OK ajax Show response
webspined.top/citi/authsys/citi_files/ 811 B
1 KB 372ms
71ms Script
text/plain 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/ajax
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 34642111cd1ba3966912f05c1d166e812429220dbba812d152c149f84783c2b4

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:58 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 811

GET
H/1.1 200
OK homePage.css
webspined.top/citi/authsys/citi_files/ 24 KB
24 KB 148ms
66ms Stylesheet
text/css 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/homePage.css
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: ed48ae9c1a324d49404d9fb4c508b880ca97a65f8fd21d352e241d1e4dfc50e2

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

Date: Thu, 02 Apr 2020 00:43:58 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 24624

GET
H/1.1 200
OK jquery.js Show response
webspined.top/citi/authsys/citi_files/ 6 KB
6 KB 389ms
67ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/jquery.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 629b48196dcc270143a42ce57535b251c655617f8d510277d4a05306c426fd38

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:58 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 6181

GET
H/1.1 200
OK fp.js Show response
webspined.top/citi/authsys/citi_files/ 15 KB
15 KB 76ms
76ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/fp.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: c3c994c3fe9bd4e055f6d0eb42067ecd6bdd3247e136bc22835b9882cfe77c61

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=87
Content-Length: 14913

GET
H/1.1 200
OK citilive-search-responsive.css
webspined.top/citi/authsys/citi_files/ 58 KB
58 KB 178ms
71ms Stylesheet
text/css 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/citilive-search-responsive.css
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: cdb828e2f4e62e1900133748ba426481b6c8383ebaca93133988da409506d3b4

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

Date: Thu, 02 Apr 2020 00:43:58 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 59140

GET
H/1.1 200
OK cse_element__en.js Show response
webspined.top/citi/authsys/citi_files/ 257 KB
257 KB 445ms
72ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/cse_element__en.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 02c39275000c1280f9cde808ebe731ec1924477305678759c1140ecaac49eba0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:58 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 263120

GET
H/1.1 200
OK defaulten.css
webspined.top/citi/authsys/citi_files/ 40 KB
40 KB 180ms
67ms Stylesheet
text/css 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/defaulten.css
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 40a20291f9b526cba58796a4bbd0256d5663313e02c9d5ab5a842476562b3108

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

Date: Thu, 02 Apr 2020 00:43:58 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 41058

GET
H/1.1 200
OK default.css
webspined.top/citi/authsys/citi_files/ 11 KB
12 KB 219ms
67ms Stylesheet
text/css 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/default.css
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 9ceaa25ec7654a66294c16e28989fbf1ecb9cebc9debe96ec597529465c7cd50

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

Date: Thu, 02 Apr 2020 00:43:58 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 11564

GET
H/1.1 200
OK logo.js Show response
webspined.top/citi/authsys/citi_files/ 96 B
349 B 456ms
67ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/logo.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 6f14cc4c5407edf48c27a8c2236547d9dafdc0bad7fe57d9dee3175c6b455ba3

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:58 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 96

GET
H/1.1 200
OK tags.js Show response
webspined.top/citi/authsys/citi_files/ 49 KB
49 KB 525ms
69ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/tags.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: da404e8ea2cb998a7767487a51f6dbb1aa4ec9453dab7e71126cb6b0267fe6fe

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:58 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 49733

GET
H/1.1 200
OK embed.js Show response
webspined.top/citi/authsys/citi_files/ 2 KB
2 KB 576ms
73ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/embed.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 128b5eb2de7c92e9be2f566be1ce1a72763a9be9d4c7554f7ea493f57d7e39e9

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:58 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 1573

GET
H/1.1 200
OK a Show response
webspined.top/citi/authsys/citi_files/ 2 KB
3 KB 596ms
67ms Script
text/plain 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/a
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: a1f007507e50d55dcc97d31f69c0d0414f04c4e0ddad7c63d9521bbe66b61b9e

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:58 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=93
Content-Length: 2345

GET
H/1.1 200
OK a_008 Show response
webspined.top/citi/authsys/citi_files/ 2 KB
3 KB 649ms
73ms Script
text/plain 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/a_008
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 83131c408522e94ac63b45f687605389348c41ef4c5ce751758685e5344365f2

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 2343

GET
H/1.1 200
OK a_013 Show response
webspined.top/citi/authsys/citi_files/ 2 KB
3 KB 654ms
71ms Script
text/plain 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/a_013
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 8e8b13d585f2710514e09e8120bf507b30ab881a62154299ce43c5bce288295f

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 2345

GET
H/1.1 200
OK a_009 Show response
webspined.top/citi/authsys/citi_files/ 2 KB
3 KB 663ms
67ms Script
text/plain 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/a_009
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: f7c141c175b26180e968ca7d970b4b90a71757cfdc24b94edf259f7f868c5ad9

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=92
Content-Length: 2345

GET
H/1.1 200
OK a_003 Show response
webspined.top/citi/authsys/citi_files/ 2 KB
3 KB 724ms
74ms Script
text/plain 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/a_003
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 6f800dbc2a402619523db5634633c056edd6631a3e1c07272efcc72aba5f9e23

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 2343

GET
H/1.1 200
OK a_006 Show response
webspined.top/citi/authsys/citi_files/ 2 KB
3 KB 724ms
71ms Script
text/plain 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/a_006
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 2a67d674e320aa90f0aede04b6ef33f0c5058f51ba35992143d668835250ada0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 2345

GET
H/1.1 200
OK a_005 Show response
webspined.top/citi/authsys/citi_files/ 2 KB
3 KB 730ms
67ms Script
text/plain 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/a_005
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 69b6df72fc5ddac90642b033bbcb81f9f1fe6ff15cc0b5c8b2183f0f5ce56d35

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=91
Content-Length: 2383

GET
H/1.1 200
OK a_010 Show response
webspined.top/citi/authsys/citi_files/ 2 KB
3 KB 743ms
67ms Script
text/plain 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/a_010
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 60fcfe811268e269a4e8c342e0edd9408427d7389f65cea4eec505723652ad4e

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 2381

GET
H/1.1 200
OK a_014 Show response
webspined.top/citi/authsys/citi_files/ 2 KB
3 KB 744ms
67ms Script
text/plain 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/a_014
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 356790802ecb2a1540d0579d10d2290a6617a87890ed3d704fd4b6135eb44151

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 2383

GET
H/1.1 200
OK a_004 Show response
webspined.top/citi/authsys/citi_files/ 2 KB
3 KB 798ms
74ms Script
text/plain 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/a_004
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: dc765047e383edcb315719ed6478836da867b23bcd7e0663a4309acd5bfd3415

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 2381

GET
H/1.1 200
OK a_012 Show response
webspined.top/citi/authsys/citi_files/ 2 KB
3 KB 797ms
73ms Script
text/plain 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/a_012
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 36d1a0ac4cda717bf036ac3e54ed0daabf8e33309691ccfacc9cea849d3eb7ab

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 2383

GET
H/1.1 200
OK a_002 Show response
webspined.top/citi/authsys/citi_files/ 2 KB
3 KB 797ms
68ms Script
text/plain 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/a_002
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 87a7e00bb3ffea9704720947aa77cb9491b7974323368ce730fc008095513863

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=90
Content-Length: 2383

GET
H/1.1 200
OK a_007 Show response
webspined.top/citi/authsys/citi_files/ 2 KB
3 KB 811ms
68ms Script
text/plain 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/a_007
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: f1703972ee925ffbb2d1c34963d21a902a2d762256107ce0f4ddd6a68674d56a

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 2381

GET
H/1.1 200
OK a_011 Show response
webspined.top/citi/authsys/citi_files/ 2 KB
3 KB 810ms
67ms Script
text/plain 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/a_011
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: e5ee9aa788e2555cf3e81bfb7800a4560b335e8407e232b87fe01eee5e4aeaf1

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 2383

GET
H/1.1 200
OK 463166.gif
webspined.top/citi/authsys/citi_files/ 42 B
282 B 67ms
67ms Image
image/gif 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://webspined.top/citi/authsys/citi_files/463166.gif
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=87
Content-Length: 42

GET
H/1.1 200
OK bcsid.js Show response
webspined.top/citi/authsys/citi_files/ 947 B
1 KB 71ms
70ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/bcsid.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 7d481eb36581746fd3662c7c452856b695df90cdce24664c48f565aa119c8b16

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 947

GET
H/1.1 200
OK BiocatchATO.js Show response
webspined.top/citi/authsys/citi_files/ 338 KB
338 KB 74ms
73ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/BiocatchATO.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: f9baacb75f3cb0e0911a506dbdab685aab38537ac52edda6f9b65bc5f0ea306d

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=93
Content-Length: 345857

GET
H/1.1 200
OK cbol-smartSearch.css
webspined.top/citi/authsys/citi_files/ 8 KB
8 KB 72ms
71ms Stylesheet
text/css 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/cbol-smartSearch.css
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 6d3001c9deac8cb1f88ea5254105f8d678de5532f1998a24eab1b59906eaf86b

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 7871

GET
H/1.1 200
OK search-white.png
webspined.top/citi/authsys/citi_files/ 429 B
670 B 102ms
67ms Image
image/png 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://webspined.top/citi/authsys/citi_files/search-white.png
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: e2812b1e3529e5f39e3b0586e82c7ad0dfc3fc61cfa0107edfac16483d0547d7

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=91
Content-Length: 429

GET
H/1.1 200
OK citiHomePage.js Show response
webspined.top/citi/authsys/citi_files/ 14 KB
15 KB 69ms
67ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/citiHomePage.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: d118102507b97407ebf1533cc98ccd2e9d244524b456fd9c2b469b553396238a

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 14828

GET
H/1.1 200
OK rsa.js Show response
webspined.top/citi/authsys/citi_files/ 36 KB
36 KB 70ms
67ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/rsa.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 793c2f3d02d0bc3ad8a2cdc901b2134159b66245e951ac258fee1ac8b2709f44

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 36859

GET
H/1.1 200
OK peworkflow.js Show response
webspined.top/citi/authsys/citi_files/ 5 KB
5 KB 70ms
67ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/peworkflow.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: f6293fa8c399fd492fb1d40068afee4415acd29c573e7b8661d9c49b1aecea95

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=89
Content-Length: 5320

GET
H/1.1 200
OK HP2.jpg
webspined.top/citi/authsys/citi_files/ 53 KB
53 KB 73ms
72ms Image
image/jpeg 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://webspined.top/citi/authsys/citi_files/HP2.jpg
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 359a00b9518a4295a70361f526a7d69cf7dc40099a5ff361a5fbf8c0ee034e0c

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Thu, 02 Apr 2020 00:44:00 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=84
Content-Length: 54363

GET
H/1.1 200
OK 450x285-citi-cluster.png
webspined.top/citi/authsys/citi_files/ 59 KB
59 KB 137ms
67ms Image
image/png 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://webspined.top/citi/authsys/citi_files/450x285-citi-cluster.png
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: d71b39784664cbc1e6905bd0c99918d0452ddf5ebf78f19e1721f4ba125e0d57

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=90
Content-Length: 60075

GET
H/1.1 200
OK errorLogo.svg
webspined.top/citi/authsys/citi_files/GFC/branding/img/ 1 KB
2 KB 132ms
73ms Image
image/svg+xml 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://webspined.top/citi/authsys/citi_files/GFC/branding/img/errorLogo.svg
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: f9bd92ac3e3a127d29f3f9786e6233961312cd256b895975cb5dce2f363916e8

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 24 Apr 2018 20:26:48 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=90
Content-Length: 1352

GET
H2 200 www-widgetapi.js Show response
s.ytimg.com/yts/jsbin/www-widgetapi-vflEtXIPQ/ 38 KB
14 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:821::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s.ytimg.com/yts/jsbin/www-widgetapi-vflEtXIPQ/www-widgetapi.js

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/citi_files/iframe_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

575d697f703ea404e1a023022aaeaaa81e98d1873cf2e7687238bd1606e4f625

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 01 Apr 2020 18:45:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21493
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 13931
x-xss-protection: 0
last-modified: Tue, 31 Mar 2020 22:21:24 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=691200
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
expires: Thu, 09 Apr 2020 18:45:46 GMT

GET
H/1.1 200
OK HP358_M1.jpg
webspined.top/citi/authsys/citi_files/ 93 KB
93 KB 186ms
67ms Image
image/jpeg 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://webspined.top/citi/authsys/citi_files/HP358_M1.jpg
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 3b937262381be3786c1ee9b1a8e59b0ac400f70f88d8cffb42d9ed75df8b18b5

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=89
Content-Length: 95268

GET
H/1.1 200
OK HP417_M.jpg
webspined.top/citi/authsys/citi_files/ 92 KB
92 KB 117ms
67ms Image
image/jpeg 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://webspined.top/citi/authsys/citi_files/HP417_M.jpg
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 52541e17b026b0a2a1edefe177cdd7597acf5ca74c519799809fe9f38402157b

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=83
Content-Length: 94041

GET
H/1.1 200
OK M1-M7_DoubleCash.jpg
webspined.top/citi/authsys/citi_files/ 31 KB
32 KB 185ms
73ms Image
image/jpeg 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://webspined.top/citi/authsys/citi_files/M1-M7_DoubleCash.jpg
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: ddfc50334e444d16f275b7a81eb09c83ddd05bf00a3d47bef2d878671244f2f4

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=89
Content-Length: 32204

GET
H/1.1 200
OK HP5904_M.jpg
webspined.top/citi/authsys/citi_files/ 98 KB
99 KB 117ms
67ms Image
image/jpeg 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://webspined.top/citi/authsys/citi_files/HP5904_M.jpg
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 4999a8bcfc1f9fd95a0c4e42cfbac1abdf5a6c9e26734abbe4bc157b8c2b49ab

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=88
Content-Length: 100665

GET
H/1.1 200
OK GettyImages-858243764.jpg
webspined.top/citi/authsys/citi_files/ 82 KB
82 KB 68ms
68ms Image
image/jpeg 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://webspined.top/citi/authsys/citi_files/GettyImages-858243764.jpg
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: bc4570a63016e2cf47c3a9622c57cc8936ee05f72f6b992afc2e277913d02fef

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=81
Content-Length: 84217

GET
H/1.1 200
OK 2019CertifiedMobileApp.png
webspined.top/citi/authsys/citi_files/ 28 KB
29 KB 72ms
72ms Image
image/png 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://webspined.top/citi/authsys/citi_files/2019CertifiedMobileApp.png
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 771c92ecc9167287111bc793f6392bfb0dc8a51a830b497f7591e6d3493fc1fc

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Thu, 02 Apr 2020 00:44:00 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=85
Content-Length: 29171

GET
H/1.1 200
OK oo_engine.js Show response
webspined.top/citi/authsys/citi_files/ 42 KB
43 KB 74ms
71ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/oo_engine.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 1f2a0e7aa3dabf73dae3cc7c1e53a70ec51145b39b027bdc1ecae9223c0c80d2

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=93
Content-Length: 43276

GET
H/1.1 200
OK ddl.js Show response
webspined.top/citi/authsys/citi_files/ 64 KB
64 KB 71ms
71ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/ddl.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: f1821b3865a1008ba0c088f7dc5c7eeb6b81e414461885c40b8d0f48fcbc9341

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=93
Content-Length: 65331

GET
H/1.1 200
OK main.js Show response
webspined.top/citi/authsys/citi_files/ 33 KB
33 KB 67ms
67ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/main.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 9deb849bdc20c654810ae440c0c5110b1a1cbf2228e7a3b61db136a7633c0eda

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=88
Content-Length: 33897

GET
H/1.1 200
OK citilive-search.js Show response
webspined.top/citi/authsys/citi_files/ 2 KB
3 KB 68ms
68ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/citilive-search.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: f2adfd83f8e9c7f3b092921eb5a59d4463041b2be8386a17ec7ac29d8d588470

