012sec-help-veri-citizen.duckdns.org Open in urlscan Pro
137.184.65.244 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://012sec-help-veri-citizen.duckdns.org/c32161a53ace4895767566eeb9b35503?token=1eb754ff1de286cfcf6468d6ec17aeb31c286880520203a10716d6b4d...
Effective URL:
http://012sec-help-veri-citizen.duckdns.org/61b199c498335b10f17ba9efa17efdad/?token=89f8085f02e23d95d64bd60d12575eec94e3c5ada612740f3d32b657...
Submission: On August 27 via automatic, source openphish (August 27th 2022, 1:35:54 am UTC) — Scanned from DE

Summary HTTP 45 Redirects Behaviour Indicators

Summary

This website contacted 9 IPs in 3 countries across 6 domains to perform 45 HTTP transactions. The main IP is 137.184.65.244, located in North Bergen, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is 012sec-help-veri-citizen.duckdns.org.

This is the only time 012sec-help-veri-citizen.duckdns.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citizens Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
4 6	137.184.65.244 137.184.65.244	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
20	2a02:26f0:dc:... 2a02:26f0:dc:18e::17c7	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	199.188.200.254 199.188.200.254	22612 (NAMECHEAP...) (NAMECHEAP-NET)
2	178.249.97.23 178.249.97.23	11054 (LIVEPERSON) (LIVEPERSON)
4	178.249.97.99 178.249.97.99	11054 (LIVEPERSON) (LIVEPERSON)
8	178.249.101.98 178.249.101.98	11054 (LIVEPERSON) (LIVEPERSON)
1	52.51.99.30 52.51.99.30	16509 (AMAZON-02) (AMAZON-02)
2	208.89.15.170 208.89.15.170	11054 (LIVEPERSON) (LIVEPERSON)
2	208.89.12.87 208.89.12.87	11054 (LIVEPERSON) (LIVEPERSON)
45	9

6 137.184.65.244 (North Bergen, United States) 4 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

012sec-help-veri-citizen.duckdns.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a02:26f0:dc:18e::17c7 (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)

www3.citizensbankonline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 199.188.200.254 (United States)

ASN22612 (NAMECHEAP-NET, US)
PTR: server267-5.web-hosting.com

devilsms.live	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.249.97.23 (United States)

ASN11054 (LIVEPERSON, US)

lptag.liveperson.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 178.249.97.99 (United States)

ASN11054 (LIVEPERSON, US)
PTR: lo-accdn.lpsnmedia.net

accdn.lpsnmedia.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 178.249.101.98 (United States)

ASN11054 (LIVEPERSON, US)
PTR: am-lpcdn.lpsnmedia.net

lpcdn.lpsnmedia.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.51.99.30 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-51-99-30.eu-west-1.compute.amazonaws.com

citizensbank.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 208.89.15.170 (United States)

ASN11054 (LIVEPERSON, US)
PTR: va.idp.liveperson.net

va.idp.liveperson.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 208.89.12.87 (United States)

ASN11054 (LIVEPERSON, US)
PTR: va.v.liveperson.net

va.v.liveperson.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	citizensbankonline.com www3.citizensbankonline.com — Cisco Umbrella Rank: 113240	181 KB
12	lpsnmedia.net accdn.lpsnmedia.net — Cisco Umbrella Rank: 2964 lpcdn.lpsnmedia.net — Cisco Umbrella Rank: 3411	429 KB
6	liveperson.net lptag.liveperson.net — Cisco Umbrella Rank: 3049 va.idp.liveperson.net — Cisco Umbrella Rank: 10514 va.v.liveperson.net — Cisco Umbrella Rank: 3427	119 KB
6	duckdns.org 4 redirects 012sec-help-veri-citizen.duckdns.org	47 KB
4	devilsms.live devilsms.live	2 KB
1	demdex.net citizensbank.demdex.net — Cisco Umbrella Rank: 22022	3 KB
45	6

	Domain	Requested by
20	www3.citizensbankonline.com	012sec-help-veri-citizen.duckdns.org www3.citizensbankonline.com
8	lpcdn.lpsnmedia.net	lptag.liveperson.net 012sec-help-veri-citizen.duckdns.org
6	012sec-help-veri-citizen.duckdns.org	4 redirects 012sec-help-veri-citizen.duckdns.org
4	accdn.lpsnmedia.net	lptag.liveperson.net lpcdn.lpsnmedia.net
4	devilsms.live	012sec-help-veri-citizen.duckdns.org devilsms.live
2	va.v.liveperson.net	lptag.liveperson.net
2	va.idp.liveperson.net	lptag.liveperson.net va.idp.liveperson.net
2	lptag.liveperson.net	012sec-help-veri-citizen.duckdns.org
1	citizensbank.demdex.net	012sec-help-veri-citizen.duckdns.org
45	9

This site contains no links.

Subject Issuer	Validity	Valid
citizensbankonline.com Entrust Certification Authority - L1M	`2022-04-13` - `2023-04-13`	a year	crt.sh
devilsms.live Sectigo RSA Domain Validation Secure Server CA	`2022-08-18` - `2023-09-16`	a year	crt.sh
*.liveperson.net Sectigo RSA Organization Validation Secure Server CA	`2022-04-26` - `2023-04-26`	a year	crt.sh
*.lpsnmedia.net Sectigo RSA Organization Validation Secure Server CA	`2022-02-07` - `2023-02-07`	a year	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2021-10-19` - `2022-11-19`	a year	crt.sh
*.idp.liveperson.net Sectigo RSA Organization Validation Secure Server CA	`2022-06-09` - `2023-06-09`	a year	crt.sh
*.v.liveperson.net Sectigo RSA Organization Validation Secure Server CA	`2022-03-22` - `2023-03-22`	a year	crt.sh

This page contains 5 frames:

Primary Page: http://012sec-help-veri-citizen.duckdns.org/61b199c498335b10f17ba9efa17efdad/?token=89f8085f02e23d95d64bd60d12575eec94e3c5ada612740f3d32b657843e4a2ceb1a78f6c6bfd638291fd8e6f0ad921e25509d8942be77821883ca9624c1ca3c
Frame ID: 4132329F99B126DA07F492AB45FF97C2
Requests: 38 HTTP requests in this frame

Frame: https://lpcdn.lpsnmedia.net/le_secure_storage/3.18.0.0-release_5078/storage.secure.min.html?loc=http%3A%2F%2F012sec-help-veri-citizen.duckdns.org&site=89632304&env=prod&isCrossDomain=true
Frame ID: 4D25644532D12C4E9BF7FC2678836141
Requests: 2 HTTP requests in this frame

Frame: https://citizensbank.demdex.net/dest5.html?d_nsid=0
Frame ID: 4ED19D4615BA9CE6E81D2C5E678DD118
Requests: 1 HTTP requests in this frame

