012sec-help-veri-citizen.duckdns.org Open in urlscan Pro
137.184.65.244  Malicious Activity! Public Scan

Submitted URL: http://012sec-help-veri-citizen.duckdns.org/bee50d462641cf3f25c72ba05f770b0d?token=e35281a223da8cd91c40d2ed81d4f1724b2a87e69274e2cc0360ef51d...
Effective URL: http://012sec-help-veri-citizen.duckdns.org/f9e0c8f2407acfd03749c3984c00b3b9/?token=51c39bb1def7fc2d33e79f930fd5599cc792c32a0ab6cd5bc3609a46...
Submission: On August 27 via automatic, source openphish — Scanned from DE

Summary

This website contacted 9 IPs in 3 countries across 6 domains to perform 45 HTTP transactions. The main IP is 137.184.65.244, located in North Bergen, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is 012sec-help-veri-citizen.duckdns.org.
This is the only time 012sec-help-veri-citizen.duckdns.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citizens Bank (Banking)

Domain & IP information

IP Address AS Autonomous System
4 6 137.184.65.244 14061 (DIGITALOC...)
20 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
4 199.188.200.254 22612 (NAMECHEAP...)
2 178.249.97.23 11054 (LIVEPERSON)
4 178.249.97.99 11054 (LIVEPERSON)
8 178.249.101.98 11054 (LIVEPERSON)
2 208.89.15.170 11054 (LIVEPERSON)
1 46.51.204.238 16509 (AMAZON-02)
2 208.89.12.87 11054 (LIVEPERSON)
45 9
Apex Domain
Subdomains
Transfer
20 citizensbankonline.com
www3.citizensbankonline.com — Cisco Umbrella Rank: 113240
181 KB
12 lpsnmedia.net
accdn.lpsnmedia.net — Cisco Umbrella Rank: 2964
lpcdn.lpsnmedia.net — Cisco Umbrella Rank: 3411
429 KB
6 liveperson.net
lptag.liveperson.net — Cisco Umbrella Rank: 3049
va.idp.liveperson.net — Cisco Umbrella Rank: 10514
va.v.liveperson.net — Cisco Umbrella Rank: 3427
119 KB
6 duckdns.org
012sec-help-veri-citizen.duckdns.org
47 KB
4 devilsms.live
devilsms.live
2 KB
1 demdex.net
citizensbank.demdex.net — Cisco Umbrella Rank: 22022
3 KB
45 6
Domain Requested by
20 www3.citizensbankonline.com 012sec-help-veri-citizen.duckdns.org
www3.citizensbankonline.com
8 lpcdn.lpsnmedia.net lptag.liveperson.net
012sec-help-veri-citizen.duckdns.org
6 012sec-help-veri-citizen.duckdns.org 4 redirects 012sec-help-veri-citizen.duckdns.org
4 accdn.lpsnmedia.net lptag.liveperson.net
lpcdn.lpsnmedia.net
4 devilsms.live 012sec-help-veri-citizen.duckdns.org
devilsms.live
2 va.v.liveperson.net lptag.liveperson.net
2 va.idp.liveperson.net lptag.liveperson.net
va.idp.liveperson.net
2 lptag.liveperson.net 012sec-help-veri-citizen.duckdns.org
1 citizensbank.demdex.net 012sec-help-veri-citizen.duckdns.org
45 9

This site contains no links.

Subject Issuer Validity Valid
citizensbankonline.com
Entrust Certification Authority - L1M
2022-04-13 -
2023-04-13
a year crt.sh
devilsms.live
Sectigo RSA Domain Validation Secure Server CA
2022-08-18 -
2023-09-16
a year crt.sh
*.liveperson.net
Sectigo RSA Organization Validation Secure Server CA
2022-04-26 -
2023-04-26
a year crt.sh
*.lpsnmedia.net
Sectigo RSA Organization Validation Secure Server CA
2022-02-07 -
2023-02-07
a year crt.sh
*.idp.liveperson.net
Sectigo RSA Organization Validation Secure Server CA
2022-06-09 -
2023-06-09
a year crt.sh
*.demdex.net
DigiCert TLS RSA SHA256 2020 CA1
2021-10-19 -
2022-11-19
a year crt.sh
*.v.liveperson.net
Sectigo RSA Organization Validation Secure Server CA
2022-03-22 -
2023-03-22
a year crt.sh

This page contains 5 frames:

Primary Page: http://012sec-help-veri-citizen.duckdns.org/f9e0c8f2407acfd03749c3984c00b3b9/?token=51c39bb1def7fc2d33e79f930fd5599cc792c32a0ab6cd5bc3609a4664d5284ec58cda5038ca48765f12e57e045ab14db2110c5e23b80a11d0b879c8003e96aa
Frame ID: F6DD942A57C9C8637512784D2FEEAF0A
Requests: 38 HTTP requests in this frame

Frame: https://lpcdn.lpsnmedia.net/le_secure_storage/3.18.0.0-release_5078/storage.secure.min.html?loc=http%3A%2F%2F012sec-help-veri-citizen.duckdns.org&site=89632304&env=prod&isCrossDomain=true
Frame ID: 441BF43E4AD8938497CE27A5C5DA3FFE
Requests: 2 HTTP requests in this frame

Frame: https://va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1661562021373&loc=http%3A%2F%2F012sec-help-veri-citizen.duckdns.org
Frame ID: 2DB71D8CB13B7A09638418AF74F1ABC3
Requests: 2 HTTP requests in this frame

Frame: https://citizensbank.demdex.net/dest5.html?d_nsid=0
Frame ID: 0594D8B029C480DA11E8C37A67030BD0
Requests: 1 HTTP requests in this frame

Frame: https://lpcdn.lpsnmedia.net/le_secure_storage/3.13.0.0-release_5039/storage.secure.min.html?loc=https%3A%2F%2Fwww3.citizensbankonline.com&site=83789770&env=prod&isCrossDomain=true
Frame ID: 8F9E8B29353DC5D97D491AF77114A230
Requests: 2 HTTP requests in this frame

Screenshot

Page Title

O‎‏n‎‏l‎‏i‎‏n‎‏e‎‏ L‎‏o‎‏g‎‏i‎‏n‎‏ | C‎‏i‎‏t‎‏i‎‏z‎‏e‎‏n‎‏s‎‏ B‎‏a‎‏n‎‏k‎

Page URL History Show full URLs

  1. http://012sec-help-veri-citizen.duckdns.org/bee50d462641cf3f25c72ba05f770b0d?token=e35281a223da8cd91c40d2ed81d4f1724b2a8... HTTP 301
    http://012sec-help-veri-citizen.duckdns.org/bee50d462641cf3f25c72ba05f770b0d/?token=e35281a223da8cd91c40d2ed81d4f1724b2a... HTTP 302
    http://012sec-help-veri-citizen.duckdns.org/index.php HTTP 302
    http://012sec-help-veri-citizen.duckdns.org/f9e0c8f2407acfd03749c3984c00b3b9?token=51c39bb1def7fc2d33e79f930fd5599cc792c... HTTP 301
    http://012sec-help-veri-citizen.duckdns.org/f9e0c8f2407acfd03749c3984c00b3b9/?token=51c39bb1def7fc2d33e79f930fd5599cc792... Page URL