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 2558

GET
H/1.1 200
OK cbol-smartSearch-inject.js Show response
webspined.top/citi/authsys/citi_files/ 10 KB
11 KB 67ms
66ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/cbol-smartSearch-inject.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: dc4af510d48e699e43ac4bb6fdfeebab422ef11ce48041a7e3ae2e310efa6289

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=93
Content-Length: 10576

GET
H/1.1 200
OK TMXProfiling.js Show response
webspined.top/citi/authsys/citi_files/ 1 KB
1 KB 71ms
71ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/TMXProfiling.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 157430093a6d2ee63082eae5dabf826926d3b6259d33482aa6713c48728e82fa

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=92
Content-Length: 1267

GET
H/1.1 200
OK siteseal2p.js Show response
webspined.top/citi/authsys/citi_files/ 685 B
939 B 76ms
76ms Script
application/javascript 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/siteseal2p.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 8cad2492e705a54e5c4a634509b1d6c836dfb5bd179c2e58063653cc8635d6df

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:44:00 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=86
Content-Length: 685

GET
H/1.1 200
OK cobrowse_overlay.css
webspined.top/citi/authsys/citi_files/ 7 KB
7 KB 71ms
71ms Stylesheet
text/css 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/cobrowse_overlay.css
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: a9623118fb6ec3944d1312cd0d492c3f32455e89bc1e01eafa67628a309d9c60

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=92
Content-Length: 7220

GET
H/1.1 200
OK copy_copy_1551286869362_Feedback.png
webspined.top/citi/authsys/citi_files/ 2 KB
2 KB 129ms
71ms Image
image/png 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://webspined.top/citi/authsys/citi_files/copy_copy_1551286869362_Feedback.png
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 506575b752d10714465811aec4dd67a7bfb471fcbc2e9619c1faad68c110759e

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Tue, 31 Mar 2020 20:07:14 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=86
Content-Length: 1993

OPTIONS sitecat.json
localhost/assets/ 0
0

GET
H/1.1 200
OK target.js Show response
cdn.tt.omtrdc.net/cdn/ 43 KB
14 KB 94ms
38ms Script
text/javascript 104.111.235.198
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.tt.omtrdc.net/cdn/target.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/citi_files/Bootstrap.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.235.198 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-235-198.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7ecf3bf86151cd72036fb67feb8fcbd8c80359e0ca871e1aeb955428ed43c26d

Request headers

Referer: https://webspined.top/citi/authsys/
Sec-Fetch-Dest: script
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Content-Encoding: gzip
Last-Modified: Tue, 01 Oct 2019 05:03:41 GMT
Server: Apache
ETag: "1fcda-aa3e-593d246a6d5b9"
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: must-revalidate, max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 14200

GET
H2 200 ajax Show response
citicorpcreditservic.tt.omtrdc.net/m2/citicorpcreditservic/mbox/ 142 B
641 B 122ms
28ms Script
text/javascript 66.117.29.3
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://citicorpcreditservic.tt.omtrdc.net/m2/citicorpcreditservic/mbox/ajax?mboxHost=webspined.top&mboxPage=093b998952cc476487d7d08e12b876dd&screenHeight=1200&screenWidth=1600&browserWidth=1600&browserHeight=1200&browserTimeOffset=120&colorDepth=24&mboxSession=093b998952cc476487d7d08e12b876dd&mboxXDomain=enabled&mboxCount=1&mboxTime=1585795439164&pageDef=jUSCBOL_Loginpage_Uncookied&ProspectCustomer=true&pageLanguage=english&pageLang=en&mbox=target-global-mbox&mboxId=0&mboxURL=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&mboxReferrer=&mboxVersion=63
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/citi_files/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 66.117.29.3 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: /
Resource Hash: dd256ae72a5f42f07046db6419e33dca617fe970ccb3844663a4fef8c23875e2

Request headers

Referer: https://webspined.top/citi/authsys/
Sec-Fetch-Dest: script
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:43:58 GMT
content-type: text/javascript;charset=utf-8
p3p: CP="NOI DSP CURa OUR STP COM"
status: 200
cache-control: no-cache
timing-allow-origin: *
content-length: 142
x-request-id: 6d9b8936-93aa-49f5-b4d1-b862629232f6

GET
H/1.1

302
Found

rd Show response
dpm.demdex.net/id/
Redirect Chain

https://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1585788239168
https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1585788239168

0
-1 B

163ms
41ms

XHR

108.128.20.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1585788239168

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

108.128.20.85 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-108-128-20-85.eu-west-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Location: https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1585788239168
X-TID: gFwgDq3cRVc=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://webspined.top
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: https://webspined.top
X-TID: gFwgDq3cRVc=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1585788239168
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 serverComponent.php Show response
nexus.ensighten.com/citi/na_prod/ 1 KB
705 B 63ms
24ms Script
text/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/serverComponent.php?r=30169.547207601343&ClientID=1129&PageID=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/citi_files/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 3525861536a4eb2a3a4be1b235bafe9b5cadff8f88b751e5e97326d092c28060

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Thu, 02 Apr 2020 00:43:59 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: no-cache, no-store
expires: Thu, 02 Apr 2020 00:43:58 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/959299794/ 42 B
160 B 20ms
18ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/959299794/?random=1585667137264&cv=9&fst=1585666800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=2&u_tz=300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3021493871&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:43:59 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com.pk/pagead/1p-user-list/959299794/ 42 B
546 B 42ms
21ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com.pk/pagead/1p-user-list/959299794/?random=1585667137264&cv=9&fst=1585666800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=2&u_tz=300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3021493871&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:43:59 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/960621875/ 42 B
119 B 19ms
19ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/960621875/?random=1585667137269&cv=9&fst=1585666800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=2&u_tz=300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=688670070&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:43:59 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com.pk/pagead/1p-user-list/960621875/ 42 B
110 B 33ms
21ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com.pk/pagead/1p-user-list/960621875/?random=1585667137269&cv=9&fst=1585666800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=2&u_tz=300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=688670070&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:43:59 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/916451471/ 42 B
119 B 19ms
18ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/916451471/?random=1585667137271&cv=9&fst=1585666800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=2&u_tz=300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=4173332082&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:43:59 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com.pk/pagead/1p-user-list/916451471/ 42 B
110 B 20ms
20ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com.pk/pagead/1p-user-list/916451471/?random=1585667137271&cv=9&fst=1585666800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=2&u_tz=300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=4173332082&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:43:59 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/975701947/ 42 B
119 B 18ms
18ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/975701947/?random=1585667137276&cv=9&fst=1585666800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=2&u_tz=300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2479778527&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:43:59 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com.pk/pagead/1p-user-list/975701947/ 42 B
110 B 20ms
19ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com.pk/pagead/1p-user-list/975701947/?random=1585667137276&cv=9&fst=1585666800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=2&u_tz=300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2479778527&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:43:59 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/770961656/ 42 B
119 B 18ms
18ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/770961656/?random=1585667137284&cv=9&fst=1585666800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=2&u_tz=300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=909115293&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:43:59 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com.pk/pagead/1p-user-list/770961656/ 42 B
110 B 21ms
21ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com.pk/pagead/1p-user-list/770961656/?random=1585667137284&cv=9&fst=1585666800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=2&u_tz=300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=909115293&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:43:59 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/819500023/ 42 B
119 B 18ms
18ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/819500023/?random=1585667137287&cv=9&fst=1585666800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=2&u_tz=300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2427792146&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:43:59 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com.pk/pagead/1p-user-list/819500023/ 42 B
110 B 21ms
21ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com.pk/pagead/1p-user-list/819500023/?random=1585667137287&cv=9&fst=1585666800000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=2&u_tz=300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2427792146&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:43:59 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/763960929/ 42 B
119 B 20ms
19ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/763960929/?random=1585667137293&cv=9&fst=1585666800000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=2&u_tz=300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=703331197&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:43:59 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com.pk/pagead/1p-user-list/763960929/ 42 B
110 B 21ms
20ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com.pk/pagead/1p-user-list/763960929/?random=1585667137293&cv=9&fst=1585666800000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=2&u_tz=300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=703331197&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:43:59 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/959299794/ 42 B
119 B 18ms
18ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/959299794/?random=1585667137323&cv=9&fst=1585666800000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=2&u_tz=300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=314080048&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:43:59 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com.pk/pagead/1p-user-list/959299794/ 42 B
110 B 20ms
19ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com.pk/pagead/1p-user-list/959299794/?random=1585667137323&cv=9&fst=1585666800000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=2&u_tz=300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=314080048&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:43:59 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/960621875/ 42 B
119 B 18ms
18ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/960621875/?random=1585667137341&cv=9&fst=1585666800000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=2&u_tz=300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2569884948&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:43:59 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com.pk/pagead/1p-user-list/960621875/ 42 B
110 B 26ms
26ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com.pk/pagead/1p-user-list/960621875/?random=1585667137341&cv=9&fst=1585666800000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=2&u_tz=300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2569884948&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:43:59 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/916451471/ 42 B
119 B 18ms
18ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/916451471/?random=1585667137353&cv=9&fst=1585666800000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=2&u_tz=300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=621326269&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:43:59 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com.pk/pagead/1p-user-list/916451471/ 42 B
110 B 21ms
21ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com.pk/pagead/1p-user-list/916451471/?random=1585667137353&cv=9&fst=1585666800000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=2&u_tz=300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=621326269&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:43:59 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/975701947/ 42 B
119 B 20ms
19ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/975701947/?random=1585667137367&cv=9&fst=1585666800000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=2&u_tz=300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2379345558&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:43:59 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com.pk/pagead/1p-user-list/975701947/ 42 B
110 B 23ms
22ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com.pk/pagead/1p-user-list/975701947/?random=1585667137367&cv=9&fst=1585666800000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=2&u_tz=300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2379345558&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:43:59 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/770961656/ 42 B
119 B 17ms
17ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/770961656/?random=1585667137382&cv=9&fst=1585666800000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=2&u_tz=300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2734740476&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:43:59 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com.pk/pagead/1p-user-list/770961656/ 42 B
110 B 20ms
19ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com.pk/pagead/1p-user-list/770961656/?random=1585667137382&cv=9&fst=1585666800000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=2&u_tz=300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2734740476&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:43:59 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/819500023/ 42 B
119 B 20ms
19ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/819500023/?random=1585667137390&cv=9&fst=1585666800000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=2&u_tz=300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=734348743&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:43:59 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com.pk/pagead/1p-user-list/819500023/ 42 B
110 B 21ms
21ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com.pk/pagead/1p-user-list/819500023/?random=1585667137390&cv=9&fst=1585666800000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=2&u_tz=300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=734348743&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:43:59 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/763960929/ 42 B
119 B 19ms
18ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/763960929/?random=1585667137401&cv=9&fst=1585666800000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=2&u_tz=300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2718162963&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:43:59 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com.pk/pagead/1p-user-list/763960929/ 42 B
110 B 19ms
19ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com.pk/pagead/1p-user-list/763960929/?random=1585667137401&cv=9&fst=1585666800000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=728&u_aw=1366&u_cd=24&u_his=2&u_tz=300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2718162963&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:43:59 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 404 identity
api.rlcdn.com/api/ 0
0 64ms
27ms XHR
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.rlcdn.com/api/identity?pid=1&rt=idl
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.244.174.68 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://webspined.top/citi/authsys/
Origin: https://webspined.top
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H/1.1 200
OK rd Show response
dpm.demdex.net/id/ 363 B
1 KB 44ms
44ms XHR
application/json 108.128.20.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1585788239168

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

108.128.20.85 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-108-128-20-85.eu-west-1.compute.amazonaws.com

Software

Resource Hash

3c4e5df63a7575dfc8c48d1ad0347e453251b45584c6f6f4c33270abdb666dc0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://webspined.top/citi/authsys/
Origin: https://webspined.top
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-v064-0b2859c1f.edge-irl1.demdex.com 5.66.0.20200310121811 3ms (+1ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-TID: HikfBuquQvs=
Vary: Origin, Accept-Encoding, User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://webspined.top
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 300
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 4b2c20707c9c91f3047831e7c4145026.js Show response
nexus.ensighten.com/citi/na_prod/code/ 97 KB
22 KB 27ms
26ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/4b2c20707c9c91f3047831e7c4145026.js?conditionId0=421908
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/citi_files/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 880960ba5b705083263a8a5329436c1e436a4c5bd618e2551e3c313d18ef88e2

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Thu, 02 Apr 2020 00:43:59 GMT
content-encoding: gzip
last-modified: Thu, 27 Feb 2020 21:46:14 GMT
server: nginx
etag: W/"5e5838a6-18322"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H2 200 fdf45a7c15c1cee06bb71e10dac4e26e.js Show response
nexus.ensighten.com/citi/na_prod/code/ 989 B
1 KB 31ms
29ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/citi_files/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 7df13706eaab8ce9a3dcd2a501f60bc66987c83834d07dfaf07ae56ef814c110

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Thu, 02 Apr 2020 00:43:59 GMT
last-modified: Tue, 14 May 2019 17:01:42 GMT
server: nginx
etag: "5cdaf476-3dd"
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 989

GET
H2 200 298eff2fda6a766b160eb3fd281b83a1.js Show response
nexus.ensighten.com/citi/na_prod/code/ 126 KB
34 KB 36ms
33ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/298eff2fda6a766b160eb3fd281b83a1.js?conditionId0=486757
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/citi_files/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 470006833167eb6002e768cbe0865a86338c1fec3955d551e0f4f1d6a0ef7fa6

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Thu, 02 Apr 2020 00:43:59 GMT
content-encoding: gzip
last-modified: Tue, 03 Mar 2020 18:58:07 GMT
server: nginx
etag: W/"5e5ea8bf-1f8d4"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H2 200 98eab123fd6eeaefc94916fb10ff0a06.js Show response
nexus.ensighten.com/citi/na_prod/code/ 30 KB
7 KB 42ms
39ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/98eab123fd6eeaefc94916fb10ff0a06.js?conditionId0=467299
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/citi_files/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 972256d3bce669df3ed0d7060d4b6897500a1a144c4891700370b6de287ac3d9

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Thu, 02 Apr 2020 00:43:59 GMT
content-encoding: gzip
last-modified: Tue, 03 Mar 2020 18:58:07 GMT
server: nginx
etag: W/"5e5ea8bf-76b0"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H2 200 8637af7c210f4e79436bc39f71b49bfa.js Show response
nexus.ensighten.com/citi/na_prod/code/ 1 KB
737 B 31ms
28ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/8637af7c210f4e79436bc39f71b49bfa.js?conditionId0=4827153
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/citi_files/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 06dfb367edf9bbff810def9f75f8695b3ccfbcb2813306609fc6e18fcacfc17e

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Thu, 02 Apr 2020 00:43:59 GMT
content-encoding: gzip
last-modified: Wed, 10 Jul 2019 12:57:13 GMT
server: nginx
etag: W/"5d25e0a9-412"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H2 200 557566dc60916e3de69e006bef252459.js Show response
nexus.ensighten.com/citi/na_prod/code/ 2 KB
961 B 41ms
39ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/citi_files/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 31b00ff4929696dfca06885da68e58c3e09f6ecb4ae0fe1ae287e99a3fd1f716

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Thu, 02 Apr 2020 00:43:59 GMT
content-encoding: gzip
last-modified: Tue, 27 Aug 2019 16:59:12 GMT
server: nginx
etag: W/"5d656160-887"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H/1.1 200
OK Cookie set dest5.html
citi.demdex.net/ Frame BF8F 0
0 185ms
43ms Document
text/html 52.50.37.223
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://citi.demdex.net/dest5.html?d_nsid=0

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/citi_files/Bootstrap.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.50.37.223 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-50-37-223.eu-west-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Host: citi.demdex.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://webspined.top/citi/authsys/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: demdex=14190249290536906613135271964089787484
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://webspined.top/citi/authsys/