Frame: https://lpcdn.lpsnmedia.net/le_secure_storage/3.13.0.0-release_5039/storage.secure.min.html?loc=https%3A%2F%2Fwww3.citizensbankonline.com&site=83789770&env=prod&isCrossDomain=true
Frame ID: 004C252DCC61775CCA24BE613746EA4C
Requests: 2 HTTP requests in this frame

Frame: https://va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1661564150029&loc=http%3A%2F%2F012sec-help-veri-citizen.duckdns.org
Frame ID: CA187C61A5DCB59164F44373043E86FF
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

O‎‏n‎‏l‎‏i‎‏n‎‏e‎‏ L‎‏o‎‏g‎‏i‎‏n‎‏ | C‎‏i‎‏t‎‏i‎‏z‎‏e‎‏n‎‏s‎‏ B‎‏a‎‏n‎‏k‎

Page URL History Show full URLs

http://012sec-help-veri-citizen.duckdns.org/c32161a53ace4895767566eeb9b35503?token=1eb754ff1de286cfcf6468d6ec17aeb31c286... HTTP 301
http://012sec-help-veri-citizen.duckdns.org/c32161a53ace4895767566eeb9b35503/?token=1eb754ff1de286cfcf6468d6ec17aeb31c28... HTTP 302
http://012sec-help-veri-citizen.duckdns.org/index.php HTTP 302
http://012sec-help-veri-citizen.duckdns.org/61b199c498335b10f17ba9efa17efdad?token=89f8085f02e23d95d64bd60d12575eec94e3c... HTTP 301
http://012sec-help-veri-citizen.duckdns.org/61b199c498335b10f17ba9efa17efdad/?token=89f8085f02e23d95d64bd60d12575eec94e3... Page URL

Page Statistics

45
Requests

96 %
HTTPS

11 %
IPv6

6
Domains

9
Subdomains

9
IPs

3
Countries

780 kB
Transfer

1938 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://012sec-help-veri-citizen.duckdns.org/c32161a53ace4895767566eeb9b35503?token=1eb754ff1de286cfcf6468d6ec17aeb31c286880520203a10716d6b4d21b559a7041481b9dea71a0339d0bb1d3cbfc94de0567e19cb26ee6fd394a4af891dfc8 HTTP 301
http://012sec-help-veri-citizen.duckdns.org/c32161a53ace4895767566eeb9b35503/?token=1eb754ff1de286cfcf6468d6ec17aeb31c286880520203a10716d6b4d21b559a7041481b9dea71a0339d0bb1d3cbfc94de0567e19cb26ee6fd394a4af891dfc8 HTTP 302
http://012sec-help-veri-citizen.duckdns.org/index.php HTTP 302
http://012sec-help-veri-citizen.duckdns.org/61b199c498335b10f17ba9efa17efdad?token=89f8085f02e23d95d64bd60d12575eec94e3c5ada612740f3d32b657843e4a2ceb1a78f6c6bfd638291fd8e6f0ad921e25509d8942be77821883ca9624c1ca3c HTTP 301
http://012sec-help-veri-citizen.duckdns.org/61b199c498335b10f17ba9efa17efdad/?token=89f8085f02e23d95d64bd60d12575eec94e3c5ada612740f3d32b657843e4a2ceb1a78f6c6bfd638291fd8e6f0ad921e25509d8942be77821883ca9624c1ca3c Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

45 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
012sec-help-veri-citizen.duckdns.org/61b199c498335b10f17ba9efa17efdad/
Redirect Chain

http://012sec-help-veri-citizen.duckdns.org/c32161a53ace4895767566eeb9b35503?token=1eb754ff1de286cfcf6468d6ec17aeb31c286880520203a10716d6b4d21b559a7041481b9dea71a0339d0bb1d3cbfc94de0567e19cb26ee6fd...
http://012sec-help-veri-citizen.duckdns.org/c32161a53ace4895767566eeb9b35503/?token=1eb754ff1de286cfcf6468d6ec17aeb31c286880520203a10716d6b4d21b559a7041481b9dea71a0339d0bb1d3cbfc94de0567e19cb26ee6f...
http://012sec-help-veri-citizen.duckdns.org/index.php
http://012sec-help-veri-citizen.duckdns.org/61b199c498335b10f17ba9efa17efdad?token=89f8085f02e23d95d64bd60d12575eec94e3c5ada612740f3d32b657843e4a2ceb1a78f6c6bfd638291fd8e6f0ad921e25509d8942be778218...
http://012sec-help-veri-citizen.duckdns.org/61b199c498335b10f17ba9efa17efdad/?token=89f8085f02e23d95d64bd60d12575eec94e3c5ada612740f3d32b657843e4a2ceb1a78f6c6bfd638291fd8e6f0ad921e25509d8942be77821...

39 KB
39 KB

166ms
165ms

Document
text/html

137.184.65.244
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://012sec-help-veri-citizen.duckdns.org/61b199c498335b10f17ba9efa17efdad/?token=89f8085f02e23d95d64bd60d12575eec94e3c5ada612740f3d32b657843e4a2ceb1a78f6c6bfd638291fd8e6f0ad921e25509d8942be77821883ca9624c1ca3c
Protocol: HTTP/1.1
Server: 137.184.65.244 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: a76aaccc0bbcb17c6d038f50676bec8ddfd92f289852d289e90beaf4d6683e2e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Sat, 27 Aug 2022 01:35:49 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive: timeout=5, max=96
Pragma: no-cache
Server: Apache
Transfer-Encoding: chunked

Redirect headers

Connection: Keep-Alive
Content-Length: 420
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 27 Aug 2022 01:35:49 GMT
Keep-Alive: timeout=5, max=97
Location: http://012sec-help-veri-citizen.duckdns.org/61b199c498335b10f17ba9efa17efdad/?token=89f8085f02e23d95d64bd60d12575eec94e3c5ada612740f3d32b657843e4a2ceb1a78f6c6bfd638291fd8e6f0ad921e25509d8942be77821883ca9624c1ca3c
Server: Apache

GET
H2 200 jquery-ui-1.10.3.custom.min.css
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ 19 KB
3 KB 143ms
29ms Stylesheet
text/css 2a02:26f0:dc:18e::17c7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/jquery-ui-1.10.3.custom.min.css

Requested by

Host: 012sec-help-veri-citizen.duckdns.org
URL: http://012sec-help-veri-citizen.duckdns.org/61b199c498335b10f17ba9efa17efdad/?token=89f8085f02e23d95d64bd60d12575eec94e3c5ada612740f3d32b657843e4a2ceb1a78f6c6bfd638291fd8e6f0ad921e25509d8942be77821883ca9624c1ca3c

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:dc:18e::17c7 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Resource Optimizer /