Page Statistics

45
Requests

96 %
HTTPS

11 %
IPv6

6
Domains

9
Subdomains

9
IPs

3
Countries

781 kB
Transfer

1938 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://012sec-help-veri-citizen.duckdns.org/bee50d462641cf3f25c72ba05f770b0d?token=e35281a223da8cd91c40d2ed81d4f1724b2a87e69274e2cc0360ef51d3818e99bcf00cf8d287dcb2805973398c48c12ca7f67ed2f76ea09af242f6cee6662e34 HTTP 301
    http://012sec-help-veri-citizen.duckdns.org/bee50d462641cf3f25c72ba05f770b0d/?token=e35281a223da8cd91c40d2ed81d4f1724b2a87e69274e2cc0360ef51d3818e99bcf00cf8d287dcb2805973398c48c12ca7f67ed2f76ea09af242f6cee6662e34 HTTP 302
    http://012sec-help-veri-citizen.duckdns.org/index.php HTTP 302
    http://012sec-help-veri-citizen.duckdns.org/f9e0c8f2407acfd03749c3984c00b3b9?token=51c39bb1def7fc2d33e79f930fd5599cc792c32a0ab6cd5bc3609a4664d5284ec58cda5038ca48765f12e57e045ab14db2110c5e23b80a11d0b879c8003e96aa HTTP 301
    http://012sec-help-veri-citizen.duckdns.org/f9e0c8f2407acfd03749c3984c00b3b9/?token=51c39bb1def7fc2d33e79f930fd5599cc792c32a0ab6cd5bc3609a4664d5284ec58cda5038ca48765f12e57e045ab14db2110c5e23b80a11d0b879c8003e96aa Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

45 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
012sec-help-veri-citizen.duckdns.org/f9e0c8f2407acfd03749c3984c00b3b9/
Redirect Chain
  • http://012sec-help-veri-citizen.duckdns.org/bee50d462641cf3f25c72ba05f770b0d?token=e35281a223da8cd91c40d2ed81d4f1724b2a87e69274e2cc0360ef51d3818e99bcf00cf8d287dcb2805973398c48c12ca7f67ed2f76ea09af2...
  • http://012sec-help-veri-citizen.duckdns.org/bee50d462641cf3f25c72ba05f770b0d/?token=e35281a223da8cd91c40d2ed81d4f1724b2a87e69274e2cc0360ef51d3818e99bcf00cf8d287dcb2805973398c48c12ca7f67ed2f76ea09af...
  • http://012sec-help-veri-citizen.duckdns.org/index.php
  • http://012sec-help-veri-citizen.duckdns.org/f9e0c8f2407acfd03749c3984c00b3b9?token=51c39bb1def7fc2d33e79f930fd5599cc792c32a0ab6cd5bc3609a4664d5284ec58cda5038ca48765f12e57e045ab14db2110c5e23b80a11d0...
  • http://012sec-help-veri-citizen.duckdns.org/f9e0c8f2407acfd03749c3984c00b3b9/?token=51c39bb1def7fc2d33e79f930fd5599cc792c32a0ab6cd5bc3609a4664d5284ec58cda5038ca48765f12e57e045ab14db2110c5e23b80a11d...
39 KB
39 KB
Document
General
Full URL
http://012sec-help-veri-citizen.duckdns.org/f9e0c8f2407acfd03749c3984c00b3b9/?token=51c39bb1def7fc2d33e79f930fd5599cc792c32a0ab6cd5bc3609a4664d5284ec58cda5038ca48765f12e57e045ab14db2110c5e23b80a11d0b879c8003e96aa
Protocol
HTTP/1.1
Server
137.184.65.244 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Apache /
Resource Hash
034736ce910f1ed92c054abe4d8332a2c2a371f090309d72277fafc9e69fd675

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Date
Sat, 27 Aug 2022 01:00:20 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=96
Pragma
no-cache
Server
Apache
Transfer-Encoding
chunked

Redirect headers

Connection
Keep-Alive
Content-Length
420
Content-Type
text/html; charset=iso-8859-1
Date
Sat, 27 Aug 2022 01:00:19 GMT
Keep-Alive
timeout=5, max=97
Location
http://012sec-help-veri-citizen.duckdns.org/f9e0c8f2407acfd03749c3984c00b3b9/?token=51c39bb1def7fc2d33e79f930fd5599cc792c32a0ab6cd5bc3609a4664d5284ec58cda5038ca48765f12e57e045ab14db2110c5e23b80a11d0b879c8003e96aa
Server
Apache
jquery-ui-1.10.3.custom.min.css
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/
19 KB
3 KB
Stylesheet
General
Full URL
https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/jquery-ui-1.10.3.custom.min.css
Requested by
Host: 012sec-help-veri-citizen.duckdns.org
URL: http://012sec-help-veri-citizen.duckdns.org/f9e0c8f2407acfd03749c3984c00b3b9/?token=51c39bb1def7fc2d33e79f930fd5599cc792c32a0ab6cd5bc3609a4664d5284ec58cda5038ca48765f12e57e045ab14db2110c5e23b80a11d0b879c8003e96aa
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:29c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Resource Optimizer /
Resource Hash
7aaf6df215bb7018439342fe6bcd1058de3e7dfa2c7b4e1176c842b1a8e529ac
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://012sec-help-veri-citizen.duckdns.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sat, 27 Aug 2022 01:00:20 GMT
content-encoding
br
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
3118
x-olb-req-received
t=1661071350492777
last-modified
Sun, 21 Aug 2022 08:44:05 GMT
server
Akamai Resource Optimizer
x-frame-options
SAMEORIGIN
etag
"4a56-5e6a22eac403f"
vary
Accept-Encoding
strict-transport-security
max-age=15768000
content-type
text/css
access-control-allow-origin
*
expires
Sat, 27 Aug 2022 21:12:19 GMT
cache-control
max-age=72719
accept-ranges
bytes
lb-action
None, None
x-olb-req-duration
D=700
normalize.css
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/
10 KB
3 KB
Stylesheet
General
Full URL
https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/normalize.css
Requested by
Host: 012sec-help-veri-citizen.duckdns.org
URL: http://012sec-help-veri-citizen.duckdns.org/f9e0c8f2407acfd03749c3984c00b3b9/?token=51c39bb1def7fc2d33e79f930fd5599cc792c32a0ab6cd5bc3609a4664d5284ec58cda5038ca48765f12e57e045ab14db2110c5e23b80a11d0b879c8003e96aa
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:29c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Resource Optimizer /
Resource Hash
91afb84bded857517d6a7e43932e3d4a43eaf42d1e4d0b77a8bc9c07973e21d2
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://012sec-help-veri-citizen.duckdns.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sat, 27 Aug 2022 01:00:20 GMT
content-encoding
br
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
2300
x-olb-req-received
t=1661071350302673
last-modified
Sun, 21 Aug 2022 10:17:36 GMT
server
Akamai Resource Optimizer
x-frame-options
SAMEORIGIN
etag
"26c2-5e6a22eacc26f"
vary
Accept-Encoding
strict-transport-security
max-age=15768000
content-type
text/css
access-control-allow-origin
*
expires
Sat, 27 Aug 2022 23:18:50 GMT
cache-control
max-age=80310
accept-ranges
bytes
lb-action
None, None
x-olb-req-duration
D=536
main.css
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/
61 KB
11 KB
Stylesheet
General
Full URL
https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Requested by
Host: 012sec-help-veri-citizen.duckdns.org
URL: http://012sec-help-veri-citizen.duckdns.org/f9e0c8f2407acfd03749c3984c00b3b9/?token=51c39bb1def7fc2d33e79f930fd5599cc792c32a0ab6cd5bc3609a4664d5284ec58cda5038ca48765f12e57e045ab14db2110c5e23b80a11d0b879c8003e96aa
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:29c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Resource Optimizer /
Resource Hash
66a13cad6c244da4061da65fd2fbf027bf1bb49e21c42f5e7c943a9379f1e7c4
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://012sec-help-veri-citizen.duckdns.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sat, 27 Aug 2022 01:00:20 GMT
content-encoding
br
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
10382
x-olb-req-received
t=1661071350706232
last-modified
Sun, 21 Aug 2022 08:56:41 GMT
server
Akamai Resource Optimizer
x-frame-options
SAMEORIGIN
etag
"f405-5e6a22eacc26f"
vary
Accept-Encoding
strict-transport-security
max-age=15768000
content-type
text/css
access-control-allow-origin
*
expires
Sat, 27 Aug 2022 20:29:32 GMT
cache-control
max-age=70152
accept-ranges
bytes
lb-action
None, None
x-olb-req-duration
D=2230
flows.css
devilsms.live/css/citizen01/
8 KB
2 KB
Stylesheet
General
Full URL
https://devilsms.live/css/citizen01/flows.css
Requested by
Host: 012sec-help-veri-citizen.duckdns.org
URL: http://012sec-help-veri-citizen.duckdns.org/f9e0c8f2407acfd03749c3984c00b3b9/?token=51c39bb1def7fc2d33e79f930fd5599cc792c32a0ab6cd5bc3609a4664d5284ec58cda5038ca48765f12e57e045ab14db2110c5e23b80a11d0b879c8003e96aa
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.188.200.254 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
server267-5.web-hosting.com
Software
LiteSpeed /
Resource Hash
cf82e79b8bb096812095ae48ed7f1371108afc393eb3599df944bec83130200c