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=21600
Content-Encoding: gzip
Content-Type: text/html
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified: Wed, 18 Mar 2020 12:48:23 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Set-Cookie: demdex=14190249290536906613135271964089787484;Path=/;Domain=.demdex.net;Expires=Tue, 29-Sep-2020 00:43:59 GMT;Max-Age=15552000;Secure;SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding, User-Agent
X-TID: SUbXDQM8SQ4=
Content-Length: 2785
Connection: keep-alive

GET
H2 200 id Show response
metrics1.citi.com/ 89 B
625 B 322ms
26ms XHR
application/x-javascript 35.181.91.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics1.citi.com/id?d_visid_ver=3.1.2&d_fieldgroup=A&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&mid=18788384524427229502459285375068806655&ts=1585788239382

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.181.91.36 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-181-91-36.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

9338b86287d57dfdb5b6cd68c48bbb1159a1cccd449c0994156def09418446ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://webspined.top/citi/authsys/
Origin: https://webspined.top
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

status: 200
date: Thu, 02 Apr 2020 00:43:59 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-544845747d-tnvtf
vary: Origin
x-c: master-1219.Ia2cf62.M0-374
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://webspined.top
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-type: application/x-javascript;charset=utf-8
content-length: 89
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=XoU1TwAAAXIU0RTJ
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=14190249290536906613135271964089787484
https://dpm.demdex.net/ibs:dpid=411&dpuuid=XoU1TwAAAXIU0RTJ

42 B
915 B

42ms
41ms

Image
image/gif

108.128.20.85
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=XoU1TwAAAXIU0RTJ

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

108.128.20.85 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-108-128-20-85.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

DCS: dcs-prod-irl1-v064-0af5c9a0e.edge-irl1.demdex.com 5.66.0.20200310121811 1ms (+0ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: VsjJENl3QPM=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Server: AMO-cookiemap/1.1
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=XoU1TwAAAXIU0RTJ
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=15,max=100
Content-Length: 0

GET
H/1.1 200
OK bk-coretag.js Show response
tags.bkrtx.com/js/ 30 KB
11 KB 85ms
29ms Script
text/javascript 104.111.245.241
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.bkrtx.com/js/bk-coretag.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/4b2c20707c9c91f3047831e7c4145026.js?conditionId0=421908
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.245.241 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-245-241.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7b8cd61f9d36175fe1b2fc50dfd1585716b9e55a87a82e8ec3c5d9739d6fb939

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Content-Encoding: gzip
Last-Modified: Wed, 04 Mar 2020 16:24:16 GMT
Server: Apache
ETag: "31600f9-7850-5a009da075833"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 10546
Expires: Thu, 09 Apr 2020 00:43:59 GMT

GET
H2 200 pp.html
cdn.pbbl.co/i/ Frame AC7B 0
0 88ms
19ms Document
text/html 13.224.194.89
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pbbl.co/i/pp.html
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/citi_files/1560.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.194.89 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-194-89.fra2.r.cloudfront.net
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash

Request headers

:method: GET
:authority: cdn.pbbl.co
:scheme: https
:path: /i/pp.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://webspined.top/citi/authsys/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://webspined.top/citi/authsys/

Response headers

status: 200
content-type: text/html
server: nginx/1.10.3 (Ubuntu)
date: Wed, 01 Apr 2020 20:24:25 GMT
last-modified: Thu, 30 Jan 2020 18:07:58 GMT
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 0e75d8f2d484ce463fc04f5c422aa179.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: E1Sls0QJy3ZtrIMhW6DYIYOfGEHkMqa2MJZAhLENcWKizgmJgdsSEw==
age: 1239

GET
BLOB 200
OK 7f94e1b6-c863-47b1-888b-8ac5915de983
https://webspined.top/ 138 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://webspined.top/7f94e1b6-c863-47b1-888b-8ac5915de983
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/citi_files/BiocatchATO.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e5168b3d0c8f929a1b8c4c1b4e4ebac60ee0e1ecfd759aeb4be4c2b15e3fc097

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: worker

Response headers

Content-Length: 140879
Content-Type: application/javascript

GET
H/1.1 200
OK Citi-Enterprise-White.png
webspined.top/citi/authsys/citi_files/GFC/branding/img/ 1 KB
1 KB 91ms
74ms Image
image/png 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://webspined.top/citi/authsys/citi_files/GFC/branding/img/Citi-Enterprise-White.png
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/citi_files/BiocatchATO.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 7cb24e06c00e47bb6bc6c38b935d6bc62817f656703387e4fb7591add96c7454

Request headers

Referer: https://webspined.top/citi/authsys/citi_files/main_branding.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Wed, 14 Jun 2017 23:29:06 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=91
Content-Length: 1040

GET
H/1.1 404
Not Found Interstate-Light.woff
webspined.top/citi/authsys/citi_files/fonts/interstate/ 0
0 85ms
72ms Font
text/html 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/fonts/interstate/Interstate-Light.woff
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/citi_files/BiocatchATO.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://webspined.top/citi/authsys/citi_files/ddl.css
Origin: https://webspined.top
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=89
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found Interstate-Bold.woff
webspined.top/citi/authsys/citi_files/fonts/interstate/ 0
0 101ms
71ms Font
text/html 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/fonts/interstate/Interstate-Bold.woff
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/citi_files/BiocatchATO.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://webspined.top/citi/authsys/citi_files/ddl.css
Origin: https://webspined.top
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=89
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found bkintg.min.js Show response
webspined.top/personalization/ 315 B
515 B 91ms
67ms XHR
text/html 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/personalization/bkintg.min.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer: https://webspined.top/citi/authsys/
Sec-Fetch-Dest: empty
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=89
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found aosRFServerIntg.min.js Show response
webspined.top/personalization/ 315 B
515 B 91ms
67ms XHR
text/html 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/personalization/aosRFServerIntg.min.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer: https://webspined.top/citi/authsys/
Sec-Fetch-Dest: empty
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=84
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found cmstmplintg.min.js Show response
webspined.top/personalization/ 315 B
515 B 119ms
71ms XHR
text/html 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/personalization/cmstmplintg.min.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer: https://webspined.top/citi/authsys/
Sec-Fetch-Dest: empty
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=88
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK HP2.0_Multi-Card_Hero_Card_Background.jpg
webspined.top/citi/authsys/JRS/banners/hero_background/ 53 KB
53 KB 113ms
71ms Image
image/jpeg 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://webspined.top/citi/authsys/JRS/banners/hero_background/HP2.0_Multi-Card_Hero_Card_Background.jpg
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 359a00b9518a4295a70361f526a7d69cf7dc40099a5ff361a5fbf8c0ee034e0c

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Last-Modified: Fri, 16 Mar 2018 02:03:36 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=88
Content-Length: 54363

GET
H/1.1 200
OK HP4782_M.jpg
webspined.top/citi/authsys/JRS/banners/modules/ 90 KB
90 KB 76ms
76ms Image
image/jpeg 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://webspined.top/citi/authsys/JRS/banners/modules/HP4782_M.jpg
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 043494ebdb60e363e2e8e0fa548a3863505bda2d81f28d2bf87d4f11380f39f4

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Thu, 02 Apr 2020 00:44:00 GMT
Last-Modified: Wed, 15 May 2019 20:20:42 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=86
Content-Length: 91963

GET
H/1.1 200
OK arrow-btn-next-blue-sm-bold.svg
webspined.top/citi/authsys/citi_files/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/ 918 B
1 KB 77ms
77ms Image
image/svg+xml 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://webspined.top/citi/authsys/citi_files/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-blue-sm-bold.svg
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: e90fb0eba512ed6473f6fb8acf4cd09b38732f150f43c396246c12bb2aacbb67

Request headers

Referer: https://webspined.top/citi/authsys/citi_files/main.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Thu, 02 Apr 2020 00:44:00 GMT
Last-Modified: Tue, 31 Mar 2020 18:01:23 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=80
Content-Length: 918

GET
H2 200 cse_element__en.js Show response
www.google.com/cse/static/element/8b2252448421acb3/ 257 KB
85 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/8b2252448421acb3/cse_element__en.js?usqp=CAI%3D

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/citi_files/cse.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

02c39275000c1280f9cde808ebe731ec1924477305678759c1140ecaac49eba0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 01 Apr 2020 17:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 31 Oct 2019 16:49:36 GMT
server: sffe
age: 27290
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 86820
x-xss-protection: 0
expires: Thu, 01 Apr 2021 17:09:09 GMT

GET
H2 200 default+en.css
www.google.com/cse/static/element/8b2252448421acb3/ 40 KB
9 KB 9ms
8ms Stylesheet
text/css 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/8b2252448421acb3/default+en.css

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/citi_files/cse.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

40a20291f9b526cba58796a4bbd0256d5663313e02c9d5ab5a842476562b3108

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Wed, 01 Apr 2020 20:40:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 31 Oct 2019 16:49:36 GMT
server: sffe
age: 14626
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 9042
x-xss-protection: 0
expires: Thu, 01 Apr 2021 20:40:13 GMT

GET
H2 200 default.css
www.google.com/cse/static/style/look/v3/ 11 KB
3 KB 8ms
8ms Stylesheet
text/css 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/style/look/v3/default.css

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/citi_files/cse.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9ceaa25ec7654a66294c16e28989fbf1ecb9cebc9debe96ec597529465c7cd50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Thu, 02 Apr 2020 00:00:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 21 Nov 2019 23:30:00 GMT
server: sffe
age: 2617
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=3000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 2719
x-xss-protection: 0
expires: Thu, 02 Apr 2020 00:50:22 GMT

GET
H2

200

adadvisor.gif
px0.pbbl.co/
Redirect Chain

https://px0.pbbl.co/ns/__p2.gif?ppid=0ec9441a-9ab1-4179-9169-71687f24b119&chk=false&brid=&brcid=&email=&orderId=&orderValue=&productId=&offerCode=&label=&pageUrl=https%3A%2F%2Fwebspined.top%2Fciti%...
https://aa.agkn.com/adscores/g.pixel?sid=9212282598&_ppid=0ec9441a-9ab1-4179-9169-71687f24b119&_segid=99&iid=fbd4e1bc-12b8-4f26-85b3-3e4a2dedb45d
https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=0ec9441a-9ab1-4179-9169-71687f24b119&_segid=99&_zip=&hk=&iid=fbd4e1bc-12b8-4f26-85b3-3e4a2dedb45d&mt=&bd=

42 B
135 B

135ms
134ms

Image
image/gif

2a00:1450:4001:821::2013
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=0ec9441a-9ab1-4179-9169-71687f24b119&_segid=99&_zip=&hk=&iid=fbd4e1bc-12b8-4f26-85b3-3e4a2dedb45d&mt=&bd=

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:44:00 GMT
x-content-type-options: nosniff
server: Google Frontend
content-type: image/gif
status: 200
x-cloud-trace-context: 71db9c96d3a892146fa0cf960ae113cb
cache-control: must-revalidate, no-cache, no-store
content-length: 42
x-xss-protection: 1
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:43:59 GMT
server: AAWebServer
location: https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=0ec9441a-9ab1-4179-9169-71687f24b119&_segid=99&_zip=&hk=&iid=fbd4e1bc-12b8-4f26-85b3-3e4a2dedb45d&mt=&bd=
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-length: 0
expires: 0

GET
H/1.1 200
OK Citi-Branding-Sprite.png
webspined.top/citi/authsys/citi_files/GFC/branding/img/ 5 KB
5 KB 89ms
89ms Image
image/png 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://webspined.top/citi/authsys/citi_files/GFC/branding/img/Citi-Branding-Sprite.png
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 3fca3de24621f0f10186594054444d608016297c2e853e548710b3521e42a609

Request headers

Referer: https://webspined.top/citi/authsys/citi_files/main_branding.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Thu, 02 Apr 2020 00:44:00 GMT
Last-Modified: Wed, 14 Jun 2017 23:29:02 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=84
Content-Length: 4952

GET
H/1.1 200
OK appStore_1px.png
webspined.top/citi/authsys/citi_files/GFC/branding/responsivebranding/img/ 3 KB
4 KB 77ms
76ms Image
image/png 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://webspined.top/citi/authsys/citi_files/GFC/branding/responsivebranding/img/appStore_1px.png
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: f44e4692a52b6a382cb481e23f8bcb9a6d4c24eec8aa60143c7e2ca3a85758b2

Request headers

Referer: https://webspined.top/citi/authsys/citi_files/main_branding.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Thu, 02 Apr 2020 00:44:00 GMT
Last-Modified: Fri, 28 Sep 2018 02:19:10 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=85
Content-Length: 3513

GET
H/1.1 200
OK googlePlay_1px.png
webspined.top/citi/authsys/citi_files/GFC/branding/responsivebranding/img/ 4 KB
4 KB 74ms
74ms Image
image/png 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://webspined.top/citi/authsys/citi_files/GFC/branding/responsivebranding/img/googlePlay_1px.png
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 1cc4ec61057f30cea6d47126e0444f119b2606720b1fe8d7e0deff1f5742a82b

Request headers

Referer: https://webspined.top/citi/authsys/citi_files/main_branding.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Thu, 02 Apr 2020 00:44:00 GMT
Last-Modified: Fri, 28 Sep 2018 02:21:52 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=85
Content-Length: 3900

GET
H/1.1 404
Not Found arrow-btn-next-white-sm-bold.svg
webspined.top/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/ 315 B
315 B 84ms
83ms Image
text/html 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://webspined.top/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-white-sm-bold.svg
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

Referer: https://webspined.top/citi/authsys/citi_files/homePage.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Thu, 02 Apr 2020 00:44:00 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=85
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK oo_icon_retina.gif
webspined.top/citi/authsys/citi_files/GFC/branding/olab/images/ 2 KB
2 KB 75ms
75ms Image
image/gif 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://webspined.top/citi/authsys/citi_files/GFC/branding/olab/images/oo_icon_retina.gif
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 701d2f9f02741b8429f4fb892b2b48c34a8a0f9189cb09013b2799031f22e484

Request headers

Referer: https://webspined.top/citi/authsys/citi_files/main_branding.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Thu, 02 Apr 2020 00:44:00 GMT
Last-Modified: Tue, 12 Sep 2017 22:20:58 GMT
Server: Apache
Content-Type: image/gif
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=79
Content-Length: 2204

GET
H2 200 cse.js Show response
cse.google.com/cse/ 11 KB
4 KB 55ms
35ms Script
text/javascript 2a00:1450:4001:815::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/citi_files/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gws /

Resource Hash

73abb973c9d3f9e993163c87527cc7fee2a76ad521e6b35f30edcdce5a5c700d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Thu, 02 Apr 2020 00:43:59 GMT
content-encoding: br
server: gws
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
status: 200
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 3479
x-xss-protection: 0
expires: Thu, 02 Apr 2020 00:43:59 GMT

GET
H/1.1 404
Not Found Interstate-Light.ttf
webspined.top/citi/authsys/citi_files/fonts/interstate/ 0
0 89ms
72ms Font
text/html 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/fonts/interstate/Interstate-Light.ttf
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://webspined.top/citi/authsys/citi_files/ddl.css
Origin: https://webspined.top
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=87
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found Interstate-Bold.ttf
webspined.top/citi/authsys/citi_files/fonts/interstate/ 0
0 106ms
71ms Font
text/html 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/citi/authsys/citi_files/fonts/interstate/Interstate-Bold.ttf
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://webspined.top/citi/authsys/citi_files/ddl.css
Origin: https://webspined.top
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=87
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 363 B
1 KB 43ms
43ms XHR
application/json 108.128.20.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&d_mid=18788384524427229502459285375068806655&d_blob=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&d_cid_ic=AVID%012F429AA78515C6E8-400007C1C1C287E7&ts=1585788239735

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

108.128.20.85 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-108-128-20-85.eu-west-1.compute.amazonaws.com