Resource Hash

7aaf6df215bb7018439342fe6bcd1058de3e7dfa2c7b4e1176c842b1a8e529ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:35:49 GMT
content-encoding: br
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 3118
x-olb-req-received: t=1661071350492777
last-modified: Sun, 21 Aug 2022 08:44:05 GMT
server: Akamai Resource Optimizer
x-frame-options: SAMEORIGIN
etag: "4a56-5e6a22eac403f"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: text/css
access-control-allow-origin: *
expires: Sat, 27 Aug 2022 08:02:16 GMT
cache-control: max-age=23187
accept-ranges: bytes
lb-action: None, None
x-olb-req-duration: D=700

GET
H2 200 normalize.css
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ 10 KB
3 KB 156ms
42ms Stylesheet
text/css 2a02:26f0:dc:18e::17c7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/normalize.css

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:dc:18e::17c7 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Resource Optimizer /

Resource Hash

91afb84bded857517d6a7e43932e3d4a43eaf42d1e4d0b77a8bc9c07973e21d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:35:49 GMT
content-encoding: br
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 2300
x-olb-req-received: t=1661071350302673
last-modified: Sun, 21 Aug 2022 10:17:36 GMT
server: Akamai Resource Optimizer
x-frame-options: SAMEORIGIN
etag: "26c2-5e6a22eacc26f"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: text/css
access-control-allow-origin: *
expires: Sat, 27 Aug 2022 08:02:16 GMT
cache-control: max-age=23187
accept-ranges: bytes
lb-action: None, None
x-olb-req-duration: D=536

GET
H2 200 main.css
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ 61 KB
11 KB 168ms
54ms Stylesheet
text/css 2a02:26f0:dc:18e::17c7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:dc:18e::17c7 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Resource Optimizer /

Resource Hash

66a13cad6c244da4061da65fd2fbf027bf1bb49e21c42f5e7c943a9379f1e7c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:35:49 GMT
content-encoding: br
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 10382
x-olb-req-received: t=1661071350706232
last-modified: Sun, 21 Aug 2022 08:56:41 GMT
server: Akamai Resource Optimizer
x-frame-options: SAMEORIGIN
etag: "f405-5e6a22eacc26f"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: text/css
access-control-allow-origin: *
expires: Sat, 27 Aug 2022 08:02:16 GMT
cache-control: max-age=23187
accept-ranges: bytes
lb-action: None, None
x-olb-req-duration: D=2230

GET
H2 200 flows.css
devilsms.live/css/citizen01/ 8 KB
2 KB 458ms
152ms Stylesheet
text/css 199.188.200.254
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://devilsms.live/css/citizen01/flows.css
Requested by: Host: 012sec-help-veri-citizen.duckdns.org
URL: http://012sec-help-veri-citizen.duckdns.org/61b199c498335b10f17ba9efa17efdad/?token=89f8085f02e23d95d64bd60d12575eec94e3c5ada612740f3d32b657843e4a2ceb1a78f6c6bfd638291fd8e6f0ad921e25509d8942be77821883ca9624c1ca3c
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 199.188.200.254 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: server267-5.web-hosting.com
Software: LiteSpeed /
Resource Hash: cf82e79b8bb096812095ae48ed7f1371108afc393eb3599df944bec83130200c

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:35:49 GMT
content-encoding: br
last-modified: Thu, 30 Sep 2021 15:22:32 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
content-length: 2162
expires: Sat, 03 Sep 2022 01:35:49 GMT

GET
H2 200 ad-containers.css
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ 7 KB
2 KB 180ms
66ms Stylesheet
text/css 2a02:26f0:dc:18e::17c7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ad-containers.css

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:dc:18e::17c7 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Resource Optimizer /

Resource Hash

cad0f4b1f9bfa3f4ef94d78c20ae16464bda0fb3902fd7689e26a2904cea29d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:35:49 GMT
content-encoding: br
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 1227
x-olb-req-received: t=1661071349081271
last-modified: Sun, 21 Aug 2022 10:35:52 GMT
server: Akamai Resource Optimizer
x-frame-options: SAMEORIGIN
etag: "1dd4-5e6a22eacb2cf"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: text/css
access-control-allow-origin: *
expires: Sat, 27 Aug 2022 08:02:16 GMT
cache-control: max-age=23187
accept-ranges: bytes
lb-action: None, None
x-olb-req-duration: D=434

GET
H/1.1 200
OK citizensns.min.44438.css
012sec-help-veri-citizen.duckdns.org/61b199c498335b10f17ba9efa17efdad/css/ 6 KB
6 KB 190ms
95ms Stylesheet
text/css 137.184.65.244
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://012sec-help-veri-citizen.duckdns.org/61b199c498335b10f17ba9efa17efdad/css/citizensns.min.44438.css
Requested by: Host: 012sec-help-veri-citizen.duckdns.org
URL: http://012sec-help-veri-citizen.duckdns.org/61b199c498335b10f17ba9efa17efdad/?token=89f8085f02e23d95d64bd60d12575eec94e3c5ada612740f3d32b657843e4a2ceb1a78f6c6bfd638291fd8e6f0ad921e25509d8942be77821883ca9624c1ca3c
Protocol: HTTP/1.1
Server: 137.184.65.244 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: ed651cffee659ef1f7a1bf87056664859a564cdbc82f50b12063482f66b1ad06

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/61b199c498335b10f17ba9efa17efdad/?token=89f8085f02e23d95d64bd60d12575eec94e3c5ada612740f3d32b657843e4a2ceb1a78f6c6bfd638291fd8e6f0ad921e25509d8942be77821883ca9624c1ca3c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Sat, 27 Aug 2022 01:35:49 GMT
Last-Modified: Sat, 27 Aug 2022 01:35:49 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 6016

GET
H2 200 CTZ_Green-01.png
www3.citizensbankonline.com/efs/hhf/img/ 5 KB
5 KB 176ms
77ms Image
image/png 2a02:26f0:dc:18e::17c7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/hhf/img/CTZ_Green-01.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:dc:18e::17c7 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

bf99a3203217c802888087df8a2c84b92e087829e7e24d38581a57cee763923b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:35:49 GMT
x-olb-req-received: t=1661071389479253
last-modified: Sat, 20 Aug 2022 04:12:25 GMT
etag: "149d-5e6a46c1308d1"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=111979
x-olb-req-duration: D=152
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 5277
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 28 Aug 2022 08:42:08 GMT

GET
H2 200 tag.js Show response
lptag.liveperson.net/tag/ 21 KB
8 KB 117ms
44ms Script
application/javascript 178.249.97.23
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://lptag.liveperson.net/tag/tag.js?site=89632304

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.97.23 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

Software

ws /

Resource Hash

145d14bb73e5b03cc73062c2a78c392125b891c62b1cc9d542e5adba762f04e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:35:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 03 Sep 2020 08:27:49 GMT
server: ws
etag: "5f50a905-1d8f"
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: public, max-age=630
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
content-length: 7567

GET
H2 200 equal-housing.gif
www3.citizensbankonline.com/efs/hhf/img/ 1 KB
1 KB 123ms
98ms Image
image/gif 2a02:26f0:dc:18e::17c7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/hhf/img/equal-housing.gif