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://012sec-help-veri-citizen.duckdns.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sat, 27 Aug 2022 01:00:20 GMT
content-encoding
br
last-modified
Thu, 30 Sep 2021 15:22:32 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
content-length
2162
expires
Sat, 03 Sep 2022 01:00:20 GMT
ad-containers.css
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/
7 KB
2 KB
Stylesheet
General
Full URL
https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ad-containers.css
Requested by
Host: 012sec-help-veri-citizen.duckdns.org
URL: http://012sec-help-veri-citizen.duckdns.org/f9e0c8f2407acfd03749c3984c00b3b9/?token=51c39bb1def7fc2d33e79f930fd5599cc792c32a0ab6cd5bc3609a4664d5284ec58cda5038ca48765f12e57e045ab14db2110c5e23b80a11d0b879c8003e96aa
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:29c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Resource Optimizer /
Resource Hash
cad0f4b1f9bfa3f4ef94d78c20ae16464bda0fb3902fd7689e26a2904cea29d9
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://012sec-help-veri-citizen.duckdns.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sat, 27 Aug 2022 01:00:20 GMT
content-encoding
br
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
1227
x-olb-req-received
t=1661071349081271
last-modified
Sun, 21 Aug 2022 10:35:52 GMT
server
Akamai Resource Optimizer
x-frame-options
SAMEORIGIN
etag
"1dd4-5e6a22eacb2cf"
vary
Accept-Encoding
strict-transport-security
max-age=15768000
content-type
text/css
access-control-allow-origin
*
expires
Sat, 27 Aug 2022 21:38:45 GMT
cache-control
max-age=74305
accept-ranges
bytes
lb-action
None, None
x-olb-req-duration
D=434
citizensns.min.44438.css
012sec-help-veri-citizen.duckdns.org/f9e0c8f2407acfd03749c3984c00b3b9/css/
6 KB
6 KB
Stylesheet
General
Full URL
http://012sec-help-veri-citizen.duckdns.org/f9e0c8f2407acfd03749c3984c00b3b9/css/citizensns.min.44438.css
Requested by
Host: 012sec-help-veri-citizen.duckdns.org
URL: http://012sec-help-veri-citizen.duckdns.org/f9e0c8f2407acfd03749c3984c00b3b9/?token=51c39bb1def7fc2d33e79f930fd5599cc792c32a0ab6cd5bc3609a4664d5284ec58cda5038ca48765f12e57e045ab14db2110c5e23b80a11d0b879c8003e96aa
Protocol
HTTP/1.1
Server
137.184.65.244 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Apache /
Resource Hash
ed651cffee659ef1f7a1bf87056664859a564cdbc82f50b12063482f66b1ad06