Software

Resource Hash

c0b33a28e2d8d0db35295a5c285f5112677dafcc5969eab3e5d20dc9b0867155

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://webspined.top/citi/authsys/
Origin: https://webspined.top
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-v064-049796eec.edge-irl1.demdex.com 5.66.0.20200310121811 2ms (+1ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-TID: zwBWaXD7RkY=
Vary: Origin, Accept-Encoding, User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://webspined.top
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 301
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK tc.min.js Show response
c1.rfihub.net/js/ 20 KB
7 KB 143ms
47ms Script
application/x-javascript 23.36.234.139
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.rfihub.net/js/tc.min.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/98eab123fd6eeaefc94916fb10ff0a06.js?conditionId0=467299
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.36.234.139 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-36-234-139.deploy.static.akamaitechnologies.com
Software: Jetty(9.0.6.v20130930) /
Resource Hash: cb2bb21705b9cce9781d02c9223f3344a65bd5314027d11c5a8518ad4bd84e84

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:43:59 GMT
Content-Encoding: gzip
Last-Modified: Tue, 31 Mar 2020 15:02:56 GMT
Server: Jetty(9.0.6.v20130930)
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: public, max-age=3600
Connection: keep-alive
Content-Type: application/x-javascript
Content-Length: 6375
Expires: Thu, 02 Apr 2020 01:43:59 GMT

GET
H/1.1 200
OK idr.js Show response
a.rfihub.com/ 83 B
686 B 125ms
33ms Script
application/javascript 193.0.160.128
ROCKETFUEL

General

Check archive.org

Show headers Download Go to

Full URL: https://a.rfihub.com/idr.js?_callback=window.RocketfuelBCP.jsonpCallbacks.request_cmZpSWRJbkNhY2hl
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/citi_files/tc.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.128 , Netherlands, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.0.6.v20130930) /
Resource Hash: 6eb1d03de72515523f07e2f8fa2d6f3484eb42ac4aad6988244846d0af2d06c2

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Expires: Tue, 27 Apr 2021 00:43:59 GMT
Cache-Control: public, max-age=33696000
Server: Jetty(9.0.6.v20130930)
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 83
Content-Type: application/javascript

GET
H2 200 cse_element__de.js Show response
www.google.com/cse/static/element/8b2252448421acb3/ 257 KB
85 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/8b2252448421acb3/cse_element__de.js?usqp=CAI%3D

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2233a44f005e8d416636e52aca33bc7ce726c1ab4d0801865162829d762c6de2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 31 Mar 2020 10:00:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 31 Oct 2019 16:49:36 GMT
server: sffe
age: 139412
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 86952
x-xss-protection: 0
expires: Wed, 31 Mar 2021 10:00:27 GMT

GET
H2 200 default+de.css
www.google.com/cse/static/element/8b2252448421acb3/ 40 KB
9 KB 8ms
8ms Stylesheet
text/css 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/8b2252448421acb3/default+de.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

40a20291f9b526cba58796a4bbd0256d5663313e02c9d5ab5a842476562b3108

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Wed, 01 Apr 2020 11:01:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 31 Oct 2019 16:49:36 GMT
server: sffe
age: 49362
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 9042
x-xss-protection: 0
expires: Thu, 01 Apr 2021 11:01:17 GMT

GET
H/1.1 200
OK Cookie set ca.html
20766699p.rfihub.com/ Frame AC6D 0
0 150ms
47ms Document
text/html 193.0.160.128
ROCKETFUEL

General

Check archive.org

Show headers Download Go to

Full URL: https://20766699p.rfihub.com/ca.html?rfiidc=1871597494760436392&rfiaid=7e1840078edc45d1a35bd80f72e638f6&ver=9&ra=1023&rb=648&ca=20766699&_o=17169175&_t=noncookiedusernamepassword&ssv_cuuid=&ssv_pagename=noncookiedusernamepassword&pe=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&pf=&ra=22327014020368763
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/citi_files/tc.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.128 , Netherlands, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.0.6.v20130930) /
Resource Hash

Request headers

Host: 20766699p.rfihub.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://webspined.top/citi/authsys/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: rud=H4sIAAAAAAAAAOMSNrQwNzS1NDexNDE3MzAxNjO2NBLiM9R1TXKtTMxxcw4qDXOW4jU0tTA1t7AwMra0MDMHAJec7200AAAA; ruds=H4sIAAAAAAAAAOMSNrQwNzS1NDexNDE3MzAxNjO2NBLiM9R1TXKtTMxxcw4qDXMGAOeiQGMlAAAA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://webspined.top/citi/authsys/

Response headers

P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rud=H4sIAAAAAAAAAOMSNrQwNzS1NDexNDE3MzAxNjO2NBLiM9R1TXKtTMxxcw4qDXOW4jU0tTA1t7AwMra0MDMHAJec7200AAAA; Path=/; Domain=.rfihub.com; Expires=Tue, 27 Apr 2021 00:44:00 GMT; Secure; SameSite=None ruds=H4sIAAAAAAAAAOMSNrQwNzS1NDexNDE3MzAxNjO2NBLiM9R1TXKtTMxxcw4qDXMGAOeiQGMlAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
Cache-Control: no-cache
Content-Type: text/html
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Transfer-Encoding: chunked
Server: Jetty(9.0.6.v20130930)

GET
H/1.1 200
OK snare.js Show response
mpsnare.iesnare.com/ 38 KB
13 KB 162ms
79ms Script
text/javascript 52.129.74.12
IOVATION3

General

Check archive.org

Show headers Download Go to

Full URL

https://mpsnare.iesnare.com/snare.js?_=1585788239139

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/citi_files/vendor.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.129.74.12 , United States, ASN395492 (IOVATION3, US),

Reverse DNS

mpsnare.iesnare.com

Software

nginx /

Resource Hash

a20b43f346f0734db764746f51f8bc9b0b45905df2150c15a14f584dfd617f24

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Pragma: no-cache
Date: Thu, 02 Apr 2020 00:44:00 GMT
Content-Encoding: gzip
Server: nginx
Strict-Transport-Security: max-age=15552000; includeSubDomains
p3p: CP="NON DSP COR CURa"
Cache-Control: no-cache, private
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Expires: 0

GET
H/1.1 200
OK close.svg
webspined.top/citi/authsys/images/icons/svgs/ 1 KB
2 KB 100ms
91ms Image
image/svg+xml 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://webspined.top/citi/authsys/images/icons/svgs/close.svg
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/citi_files/vendor.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: 55e066703c69d4d89a1f4d66794d474aa93d710624d8f807096bac17a7867b17

Request headers

Referer: https://webspined.top/citi/authsys/citi_files/ddl.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Thu, 02 Apr 2020 00:44:00 GMT
Last-Modified: Tue, 12 Sep 2017 22:20:58 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=83
Content-Length: 1507

GET
H/1.1 200
OK cr.png Show response
cfr.us.v2.we-stats.com/api/v1/ 4 B
375 B 415ms
137ms XHR
application/json 40.122.110.249
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://cfr.us.v2.we-stats.com/api/v1/cr.png?cid=cedric&snum=1585788240005-sjn0000775-88a0d3c6-7aca-4d11-a7ff-8fd59fbb1895&muid=1585788239578-87D28A77-7682-453B-9C55-2FD069CD83FC
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 40.122.110.249 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b

Request headers

Referer: https://webspined.top/citi/authsys/
Origin: https://webspined.top
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
Date: Thu, 02 Apr 2020 00:44:00 GMT
Server: nginx
tail-id: 43d05361-170d-4f53-872b-2e55973ad62d
X-Kong-Proxy-Latency: 0
Content-Type: application/json
access-control-allow-origin: *
X-Kong-Upstream-Latency: 2
cache-control: no-cache, no-store
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 4

GET
H/1.1 202
Accepted cyss.js Show response
cyseal.cyveillance.com/SiteSeal/ 0
226 B 500ms
113ms Script
application/javascript 3.212.137.125
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://cyseal.cyveillance.com/SiteSeal/cyss.js?ref=webspined.top
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/citi_files/siteseal2p.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.212.137.125 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-212-137-125.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.1e-fips mod_jk/1.2.40 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:44:00 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.1e-fips mod_jk/1.2.40
Connection: keep-alive
Content-Length: 0
Content-Type: application/javascript

GET
H/1.1 200
OK logo.js Show response
mpsnare.iesnare.com/script/ 96 B
513 B 42ms
42ms Script
text/javascript 52.129.74.12
IOVATION3

General

Check archive.org

Show headers Download Go to

Full URL

https://mpsnare.iesnare.com/script/logo.js

Requested by

Host: mpsnare.iesnare.com
URL: https://mpsnare.iesnare.com/snare.js?_=1585788239139

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.129.74.12 , United States, ASN395492 (IOVATION3, US),

Reverse DNS

mpsnare.iesnare.com

Software

nginx /

Resource Hash

a66b9759aa91bdbca84797a0ca353252a6c65860c38bc6b04a03142d93c80640

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:44:00 GMT
Content-Encoding: gzip
Last-Modified: Tue, 06 May 2014 00:01:40 GMT
Server: nginx
Strict-Transport-Security: max-age=15552000; includeSubDomains
p3p: CP="NON DSP COR CURa"
Cache-Control: private
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Expires: Fri, 2 Apr 2021 00:44:00 GMT

POST
H/1.1 404
Not Found TMXProfile.jws Show response
webspined.top/US/REST/ManageTMXProfile/ 315 B
515 B 69ms
68ms XHR
text/html 178.159.36.169
IHOR-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://webspined.top/US/REST/ManageTMXProfile/TMXProfile.jws
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.159.36.169 , Russian Federation, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software: Apache /
Resource Hash: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

Accept: */*
Referer: https://webspined.top/citi/authsys/
Origin: https://webspined.top
X-Requested-With: XMLHttpRequest
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 02 Apr 2020 00:44:00 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=78
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 4 KB
2 KB 60ms
20ms Script
application/x-javascript 143.204.94.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/citi_files/Bootstrap.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.94.29 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-94-29.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0615974c40d602afdbf9759533e352bc17b0458c85aad6694b1a1ad20659625b

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Wed, 01 Apr 2020 01:16:13 GMT
Content-Encoding: gzip
Last-Modified: Mon, 13 Jan 2020 19:16:48 GMT
Server: AmazonS3
Age: 84468
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
Via: 1.1 baaf38f0a0d54e4834bf934fa5189ceb.cloudfront.net (CloudFront)
Transfer-Encoding: chunked
X-Amz-Cf-Pop: FRA50-C1
Connection: keep-alive
X-Amz-Cf-Id: zysYi0x1sJx383hGAi0P0dDi77Kc5OtwU_ndTCxELImMN152V63BQg==

GET
H2 200 embed.js Show response
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ 2 KB
1 KB 76ms
18ms Script
application/javascript 151.101.14.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 128b5eb2de7c92e9be2f566be1ce1a72763a9be9d4c7554f7ea493f57d7e39e9

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

x-amz-version-id: xdVzN.FTbUYeBK.pOoPjKVFQC00uq.2h
content-encoding: gzip
age: 34
x-cache: HIT
status: 200
date: Thu, 02 Apr 2020 00:44:00 GMT
content-length: 675
x-amz-id-2: hynu160osEpODX+sB3AR00RllIgJH6nXktz0clmqCTghHi/doDjh7Xg2aAvsoT7CP/EyBLb3sdE=
x-served-by: cache-fra19134-FRA
access-control-allow-origin: *
last-modified: Mon, 09 Mar 2020 13:11:50 GMT
server: AmazonS3
x-timer: S1585788241.777893,VS0,VE0
etag: "57e8540faebd2fcec4adaab077b5e4ec"
vary: Accept-Encoding
x-amz-request-id: D85ED5B3CCC87FA5
via: 1.1 varnish
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1

GET
H2 200 1560.js Show response
cdn.pbbl.co/r/ 33 KB
9 KB 109ms
108ms Script
application/javascript 13.224.194.89
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.pbbl.co/r/1560.js

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/8637af7c210f4e79436bc39f71b49bfa.js?conditionId0=4827153

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.224.194.89 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-194-89.fra2.r.cloudfront.net

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

8e60e8edaca8a3167fe48e62f9b53ba1989a5b6a23283555f09ab12175fed96e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Thu, 02 Apr 2020 00:44:00 GMT
content-encoding: gzip
last-modified: Tue, 03 Mar 2020 17:36:15 GMT
server: nginx/1.10.3 (Ubuntu)
x-amz-cf-pop: FRA2-C1
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript
status: 200
x-xss-protection: 1
cache-control: max-age=1800, public
strict-transport-security: max-age=31536000
x-amz-cf-id: -ZvrQKUz9w5qLQ4F9EQSwPDwJs_ym5_cFciH_aj5FKZX09vc_u1SaQ==
via: 1.1 0e75d8f2d484ce463fc04f5c422aa179.cloudfront.net (CloudFront)
expires: Thu, 02 Apr 2020 01:14:00 GMT

GET
H2 204 425466.html
sr.rlcdn.com/ Frame 859A 0
0 184ms
128ms Document
text/plain 35.190.72.21
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/98eab123fd6eeaefc94916fb10ff0a06.js?conditionId0=467299
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.72.21 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 21.72.190.35.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: sr.rlcdn.com
:scheme: https
:path: /425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://webspined.top/citi/authsys/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://webspined.top/citi/authsys/

Response headers

status: 204
date: Thu, 02 Apr 2020 00:44:00 GMT
via: 1.1 google
alt-svc: clear

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 76 KB
28 KB 15ms
15ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-959299794

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/citi_files/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bc48b1398cf542a0fd37927aaa1b70f64a219e6f4000a2263efb5530808f836a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Thu, 02 Apr 2020 00:44:00 GMT
content-encoding: br
status: 200
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 29064
x-xss-protection: 0
last-modified: Thu, 02 Apr 2020 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 02 Apr 2020 00:44:00 GMT

GET
H2

200

activityi;dc_pre=CMCHoMbByOgCFUQ-GwodHhUBBg;src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=1310435900374.1672;gtm=2od3i0;auiddc=1630767203.1585788241;~oref=https%3A%2F%2Fwebspined.top%2Fciti%...
6260004.fls.doubleclick.net/ Frame AD9D
Redirect Chain

https://6260004.fls.doubleclick.net/activityi;src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=1310435900374.1672;gtm=2od3i0;auiddc=1630767203.1585788241;~oref=https%3A%2F%2Fwebspined.top%2Fcit...
https://6260004.fls.doubleclick.net/activityi;dc_pre=CMCHoMbByOgCFUQ-GwodHhUBBg;src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=1310435900374.1672;gtm=2od3i0;auiddc=1630767203.1585788241;~oref...

0
0

35ms
35ms

Document
text/html

172.217.18.166
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6260004.fls.doubleclick.net/activityi;dc_pre=CMCHoMbByOgCFUQ-GwodHhUBBg;src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=1310435900374.1672;gtm=2od3i0;auiddc=1630767203.1585788241;~oref=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F?