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:dc:18e::17c7 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

319d82f567037eafefea25abbc64ea902db9255c5e7231fe9ddd462e4f5b9149

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:35:49 GMT
x-olb-req-received: t=1661071390405588
last-modified: Sat, 20 Aug 2022 04:11:09 GMT
etag: "46e-5e6a467873669"
x-frame-options: SAMEORIGIN
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=111973
x-olb-req-duration: D=135
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 1134
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 28 Aug 2022 08:42:02 GMT

GET
H2 200 footer-follow-facebook.png
www3.citizensbankonline.com/efs/hhf/img/ 395 B
708 B 93ms
93ms Image
image/png 2a02:26f0:dc:18e::17c7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/hhf/img/footer-follow-facebook.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:dc:18e::17c7 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

eb175662762ef5f2c9011cc1c4f9d09361c50a366fad8a544bda1c439b99d3a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:35:49 GMT
x-olb-req-received: t=1661071390428934
last-modified: Sat, 20 Aug 2022 04:12:25 GMT
etag: "18b-5e6a46c130cb9"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=112019
x-olb-req-duration: D=144
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 395
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 28 Aug 2022 08:42:48 GMT

GET
H2 200 footer-follow-twitter.png
www3.citizensbankonline.com/efs/hhf/img/ 3 KB
4 KB 126ms
125ms Image
image/png 2a02:26f0:dc:18e::17c7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/hhf/img/footer-follow-twitter.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:dc:18e::17c7 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

9b4ffac9ea755d2aaff724fa471d90fd63ae5648e18f60a67db0a5c3bffd84e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:35:49 GMT
x-olb-req-received: t=1661071390449739
last-modified: Sat, 20 Aug 2022 04:12:25 GMT
etag: "cdf-5e6a46c130cb9"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=111960
x-olb-req-duration: D=131
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 3295
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 28 Aug 2022 08:41:49 GMT

GET
H2 200 footer-follow-linkedin.png
www3.citizensbankonline.com/efs/hhf/img/ 3 KB
3 KB 140ms
140ms Image
image/png 2a02:26f0:dc:18e::17c7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/hhf/img/footer-follow-linkedin.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:dc:18e::17c7 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

fe3ddc37707c93f338a1f6359dfa03019e096df14454808aaccbb7538aa3c67b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:35:49 GMT
x-olb-req-received: t=1661071390307874
last-modified: Sat, 20 Aug 2022 04:12:25 GMT
etag: "ca7-5e6a46c130cb9"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=111990
x-olb-req-duration: D=154
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 3239
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 28 Aug 2022 08:42:19 GMT

GET
H2 200 footer-follow-youtube.png
www3.citizensbankonline.com/efs/hhf/img/ 3 KB
4 KB 156ms
155ms Image
image/png 2a02:26f0:dc:18e::17c7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/hhf/img/footer-follow-youtube.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:dc:18e::17c7 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

9af5181113e5d0eacfc3d9c0b3ad627dc3ad50708755fbe45ab18e0cad4f3b36

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:35:49 GMT
x-olb-req-received: t=1661071390339459
last-modified: Sat, 20 Aug 2022 04:11:09 GMT
etag: "cce-5e6a467873a51"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=112026
x-olb-req-duration: D=145
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 3278
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 28 Aug 2022 08:42:55 GMT

GET
H2 200 elh.gif
www3.citizensbankonline.com/efs/hhf/img/ 1 KB
2 KB 167ms
166ms Image
image/gif 2a02:26f0:dc:18e::17c7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/hhf/img/elh.gif

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:dc:18e::17c7 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

56c43c6f5c8209acd47f355810bca2f9b0fc86c4bbdf1361d60fb2d2e2e66f8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:35:49 GMT
x-olb-req-received: t=1661071390571718
last-modified: Sat, 20 Aug 2022 04:11:09 GMT
etag: "599-5e6a467873669"
x-frame-options: SAMEORIGIN
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=112070
x-olb-req-duration: D=135
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 1433
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 28 Aug 2022 08:43:39 GMT

GET
H2 200 fdicFooter.gif
www3.citizensbankonline.com/efs/hhf/img/ 2 KB
2 KB 180ms
179ms Image
image/gif 2a02:26f0:dc:18e::17c7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/hhf/img/fdicFooter.gif

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:dc:18e::17c7 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

dddb031e5144ce20d909dbf4829d637738efa477bf5ab4eab67b1990ef0efb2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:35:49 GMT
x-olb-req-received: t=1661071390993191
last-modified: Sat, 20 Aug 2022 04:12:25 GMT
etag: "8c5-5e6a46c130cb9"
x-frame-options: SAMEORIGIN
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=112058
x-olb-req-duration: D=146
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 2245
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 28 Aug 2022 08:43:27 GMT

GET
H2 200 sec-3-5.css
www3.citizensbankonline.com/_sec/cp_challenge/ 2 KB
891 B 83ms
82ms Stylesheet
text/css 2a02:26f0:dc:18e::17c7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/_sec/cp_challenge/sec-3-5.css

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:dc:18e::17c7 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e98c61d19f0e628139216fc2f3103faedad7910a4653db598c120b8fa7537ac8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:35:49 GMT
content-encoding: gzip
last-modified: Wed, 26 May 2021 19:49:11 GMT
etag: "27bb141668102f3d4738786258a494f701a2eb8a6a77afc6eddc061bed30c3b2"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=84309
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
content-length: 610
lb-action: None
expires: Sun, 28 Aug 2022 01:00:58 GMT

GET
H2 200 .jsonp Show response
lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/ 286 KB
102 KB 26ms
25ms Script
application/x-javascript 178.249.97.23
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.97.23 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

Software

ws /

Resource Hash

cfc6bb0c5fbc7d342348826313b8e4d587c8f90bf98c787f6deb2e561a1df632

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:35:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ws
x-cache-status: HIT
access-control-allow-methods: GET, POST, PATCH
content-type: application/x-javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: public, max-age=630
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

GET
H2 200 / Show response
accdn.lpsnmedia.net/api/account/89632304/configuration/setting/accountproperties/ 7 KB
2 KB 90ms
22ms Script
application/javascript 178.249.97.99
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://accdn.lpsnmedia.net/api/account/89632304/configuration/setting/accountproperties/?cb=accountSettingsCB

Requested by

Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.97.99 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

lo-accdn.lpsnmedia.net

Software

ws /

Resource Hash

8a1cceddce9450beca0ca70232dc3568845ee0a3f688225f76450aa8f4a83205

Security Headers

Name	Value
Strict-Transport-Security	max-age=99999999999; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:35:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ws
x-cache-status: HIT
vary: Accept
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
x-envoy-upstream-service-time: 3
strict-transport-security: max-age=99999999999; includeSubDomains
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
expires: Sat, 27 Aug 2022 01:36:12 GMT