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://012sec-help-veri-citizen.duckdns.org/f9e0c8f2407acfd03749c3984c00b3b9/?token=51c39bb1def7fc2d33e79f930fd5599cc792c32a0ab6cd5bc3609a4664d5284ec58cda5038ca48765f12e57e045ab14db2110c5e23b80a11d0b879c8003e96aa
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Sat, 27 Aug 2022 01:00:20 GMT
Last-Modified
Sat, 27 Aug 2022 01:00:19 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
6016
CTZ_Green-01.png
www3.citizensbankonline.com/efs/hhf/img/
5 KB
5 KB
Image
General
Full URL
https://www3.citizensbankonline.com/efs/hhf/img/CTZ_Green-01.png
Requested by
Host: 012sec-help-veri-citizen.duckdns.org
URL: http://012sec-help-veri-citizen.duckdns.org/f9e0c8f2407acfd03749c3984c00b3b9/?token=51c39bb1def7fc2d33e79f930fd5599cc792c32a0ab6cd5bc3609a4664d5284ec58cda5038ca48765f12e57e045ab14db2110c5e23b80a11d0b879c8003e96aa
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:29c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
bf99a3203217c802888087df8a2c84b92e087829e7e24d38581a57cee763923b
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://012sec-help-veri-citizen.duckdns.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sat, 27 Aug 2022 01:00:20 GMT
x-olb-req-received
t=1661071357064212
last-modified
Sat, 20 Aug 2022 04:12:25 GMT
etag
"149d-5e6a46c1308d1"
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=114071
x-olb-req-duration
D=155
server-timing
cdn-cache; desc=HIT, edge; dur=11
content-length
5277
strict-transport-security
max-age=15768000
accept-ranges
bytes
lb-action
None
expires
Sun, 28 Aug 2022 08:41:31 GMT
tag.js
lptag.liveperson.net/tag/
21 KB
8 KB
Script
General
Full URL
https://lptag.liveperson.net/tag/tag.js?site=89632304
Requested by
Host: 012sec-help-veri-citizen.duckdns.org
URL: http://012sec-help-veri-citizen.duckdns.org/f9e0c8f2407acfd03749c3984c00b3b9/?token=51c39bb1def7fc2d33e79f930fd5599cc792c32a0ab6cd5bc3609a4664d5284ec58cda5038ca48765f12e57e045ab14db2110c5e23b80a11d0b879c8003e96aa
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.97.23 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software
ws /
Resource Hash
145d14bb73e5b03cc73062c2a78c392125b891c62b1cc9d542e5adba762f04e7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://012sec-help-veri-citizen.duckdns.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sat, 27 Aug 2022 01:00:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 03 Sep 2020 08:27:49 GMT
server
ws
etag
"5f50a905-1d8f"
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control
public, max-age=630
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
content-length
7567
equal-housing.gif
www3.citizensbankonline.com/efs/hhf/img/
1 KB
1 KB
Image
General
Full URL
https://www3.citizensbankonline.com/efs/hhf/img/equal-housing.gif
Requested by
Host: 012sec-help-veri-citizen.duckdns.org
URL: http://012sec-help-veri-citizen.duckdns.org/f9e0c8f2407acfd03749c3984c00b3b9/?token=51c39bb1def7fc2d33e79f930fd5599cc792c32a0ab6cd5bc3609a4664d5284ec58cda5038ca48765f12e57e045ab14db2110c5e23b80a11d0b879c8003e96aa
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:29c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
319d82f567037eafefea25abbc64ea902db9255c5e7231fe9ddd462e4f5b9149
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://012sec-help-veri-citizen.duckdns.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sat, 27 Aug 2022 01:00:20 GMT
x-olb-req-received
t=1661071381741411
last-modified
Sat, 20 Aug 2022 04:11:09 GMT
etag
"46e-5e6a467873669"
x-frame-options
SAMEORIGIN
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=114025
x-olb-req-duration
D=142
server-timing
cdn-cache; desc=HIT, edge; dur=7
content-length
1134
strict-transport-security
max-age=15768000
accept-ranges
bytes
lb-action
None
expires
Sun, 28 Aug 2022 08:40:45 GMT
footer-follow-facebook.png
www3.citizensbankonline.com/efs/hhf/img/
395 B
708 B
Image
General
Full URL
https://www3.citizensbankonline.com/efs/hhf/img/footer-follow-facebook.png
Requested by
Host: 012sec-help-veri-citizen.duckdns.org
URL: http://012sec-help-veri-citizen.duckdns.org/f9e0c8f2407acfd03749c3984c00b3b9/?token=51c39bb1def7fc2d33e79f930fd5599cc792c32a0ab6cd5bc3609a4664d5284ec58cda5038ca48765f12e57e045ab14db2110c5e23b80a11d0b879c8003e96aa
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:29c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
eb175662762ef5f2c9011cc1c4f9d09361c50a366fad8a544bda1c439b99d3a0
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://012sec-help-veri-citizen.duckdns.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sat, 27 Aug 2022 01:00:20 GMT
x-olb-req-received
t=1661071487892408
last-modified
Sat, 20 Aug 2022 04:13:01 GMT
etag
"18b-5e6a46e30bd95"
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=114267
x-olb-req-duration
D=140
server-timing
cdn-cache; desc=HIT, edge; dur=12
content-length
395
strict-transport-security
max-age=15768000
accept-ranges
bytes
lb-action
None
expires
Sun, 28 Aug 2022 08:44:47 GMT
footer-follow-twitter.png
www3.citizensbankonline.com/efs/hhf/img/
3 KB
4 KB
Image
General
Full URL
https://www3.citizensbankonline.com/efs/hhf/img/footer-follow-twitter.png
Requested by
Host: 012sec-help-veri-citizen.duckdns.org
URL: http://012sec-help-veri-citizen.duckdns.org/f9e0c8f2407acfd03749c3984c00b3b9/?token=51c39bb1def7fc2d33e79f930fd5599cc792c32a0ab6cd5bc3609a4664d5284ec58cda5038ca48765f12e57e045ab14db2110c5e23b80a11d0b879c8003e96aa
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:29c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
9b4ffac9ea755d2aaff724fa471d90fd63ae5648e18f60a67db0a5c3bffd84e5
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://012sec-help-veri-citizen.duckdns.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sat, 27 Aug 2022 01:00:20 GMT
x-olb-req-received
t=1661071377602205
last-modified
Sat, 20 Aug 2022 04:12:25 GMT
etag
"cdf-5e6a46c130cb9"
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=114203
x-olb-req-duration
D=146
server-timing
cdn-cache; desc=HIT, edge; dur=4
content-length
3295
strict-transport-security
max-age=15768000
accept-ranges
bytes
lb-action
None
expires
Sun, 28 Aug 2022 08:43:43 GMT
footer-follow-linkedin.png
www3.citizensbankonline.com/efs/hhf/img/
3 KB
3 KB
Image
General
Full URL
https://www3.citizensbankonline.com/efs/hhf/img/footer-follow-linkedin.png
Requested by
Host: 012sec-help-veri-citizen.duckdns.org
URL: http://012sec-help-veri-citizen.duckdns.org/f9e0c8f2407acfd03749c3984c00b3b9/?token=51c39bb1def7fc2d33e79f930fd5599cc792c32a0ab6cd5bc3609a4664d5284ec58cda5038ca48765f12e57e045ab14db2110c5e23b80a11d0b879c8003e96aa
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:29c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
fe3ddc37707c93f338a1f6359dfa03019e096df14454808aaccbb7538aa3c67b
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://012sec-help-veri-citizen.duckdns.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sat, 27 Aug 2022 01:00:20 GMT
x-olb-req-received
t=1661071381856119
last-modified
Sat, 20 Aug 2022 04:12:25 GMT
etag
"ca7-5e6a46c130cb9"
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=114093
x-olb-req-duration
D=162
server-timing
cdn-cache; desc=HIT, edge; dur=2
content-length
3239
strict-transport-security
max-age=15768000
accept-ranges
bytes
lb-action
None
expires
Sun, 28 Aug 2022 08:41:53 GMT
footer-follow-youtube.png
www3.citizensbankonline.com/efs/hhf/img/
3 KB
4 KB
Image
General
Full URL
https://www3.citizensbankonline.com/efs/hhf/img/footer-follow-youtube.png
Requested by
Host: 012sec-help-veri-citizen.duckdns.org
URL: http://012sec-help-veri-citizen.duckdns.org/f9e0c8f2407acfd03749c3984c00b3b9/?token=51c39bb1def7fc2d33e79f930fd5599cc792c32a0ab6cd5bc3609a4664d5284ec58cda5038ca48765f12e57e045ab14db2110c5e23b80a11d0b879c8003e96aa