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/citi_files/js_003

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s29-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 6260004.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=CMCHoMbByOgCFUQ-GwodHhUBBg;src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=1310435900374.1672;gtm=2od3i0;auiddc=1630767203.1585788241;~oref=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://webspined.top/citi/authsys/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: about:blank

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
date: Thu, 02 Apr 2020 00:44:00 GMT
expires: Thu, 02 Apr 2020 00:44:00 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 346
x-xss-protection: 0
set-cookie: IDE=AHWqTUlBFJDpiRMSJhBjZElEDBZ10PoOT8uDHlKy9veOyhtTc_wlfwlbDJ_EBz7G; expires=Sat, 02-Apr-2022 00:44:00 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT; SameSite=none; Secure
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000

Redirect headers

status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
date: Thu, 02 Apr 2020 00:44:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://6260004.fls.doubleclick.net/activityi;dc_pre=CMCHoMbByOgCFUQ-GwodHhUBBg;src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=1310435900374.1672;gtm=2od3i0;auiddc=1630767203.1585788241;~oref=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 02-Apr-2020 00:59:00 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000

GET
H2 200 /
d.agkn.com/pixel/9340/ 43 B
589 B 25ms
10ms Image
image/gif 2600:9000:21f3:a600:19:fc2c:a140:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.agkn.com/pixel/9340/?che=9413641056.071466&abid=undefined
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:a600:19:fc2c:a140:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:44:00 GMT
via: 1.1 03d509e8374e9f42668961b5e0201349.cloudfront.net (CloudFront)
server: Apache-Coyote/1.1
x-amz-cf-pop: FRA2-C2
x-cache: Miss from cloudfront
p3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
status: 200
cache-control: no-cache, must-revalidate
content-type: image/gif
content-length: 43
x-amz-cf-id: iuw2X1HcbHZEP2HMmj1hj-zP2jJhfV8glFG2DfPm7JZPJLnce3aEjQ==
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

src=8825552;dc_pre=CP3QzsbByOgCFYbgGwodVGAO5A;type=invmedia;cat=citio0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1
adservice.google.com/ddm/fls/z/
Redirect Chain

https://gwmtracking.com/p/v/1/5c54c477f870814b6fd57129/format/img
https://ad.doubleclick.net/ddm/activity/src=8825552;type=invmedia;cat=citio0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1?
https://ad.doubleclick.net/ddm/activity/src=8825552;dc_pre=CP3QzsbByOgCFYbgGwodVGAO5A;type=invmedia;cat=citio0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1?
https://adservice.google.com/ddm/fls/z/src=8825552;dc_pre=CP3QzsbByOgCFYbgGwodVGAO5A;type=invmedia;cat=citio0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1

42 B
109 B

21ms
20ms

Image
image/gif

2a00:1450:4001:825::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/src=8825552;dc_pre=CP3QzsbByOgCFYbgGwodVGAO5A;type=invmedia;cat=citio0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:44:01 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:44:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://adservice.google.com/ddm/fls/z/src=8825552;dc_pre=CP3QzsbByOgCFYbgGwodVGAO5A;type=invmedia;cat=citio0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 302
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 tr
www.facebook.com/ 44 B
351 B 20ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr?id=313693532491635&ev=PageView&cd[order_id]=undefined

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Thu, 02 Apr 2020 00:44:00 GMT, Thu, 02 Apr 2020 00:44:00 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-27=":443"; ma=3600
content-length: 44
expires: Thu, 02 Apr 2020 00:44:00 GMT

GET
H2 200 TC-3498-2.gif
pt.ispot.tv/v2/ 43 B
314 B 60ms
19ms Image
image/gif 151.101.14.109
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pt.ispot.tv/v2/TC-3498-2.gif?app=web&type=citi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.109 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 0227e0e4dea130eb6f3163aa3ab03720dce83a0e219c282189b03bc5b8a727e3

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:44:00 GMT
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
accept-ranges: bytes
content-length: 43
expires: 0

GET
H/1.1 200
OK check.js;CIS3SID=E3115D3C2DEA06CEDEA53575A0B33A38 Show response
content22.online.citi.com/fp/ Frame AB06 173 KB
44 KB 475ms
39ms Script
text/javascript 91.235.134.21
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/check.js;CIS3SID=E3115D3C2DEA06CEDEA53575A0B33A38?org_id=89oebq5k&session_id=dee744706fd062495a3eacc335976eb8b6a5971c0332489c5b7791fe3abfdf78&nonce=29d4f1193d5652ad&pageid=1&jb=333726246a736d753f4e696e777a2662736f3f4c696c777a246a7b603f436a7a6d6f65253a323736

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/citi_files/tags.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.134.21 , Netherlands, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

138fe842faa49a5018ecd6e3ff4a007d5f06038ef8b960ffd78dd81f4030187a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:44:01 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
P3P: CP=IVAa PSAa
tmx-nonce: 29d4f1193d5652ad
Connection: Keep-Alive, Keep-Alive
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=2, max=100
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK clear.png
content22.online.citi.com/fp/ Frame AB06 81 B
475 B 463ms
27ms Image
image/png 91.235.134.21
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=dee744706fd062495a3eacc335976eb8b6a5971c0332489c5b7791fe3abfdf78&nonce=29d4f1193d5652ad&pageid=1&w=b36fb5dcc883856e&ck=0&m=1

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/citi_files/tags.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.134.21 , Netherlands, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Thu, 02 Apr 2020 00:44:01 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK clear.png
content22.online.citi.com/fp/ Frame AB06 81 B
475 B 461ms
28ms Image
image/png 91.235.134.21
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=dee744706fd062495a3eacc335976eb8b6a5971c0332489c5b7791fe3abfdf78&nonce=29d4f1193d5652ad&pageid=1&ck=0&m=2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.134.21 , Netherlands, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Thu, 02 Apr 2020 00:44:01 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 generic1583759509314.js Show response
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ 292 KB
56 KB 35ms
19ms Script
application/javascript 151.101.14.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1583759509314.js
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/citi_files/embed.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 495c2b78f2deeec56065c5078a56deb4b4b6601773c98224cbe8517d0545adb2

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

x-amz-version-id: uAPRU1.TEa4IccOvtJ5W8HtqM3e6HTPR
content-encoding: gzip
age: 108
x-cache: HIT
status: 200
date: Thu, 02 Apr 2020 00:44:00 GMT
content-length: 57360
x-amz-id-2: D2yfKs/CsAGMC8aQYYrMa8Nc/EcmZ1NqlmLKHkXGrAXcjhU7dZa8oOKLT+9Z8QfFxp0rSaXet7A=
x-served-by: cache-fra19134-FRA
access-control-allow-origin: *
last-modified: Mon, 09 Mar 2020 13:11:50 GMT
server: AmazonS3
x-timer: S1585788241.777883,VS0,VE1
etag: "554d96b22cd4fa4f07c79604a171a56f"
vary: Accept-Encoding
x-amz-request-id: 355545CF2FD907A6
via: 1.1 varnish
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1

GET
H/1.1 200
OK 63068
stags.bluekai.com/site/ Frame 0EC9 0
0 213ms
176ms Document
text/html 23.45.237.36
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://stags.bluekai.com/site/63068?ret=html&phint=language%3Denglish&phint=product%3D&phint=event&phint=category%3Dpre-login%20Sign%20on%20page&phint=page%3DNon%20Cookied%20Username%20Password%20&phint=section1%3DPublic&phint=section2%3DSignOn&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DOnline%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&phint=__bk_k%3Dbanking%2C%20citi%2C%20financial%20services%2C%20checking%20account%2C%20savings%20account%2C%20credit%20cards&phint=__bk_l%3Dhttps%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&phint=__bk_v%3D3.1.4&limit=10&r=56311178
Requested by: Host: tags.bkrtx.com
URL: https://tags.bkrtx.com/js/bk-coretag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.237.36 , United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-45-237-36.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Host: stags.bluekai.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://webspined.top/citi/authsys/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://webspined.top/citi/authsys/

Response headers

Content-Type: text/html
Content-Length: 71
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
BK-Server: 3327
Date: Thu, 02 Apr 2020 00:44:00 GMT
Connection: keep-alive
X-N: S

GET
H/1.1 200
OK 63068
stags.bluekai.com/site/ Frame 680C 0
0 210ms
174ms Document
text/html 23.45.237.36
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://stags.bluekai.com/site/63068?ret=html&phint=language%3Denglish&phint=product%3D&phint=event&phint=category%3Dpre-login%20Sign%20on%20page&phint=page%3DNon%20Cookied%20Username%20Password%20&phint=section1%3DPublic&phint=section2%3DSignOn&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DOnline%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&phint=__bk_k%3Dbanking%2C%20citi%2C%20financial%20services%2C%20checking%20account%2C%20savings%20account%2C%20credit%20cards&phint=__bk_l%3Dhttps%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&phint=__bk_v%3D3.1.4&limit=10&r=85498098
Requested by: Host: webspined.top
URL: https://webspined.top/citi/authsys/citi_files/bk-coretag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.237.36 , United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-45-237-36.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Host: stags.bluekai.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://webspined.top/citi/authsys/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://webspined.top/citi/authsys/

Response headers

Content-Type: text/html
Content-Length: 71
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
BK-Server: fa16
Date: Thu, 02 Apr 2020 00:44:00 GMT
Connection: keep-alive
X-N: S

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 76 KB
28 KB 18ms
18ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6260004

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/citi_files/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8fdcf1d22049a6f725493a3af93661653cfb72c4f39dfd9f79a0dba50fa1a0e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Thu, 02 Apr 2020 00:44:00 GMT
content-encoding: br
status: 200
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 29057
x-xss-protection: 0
last-modified: Thu, 02 Apr 2020 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 02 Apr 2020 00:44:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 76 KB
28 KB 15ms
15ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6269322

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/citi_files/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9ab7b15e7ca2ecd729b50fa7ea139c0a016002fa7e60c76f3f9bf859e5c6155d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Thu, 02 Apr 2020 00:44:00 GMT
content-encoding: br
status: 200
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 29058
x-xss-protection: 0
last-modified: Thu, 02 Apr 2020 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 02 Apr 2020 00:44:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 76 KB
28 KB 16ms
16ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6256710

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/citi_files/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bcee6906648815f51e336c92ac914e938ce6c4a1df7b2434e1bb7e48d90af0a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Thu, 02 Apr 2020 00:44:00 GMT
content-encoding: br
status: 200
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 29058
x-xss-protection: 0
last-modified: Thu, 02 Apr 2020 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 02 Apr 2020 00:44:00 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 26 KB
11 KB 76ms
34ms Script
text/javascript 172.217.22.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/citi_files/js_002

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.22.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s18-in-f98.1e100.net

Software

cafe /

Resource Hash

c8315c48b8f80779e22bc530bfc4baed43557184372dd8ef2b37954ade2b1f33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Thu, 02 Apr 2020 00:44:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 10010
x-xss-protection: 0
server: cafe
etag: 11725776011496351048
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 02 Apr 2020 00:44:00 GMT

GET
H2 200 up
insight.adsrvr.org/track/ Frame 6799 0
0 129ms
41ms Document
text/html 54.246.153.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=1jw5cvl&ref=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&upid=t1sl5ty&upv=1.1.0&orderid={orderid}&v={v}&vf={vf}&td1=jUSCBOL_Loginpage_Uncookied&td2=undefined&td3=undefined&td4=Non%20Cookied%20Username%20Password%20&td5=https://webspined.top/citi/authsys/&td6={td6}&td7={td7}&td8={td8}&td9={td9}&td10={td10}
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.246.153.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-246-153-43.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: insight.adsrvr.org
:scheme: https
:path: /track/up?adv=1jw5cvl&ref=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&upid=t1sl5ty&upv=1.1.0&orderid={orderid}&v={v}&vf={vf}&td1=jUSCBOL_Loginpage_Uncookied&td2=undefined&td3=undefined&td4=Non%20Cookied%20Username%20Password%20&td5=https://webspined.top/citi/authsys/&td6={td6}&td7={td7}&td8={td8}&td9={td9}&td10={td10}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://webspined.top/citi/authsys/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://webspined.top/citi/authsys/

Response headers

status: 200
date: Thu, 02 Apr 2020 00:44:00 GMT
content-type: text/html
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 cool-2.1.15.min.js Show response
nebula-cdn.kampyle.com/resources/onsite/js/ 14 KB
5 KB 58ms
17ms Script
application/javascript 151.101.13.175
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
Requested by: Host: resources.digital-cloud-citi.medallia.com
URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1583759509314.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.175 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Thu, 02 Apr 2020 00:44:00 GMT
content-encoding: gzip
age: 0
via: 1.1 varnish, 1.1 varnish
x-cache: HIT, HIT
status: 200
content-length: 5197
x-amz-request-id: 9951A5F978E3F1C8
x-amz-id-2: XqVaKHOURU7MwBcpCCMUctvOEFoT/DWescBxrAjf4sZMYSxmxYYg9yZGPXef3JTIqggebmjHsaM=
x-served-by: cache-iad2139-IAD, cache-fra19141-FRA
last-modified: Tue, 17 Mar 2020 11:10:17 GMT
server: AmazonS3
x-timer: S1585788241.880158,VS0,VE0
etag: "80dd5e3be5152c5c72d552c6a26ef6ff"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 1, 159473

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/ 2 KB
1 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1585788240865&cv=9&fst=1585788240865&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9660e09e543c84a49795e20edabf9e556f318f26950d4e9af63542f6a02bf6f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:44:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 1073
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/ 2 KB
1 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1585788240866&cv=9&fst=1585788240866&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f87d7b799acda2dd9312fcbfd7906d2c22b76217217e7a79d743fef63f35bf0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:44:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 1073
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/ 2 KB
1 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1585788240867&cv=9&fst=1585788240867&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dbae660b539470fbd26b9dcfb6a4731aaa23c288fea3bd66b1b088cc9d0604ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:44:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 1072
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/ 2 KB
1 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1585788240868&cv=9&fst=1585788240868&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

79342655917e5127eec26a837acdb9d7e3572b9e7eae90f9d88f7df6eeb9d2ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:44:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 1072
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/763960929/ 2 KB
1 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/763960929/?random=1585788240869&cv=9&fst=1585788240869&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0704ee29258fbb5a2d0f46347228cc753f0a4a6bdf9fb15a618080ab66c3286b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:44:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 1072
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.de/pagead/1p-user-list/975701947/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1585788240867&cv=9&fst=1585788240867&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1200&u_...
https://www.google.com/pagead/1p-user-list/975701947/?random=1585788240867&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u...
https://www.google.de/pagead/1p-user-list/975701947/?random=1585788240867&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_...

42 B
110 B

20ms
20ms

Image
image/gif

2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/975701947/?random=1585788240867&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=2483620994&resp=GooglemKTybQhCsO&ipr=y&ezwbk=AZuM4hCnpBi4DYWBAc9UZunEaORnDwgYji9FzIC2AUc06YWrgV7lPbJAi8S-W7kj2USYyHnYqDM5UurQt7iBvv0b6Qml

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:44:00 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:44:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/pagead/1p-user-list/975701947/?random=1585788240867&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=2483620994&resp=GooglemKTybQhCsO&ipr=y&ezwbk=AZuM4hCnpBi4DYWBAc9UZunEaORnDwgYji9FzIC2AUc06YWrgV7lPbJAi8S-W7kj2USYyHnYqDM5UurQt7iBvv0b6Qml
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.de/pagead/1p-user-list/770961656/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/770961656/?random=1585788240867&cv=9&fst=1585788240867&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1200&u_...
https://www.google.com/pagead/1p-user-list/770961656/?random=1585788240867&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u...
https://www.google.de/pagead/1p-user-list/770961656/?random=1585788240867&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_...

42 B
110 B

18ms
18ms

Image
image/gif

2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/770961656/?random=1585788240867&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=2392277057&resp=GooglemKTybQhCsO&ipr=y&ezwbk=AZuM4hAPLTJrs449403j7k1BVVKsKjQ7Rrv85E5-aTn6FkRomAzAYtAmqolby55N56azEZFstbSgo2fn9l15LqEmj0JN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:44:00 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:44:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/pagead/1p-user-list/770961656/?random=1585788240867&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=2392277057&resp=GooglemKTybQhCsO&ipr=y&ezwbk=AZuM4hAPLTJrs449403j7k1BVVKsKjQ7Rrv85E5-aTn6FkRomAzAYtAmqolby55N56azEZFstbSgo2fn9l15LqEmj0JN
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.de/pagead/1p-user-list/819500023/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1585788240867&cv=9&fst=1585788240867&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1200&u_...
https://www.google.com/pagead/1p-user-list/819500023/?random=1585788240867&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u...
https://www.google.de/pagead/1p-user-list/819500023/?random=1585788240867&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_...