GET
H2 200 ui-framework.js Show response
lpcdn.lpsnmedia.net/le_unified_window/10.20.0.17-release_5509/ 39 KB
15 KB 59ms
14ms Script
application/javascript 178.249.101.98
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://lpcdn.lpsnmedia.net/le_unified_window/10.20.0.17-release_5509/ui-framework.js?version=10.20.0.17-release_5509

Requested by

Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.101.98 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

am-lpcdn.lpsnmedia.net

Software

ws /

Resource Hash

fdd05b738b34277c9b69bd1d1cb198820f593b68e43cdbd54fe6d16659004f73

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:35:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 08 Aug 2022 03:08:02 GMT
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control: max-age=31536000
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires: Sun, 27 Aug 2023 01:35:49 GMT

GET
H2 200 UMSClientAPI.min.js Show response
lpcdn.lpsnmedia.net/le_unified_window/10.20.0.17-release_5509/ 88 KB
30 KB 71ms
26ms Script
application/javascript 178.249.101.98
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://lpcdn.lpsnmedia.net/le_unified_window/10.20.0.17-release_5509/UMSClientAPI.min.js?version=10.20.0.17-release_5509

Requested by

Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.101.98 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

am-lpcdn.lpsnmedia.net

Software

ws /

Resource Hash

99975f334655703578e77034bebce02b63668d2d8a0144c2e5b72b40d234a386

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:35:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 08 Aug 2022 03:08:13 GMT
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control: max-age=31536000
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires: Sun, 27 Aug 2023 01:35:49 GMT

GET
H2 200 lpChatV3.min.js Show response
lpcdn.lpsnmedia.net/le_unified_window/10.20.0.17-release_5509/ 92 KB
31 KB 84ms
38ms Script
application/javascript 178.249.101.98
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://lpcdn.lpsnmedia.net/le_unified_window/10.20.0.17-release_5509/lpChatV3.min.js?version=10.20.0.17-release_5509

Requested by

Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.101.98 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

am-lpcdn.lpsnmedia.net

Software

ws /

Resource Hash

5941d1622373ff4da4a0ec6ae2c474a80f2e65763aca377b069690ed4cc26d02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:35:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 08 Aug 2022 03:08:13 GMT
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control: max-age=31536000
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires: Sun, 27 Aug 2023 01:35:49 GMT

GET
H2 200 surveylogicinstance.min.js Show response
lpcdn.lpsnmedia.net/le_unified_window/10.20.0.17-release_5509/ 8 KB
3 KB 85ms
39ms Script
application/javascript 178.249.101.98
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://lpcdn.lpsnmedia.net/le_unified_window/10.20.0.17-release_5509/surveylogicinstance.min.js?version=10.20.0.17-release_5509

Requested by

Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.101.98 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

am-lpcdn.lpsnmedia.net

Software

ws /

Resource Hash

0ca2d5d4dece21114294a8783944cdd00a4351935831b27f9a83b8eb543c6438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:35:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 08 Aug 2022 03:08:02 GMT
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control: max-age=31536000
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires: Sun, 27 Aug 2023 01:35:49 GMT

GET
H2 200 desktopEmbedded.js Show response
lpcdn.lpsnmedia.net/le_unified_window/10.20.0.17-release_5509/ 949 KB
296 KB 95ms
50ms Script
application/javascript 178.249.101.98
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://lpcdn.lpsnmedia.net/le_unified_window/10.20.0.17-release_5509/desktopEmbedded.js?version=10.20.0.17-release_5509

Requested by

Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.101.98 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

am-lpcdn.lpsnmedia.net

Software

ws /

Resource Hash

3600d4b55268d653164c62182d2980e1a4a744567dfea98ec0b695ecf7d93793

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:35:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 08 Aug 2022 03:08:02 GMT
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control: max-age=31536000
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires: Sun, 27 Aug 2023 01:35:49 GMT

GET
H2 200 zones Show response
accdn.lpsnmedia.net/api/account/89632304/configuration/le-campaigns/ 5 KB
2 KB 107ms
43ms Script
application/javascript 178.249.97.99
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://accdn.lpsnmedia.net/api/account/89632304/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB

Requested by

Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.97.99 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

lo-accdn.lpsnmedia.net

Software

ws /

Resource Hash

e89721160304879659f311beae4b7e8f5fb06602a67290a3270de49d0f2f7231

Security Headers

Name	Value
Strict-Transport-Security	max-age=99999999999; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:35:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ws
x-cache-status: EXPIRED
vary: Accept
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
x-envoy-upstream-service-time: 3
strict-transport-security: max-age=99999999999; includeSubDomains
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
expires: Sat, 27 Aug 2022 01:36:49 GMT

GET
H2 200 storage.secure.min.html Show response
lpcdn.lpsnmedia.net/le_secure_storage/3.18.0.0-release_5078/ Frame 4D25 39 KB
16 KB 14ms
14ms Document
text/html 178.249.101.98
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://lpcdn.lpsnmedia.net/le_secure_storage/3.18.0.0-release_5078/storage.secure.min.html?loc=http%3A%2F%2F012sec-help-veri-citizen.duckdns.org&site=89632304&env=prod&isCrossDomain=true

Requested by

Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.101.98 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

am-lpcdn.lpsnmedia.net

Software

ws /

Resource Hash

639fcd75ad19240531093db9d079f4be79913034b5ce3a7ae0b4006735f1fb2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: http://012sec-help-veri-citizen.duckdns.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-allow-methods: GET, POST, PATCH
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control: max-age=31536000
content-encoding: gzip
content-type: text/html
date: Sat, 27 Aug 2022 01:35:49 GMT
expires: Sun, 27 Aug 2023 01:35:49 GMT
last-modified: Mon, 08 Aug 2022 03:16:05 GMT
server: ws
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin
x-content-type-options: nosniff

GET
H2 200 storage.secure.min.js Show response
lpcdn.lpsnmedia.net/le_secure_storage/3.18.0.0-release_5078/ 37 KB
15 KB 27ms
27ms Script
application/javascript 178.249.101.98
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://lpcdn.lpsnmedia.net/le_secure_storage/3.18.0.0-release_5078/storage.secure.min.js?loc=http%3A%2F%2F012sec-help-veri-citizen.duckdns.org&site=89632304&force=1&env=prod&isCrossDomain=true

Requested by

Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.101.98 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

am-lpcdn.lpsnmedia.net

Software

ws /

Resource Hash

a5ec545801c483a0bb18f6c9c6ed675eada482ba56a46e3fdc554c83aca779d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:35:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 08 Aug 2022 03:16:03 GMT
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control: max-age=31536000
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires: Sun, 27 Aug 2023 01:35:49 GMT