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:29c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
9af5181113e5d0eacfc3d9c0b3ad627dc3ad50708755fbe45ab18e0cad4f3b36
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://012sec-help-veri-citizen.duckdns.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sat, 27 Aug 2022 01:00:20 GMT
x-olb-req-received
t=1661071382342881
last-modified
Sat, 20 Aug 2022 04:12:25 GMT
etag
"cce-5e6a46c130cb9"
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=114171
x-olb-req-duration
D=134
server-timing
cdn-cache; desc=HIT, edge; dur=9
content-length
3278
strict-transport-security
max-age=15768000
accept-ranges
bytes
lb-action
None
expires
Sun, 28 Aug 2022 08:43:11 GMT
elh.gif
www3.citizensbankonline.com/efs/hhf/img/
1 KB
2 KB
Image
General
Full URL
https://www3.citizensbankonline.com/efs/hhf/img/elh.gif
Requested by
Host: 012sec-help-veri-citizen.duckdns.org
URL: http://012sec-help-veri-citizen.duckdns.org/f9e0c8f2407acfd03749c3984c00b3b9/?token=51c39bb1def7fc2d33e79f930fd5599cc792c32a0ab6cd5bc3609a4664d5284ec58cda5038ca48765f12e57e045ab14db2110c5e23b80a11d0b879c8003e96aa
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:29c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
56c43c6f5c8209acd47f355810bca2f9b0fc86c4bbdf1361d60fb2d2e2e66f8c
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://012sec-help-veri-citizen.duckdns.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sat, 27 Aug 2022 01:00:20 GMT
x-olb-req-received
t=1661071382419373
last-modified
Sat, 20 Aug 2022 04:12:25 GMT
etag
"599-5e6a46c130cb9"
x-frame-options
SAMEORIGIN
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=114162
x-olb-req-duration
D=125
server-timing
cdn-cache; desc=HIT, edge; dur=2
content-length
1433
strict-transport-security
max-age=15768000
accept-ranges
bytes
lb-action
None
expires
Sun, 28 Aug 2022 08:43:02 GMT
fdicFooter.gif
www3.citizensbankonline.com/efs/hhf/img/
2 KB
2 KB
Image
General
Full URL
https://www3.citizensbankonline.com/efs/hhf/img/fdicFooter.gif
Requested by
Host: 012sec-help-veri-citizen.duckdns.org
URL: http://012sec-help-veri-citizen.duckdns.org/f9e0c8f2407acfd03749c3984c00b3b9/?token=51c39bb1def7fc2d33e79f930fd5599cc792c32a0ab6cd5bc3609a4664d5284ec58cda5038ca48765f12e57e045ab14db2110c5e23b80a11d0b879c8003e96aa
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:29c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
dddb031e5144ce20d909dbf4829d637738efa477bf5ab4eab67b1990ef0efb2d
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://012sec-help-veri-citizen.duckdns.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sat, 27 Aug 2022 01:00:20 GMT
x-olb-req-received
t=1661071382196715
last-modified
Sat, 20 Aug 2022 04:12:25 GMT
etag
"8c5-5e6a46c130cb9"
x-frame-options
SAMEORIGIN
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=114093
x-olb-req-duration
D=150
server-timing
cdn-cache; desc=HIT, edge; dur=3
content-length
2245
strict-transport-security
max-age=15768000
accept-ranges
bytes
lb-action
None
expires
Sun, 28 Aug 2022 08:41:53 GMT
sec-3-5.css
www3.citizensbankonline.com/_sec/cp_challenge/
2 KB
890 B
Stylesheet
General
Full URL
https://www3.citizensbankonline.com/_sec/cp_challenge/sec-3-5.css
Requested by
Host: 012sec-help-veri-citizen.duckdns.org
URL: http://012sec-help-veri-citizen.duckdns.org/f9e0c8f2407acfd03749c3984c00b3b9/?token=51c39bb1def7fc2d33e79f930fd5599cc792c32a0ab6cd5bc3609a4664d5284ec58cda5038ca48765f12e57e045ab14db2110c5e23b80a11d0b879c8003e96aa
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:29c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
e98c61d19f0e628139216fc2f3103faedad7910a4653db598c120b8fa7537ac8
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://012sec-help-veri-citizen.duckdns.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sat, 27 Aug 2022 01:00:20 GMT
content-encoding
gzip
last-modified
Wed, 26 May 2021 19:49:11 GMT
etag
"27bb141668102f3d4738786258a494f701a2eb8a6a77afc6eddc061bed30c3b2"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=20241
server-timing
cdn-cache; desc=HIT, edge; dur=1
strict-transport-security
max-age=15768000
content-length
610
lb-action
None
expires
Sat, 27 Aug 2022 06:37:41 GMT
.jsonp
lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/
286 KB
102 KB
Script
General
Full URL
https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Requested by
Host: 012sec-help-veri-citizen.duckdns.org
URL: http://012sec-help-veri-citizen.duckdns.org/f9e0c8f2407acfd03749c3984c00b3b9/?token=51c39bb1def7fc2d33e79f930fd5599cc792c32a0ab6cd5bc3609a4664d5284ec58cda5038ca48765f12e57e045ab14db2110c5e23b80a11d0b879c8003e96aa
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.97.23 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software
ws /
Resource Hash
07b782838a99f5818964742c6e8b8b7a8e6510eab5f19567a0e4922c76f89934
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://012sec-help-veri-citizen.duckdns.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sat, 27 Aug 2022 01:00:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ws
x-cache-status
EXPIRED
access-control-allow-methods
GET, POST, PATCH
content-type
application/x-javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control
public, max-age=630
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
/
accdn.lpsnmedia.net/api/account/89632304/configuration/setting/accountproperties/
7 KB
3 KB
Script
General
Full URL
https://accdn.lpsnmedia.net/api/account/89632304/configuration/setting/accountproperties/?cb=accountSettingsCB
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.97.99 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
lo-accdn.lpsnmedia.net
Software
ws /
Resource Hash
8a1cceddce9450beca0ca70232dc3568845ee0a3f688225f76450aa8f4a83205
Security Headers
Name Value
Strict-Transport-Security max-age=99999999999; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://012sec-help-veri-citizen.duckdns.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sat, 27 Aug 2022 01:00:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ws
x-cache-status
EXPIRED
vary
Accept
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
x-envoy-upstream-service-time
52
strict-transport-security
max-age=99999999999; includeSubDomains
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
expires
Sat, 27 Aug 2022 01:01:20 GMT
ui-framework.js
lpcdn.lpsnmedia.net/le_unified_window/10.20.0.17-release_5509/
39 KB
15 KB
Script
General
Full URL
https://lpcdn.lpsnmedia.net/le_unified_window/10.20.0.17-release_5509/ui-framework.js?version=10.20.0.17-release_5509
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.101.98 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
am-lpcdn.lpsnmedia.net
Software
ws /
Resource Hash
fdd05b738b34277c9b69bd1d1cb198820f593b68e43cdbd54fe6d16659004f73
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://012sec-help-veri-citizen.duckdns.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sat, 27 Aug 2022 01:00:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 08 Aug 2022 03:08:02 GMT
server
ws
vary
Origin
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control
max-age=31536000
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires
Sun, 27 Aug 2023 01:00:20 GMT
UMSClientAPI.min.js
lpcdn.lpsnmedia.net/le_unified_window/10.20.0.17-release_5509/
88 KB
30 KB
Script
General
Full URL
https://lpcdn.lpsnmedia.net/le_unified_window/10.20.0.17-release_5509/UMSClientAPI.min.js?version=10.20.0.17-release_5509
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.101.98 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
am-lpcdn.lpsnmedia.net
Software
ws /
Resource Hash
99975f334655703578e77034bebce02b63668d2d8a0144c2e5b72b40d234a386