42 B
110 B

19ms
19ms

Image
image/gif

2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/819500023/?random=1585788240867&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=3591176530&resp=GooglemKTybQhCsO&ipr=y&ezwbk=AZuM4hAU4BCBd1QMCBVjxvCQjaYgn0L2uw3BiC5pWSKcd1uROWgbRNZf69H-4Dg2Z1hoE2FSVBfR68w7FDTwS8V5KOGN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:44:00 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:44:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/pagead/1p-user-list/819500023/?random=1585788240867&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=3591176530&resp=GooglemKTybQhCsO&ipr=y&ezwbk=AZuM4hAU4BCBd1QMCBVjxvCQjaYgn0L2uw3BiC5pWSKcd1uROWgbRNZf69H-4Dg2Z1hoE2FSVBfR68w7FDTwS8V5KOGN
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.de/pagead/1p-user-list/763960929/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/763960929/?random=1585788240867&cv=9&fst=1585788240867&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1200&u_...
https://www.google.com/pagead/1p-user-list/763960929/?random=1585788240867&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u...
https://www.google.de/pagead/1p-user-list/763960929/?random=1585788240867&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_...

42 B
110 B

19ms
19ms

Image
image/gif

2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/763960929/?random=1585788240867&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=2615480674&resp=GooglemKTybQhCsO&ipr=y&ezwbk=AZuM4hCz8Xfwj3myxj4QCzB1Vp4lT3dSDNrgGic4aj952KfSfX091CG4o2z9R3oai1lYmBTnWZ8eX1ZWjrT0BH1R2A2j

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:44:00 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:44:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/pagead/1p-user-list/763960929/?random=1585788240867&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=2615480674&resp=GooglemKTybQhCsO&ipr=y&ezwbk=AZuM4hCz8Xfwj3myxj4QCzB1Vp4lT3dSDNrgGic4aj952KfSfX091CG4o2z9R3oai1lYmBTnWZ8eX1ZWjrT0BH1R2A2j
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.de/pagead/1p-user-list/960621875/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1585788240868&cv=9&fst=1585788240868&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1200&u_...
https://www.google.com/pagead/1p-user-list/960621875/?random=1585788240868&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u...
https://www.google.de/pagead/1p-user-list/960621875/?random=1585788240868&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_...

42 B
110 B

18ms
18ms

Image
image/gif

2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/960621875/?random=1585788240868&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=724926823&resp=GooglemKTybQhCsO&ipr=y&ezwbk=AZuM4hCiYuuD2tb8H6V0hS4DfU0x2C8z6DBKbObyUs8P60qPg5_XIVoxVcGrnqrc6AlHBy87alWcBm-2oShXv3PB7w2b

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:44:00 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:44:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/pagead/1p-user-list/960621875/?random=1585788240868&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=724926823&resp=GooglemKTybQhCsO&ipr=y&ezwbk=AZuM4hCiYuuD2tb8H6V0hS4DfU0x2C8z6DBKbObyUs8P60qPg5_XIVoxVcGrnqrc6AlHBy87alWcBm-2oShXv3PB7w2b
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.de/pagead/1p-user-list/916451471/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1585788240868&cv=9&fst=1585788240868&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1200&u_...
https://www.google.com/pagead/1p-user-list/916451471/?random=1585788240868&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u...
https://www.google.de/pagead/1p-user-list/916451471/?random=1585788240868&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_...

42 B
110 B

18ms
17ms

Image
image/gif

2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/916451471/?random=1585788240868&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=3923891799&resp=GooglemKTybQhCsO&ipr=y&ezwbk=AZuM4hDAlpYLfKy9yAszMT-hp5irYtBeTKRhfUGOaz1HdM0qH1MRAgGw2NF-N_ZBKx4i7_2KFFr1cWcx5E9q20EO0smg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:44:00 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:44:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/pagead/1p-user-list/916451471/?random=1585788240868&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=3923891799&resp=GooglemKTybQhCsO&ipr=y&ezwbk=AZuM4hDAlpYLfKy9yAszMT-hp5irYtBeTKRhfUGOaz1HdM0qH1MRAgGw2NF-N_ZBKx4i7_2KFFr1cWcx5E9q20EO0smg
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.de/pagead/1p-user-list/975701947/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1585788240868&cv=9&fst=1585788240868&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1200&u_...
https://www.google.com/pagead/1p-user-list/975701947/?random=1585788240868&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u...
https://www.google.de/pagead/1p-user-list/975701947/?random=1585788240868&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_...

42 B
110 B

19ms
18ms

Image
image/gif

2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/975701947/?random=1585788240868&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=2704608859&resp=GooglemKTybQhCsO&ipr=y&ezwbk=AZuM4hAWI1atug4zwMKSWU3nSYeXCUkcO4XcxOY5izTa4zs9igxPj3c0f6P2M0luRXPIpUPSSzAYwJ0VaR1-GB6tK9pd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:44:01 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:44:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/pagead/1p-user-list/975701947/?random=1585788240868&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=2704608859&resp=GooglemKTybQhCsO&ipr=y&ezwbk=AZuM4hAWI1atug4zwMKSWU3nSYeXCUkcO4XcxOY5izTa4zs9igxPj3c0f6P2M0luRXPIpUPSSzAYwJ0VaR1-GB6tK9pd
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.de/pagead/1p-user-list/770961656/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/770961656/?random=1585788240868&cv=9&fst=1585788240868&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1200&u_...
https://www.google.com/pagead/1p-user-list/770961656/?random=1585788240868&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u...
https://www.google.de/pagead/1p-user-list/770961656/?random=1585788240868&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_...

42 B
110 B

19ms
18ms

Image
image/gif

2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/770961656/?random=1585788240868&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=2806183770&resp=GooglemKTybQhCsO&ipr=y&ezwbk=AZuM4hAwws_C472qtdWzNXA7KoAXfw2EBAMPyANYKOS7L3qFJp9eG15IxK_u1hrOGmABW9EHFoCsXNcZzG_-q7wj_HTm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:44:01 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:44:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/pagead/1p-user-list/770961656/?random=1585788240868&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=2806183770&resp=GooglemKTybQhCsO&ipr=y&ezwbk=AZuM4hAwws_C472qtdWzNXA7KoAXfw2EBAMPyANYKOS7L3qFJp9eG15IxK_u1hrOGmABW9EHFoCsXNcZzG_-q7wj_HTm
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.de/pagead/1p-user-list/819500023/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1585788240868&cv=9&fst=1585788240868&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1200&u_...
https://www.google.com/pagead/1p-user-list/819500023/?random=1585788240868&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u...
https://www.google.de/pagead/1p-user-list/819500023/?random=1585788240868&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_...

42 B
110 B

20ms
19ms

Image
image/gif

2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/819500023/?random=1585788240868&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=1514269801&resp=GooglemKTybQhCsO&ipr=y&ezwbk=AZuM4hCh1fbT2Nb8YFP7-qcjBtBcBTTZw_9pRPnKdI_Z17v0S_YJ9-8nARvKtpIKPWPBN3QH0_EvoSb-RZSx6UFAPmQW

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:44:01 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:44:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/pagead/1p-user-list/819500023/?random=1585788240868&cv=9&fst=1585785600000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=1514269801&resp=GooglemKTybQhCsO&ipr=y&ezwbk=AZuM4hCh1fbT2Nb8YFP7-qcjBtBcBTTZw_9pRPnKdI_Z17v0S_YJ9-8nARvKtpIKPWPBN3QH0_EvoSb-RZSx6UFAPmQW
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/959299794/ 42 B
119 B 25ms
24ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/959299794/?random=1585788240865&cv=9&fst=1585785600000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=513714282&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:44:00 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/959299794/ 42 B
156 B 19ms
19ms Image
image/gif 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/959299794/?random=1585788240865&cv=9&fst=1585785600000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=513714282&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:44:00 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/916451471/ 42 B
119 B 60ms
60ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/916451471/?random=1585788240867&cv=9&fst=1585785600000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=862454971&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:44:00 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/916451471/ 42 B
110 B 20ms
20ms Image
image/gif 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/916451471/?random=1585788240867&cv=9&fst=1585785600000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=862454971&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:44:00 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/959299794/ 42 B
110 B 62ms
62ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/959299794/?random=1585788240868&cv=9&fst=1585785600000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=1843124288&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:44:01 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/959299794/ 42 B
110 B 18ms
18ms Image
image/gif 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/959299794/?random=1585788240868&cv=9&fst=1585785600000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=1843124288&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:44:01 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/763960929/ 42 B
110 B 26ms
26ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/763960929/?random=1585788240869&cv=9&fst=1585785600000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3895913690&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:44:01 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/763960929/ 42 B
110 B 19ms
18ms Image
image/gif 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/763960929/?random=1585788240869&cv=9&fst=1585785600000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3895913690&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:44:01 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/960621875/ 42 B
110 B 25ms
25ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/960621875/?random=1585788240866&cv=9&fst=1585785600000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=1957447878&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:44:01 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/960621875/ 42 B
110 B 18ms
18ms Image
image/gif 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/960621875/?random=1585788240866&cv=9&fst=1585785600000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwebspined.top%2Fciti%2Fauthsys%2F&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=1957447878&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:44:01 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
321 B 153ms
112ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKE1hY2ludG9zaDsgSW50ZWwgTWFjIE9TIFggMTBfMTRfNSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzc0LjAuMzcyOS4xNjkgU2FmYXJpLzUzNy4zNiIsInNlc3Npb25fcGxhdGZvcm0iOiAiTGludXggeDg2XzY0IiwidHJhY2tlcl90eXBlIjogImphdmFzY3JpcHQiLCJ0cmFja2VyX3ZlcnNpb24iOiAiMi4xLjE1IiwiZXZlbnRfbmFtZSI6ICJuZWJ1bGFfcGFnZV92aWV3IiwiZXZlbnRfdGltZXN0YW1wX2Vwb2NoIjogIjE1ODU3ODgyNDA4OTYiLCJldmVudF90aW1lem9uZV9vZmZzZXQiOiAyLCJ1c2VyX2lkIjogIjE3MTM4NTg0M2ZlOGFmLTAzZTY1ODRjNzVhMWJlLTM3NjQ3ZTAzLTFkNGMwMC0xNzEzODU4NDNmZmM3MCIsImVudmlyb21lbnQiOiAiZGlnaXRhbC1jbG91ZC11cy1jaXRpIiwiYWNjb3VudElkIjogNDksInVybCI6ICJodHRwczovL3dlYnNwaW5lZC50b3AvY2l0aS9hdXRoc3lzLyIsIndlYnNpdGVJZCI6IDUwLCJmZWVkYmFja191dWlkIjogbnVsbCwiZm9ybUlkIjogbnVsbCwiZm9ybVRyaWdnZXJUeXBlIjogbnVsbCwia2FtcHlsZV9kYXRhIjogeyJMQVNUX0lOVklUQVRJT05fVklFVyI6ICIiLCJERUNMSU5FRF9EQVRFIjogIiIsImthbXB5bGVJbnZpdGVQcmVzZW50ZWQiOiAiIiwia2FtcHlsZV91c2VyaWQiOiAiNGNmZi0zZjIyLTFkZDEtNThmZi03YmVlLTY5NDEtM2E3Ni1hZmU3Iiwia2FtcHlsZVVzZXJTZXNzaW9uIjogIjE1ODU3ODgyNDA4MzQiLCJrYW1weWxlVXNlclBlcmNlbnRpbGUiOiAiIiwiU1VCTUlUVEVEX0RBVEUiOiAiIn0sImNvb2tpZV9zaXplIjogMTExOSwia2FtcHlsZV92ZXJzaW9uIjogIjAuMC4wLjAiLCJoaXN0b3J5X2xlbmd0aCI6IDIsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE1ODU3ODgyNDA4MzYsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlfQpdfQ==
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.241.45.82 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-me: prod-instance-gatewayservice-green-vf1z
date: Thu, 02 Apr 2020 00:44:01 GMT
via: 1.1 google
alt-svc: clear
server: Jetty(9.2.11.v20150529)
access-control-allow-origin: *
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
status: 200
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
content-length: 0
x-application-context: application:9090

GET
H2 200 pp.html
cdn.pbbl.co/i/ Frame DBED 0
0 22ms
21ms Document
text/html 13.224.194.89
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pbbl.co/i/pp.html
Requested by: Host: cdn.pbbl.co
URL: https://cdn.pbbl.co/r/1560.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.224.194.89 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-194-89.fra2.r.cloudfront.net
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash

Request headers

:method: GET
:authority: cdn.pbbl.co
:scheme: https
:path: /i/pp.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://webspined.top/citi/authsys/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://webspined.top/citi/authsys/

Response headers

status: 200
content-type: text/html
server: nginx/1.10.3 (Ubuntu)
date: Thu, 02 Apr 2020 00:36:27 GMT
last-modified: Thu, 30 Jan 2020 18:07:58 GMT
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 0e75d8f2d484ce463fc04f5c422aa179.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: m-KmB-ykyU9Z7-eMGFv2TLbChSIe-46vuLgib83Ifl-SiD-3AUp55w==
age: 453

GET
H/1.1 200
OK cls_report Show response
prod.report.nacustomerexperience.citi.com/glassbox/reporting/ 0
612 B 859ms
135ms XHR
text/plain 192.193.179.248
CITIGROUP

General

Check archive.org

Show headers Download Go to

Full URL

https://prod.report.nacustomerexperience.citi.com/glassbox/reporting/cls_report?_cls_s=d414408c-e34f-4393-90e9-24cebeba8360%3A0&_cls_v=f6664156-53dd-4317-a3a0-24ce9fecdf0e

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.193.179.248 , United States, ASN25883 (CITIGROUP, US),

Reverse DNS

Software

GlassBox Cligate /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://webspined.top/citi/authsys/
Origin: https://webspined.top
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 02 Apr 2020 00:44:01 GMT
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Vary: Origin
Server: GlassBox Cligate
X-Akamai-CITISITE: GTDC
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://webspined.top
Access-Control-Allow-Credentials: true
Connection: close
Content-Length: 0

GET
H2

200

adadvisor.gif
px0.pbbl.co/
Redirect Chain

https://px0.pbbl.co/ns/__p2.gif?ppid=3e1c0eee-246a-4e02-bab7-f5ca1be77834&chk=false&brid=1560&brcid=&email=&orderId=&orderValue=&productId=&offerCode=&label=&pageUrl=https%3A%2F%2Fwebspined.top%2Fc...
https://aa.agkn.com/adscores/g.pixel?sid=9212282598&_ppid=3e1c0eee-246a-4e02-bab7-f5ca1be77834&_segid=99&iid=e52750fc-fb4b-4cd3-a468-74c77d315adc
https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=3e1c0eee-246a-4e02-bab7-f5ca1be77834&_segid=99&_zip=&hk=&iid=e52750fc-fb4b-4cd3-a468-74c77d315adc&mt=&bd=

42 B
131 B

135ms
135ms

Image
image/gif

2a00:1450:4001:821::2013
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=3e1c0eee-246a-4e02-bab7-f5ca1be77834&_segid=99&_zip=&hk=&iid=e52750fc-fb4b-4cd3-a468-74c77d315adc&mt=&bd=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:44:01 GMT
x-content-type-options: nosniff
server: Google Frontend
content-type: image/gif
status: 200
x-cloud-trace-context: b43b5d3e63e7b5ff6e806c414e414468
cache-control: must-revalidate, no-cache, no-store
content-length: 42
x-xss-protection: 1
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 02 Apr 2020 00:44:01 GMT
server: AAWebServer
location: https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=3e1c0eee-246a-4e02-bab7-f5ca1be77834&_segid=99&_zip=&hk=&iid=e52750fc-fb4b-4cd3-a468-74c77d315adc&mt=&bd=
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-length: 0
expires: 0

GET
H/1.1 200
OK clear.png Show response
content22.online.citi.com/fp/ Frame AB06 81 B
529 B 78ms
23ms XHR
image/png 91.235.134.21
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/clear.png