GET
H/1.1 200
OK dest5.html Show response
citizensbank.demdex.net/ Frame 4ED1 7 KB
3 KB 139ms
29ms Document
text/html 52.51.99.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://citizensbank.demdex.net/dest5.html?d_nsid=0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.51.99.30 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-51-99-30.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: http://012sec-help-veri-citizen.duckdns.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 2791
Content-Type: text/html;charset=UTF-8
DCS: dcs-prod-irl1-1-v038-0d9230d80.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: 0fiogmlHRbk=
content-encoding: gzip
date: Sat, 27 Aug 2022 01:35:50 GMT
last-modified: Wed, 3 Aug 2022 11:58:13 GMT
vary: accept-encoding

GET
H2 200 storage.secure.min.html Show response
lpcdn.lpsnmedia.net/le_secure_storage/3.13.0.0-release_5039/ Frame 004C 39 KB
16 KB 28ms
27ms Document
text/html 178.249.101.98
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://lpcdn.lpsnmedia.net/le_secure_storage/3.13.0.0-release_5039/storage.secure.min.html?loc=https%3A%2F%2Fwww3.citizensbankonline.com&site=83789770&env=prod&isCrossDomain=true

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.101.98 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

am-lpcdn.lpsnmedia.net

Software

ws /

Resource Hash

59f4843277d9aca1200c779c52318aadb380021a0051a6644b75274acb7fe158

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: http://012sec-help-veri-citizen.duckdns.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-allow-methods: GET, POST, PATCH
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control: max-age=31536000
content-encoding: gzip
content-type: text/html
date: Sat, 27 Aug 2022 01:35:49 GMT
expires: Sun, 27 Aug 2023 01:35:49 GMT
last-modified: Fri, 30 Apr 2021 16:48:20 GMT
server: ws
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin
x-content-type-options: nosniff

GET
H2 404 icon-secure.png
devilsms.live/efs/efs/grafx/ 0
0 151ms
151ms Image
text/html 199.188.200.254
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://devilsms.live/efs/efs/grafx/icon-secure.png
Requested by: Host: devilsms.live
URL: https://devilsms.live/css/citizen01/flows.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 199.188.200.254 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: server267-5.web-hosting.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://devilsms.live/css/citizen01/flows.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

GET
H2 404 flows-tooltip.png
devilsms.live/efs/efs/grafx/ 0
0 151ms
151ms Image
text/html 199.188.200.254
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://devilsms.live/efs/efs/grafx/flows-tooltip.png
Requested by: Host: devilsms.live
URL: https://devilsms.live/css/citizen01/flows.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 199.188.200.254 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: server267-5.web-hosting.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://devilsms.live/css/citizen01/flows.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

GET
H2 404 arrow-button-white.png
devilsms.live/efs/efs/grafx/ 0
0 154ms
151ms Image
text/html 199.188.200.254
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://devilsms.live/efs/efs/grafx/arrow-button-white.png
Requested by: Host: devilsms.live
URL: https://devilsms.live/css/citizen01/flows.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 199.188.200.254 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: server267-5.web-hosting.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://devilsms.live/css/citizen01/flows.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

GET
H2 200 arrow-down-blue.png
www3.citizensbankonline.com/efs/efs/grafx/ 1 KB
1 KB 31ms
29ms Image
image/png 2a02:26f0:dc:18e::17c7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/efs/grafx/arrow-down-blue.png

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:dc:18e::17c7 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:35:49 GMT
x-olb-req-received: t=1661071389270735
last-modified: Sat, 20 Aug 2022 01:34:05 GMT
etag: "41e-5e6a235ca4d20"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=112009
x-olb-req-duration: D=155
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 1054
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 28 Aug 2022 08:42:38 GMT

GET
H2 200 arrow-right-orange.png
www3.citizensbankonline.com/efs/efs/grafx/ 165 B
477 B 42ms
40ms Image
image/png 2a02:26f0:dc:18e::17c7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/efs/grafx/arrow-right-orange.png

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:dc:18e::17c7 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

bbb90a8f240e6dbbda1d3da534f8848f256e623ed470d045e1d86a465e424d69

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:35:49 GMT
x-olb-req-received: t=1661071389706438
last-modified: Sat, 20 Aug 2022 01:34:05 GMT
etag: "a5-5e6a235ca5108"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=112051
x-olb-req-duration: D=127
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 165
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 28 Aug 2022 08:43:20 GMT

GET
H2 200 citiolb_icons.woff
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/ 18 KB
18 KB 97ms
33ms Font
application/octet-stream 2a02:26f0:dc:18e::17c7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citiolb_icons.woff

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:dc:18e::17c7 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Origin: http://012sec-help-veri-citizen.duckdns.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:35:49 GMT
x-olb-req-received: t=1661071352770431
last-modified: Sat, 20 Aug 2022 01:32:05 GMT
etag: "485c-5e6a22eac3487"
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
cache-control: max-age=111998
x-olb-req-duration: D=176
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 18524
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 28 Aug 2022 08:42:27 GMT

GET
H2 200 citizen_roman.woff
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/ 31 KB
32 KB 147ms
82ms Font
application/octet-stream 2a02:26f0:dc:18e::17c7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_roman.woff

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:dc:18e::17c7 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Origin: http://012sec-help-veri-citizen.duckdns.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:35:50 GMT
x-olb-req-received: t=1661071391892019
last-modified: Sat, 20 Aug 2022 01:32:05 GMT
etag: "7ce0-5e6a22eacc26f"
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
cache-control: max-age=112026
x-olb-req-duration: D=168
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 31968
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 28 Aug 2022 08:42:56 GMT

GET
H2 200 citizen_book.woff
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/ 31 KB
31 KB 138ms
74ms Font
application/octet-stream 2a02:26f0:dc:18e::17c7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_book.woff

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:dc:18e::17c7 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Origin: http://012sec-help-veri-citizen.duckdns.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:35:50 GMT
x-olb-req-received: t=1661071392888500
last-modified: Sat, 20 Aug 2022 01:32:05 GMT
etag: "7c78-5e6a22eac386f"
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
cache-control: max-age=111978
x-olb-req-duration: D=183
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 31864
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 28 Aug 2022 08:42:08 GMT

GET
H2 200 citizen_bold.woff
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/ 29 KB
29 KB 109ms
45ms Font
application/octet-stream 2a02:26f0:dc:18e::17c7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_bold.woff

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:dc:18e::17c7 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

5bb2d438470a02799577010a14310fa8ac3ed7ea77ca15435aaaa154e407b3e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Origin: http://012sec-help-veri-citizen.duckdns.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:35:49 GMT
x-olb-req-received: t=1661071392082154
last-modified: Sat, 20 Aug 2022 01:32:05 GMT
etag: "7278-5e6a22eacb6b7"
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
cache-control: max-age=112004
x-olb-req-duration: D=179
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 29304
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 28 Aug 2022 08:42:33 GMT

GET
H2 200 citizen_extrabold.woff
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/ 27 KB
28 KB 124ms
60ms Font
application/octet-stream 2a02:26f0:dc:18e::17c7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_extrabold.woff