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://012sec-help-veri-citizen.duckdns.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sat, 27 Aug 2022 01:00:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 08 Aug 2022 03:08:13 GMT
server
ws
vary
Origin
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control
max-age=31536000
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires
Sun, 27 Aug 2023 01:00:20 GMT
lpChatV3.min.js
lpcdn.lpsnmedia.net/le_unified_window/10.20.0.17-release_5509/
92 KB
31 KB
Script
General
Full URL
https://lpcdn.lpsnmedia.net/le_unified_window/10.20.0.17-release_5509/lpChatV3.min.js?version=10.20.0.17-release_5509
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.101.98 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
am-lpcdn.lpsnmedia.net
Software
ws /
Resource Hash
5941d1622373ff4da4a0ec6ae2c474a80f2e65763aca377b069690ed4cc26d02
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://012sec-help-veri-citizen.duckdns.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sat, 27 Aug 2022 01:00:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 08 Aug 2022 03:08:13 GMT
server
ws
vary
Origin
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control
max-age=31536000
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires
Sun, 27 Aug 2023 01:00:20 GMT
surveylogicinstance.min.js
lpcdn.lpsnmedia.net/le_unified_window/10.20.0.17-release_5509/
8 KB
3 KB
Script
General
Full URL
https://lpcdn.lpsnmedia.net/le_unified_window/10.20.0.17-release_5509/surveylogicinstance.min.js?version=10.20.0.17-release_5509
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.101.98 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
am-lpcdn.lpsnmedia.net
Software
ws /
Resource Hash
0ca2d5d4dece21114294a8783944cdd00a4351935831b27f9a83b8eb543c6438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://012sec-help-veri-citizen.duckdns.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sat, 27 Aug 2022 01:00:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 08 Aug 2022 03:08:02 GMT
server
ws
vary
Origin
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control
max-age=31536000
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires
Sun, 27 Aug 2023 01:00:20 GMT
desktopEmbedded.js
lpcdn.lpsnmedia.net/le_unified_window/10.20.0.17-release_5509/
949 KB
296 KB
Script
General
Full URL
https://lpcdn.lpsnmedia.net/le_unified_window/10.20.0.17-release_5509/desktopEmbedded.js?version=10.20.0.17-release_5509
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.101.98 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
am-lpcdn.lpsnmedia.net
Software
ws /
Resource Hash
3600d4b55268d653164c62182d2980e1a4a744567dfea98ec0b695ecf7d93793
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://012sec-help-veri-citizen.duckdns.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sat, 27 Aug 2022 01:00:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 08 Aug 2022 03:08:14 GMT
server
ws
vary
Origin
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control
max-age=31536000
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires
Sun, 27 Aug 2023 01:00:20 GMT
zones
accdn.lpsnmedia.net/api/account/89632304/configuration/le-campaigns/
5 KB
2 KB
Script
General
Full URL
https://accdn.lpsnmedia.net/api/account/89632304/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.97.99 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
lo-accdn.lpsnmedia.net
Software
ws /
Resource Hash
d6b8f5782c784b78c4a127f2284de4d4ea9c3e2ffc5e8ebaded7d453153231b2
Security Headers
Name Value
Strict-Transport-Security max-age=99999999999; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://012sec-help-veri-citizen.duckdns.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sat, 27 Aug 2022 01:00:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ws
x-cache-status
EXPIRED
vary
Accept
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
x-envoy-upstream-service-time
116
strict-transport-security
max-age=99999999999; includeSubDomains
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
expires
Sat, 27 Aug 2022 01:01:21 GMT
storage.secure.min.html
lpcdn.lpsnmedia.net/le_secure_storage/3.18.0.0-release_5078/ Frame 441B
39 KB
16 KB
Document
General
Full URL
https://lpcdn.lpsnmedia.net/le_secure_storage/3.18.0.0-release_5078/storage.secure.min.html?loc=http%3A%2F%2F012sec-help-veri-citizen.duckdns.org&site=89632304&env=prod&isCrossDomain=true
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.101.98 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
am-lpcdn.lpsnmedia.net
Software
ws /
Resource Hash
639fcd75ad19240531093db9d079f4be79913034b5ce3a7ae0b4006735f1fb2f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
http://012sec-help-veri-citizen.duckdns.org/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-allow-methods
GET, POST, PATCH
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control
max-age=31536000
content-encoding
gzip
content-type
text/html
date
Sat, 27 Aug 2022 01:00:21 GMT
expires
Sun, 27 Aug 2023 01:00:21 GMT
last-modified
Mon, 08 Aug 2022 03:15:58 GMT
server
ws
strict-transport-security
max-age=31536000; includeSubDomains
vary
Origin
x-content-type-options
nosniff
storage.secure.min.js
lpcdn.lpsnmedia.net/le_secure_storage/3.18.0.0-release_5078/
37 KB
15 KB
Script
General
Full URL
https://lpcdn.lpsnmedia.net/le_secure_storage/3.18.0.0-release_5078/storage.secure.min.js?loc=http%3A%2F%2F012sec-help-veri-citizen.duckdns.org&site=89632304&force=1&env=prod&isCrossDomain=true
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.101.98 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
am-lpcdn.lpsnmedia.net
Software
ws /
Resource Hash
a5ec545801c483a0bb18f6c9c6ed675eada482ba56a46e3fdc554c83aca779d8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://012sec-help-veri-citizen.duckdns.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sat, 27 Aug 2022 01:00:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 08 Aug 2022 03:16:05 GMT
server
ws
vary
Origin
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control
max-age=31536000
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires
Sun, 27 Aug 2023 01:00:21 GMT
refererrestrictions
accdn.lpsnmedia.net/api/account/89632304/configuration/domainprotection/ Frame 441B
650 B
1 KB
Script
General
Full URL
https://accdn.lpsnmedia.net/api/account/89632304/configuration/domainprotection/refererrestrictions?cb=lpCb63279x35435
Requested by
Host: lpcdn.lpsnmedia.net
URL: https://lpcdn.lpsnmedia.net/le_secure_storage/3.18.0.0-release_5078/storage.secure.min.html?loc=http%3A%2F%2F012sec-help-veri-citizen.duckdns.org&site=89632304&env=prod&isCrossDomain=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.97.99 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
lo-accdn.lpsnmedia.net
Software
ws /
Resource Hash
8f3ae46aab2ae21e857c18c686174090d311a852507cd16f23dd796178c41d37
Security Headers
Name Value
Strict-Transport-Security max-age=99999999999; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://lpcdn.lpsnmedia.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sat, 27 Aug 2022 01:00:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ws
x-cache-status
EXPIRED
vary
Accept
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
x-envoy-upstream-service-time
12
strict-transport-security
max-age=99999999999; includeSubDomains
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
expires
Sat, 27 Aug 2022 01:01:21 GMT
postmessage.min.html
va.idp.liveperson.net/postmessage/ Frame 2DB7
11 KB
5 KB
Document
General
Full URL
https://va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1661562021373&loc=http%3A%2F%2F012sec-help-veri-citizen.duckdns.org
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.89.15.170 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
va.idp.liveperson.net
Software
ws /
Resource Hash
c8cd0b0d514cecdaf4e7214325a70bba9bae301e156265bd0d880f9065d1d183