Requested by

Host: content22.online.citi.com
URL: https://content22.online.citi.com/fp/check.js;CIS3SID=E3115D3C2DEA06CEDEA53575A0B33A38?org_id=89oebq5k&session_id=dee744706fd062495a3eacc335976eb8b6a5971c0332489c5b7791fe3abfdf78&nonce=29d4f1193d5652ad&pageid=1&jb=333726246a736d753f4e696e777a2662736f3f4c696c777a246a7b603f436a7a6d6f65253a323736

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.134.21 , Netherlands, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*, 89oebq5k/29d4f1193d5652addee744706fd062495a3eacc335976eb8b6a5971c0332489c5b7791fe3abfdf78
Referer: https://webspined.top/citi/authsys/
Origin: https://webspined.top
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 02 Apr 2020 00:44:01 GMT
Last-Modified: Thu, 02 Apr 2020 00:44:01 GMT
Server: Apache
Etag: 407c0a35ecb24b14b3bb865e4905b3b8
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Access-Control-Allow-Origin: https://webspined.top
Cache-Control: private, must-revalidate, max-age=0
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
Expires: Tue, 01 Apr 2025 00:44:01 GMT

GET
H/1.1 200
OK ls_fp.html;CIS3SID=E19ECDE603DE58F29C8F7BCF825C1BAA
content22.online.citi.com/fp/ Frame 6B2B 0
0 33ms
33ms Document
text/html 91.235.134.21
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/ls_fp.html;CIS3SID=E19ECDE603DE58F29C8F7BCF825C1BAA?org_id=89oebq5k&session_id=dee744706fd062495a3eacc335976eb8b6a5971c0332489c5b7791fe3abfdf78&nonce=29d4f1193d5652ad&pageid=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.134.21 , Netherlands, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: content22.online.citi.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://webspined.top/citi/authsys/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: s_vi=[CS]v1|2F429AA78515C6E8-400007C1C1C287E7[CE]; thx_guid=c61a23ef9f264a9292945309cd9074d8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://webspined.top/citi/authsys/

Response headers

Date: Thu, 02 Apr 2020 00:44:01 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=99
Transfer-Encoding: chunked

GET
H/1.1 204
No Content clear.png Show response
content22.online.citi.com/fp/ Frame AB06 0
387 B 28ms
28ms Script
text/javascript 91.235.134.21
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=dee744706fd062495a3eacc335976eb8b6a5971c0332489c5b7791fe3abfdf78&nonce=29d4f1193d5652ad&if=ls

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.134.21 , Netherlands, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Pragma: no-cache
Date: Thu, 02 Apr 2020 00:44:01 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=99
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK sid_fp.html;CIS3SID=E19ECDE603DE58F29C8F7BCF825C1BAA
h.online-metrix.net/fp/ Frame AFC1 0
0 86ms
26ms Document
text/html 91.235.132.130
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/fp/sid_fp.html;CIS3SID=E19ECDE603DE58F29C8F7BCF825C1BAA?org_id=89oebq5k&session_id=dee744706fd062495a3eacc335976eb8b6a5971c0332489c5b7791fe3abfdf78&nonce=29d4f1193d5652ad&pageid=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.132.130 , Netherlands, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: h.online-metrix.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://webspined.top/citi/authsys/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://webspined.top/citi/authsys/

Response headers

Date: Thu, 02 Apr 2020 00:44:01 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=100
Transfer-Encoding: chunked

GET
H/1.1 204
No Content clear.png Show response
h.online-metrix.net/fp/ Frame AB06 0
388 B 84ms
23ms Script
text/javascript 91.235.132.130
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/fp/clear.png?org_id=89oebq5k&session_id=dee744706fd062495a3eacc335976eb8b6a5971c0332489c5b7791fe3abfdf78&nonce=29d4f1193d5652ad&if=sid

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.132.130 , Netherlands, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Pragma: no-cache
Date: Thu, 02 Apr 2020 00:44:01 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
No Content clear.png Show response
content22.online.citi.com/fp/ Frame AB06 0
387 B 23ms
23ms Script
text/javascript 91.235.134.21
THM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.134.21 , Netherlands, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Pragma: no-cache
Date: Thu, 02 Apr 2020 00:44:01 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=99
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK top_fp.html;CIS3SID=E19ECDE603DE58F29C8F7BCF825C1BAA
content22.online.citi.com/fp/ Frame C9E6 0
0 26ms
26ms Document
text/html 91.235.134.21
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/top_fp.html;CIS3SID=E19ECDE603DE58F29C8F7BCF825C1BAA?org_id=89oebq5k&session_id=dee744706fd062495a3eacc335976eb8b6a5971c0332489c5b7791fe3abfdf78&nonce=29d4f1193d5652ad&pageid=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.134.21 , Netherlands, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: content22.online.citi.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://webspined.top/citi/authsys/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: s_vi=[CS]v1|2F429AA78515C6E8-400007C1C1C287E7[CE]; thx_guid=c61a23ef9f264a9292945309cd9074d8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://webspined.top/citi/authsys/

Response headers

Date: Thu, 02 Apr 2020 00:44:01 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=98
Transfer-Encoding: chunked

GET
H/1.1 204
204 clear.png Show response
content22.online.citi.com/fp/ Frame AB06 0
218 B 25ms
24ms Script
text/javascript 91.235.134.21
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=dee744706fd062495a3eacc335976eb8b6a5971c0332489c5b7791fe3abfdf78&nonce=29d4f1193d5652ad&pageid=1&ja=3631322426773f63373131663130356c3835373935346724613d3e32247a3f3e3224663d3934303278333032302e6c72723f332e393632307a3130323024636e3d31363230783332323226737a7b3d387830247363663f303626646a3f68767c727125334927324425304475656a7b72696c676626746d702732446169766b2d3246617774687179712732462466723526703f706c77656b6c5f6e6e63736a5664636c736d23706e75656b6c5f7f616c646d7571576d67646b615d726c637b6d725e66636c736721726e75676b6c5f69646f60655f6361706d6269765c666364716721706477676b6e5d7377696b6376696f675c6e616e736721726e75656b665f73686d636b756174675e66636e736d21706e75676b6c5d7065696e726c637167705e66696e736721726e776761665d766e615d786c637967725c64616e716d21706c7767696c5f666776616e74725666616e736523726e7767616c5d73746f5d7469657f67725c66636e716529786e75656b6c576a6376635e64636c71672e68683d363764636431333166333a623c333931636335613030646e353736616b3164312662716f3f4c6b6c77782e6271623f416a7a6f6f65273232353424687b6f753d4e696e7778246c68633f33362e6e646f3d38247678663d4d77706f726d273046426d706c6b6e246f6374607a3f343232316c316132606561323267346b6335363230383061663335353632316e643437383833363366366d636332366c613b34616e6064353231333131313e6326677a313534676264323a303830676d6230363530663234376365636463306a386137643033676737306c643426616b663f323038323032&jb=313630246c713f4d6d78696c6e63253a46352c302530322a4f616b6b6c746d7b6a2733422d30304b6e76676e253a384f61612730384f512530305a27323233385f31345d35292732324370706e67576d624b6b742530443731372631342530382a494854454e2530432730326c616367253032456d63696f2b253032436a70676d6525304637362e322c3337303b2e393639273230516364637261273046373b352c3336

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.134.21 , Netherlands, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Thu, 02 Apr 2020 00:44:01 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=98
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript;charset=UTF-8

GET
H/1.1 200
OK clear.png
89oebq5ko2dae7iipqlrf55dqum7x5kazulxaynv29d4f1193d5652adam1.e.aa.online-metrix.net/fp/ Frame AB06 81 B
438 B 91ms
23ms Image
image/png 91.235.134.131
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://89oebq5ko2dae7iipqlrf55dqum7x5kazulxaynv29d4f1193d5652adam1.e.aa.online-metrix.net/fp/clear.png?org_id=89oebq5k&session_id=dee744706fd062495a3eacc335976eb8b6a5971c0332489c5b7791fe3abfdf78&nonce=29d4f1193d5652ad&pageid=1&di=yes

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.134.131 , Netherlands, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Thu, 02 Apr 2020 00:44:01 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: close
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H/1.1 200
OK cls_report Show response
prod.report.nacustomerexperience.citi.com/glassbox/reporting/ 10 KB
2 KB 550ms
137ms XHR
application/json 192.193.179.248
CITIGROUP

General

Check archive.org

Show headers Download Go to

Full URL

https://prod.report.nacustomerexperience.citi.com/glassbox/reporting/cls_report?clsjsv=6.2.78B29&_cls_s=d414408c-e34f-4393-90e9-24cebeba8360:0&_cls_v=f6664156-53dd-4317-a3a0-24ce9fecdf0e&pid=54878ffc-22f4-40cd-93d4-eb24f3cc8c63&sn=1

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.193.179.248 , United States, ASN25883 (CITIGROUP, US),

Reverse DNS

Software

GlassBox Cligate /

Resource Hash

4fb541be6f8cf3eedcbe818004ebaa25b1bda59c6845a45414fa34927780eae9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://webspined.top/citi/authsys/
Origin: https://webspined.top
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Date: Thu, 02 Apr 2020 00:44:02 GMT
Content-Encoding: gzip
Vary: Origin
Server: GlassBox Cligate
X-Akamai-CITISITE: GTDC
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: application/json
Access-Control-Allow-Origin: https://webspined.top
Access-Control-Allow-Credentials: true
Connection: close
Transfer-Encoding: chunked

GET
H/1.1 204
No Content clear.png Show response
content22.online.citi.com/fp/ Frame AB06 0
387 B 24ms
23ms Script
text/javascript 91.235.134.21
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=dee744706fd062495a3eacc335976eb8b6a5971c0332489c5b7791fe3abfdf78&nonce=29d4f1193d5652ad&pageid=1&jac=1&je=32353124267767627076635f6b6c746d726e636c5f6b723f67323963603464692f3335646e2f3431633a2f60386e3a2f6235333630323b66343263302e6e6d6b616c2c31646130353564642d3b3a30392d343464652f3b643633253331393431633b62623e61312c6c6d61636c2e7f676270766157657a7467726c636c5d6b783d3139372e3236322c3031332c3335382662637473763f79206c6d74676c2032332c3030242073766176777122322a6168637065616e65227f266377646a3f6c6462653163633435313061326764336d3537376632646737666239353533326967353535393261353032646361393f67376133313a33373230343532663664

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.134.21 , Netherlands, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://webspined.top/citi/authsys/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Pragma: no-cache
Date: Thu, 02 Apr 2020 00:44:01 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=97
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H/1.1 200
OK cls_report Show response
prod.report.nacustomerexperience.citi.com/glassbox/reporting/ 10 KB
2 KB 727ms
312ms XHR
application/json 192.193.179.248
CITIGROUP

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.193.179.248 , United States, ASN25883 (CITIGROUP, US),

Reverse DNS

Software

GlassBox Cligate /

Resource Hash

4fb541be6f8cf3eedcbe818004ebaa25b1bda59c6845a45414fa34927780eae9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://webspined.top/citi/authsys/
Origin: https://webspined.top
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Date: Thu, 02 Apr 2020 00:44:11 GMT
Content-Encoding: gzip
Vary: Origin
Server: GlassBox Cligate
X-Akamai-CITISITE: GTDC
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: application/json
Access-Control-Allow-Origin: https://webspined.top
Access-Control-Allow-Credentials: true
Connection: close
Transfer-Encoding: chunked

POST
H/1.1 200
OK cls_report Show response
prod.report.nacustomerexperience.citi.com/glassbox/reporting/ 10 KB
2 KB 549ms
136ms XHR
application/json 192.193.179.248
CITIGROUP

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: webspined.top
URL: https://webspined.top/citi/authsys/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.193.179.248 , United States, ASN25883 (CITIGROUP, US),

Reverse DNS

Software

GlassBox Cligate /

Resource Hash

4fb541be6f8cf3eedcbe818004ebaa25b1bda59c6845a45414fa34927780eae9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://webspined.top/citi/authsys/
Origin: https://webspined.top
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Date: Thu, 02 Apr 2020 00:44:11 GMT
Content-Encoding: gzip
Vary: Origin
Server: GlassBox Cligate
X-Akamai-CITISITE: GTDC
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: application/json
Access-Control-Allow-Origin: https://webspined.top
Access-Control-Allow-Credentials: true
Connection: close
Transfer-Encoding: chunked

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: localhost
URL: http://localhost:4200/assets/sitecat.json

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citibank (Banking)

557 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

15 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAAAOMSNrQwNzS1NDexNDE3MzAxNjO2NBLiM9R1TXKtTMxxcw4qDXMGAOeiQGMlAAAA
.webspined.top/	1970-01-19 10:39:24	Name: _gcl_au Value: 1.1.1630767203.1585788241
.rfihub.com/	1970-01-19 17:51:24	Name: rud Value: H4sIAAAAAAAAAOMSNrQwNzS1NDexNDE3MzAxNjO2NBLiM9R1TXKtTMxxcw4qDXOW4jU0tTA1t7AwMra0MDMHAJec7200AAAA
webspined.top/	1970-01-19 17:15:24	Name: count Value: 1
.demdex.net/	1970-01-19 12:49:00	Name: demdex Value: 14190249290536906613135271964089787484
webspined.top/	1970-01-20 02:01:00	Name: AMCV_61834D9B5228A7430A490D45%40AdobeOrg Value: -330454231%7CMCIDTS%7C18355%7CMCMID%7C18788384524427229502459285375068806655%7CMCAAMLH-1586393039%7C6%7CMCAAMB-1586393039%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1585795439s%7CNONE%7CMCSYNCSOP%7C411-18362%7CMCAID%7C2F429AA78515C6E8-400007C1C1C287E7%7CvVersion%7C3.1.2
.webspined.top/	1969-12-31 23:59:59	Name: cdContextId Value: 2
.webspined.top/	1970-01-19 17:15:24	Name: bmuid Value: 1585788239578-87D28A77-7682-453B-9C55-2FD069CD83FC
.webspined.top/	1969-12-31 23:59:59	Name: _cls_s Value: d414408c-e34f-4393-90e9-24cebeba8360:0
.webspined.top/	1970-01-21 04:17:48	Name: _cls_v Value: f6664156-53dd-4317-a3a0-24ce9fecdf0e
webspined.top/	1970-01-19 08:29:50	Name: 7018 Value:
webspined.top/	1969-12-31 23:59:59	Name: AMCVS_61834D9B5228A7430A490D45%40AdobeOrg Value: 1
.webspined.top/	1970-01-19 08:30:09	Name: cdSNum Value: 1585788240005-sjn0000775-88a0d3c6-7aca-4d11-a7ff-8fd59fbb1895
webspined.top/	1970-01-19 08:29:50	Name: 7830 Value: error
.webspined.top/	1970-01-19 08:49:57	Name: mbox Value: check#true#1585788300\|session#093b998952cc476487d7d08e12b876dd#1585790100\|PC#5e35a3e79b3f4d7a86cdb5e1c6b565f6.22_0#1586997840

10 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	error	URL: https://webspined.top/citi/authsys/citi_files/cool-2.js(Line 13) Message: Cooladata error: 'cooladata' object not initialized. Ensure you are using the latest version of the Cooladata JS Library along with the snippet we provide.
console-api	log	URL: https://webspined.top/citi/authsys/citi_files/tagging.js(Line 316) Message: Started tagging.js core
console-api	log	URL: https://webspined.top/citi/authsys/citi_files/Bootstrap.js(Line 136) Message: addMbox_tnt_cards value is false
console-api	log	URL: https://webspined.top/citi/authsys/citi_files/bcsid.js(Line 5) Message: Setting new bcsid Cookie
console-api	log	URL: https://webspined.top/citi/authsys/(Line 1585) Message: rsa flagtrue
console-api	log	URL: https://webspined.top/citi/authsys/(Line 1605) Message: isDCAFallback flag value is : false
console-api	log	URL: https://webspined.top/citi/authsys/(Line 2632) Message: qrsignon cookie not found!
console-api	log	URL: https://webspined.top/citi/authsys/citi_files/TMXProfiling.js(Line 4) Message: start tmxProfiling.js
console-api	log	URL: https://webspined.top/citi/authsys/citi_files/TMXProfiling.js(Line 6) Message: tmxProfiling js execute
console-api	log	(Line 11) Message: test 12