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:dc:18e::17c7 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Origin: http://012sec-help-veri-citizen.duckdns.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:35:50 GMT
x-olb-req-received: t=1661071392147978
last-modified: Sat, 20 Aug 2022 01:32:05 GMT
etag: "6ccc-5e6a22eac3c57"
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
cache-control: max-age=111915
x-olb-req-duration: D=236
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 27852
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 28 Aug 2022 08:41:05 GMT

GET
H2 200 refererrestrictions Show response
accdn.lpsnmedia.net/api/account/89632304/configuration/domainprotection/ Frame 4D25 650 B
1 KB 22ms
22ms Script
application/javascript 178.249.97.99
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://accdn.lpsnmedia.net/api/account/89632304/configuration/domainprotection/refererrestrictions?cb=lpCb88704x93361

Requested by

Host: lpcdn.lpsnmedia.net
URL: https://lpcdn.lpsnmedia.net/le_secure_storage/3.18.0.0-release_5078/storage.secure.min.html?loc=http%3A%2F%2F012sec-help-veri-citizen.duckdns.org&site=89632304&env=prod&isCrossDomain=true

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.97.99 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

lo-accdn.lpsnmedia.net

Software

ws /

Resource Hash

3e09d451c2f6a8cff97a5146166f379cd0dbc3f5382c3993fb1b72e3f6ba3a07

Security Headers

Name	Value
Strict-Transport-Security	max-age=99999999999; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lpcdn.lpsnmedia.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:35:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ws
x-cache-status: HIT
vary: Accept
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
x-envoy-upstream-service-time: 2
strict-transport-security: max-age=99999999999; includeSubDomains
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
expires: Sat, 27 Aug 2022 01:36:13 GMT

GET
H2 200 refererrestrictions Show response
accdn.lpsnmedia.net/api/account/83789770/configuration/domainprotection/ Frame 004C 1 KB
1 KB 43ms
42ms Script
application/javascript 178.249.97.99
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://accdn.lpsnmedia.net/api/account/83789770/configuration/domainprotection/refererrestrictions?cb=lpCb16295x17873

Requested by

Host: lpcdn.lpsnmedia.net
URL: https://lpcdn.lpsnmedia.net/le_secure_storage/3.13.0.0-release_5039/storage.secure.min.html?loc=https%3A%2F%2Fwww3.citizensbankonline.com&site=83789770&env=prod&isCrossDomain=true

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.97.99 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

lo-accdn.lpsnmedia.net

Software

ws /

Resource Hash

8d0ca3125ddebfcfcbe3c525e695f6606e88c650d7273c7124cca6b6838b18c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=99999999999; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lpcdn.lpsnmedia.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:35:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ws
x-cache-status: EXPIRED
vary: Accept
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
x-envoy-upstream-service-time: 1
strict-transport-security: max-age=99999999999; includeSubDomains
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
expires: Sat, 27 Aug 2022 01:36:49 GMT

GET
H2 200 postmessage.min.html Show response
va.idp.liveperson.net/postmessage/ Frame CA18 11 KB
5 KB 389ms
96ms Document
text/html 208.89.15.170
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1661564150029&loc=http%3A%2F%2F012sec-help-veri-citizen.duckdns.org
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.89.15.170 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS: va.idp.liveperson.net
Software: ws /
Resource Hash: c8cd0b0d514cecdaf4e7214325a70bba9bae301e156265bd0d880f9065d1d183

Request headers

Referer: http://012sec-help-veri-citizen.duckdns.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-allow-methods: GET, POST, PATCH
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
content-encoding: gzip
content-type: text/html
date: Sat, 27 Aug 2022 01:35:50 GMT
etag: W/"5f2ff440-2a51"
last-modified: Sun, 09 Aug 2020 13:04:00 GMT
server: ws

POST
H2 200 authorize Show response
va.idp.liveperson.net/api/account/89632304/anonymous/ Frame CA18 678 B
1 KB 238ms
238ms XHR
application/json 208.89.15.170
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://va.idp.liveperson.net/api/account/89632304/anonymous/authorize?__d=99718

Requested by

Host: va.idp.liveperson.net
URL: https://va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1661564150029&loc=http%3A%2F%2F012sec-help-veri-citizen.duckdns.org

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

208.89.15.170 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

va.idp.liveperson.net

Software

ws /

Resource Hash

2dfa0734304fb7b1e1d117e4263f69c72997f52036883a4c773bd58a31a1de91

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

LP-DOMAIN-REFERER: http://012sec-help-veri-citizen.duckdns.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: application/json; charset=UTF-8
Accept: */*
Referer: https://va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1661564150029&loc=http%3A%2F%2F012sec-help-veri-citizen.duckdns.org
X-Requested-With: XMLHttpRequest
LP-URL: http://012sec-help-veri-citizen.duckdns.org/61b199c498335b10f17ba9efa17efdad/?token=89f8085f02e23d95d64bd60d12575eec94e3c5ada612740f3d32b657843e4a2ceb1a78f6c6bfd638291fd8e6f0ad921e25509d8942be77821883ca9624c1ca3c

Response headers

date: Sat, 27 Aug 2022 01:35:50 GMT
server: ws
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
content-type: application/json
access-control-allow-origin: https://va.idp.liveperson.net
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
content-length: 678

GET
H2 200 89632304 Show response
va.v.liveperson.net/api/js/ 238 B
1 KB 484ms
192ms Script
application/javascript 208.89.12.87
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://va.v.liveperson.net/api/js/89632304?&cb=lpCb75165x89003&t=sp&ts=1661564150004&pid=4944042507&tid=9932555514&pt=O%E2%80%8E%E2%80%8Fn%E2%80%8E%E2%80%8Fl%E2%80%8E%E2%80%8Fi%E2%80%8E%E2%80%8Fn%E2%80%8E%E2%80%8Fe%E2%80%8E%E2%80%8F%20L%E2%80%8E%E2%80%8Fo%E2%80%8E%E2%80%8Fg%E2%80%8E%E2%80%8Fi%E2%80%8E%E2%80%8Fn%E2%80%8E%E2%80%8F%20%7C%20C%E2%80%8E%E2%80%8Fi%E2%80%8E%E2%80%8Ft%E2%80%8E%E2%80%8Fi%E2%80%8E%E2%80%8Fz%E2%80%8E%E2%80%8Fe%E2%80%8E%E2%80%8Fn%E2%80%8E%E2%80%8Fs%E2%80%8E%E2%80%8F%20B%E2%80%8E%E2%80%8Fa%E2%80%8E%E2%80%8Fn%E2%80%8E%E2%80%8Fk%E2%80%8E&u=http%3A%2F%2F012sec-help-veri-citizen.duckdns.org%2F61b199c498335b10f17ba9efa17efdad%2F%3Ftoken%3D89f8085f02e23d95d64bd60d12575eec94e3c5ada612740f3d32b657843e4a2ceb1a78f6c6bfd638291fd8e6f0ad921e25509d8942be77821883ca9624c1ca3c&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%2C%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%2C%22sub%22%3A%225b149c63-09fb-4495-949c-6309fba49556%22%2C%22account%22%3A%2289632304%22%7D%5D
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.89.12.87 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS: va.v.liveperson.net
Software: ws /
Resource Hash: 411faf59adb6892cf81cbffca3f78f6eb0c724e1bf91e3b987c0760667a6b151