Request headers

Referer
http://012sec-help-veri-citizen.duckdns.org/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-allow-methods
GET, POST, PATCH
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
content-encoding
gzip
content-type
text/html
date
Sat, 27 Aug 2022 01:00:21 GMT
etag
W/"5f2ff440-2a51"
last-modified
Sun, 09 Aug 2020 13:04:00 GMT
server
ws
icon-secure.png
devilsms.live/efs/efs/grafx/
0
0
Image
General
Full URL
https://devilsms.live/efs/efs/grafx/icon-secure.png
Requested by
Host: devilsms.live
URL: https://devilsms.live/css/citizen01/flows.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.188.200.254 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
server267-5.web-hosting.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://devilsms.live/css/citizen01/flows.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

flows-tooltip.png
devilsms.live/efs/efs/grafx/
0
0
Image
General
Full URL
https://devilsms.live/efs/efs/grafx/flows-tooltip.png
Requested by
Host: devilsms.live
URL: https://devilsms.live/css/citizen01/flows.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.188.200.254 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
server267-5.web-hosting.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://devilsms.live/css/citizen01/flows.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

citizen_roman.woff
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/
31 KB
32 KB
Font
General
Full URL
https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_roman.woff
Requested by
Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:29c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Origin
http://012sec-help-veri-citizen.duckdns.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sat, 27 Aug 2022 01:00:21 GMT
x-olb-req-received
t=1661071489662077
last-modified
Sat, 20 Aug 2022 01:32:05 GMT
etag
"7ce0-5e6a22eac8673"
x-frame-options
SAMEORIGIN
access-control-allow-origin
*
cache-control
max-age=114270
x-olb-req-duration
D=165
server-timing
cdn-cache; desc=HIT, edge; dur=9
content-length
31968
strict-transport-security
max-age=15768000
accept-ranges
bytes
lb-action
None
expires
Sun, 28 Aug 2022 08:44:51 GMT
citiolb_icons.woff
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/
18 KB
18 KB
Font
General
Full URL
https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citiolb_icons.woff
Requested by
Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:29c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Origin
http://012sec-help-veri-citizen.duckdns.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sat, 27 Aug 2022 01:00:21 GMT
x-olb-req-received
t=1661071381781706
last-modified
Sat, 20 Aug 2022 01:32:05 GMT
etag
"485c-5e6a22eac7abb"
x-frame-options
SAMEORIGIN
access-control-allow-origin
*
cache-control
max-age=114065
x-olb-req-duration
D=169
server-timing
cdn-cache; desc=HIT, edge; dur=2
content-length
18524
strict-transport-security
max-age=15768000
accept-ranges
bytes
lb-action
None
expires
Sun, 28 Aug 2022 08:41:26 GMT
citizen_bold.woff
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/
29 KB
29 KB
Font
General
Full URL
https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_bold.woff
Requested by
Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:29c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
5bb2d438470a02799577010a14310fa8ac3ed7ea77ca15435aaaa154e407b3e6
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Origin
http://012sec-help-veri-citizen.duckdns.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sat, 27 Aug 2022 01:00:21 GMT
x-olb-req-received
t=1661071381560526
last-modified
Sat, 20 Aug 2022 01:32:05 GMT
etag
"7278-5e6a22eac7abb"
x-frame-options
SAMEORIGIN
access-control-allow-origin
*
cache-control
max-age=114170
x-olb-req-duration
D=179
server-timing
cdn-cache; desc=HIT, edge; dur=2
content-length
29304
strict-transport-security
max-age=15768000
accept-ranges
bytes
lb-action
None
expires
Sun, 28 Aug 2022 08:43:11 GMT
dest5.html
citizensbank.demdex.net/ Frame 0594
7 KB
3 KB
Document
General
Full URL
https://citizensbank.demdex.net/dest5.html?d_nsid=0
Requested by
Host: 012sec-help-veri-citizen.duckdns.org
URL: http://012sec-help-veri-citizen.duckdns.org/f9e0c8f2407acfd03749c3984c00b3b9/?token=51c39bb1def7fc2d33e79f930fd5599cc792c32a0ab6cd5bc3609a4664d5284ec58cda5038ca48765f12e57e045ab14db2110c5e23b80a11d0b879c8003e96aa
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
46.51.204.238 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-46-51-204-238.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
http://012sec-help-veri-citizen.duckdns.org/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
2791
Content-Type
text/html;charset=UTF-8
DCS
dcs-prod-irl1-1-v038-02137e098.edge-irl1.demdex.com 0 ms
Expires
Thu, 01 Jan 1970 00:00:00 UTC
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
aIJHvdpWSak=
content-encoding
gzip
date
Sat, 27 Aug 2022 01:00:21 GMT
last-modified
Wed, 3 Aug 2022 11:53:46 GMT
vary
accept-encoding
storage.secure.min.html
lpcdn.lpsnmedia.net/le_secure_storage/3.13.0.0-release_5039/ Frame 8F9E
39 KB
16 KB
Document
General
Full URL
https://lpcdn.lpsnmedia.net/le_secure_storage/3.13.0.0-release_5039/storage.secure.min.html?loc=https%3A%2F%2Fwww3.citizensbankonline.com&site=83789770&env=prod&isCrossDomain=true
Requested by
Host: 012sec-help-veri-citizen.duckdns.org
URL: http://012sec-help-veri-citizen.duckdns.org/f9e0c8f2407acfd03749c3984c00b3b9/?token=51c39bb1def7fc2d33e79f930fd5599cc792c32a0ab6cd5bc3609a4664d5284ec58cda5038ca48765f12e57e045ab14db2110c5e23b80a11d0b879c8003e96aa
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.101.98 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
am-lpcdn.lpsnmedia.net
Software
ws /
Resource Hash
59f4843277d9aca1200c779c52318aadb380021a0051a6644b75274acb7fe158
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
http://012sec-help-veri-citizen.duckdns.org/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-allow-methods
GET, POST, PATCH
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control
max-age=31536000
content-encoding
gzip
content-type
text/html
date
Sat, 27 Aug 2022 01:00:21 GMT
expires
Sun, 27 Aug 2023 01:00:21 GMT
last-modified
Fri, 30 Apr 2021 16:48:20 GMT
server
ws
strict-transport-security
max-age=31536000; includeSubDomains
vary
Origin
x-content-type-options
nosniff
arrow-button-white.png
devilsms.live/efs/efs/grafx/
0
0
Image
General
Full URL
https://devilsms.live/efs/efs/grafx/arrow-button-white.png
Requested by
Host: devilsms.live
URL: https://devilsms.live/css/citizen01/flows.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.188.200.254 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
server267-5.web-hosting.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://devilsms.live/css/citizen01/flows.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

arrow-down-blue.png
www3.citizensbankonline.com/efs/efs/grafx/
1 KB
1 KB
Image
General
Full URL
https://www3.citizensbankonline.com/efs/efs/grafx/arrow-down-blue.png
Requested by
Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:29c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sat, 27 Aug 2022 01:00:21 GMT
x-olb-req-received
t=1661071381524387
last-modified
Sat, 20 Aug 2022 01:34:05 GMT
etag
"41e-5e6a235ca4f6f"
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=114097
x-olb-req-duration
D=137
server-timing
cdn-cache; desc=HIT, edge; dur=10
content-length
1054
strict-transport-security
max-age=15768000
accept-ranges
bytes
lb-action
None
expires
Sun, 28 Aug 2022 08:41:58 GMT
arrow-right-orange.png
www3.citizensbankonline.com/efs/efs/grafx/
165 B
477 B
Image
General
Full URL
https://www3.citizensbankonline.com/efs/efs/grafx/arrow-right-orange.png
Requested by
Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:29c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
bbb90a8f240e6dbbda1d3da534f8848f256e623ed470d045e1d86a465e424d69
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sat, 27 Aug 2022 01:00:21 GMT
x-olb-req-received
t=1661071359982128
last-modified
Sat, 20 Aug 2022 01:34:05 GMT
etag
"a5-5e6a235ca5108"
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=114188
x-olb-req-duration
D=117
server-timing
cdn-cache; desc=HIT, edge; dur=2
content-length
165
strict-transport-security
max-age=15768000
accept-ranges
bytes
lb-action
None
expires
Sun, 28 Aug 2022 08:43:29 GMT
citizen_book.woff
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/
31 KB
31 KB
Font
General
Full URL
https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_book.woff
Requested by
Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:29c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Origin
http://012sec-help-veri-citizen.duckdns.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sat, 27 Aug 2022 01:00:21 GMT
x-olb-req-received
t=1661071381611011
last-modified
Sat, 20 Aug 2022 01:32:05 GMT
etag
"7c78-5e6a22eac386f"
x-frame-options
SAMEORIGIN
access-control-allow-origin
*
cache-control
max-age=114217
x-olb-req-duration
D=162
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
31864
strict-transport-security
max-age=15768000
accept-ranges
bytes
lb-action
None
expires
Sun, 28 Aug 2022 08:43:58 GMT
citizen_extrabold.woff
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/
27 KB
28 KB
Font
General
Full URL
https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_extrabold.woff
Requested by
Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:29c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Origin
http://012sec-help-veri-citizen.duckdns.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sat, 27 Aug 2022 01:00:21 GMT
x-olb-req-received
t=1661071381090338
last-modified
Sat, 20 Aug 2022 01:32:05 GMT
etag
"6ccc-5e6a22eac828b"
x-frame-options
SAMEORIGIN
access-control-allow-origin
*
cache-control
max-age=114122
x-olb-req-duration
D=165
server-timing
cdn-cache; desc=HIT, edge; dur=10
content-length
27852
strict-transport-security
max-age=15768000
accept-ranges
bytes
lb-action
None
expires
Sun, 28 Aug 2022 08:42:23 GMT
refererrestrictions
accdn.lpsnmedia.net/api/account/83789770/configuration/domainprotection/ Frame 8F9E
1 KB
1 KB
Script
General
Full URL
https://accdn.lpsnmedia.net/api/account/83789770/configuration/domainprotection/refererrestrictions?cb=lpCb55671x91962
Requested by
Host: lpcdn.lpsnmedia.net
URL: https://lpcdn.lpsnmedia.net/le_secure_storage/3.13.0.0-release_5039/storage.secure.min.html?loc=https%3A%2F%2Fwww3.citizensbankonline.com&site=83789770&env=prod&isCrossDomain=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.97.99 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
lo-accdn.lpsnmedia.net
Software
ws /
Resource Hash
5c877a1ae76609e293b91d71c29663e67acaf3a6b2455a5244d4c101c3727fc0
Security Headers
Name Value
Strict-Transport-Security max-age=99999999999; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://lpcdn.lpsnmedia.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sat, 27 Aug 2022 01:00:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ws
x-cache-status
HIT
vary
Accept
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
x-envoy-upstream-service-time
1
strict-transport-security
max-age=99999999999; includeSubDomains
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
expires
Sat, 27 Aug 2022 01:00:29 GMT
authorize
va.idp.liveperson.net/api/account/89632304/anonymous/ Frame 2DB7
678 B
1 KB
XHR
General
Full URL
https://va.idp.liveperson.net/api/account/89632304/anonymous/authorize?__d=21110
Requested by
Host: va.idp.liveperson.net
URL: https://va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1661562021373&loc=http%3A%2F%2F012sec-help-veri-citizen.duckdns.org
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.89.15.170 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
va.idp.liveperson.net
Software
ws /
Resource Hash
51c932105f8ddc3a2173316515d92678ea985816e69a91a0a49f7d594938e11e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