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

20766699p.rfihub.com
6260004.fls.doubleclick.net
89oebq5ko2dae7iipqlrf55dqum7x5kazulxaynv29d4f1193d5652adam1.e.aa.online-metrix.net
a.rfihub.com
aa.agkn.com
ad.doubleclick.net
adservice.google.com
api.rlcdn.com
c1.rfihub.net
cdn.pbbl.co
cdn.tt.omtrdc.net
cfr.us.v2.we-stats.com
citi.demdex.net
citicorpcreditservic.tt.omtrdc.net
cm.everesttech.net
content22.online.citi.com
cse.google.com
cyseal.cyveillance.com
d.agkn.com
dpm.demdex.net
googleads.g.doubleclick.net
gwmtracking.com
h.online-metrix.net
insight.adsrvr.org
js.adsrvr.org
localhost
metrics1.citi.com
mpsnare.iesnare.com
nebula-cdn.kampyle.com
nexus.ensighten.com
prod.report.nacustomerexperience.citi.com
pt.ispot.tv
px0.pbbl.co
resources.digital-cloud-citi.medallia.com
s.ytimg.com
sr.rlcdn.com
stags.bluekai.com
tags.bkrtx.com
udc-neb.kampyle.com
webspined.top
www.facebook.com
www.google.com
www.google.com.pk
www.google.de
www.googleadservices.com
www.googletagmanager.com
localhost
104.111.235.198
104.111.245.241
108.128.20.85
13.224.194.89
143.204.94.29
151.101.13.175
151.101.14.109
151.101.14.133
172.217.18.166
172.217.22.98
178.159.36.169
18.197.253.20
192.193.179.248
193.0.160.128
216.200.122.11
23.36.234.139
23.45.237.36
2600:9000:21f3:a600:19:fc2c:a140:93a1
2a00:1450:4001:800::2008
2a00:1450:4001:808::2003
2a00:1450:4001:808::2004
2a00:1450:4001:809::2003
2a00:1450:4001:815::200e
2a00:1450:4001:81d::2002
2a00:1450:4001:821::200e
2a00:1450:4001:821::2013
2a00:1450:4001:825::2002
2a03:2880:f11c:8183:face:b00c:0:25de
3.212.137.125
35.181.91.36
35.190.72.21
35.241.45.82
35.244.174.68
40.122.110.249
52.129.74.12
52.29.85.133
52.50.37.223
54.246.153.43
66.117.28.86
66.117.29.3
91.235.132.130
91.235.134.131
91.235.134.21
0227e0e4dea130eb6f3163aa3ab03720dce83a0e219c282189b03bc5b8a727e3
02c39275000c1280f9cde808ebe731ec1924477305678759c1140ecaac49eba0
043494ebdb60e363e2e8e0fa548a3863505bda2d81f28d2bf87d4f11380f39f4
0615974c40d602afdbf9759533e352bc17b0458c85aad6694b1a1ad20659625b
06dfb367edf9bbff810def9f75f8695b3ccfbcb2813306609fc6e18fcacfc17e
0704ee29258fbb5a2d0f46347228cc753f0a4a6bdf9fb15a618080ab66c3286b
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
128b5eb2de7c92e9be2f566be1ce1a72763a9be9d4c7554f7ea493f57d7e39e9
138fe842faa49a5018ecd6e3ff4a007d5f06038ef8b960ffd78dd81f4030187a
147d5785b25331ac266f34841b05b4401ec78b0e0de6f85d63993ab0a9b5a253
157430093a6d2ee63082eae5dabf826926d3b6259d33482aa6713c48728e82fa
1cc4ec61057f30cea6d47126e0444f119b2606720b1fe8d7e0deff1f5742a82b
1d6b802e59b40aa8540347ab5a754ef472500480deeeea720385753ba96cc8e8
1f2a0e7aa3dabf73dae3cc7c1e53a70ec51145b39b027bdc1ecae9223c0c80d2
2233a44f005e8d416636e52aca33bc7ce726c1ab4d0801865162829d762c6de2
2a67d674e320aa90f0aede04b6ef33f0c5058f51ba35992143d668835250ada0
2e7fac07c1498796cf73dca06ee162b3d56a40908c857ca881b03f67db2fcbe9
31b00ff4929696dfca06885da68e58c3e09f6ecb4ae0fe1ae287e99a3fd1f716
34642111cd1ba3966912f05c1d166e812429220dbba812d152c149f84783c2b4
3525861536a4eb2a3a4be1b235bafe9b5cadff8f88b751e5e97326d092c28060
356790802ecb2a1540d0579d10d2290a6617a87890ed3d704fd4b6135eb44151
359a00b9518a4295a70361f526a7d69cf7dc40099a5ff361a5fbf8c0ee034e0c
36d1a0ac4cda717bf036ac3e54ed0daabf8e33309691ccfacc9cea849d3eb7ab
3b937262381be3786c1ee9b1a8e59b0ac400f70f88d8cffb42d9ed75df8b18b5
3c4e5df63a7575dfc8c48d1ad0347e453251b45584c6f6f4c33270abdb666dc0
3cb1f89cca21255888919872c51263c08dfc181d2600d2375bdbd8fda57788ce
3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1
3fca3de24621f0f10186594054444d608016297c2e853e548710b3521e42a609
40a20291f9b526cba58796a4bbd0256d5663313e02c9d5ab5a842476562b3108
470006833167eb6002e768cbe0865a86338c1fec3955d551e0f4f1d6a0ef7fa6
495c2b78f2deeec56065c5078a56deb4b4b6601773c98224cbe8517d0545adb2
4999a8bcfc1f9fd95a0c4e42cfbac1abdf5a6c9e26734abbe4bc157b8c2b49ab
4fb541be6f8cf3eedcbe818004ebaa25b1bda59c6845a45414fa34927780eae9
506575b752d10714465811aec4dd67a7bfb471fcbc2e9619c1faad68c110759e
52541e17b026b0a2a1edefe177cdd7597acf5ca74c519799809fe9f38402157b
55e066703c69d4d89a1f4d66794d474aa93d710624d8f807096bac17a7867b17
575d697f703ea404e1a023022aaeaaa81e98d1873cf2e7687238bd1606e4f625
60530e65137696fe313bb53b8b09544fae9ee82b9634f3b16af4438297dd143d
60fcfe811268e269a4e8c342e0edd9408427d7389f65cea4eec505723652ad4e
6177c6163dc1ad67fb596a94ef3d18a277bfd437dbb3c1a928cd6caacefeff2e
629b48196dcc270143a42ce57535b251c655617f8d510277d4a05306c426fd38
69b6df72fc5ddac90642b033bbcb81f9f1fe6ff15cc0b5c8b2183f0f5ce56d35
6d3001c9deac8cb1f88ea5254105f8d678de5532f1998a24eab1b59906eaf86b
6eb1d03de72515523f07e2f8fa2d6f3484eb42ac4aad6988244846d0af2d06c2
6f14cc4c5407edf48c27a8c2236547d9dafdc0bad7fe57d9dee3175c6b455ba3
6f800dbc2a402619523db5634633c056edd6631a3e1c07272efcc72aba5f9e23
701d2f9f02741b8429f4fb892b2b48c34a8a0f9189cb09013b2799031f22e484
73abb973c9d3f9e993163c87527cc7fee2a76ad521e6b35f30edcdce5a5c700d
74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b
771c92ecc9167287111bc793f6392bfb0dc8a51a830b497f7591e6d3493fc1fc
79342655917e5127eec26a837acdb9d7e3572b9e7eae90f9d88f7df6eeb9d2ea
793c2f3d02d0bc3ad8a2cdc901b2134159b66245e951ac258fee1ac8b2709f44
7b8cd61f9d36175fe1b2fc50dfd1585716b9e55a87a82e8ec3c5d9739d6fb939
7cb24e06c00e47bb6bc6c38b935d6bc62817f656703387e4fb7591add96c7454
7d481eb36581746fd3662c7c452856b695df90cdce24664c48f565aa119c8b16
7df13706eaab8ce9a3dcd2a501f60bc66987c83834d07dfaf07ae56ef814c110
7ecf3bf86151cd72036fb67feb8fcbd8c80359e0ca871e1aeb955428ed43c26d
83131c408522e94ac63b45f687605389348c41ef4c5ce751758685e5344365f2
87a7e00bb3ffea9704720947aa77cb9491b7974323368ce730fc008095513863
880960ba5b705083263a8a5329436c1e436a4c5bd618e2551e3c313d18ef88e2
8cad2492e705a54e5c4a634509b1d6c836dfb5bd179c2e58063653cc8635d6df
8e60e8edaca8a3167fe48e62f9b53ba1989a5b6a23283555f09ab12175fed96e
8e8b13d585f2710514e09e8120bf507b30ab881a62154299ce43c5bce288295f
8fce07f6ce4b67e852cbde1f7ea1be5347ccedd87527d471edeacffa73e58850
8fdcf1d22049a6f725493a3af93661653cfb72c4f39dfd9f79a0dba50fa1a0e9
9338b86287d57dfdb5b6cd68c48bbb1159a1cccd449c0994156def09418446ee
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
9660e09e543c84a49795e20edabf9e556f318f26950d4e9af63542f6a02bf6f4
972256d3bce669df3ed0d7060d4b6897500a1a144c4891700370b6de287ac3d9
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9ab7b15e7ca2ecd729b50fa7ea139c0a016002fa7e60c76f3f9bf859e5c6155d
9ceaa25ec7654a66294c16e28989fbf1ecb9cebc9debe96ec597529465c7cd50
9dad502247a8488c21ef5beb32aed1a78b17b748711bec817c472911f76b4ead
9deb849bdc20c654810ae440c0c5110b1a1cbf2228e7a3b61db136a7633c0eda
a1f007507e50d55dcc97d31f69c0d0414f04c4e0ddad7c63d9521bbe66b61b9e
a20b43f346f0734db764746f51f8bc9b0b45905df2150c15a14f584dfd617f24
a612a8f640434c7aaee47569897c1fee79df6f146ec26115e2a8c9be645592b7
a66b9759aa91bdbca84797a0ca353252a6c65860c38bc6b04a03142d93c80640
a9623118fb6ec3944d1312cd0d492c3f32455e89bc1e01eafa67628a309d9c60
a9cebaefb3003c4944d0d59f71afdca3509d3975af5ff213d2750fdf8f719146
ae76982e42ad8bf33cc3a66ed389810d245242bcfa3dd2e3f05baf330f28098f
b2fc35bcf7ad38c6cbc6d170cc5bf15a688ba76d282272c3f0af4c6b31eb0631
bc4570a63016e2cf47c3a9622c57cc8936ee05f72f6b992afc2e277913d02fef
bc48b1398cf542a0fd37927aaa1b70f64a219e6f4000a2263efb5530808f836a
bcee6906648815f51e336c92ac914e938ce6c4a1df7b2434e1bb7e48d90af0a1
c0b33a28e2d8d0db35295a5c285f5112677dafcc5969eab3e5d20dc9b0867155
c3a8ca323bec5421ae00b96c3ea90ad575cda46fd7f7157522b42427dcb4aa22
c3c994c3fe9bd4e055f6d0eb42067ecd6bdd3247e136bc22835b9882cfe77c61
c713f9fee9d1408520f0badbe1fc24a6b395d2bbf4725aea52b495152aa96375
c8315c48b8f80779e22bc530bfc4baed43557184372dd8ef2b37954ade2b1f33
c8d8089cd33d869efa694df91d860ce8b4f88135e1f2b590906799dc7a19a65a
c9e01597adbb69b5680a9e8e70ea1eed8b96c729653b96d7ace857baf0dda3f1
ca7048dd1a1d15f42c04c8f3db2d3bcffc6c7eb1be4506ca9fe2651b07766641
cb2bb21705b9cce9781d02c9223f3344a65bd5314027d11c5a8518ad4bd84e84
cdb828e2f4e62e1900133748ba426481b6c8383ebaca93133988da409506d3b4
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d118102507b97407ebf1533cc98ccd2e9d244524b456fd9c2b469b553396238a
d586553c1682e2a6d1807a141d67bb3913f69970be78e7a59f3ab8f688289c89
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
d71b39784664cbc1e6905bd0c99918d0452ddf5ebf78f19e1721f4ba125e0d57
da404e8ea2cb998a7767487a51f6dbb1aa4ec9453dab7e71126cb6b0267fe6fe
dbae660b539470fbd26b9dcfb6a4731aaa23c288fea3bd66b1b088cc9d0604ea
dc4af510d48e699e43ac4bb6fdfeebab422ef11ce48041a7e3ae2e310efa6289
dc765047e383edcb315719ed6478836da867b23bcd7e0663a4309acd5bfd3415
dcaf84b08d6e019948a2b3c463d900cdb61edb7c9da998e3f56bd49075e1f870
dd256ae72a5f42f07046db6419e33dca617fe970ccb3844663a4fef8c23875e2
ddfc50334e444d16f275b7a81eb09c83ddd05bf00a3d47bef2d878671244f2f4
e226935ba96b671378a7552d0669729f2b4733fab20624ed8018e86bad35401e
e2812b1e3529e5f39e3b0586e82c7ad0dfc3fc61cfa0107edfac16483d0547d7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5168b3d0c8f929a1b8c4c1b4e4ebac60ee0e1ecfd759aeb4be4c2b15e3fc097
e5ee9aa788e2555cf3e81bfb7800a4560b335e8407e232b87fe01eee5e4aeaf1
e90fb0eba512ed6473f6fb8acf4cd09b38732f150f43c396246c12bb2aacbb67
eca1d20a663a7e242fa10ee2c58c742eb6292c898df29e16734ac7d0df29f277
ed48ae9c1a324d49404d9fb4c508b880ca97a65f8fd21d352e241d1e4dfc50e2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1703972ee925ffbb2d1c34963d21a902a2d762256107ce0f4ddd6a68674d56a
f1821b3865a1008ba0c088f7dc5c7eeb6b81e414461885c40b8d0f48fcbc9341
f2adfd83f8e9c7f3b092921eb5a59d4463041b2be8386a17ec7ac29d8d588470
f2dd1ff20c3df202418f9d59c76f40bdb304d7a85d7163fc9935391528f3dee8
f44e4692a52b6a382cb481e23f8bcb9a6d4c24eec8aa60143c7e2ca3a85758b2
f6293fa8c399fd492fb1d40068afee4415acd29c573e7b8661d9c49b1aecea95
f7c141c175b26180e968ca7d970b4b90a71757cfdc24b94edf259f7f868c5ad9
f82e13743e667ec749b08d88f08a2a2ea1f688de0b2724b9c0b0b61ca6d680e3
f87d7b799acda2dd9312fcbfd7906d2c22b76217217e7a79d743fef63f35bf0f
f9baacb75f3cb0e0911a506dbdab685aab38537ac52edda6f9b65bc5f0ea306d
f9bd92ac3e3a127d29f3f9786e6233961312cd256b895975cb5dce2f363916e8

webspined.top Open in urlscan Pro 178.159.36.169 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

232 Requests

99 %HTTPS

26 %IPv6

31 Domains

46 Subdomains

41 IPs

7 Countries

5208 kBTransfer

6664 kBSize

15 Cookies

59 Outgoing links

Redirected requests

232 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

webspined.top Open in urlscan Pro
178.159.36.169 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

232
Requests

99 %
HTTPS

26 %
IPv6

31
Domains

46
Subdomains

41
IPs

7
Countries

5208 kB
Transfer

6664 kB
Size

15
Cookies

232 HTTP transactions
0 data transactions