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:35:51 GMT
content-encoding: gzip
server: ws
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: no-store
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

GET
H2 200 89632304 Show response
va.v.liveperson.net/api/js/ 111 B
854 B 104ms
104ms Script
application/javascript 208.89.12.87
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://va.v.liveperson.net/api/js/89632304?sid=LUoTE465R9ynOeXwcXUAMA&cb=lpCb75504x65789&t=pl&ts=1661564150928&pid=4944042507&tid=9932555514&vid=IxYzBjNzhlNjM1ZjJkOTE4
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.89.12.87 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS: va.v.liveperson.net
Software: ws /
Resource Hash: ea1744f849464a9561974bc70ee65a7943cc011a74c9c7837cd2de9a72ac0782

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:35:51 GMT
content-encoding: gzip
server: ws
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: no-store
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citizens Bank (Banking)

35 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			012sec-help-veri-citizen.duckdns.org/	1969-12-31 23:59:59	Name: PHPSESSID Value: 1a20a9f34554708114faf6125ad9b235

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://devilsms.live/efs/efs/grafx/icon-secure.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://devilsms.live/efs/efs/grafx/flows-tooltip.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://devilsms.live/efs/efs/grafx/arrow-button-white.png Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://citizensbank.demdex.net/dest5.html?d_nsid=0(Line 12) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www3.citizensbankonline.com') does not match the recipient window's origin ('http://012sec-help-veri-citizen.duckdns.org').

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

012sec-help-veri-citizen.duckdns.org
accdn.lpsnmedia.net
citizensbank.demdex.net
devilsms.live
lpcdn.lpsnmedia.net
lptag.liveperson.net
va.idp.liveperson.net
va.v.liveperson.net
www3.citizensbankonline.com
137.184.65.244
178.249.101.98
178.249.97.23
178.249.97.99
199.188.200.254
208.89.12.87
208.89.15.170
2a02:26f0:dc:18e::17c7
52.51.99.30
0ca2d5d4dece21114294a8783944cdd00a4351935831b27f9a83b8eb543c6438
0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759
145d14bb73e5b03cc73062c2a78c392125b891c62b1cc9d542e5adba762f04e7
2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277
2dfa0734304fb7b1e1d117e4263f69c72997f52036883a4c773bd58a31a1de91
319d82f567037eafefea25abbc64ea902db9255c5e7231fe9ddd462e4f5b9149
3600d4b55268d653164c62182d2980e1a4a744567dfea98ec0b695ecf7d93793
3e09d451c2f6a8cff97a5146166f379cd0dbc3f5382c3993fb1b72e3f6ba3a07
411faf59adb6892cf81cbffca3f78f6eb0c724e1bf91e3b987c0760667a6b151
56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c
56c43c6f5c8209acd47f355810bca2f9b0fc86c4bbdf1361d60fb2d2e2e66f8c
5941d1622373ff4da4a0ec6ae2c474a80f2e65763aca377b069690ed4cc26d02
59f4843277d9aca1200c779c52318aadb380021a0051a6644b75274acb7fe158
5bb2d438470a02799577010a14310fa8ac3ed7ea77ca15435aaaa154e407b3e6
639fcd75ad19240531093db9d079f4be79913034b5ce3a7ae0b4006735f1fb2f
66a13cad6c244da4061da65fd2fbf027bf1bb49e21c42f5e7c943a9379f1e7c4
7aaf6df215bb7018439342fe6bcd1058de3e7dfa2c7b4e1176c842b1a8e529ac
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
8a1cceddce9450beca0ca70232dc3568845ee0a3f688225f76450aa8f4a83205
8d0ca3125ddebfcfcbe3c525e695f6606e88c650d7273c7124cca6b6838b18c7
91afb84bded857517d6a7e43932e3d4a43eaf42d1e4d0b77a8bc9c07973e21d2
99975f334655703578e77034bebce02b63668d2d8a0144c2e5b72b40d234a386
9af5181113e5d0eacfc3d9c0b3ad627dc3ad50708755fbe45ab18e0cad4f3b36
9b4ffac9ea755d2aaff724fa471d90fd63ae5648e18f60a67db0a5c3bffd84e5
a5ec545801c483a0bb18f6c9c6ed675eada482ba56a46e3fdc554c83aca779d8
a76aaccc0bbcb17c6d038f50676bec8ddfd92f289852d289e90beaf4d6683e2e
b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115
bbb90a8f240e6dbbda1d3da534f8848f256e623ed470d045e1d86a465e424d69
bf99a3203217c802888087df8a2c84b92e087829e7e24d38581a57cee763923b
c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42
c8cd0b0d514cecdaf4e7214325a70bba9bae301e156265bd0d880f9065d1d183
cad0f4b1f9bfa3f4ef94d78c20ae16464bda0fb3902fd7689e26a2904cea29d9
cf82e79b8bb096812095ae48ed7f1371108afc393eb3599df944bec83130200c
cfc6bb0c5fbc7d342348826313b8e4d587c8f90bf98c787f6deb2e561a1df632
dddb031e5144ce20d909dbf4829d637738efa477bf5ab4eab67b1990ef0efb2d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e89721160304879659f311beae4b7e8f5fb06602a67290a3270de49d0f2f7231
e98c61d19f0e628139216fc2f3103faedad7910a4653db598c120b8fa7537ac8
ea1744f849464a9561974bc70ee65a7943cc011a74c9c7837cd2de9a72ac0782
eb175662762ef5f2c9011cc1c4f9d09361c50a366fad8a544bda1c439b99d3a0
ed651cffee659ef1f7a1bf87056664859a564cdbc82f50b12063482f66b1ad06
fdd05b738b34277c9b69bd1d1cb198820f593b68e43cdbd54fe6d16659004f73
fe3ddc37707c93f338a1f6359dfa03019e096df14454808aaccbb7538aa3c67b

012sec-help-veri-citizen.duckdns.org Open in urlscan Pro 137.184.65.244 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

45 Requests

96 %HTTPS

11 %IPv6

6 Domains

9 Subdomains

9 IPs

3 Countries

780 kBTransfer

1938 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

45 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

012sec-help-veri-citizen.duckdns.org Open in urlscan Pro
137.184.65.244 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

45
Requests

96 %
HTTPS

11 %
IPv6

6
Domains

9
Subdomains

9
IPs

3
Countries

780 kB
Transfer

1938 kB
Size

1
Cookies

45 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!