LP-DOMAIN-REFERER
http://012sec-help-veri-citizen.duckdns.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
application/json; charset=UTF-8
Accept
*/*
Referer
https://va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1661562021373&loc=http%3A%2F%2F012sec-help-veri-citizen.duckdns.org
X-Requested-With
XMLHttpRequest
LP-URL
http://012sec-help-veri-citizen.duckdns.org/f9e0c8f2407acfd03749c3984c00b3b9/?token=51c39bb1def7fc2d33e79f930fd5599cc792c32a0ab6cd5bc3609a4664d5284ec58cda5038ca48765f12e57e045ab14db2110c5e23b80a11d0b879c8003e96aa

Response headers

date
Sat, 27 Aug 2022 01:00:22 GMT
server
ws
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-methods
GET, POST, PATCH
content-type
application/json
access-control-allow-origin
https://va.idp.liveperson.net
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
content-length
678
89632304
va.v.liveperson.net/api/js/
238 B
1 KB
Script
General
Full URL
https://va.v.liveperson.net/api/js/89632304?&cb=lpCb46558x14792&t=sp&ts=1661562021356&pid=4455585878&tid=7199459592&pt=O%E2%80%8E%E2%80%8Fn%E2%80%8E%E2%80%8Fl%E2%80%8E%E2%80%8Fi%E2%80%8E%E2%80%8Fn%E2%80%8E%E2%80%8Fe%E2%80%8E%E2%80%8F%20L%E2%80%8E%E2%80%8Fo%E2%80%8E%E2%80%8Fg%E2%80%8E%E2%80%8Fi%E2%80%8E%E2%80%8Fn%E2%80%8E%E2%80%8F%20%7C%20C%E2%80%8E%E2%80%8Fi%E2%80%8E%E2%80%8Ft%E2%80%8E%E2%80%8Fi%E2%80%8E%E2%80%8Fz%E2%80%8E%E2%80%8Fe%E2%80%8E%E2%80%8Fn%E2%80%8E%E2%80%8Fs%E2%80%8E%E2%80%8F%20B%E2%80%8E%E2%80%8Fa%E2%80%8E%E2%80%8Fn%E2%80%8E%E2%80%8Fk%E2%80%8E&u=http%3A%2F%2F012sec-help-veri-citizen.duckdns.org%2Ff9e0c8f2407acfd03749c3984c00b3b9%2F%3Ftoken%3D51c39bb1def7fc2d33e79f930fd5599cc792c32a0ab6cd5bc3609a4664d5284ec58cda5038ca48765f12e57e045ab14db2110c5e23b80a11d0b879c8003e96aa&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%2C%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%2C%22sub%22%3A%22ab3963fb-ae49-4301-b963-fbae49430127%22%2C%22account%22%3A%2289632304%22%7D%5D
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.89.12.87 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
va.v.liveperson.net
Software
ws /
Resource Hash
8bd43f1d8c5213f23b998c43bf69fa490d05375b7b04a2f7cc2039cad3f0bff3

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://012sec-help-veri-citizen.duckdns.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sat, 27 Aug 2022 01:00:22 GMT
content-encoding
gzip
server
ws
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control
no-store
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
89632304
va.v.liveperson.net/api/js/
111 B
854 B
Script
General
Full URL
https://va.v.liveperson.net/api/js/89632304?sid=V4SMC5VVRA-KVkp5ZO_ypw&cb=lpCb27587x48771&t=pl&ts=1661562022293&pid=4455585878&tid=7199459592&vid=BhNzgxZTMxODRlNjAxZTE3
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.89.12.87 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
va.v.liveperson.net
Software
ws /
Resource Hash
4f882194a6dc7901eb7c969f30fe9af30ffc463df566a0f13a6333b6e5d56765

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://012sec-help-veri-citizen.duckdns.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sat, 27 Aug 2022 01:00:23 GMT
content-encoding
gzip
server
ws
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control
no-store
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citizens Bank (Banking)

35 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation string| timeStamp string| pageURL string| pageName object| digitalData boolean| isProductionEnvironment string| lpAccountNumber object| lpTag function| _typeof function| _extends object| lpTaglogListeners object| proxyless object| lpMTagConfig function| createFrameworkGlobals object| liveperson function| SurveyManager function| _stateChanged object| STORAGE object| proto string| QUESTION_ERROR_TYPE object| __core-js_shared__ object| lpIntlTelInputUtils object| lpIntlTelInputGlobals object| thebody

1 Cookies

Domain/Path Name / Value
012sec-help-veri-citizen.duckdns.org/ Name: PHPSESSID
Value: e7ff39aa24ca6f2e5b0c8f9695d43454

4 Console Messages

Source Level URL
Text
network error URL: https://devilsms.live/efs/efs/grafx/icon-secure.png
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://devilsms.live/efs/efs/grafx/flows-tooltip.png
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://devilsms.live/efs/efs/grafx/arrow-button-white.png
Message:
Failed to load resource: the server responded with a status of 404 ()
security error URL: https://citizensbank.demdex.net/dest5.html?d_nsid=0(Line 12)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www3.citizensbankonline.com') does not match the recipient window's origin ('http://012sec-help-veri-citizen.duckdns.org').

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

012sec-help-veri-citizen.duckdns.org
accdn.lpsnmedia.net
citizensbank.demdex.net
devilsms.live
lpcdn.lpsnmedia.net
lptag.liveperson.net
va.idp.liveperson.net
va.v.liveperson.net
www3.citizensbankonline.com
137.184.65.244
178.249.101.98
178.249.97.23
178.249.97.99
199.188.200.254
208.89.12.87
208.89.15.170
2a02:26f0:6c00:29c::17c7
46.51.204.238
034736ce910f1ed92c054abe4d8332a2c2a371f090309d72277fafc9e69fd675
07b782838a99f5818964742c6e8b8b7a8e6510eab5f19567a0e4922c76f89934
0ca2d5d4dece21114294a8783944cdd00a4351935831b27f9a83b8eb543c6438
0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759
145d14bb73e5b03cc73062c2a78c392125b891c62b1cc9d542e5adba762f04e7
2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277
319d82f567037eafefea25abbc64ea902db9255c5e7231fe9ddd462e4f5b9149
3600d4b55268d653164c62182d2980e1a4a744567dfea98ec0b695ecf7d93793
4f882194a6dc7901eb7c969f30fe9af30ffc463df566a0f13a6333b6e5d56765
51c932105f8ddc3a2173316515d92678ea985816e69a91a0a49f7d594938e11e
56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c
56c43c6f5c8209acd47f355810bca2f9b0fc86c4bbdf1361d60fb2d2e2e66f8c
5941d1622373ff4da4a0ec6ae2c474a80f2e65763aca377b069690ed4cc26d02
59f4843277d9aca1200c779c52318aadb380021a0051a6644b75274acb7fe158
5bb2d438470a02799577010a14310fa8ac3ed7ea77ca15435aaaa154e407b3e6
5c877a1ae76609e293b91d71c29663e67acaf3a6b2455a5244d4c101c3727fc0
639fcd75ad19240531093db9d079f4be79913034b5ce3a7ae0b4006735f1fb2f
66a13cad6c244da4061da65fd2fbf027bf1bb49e21c42f5e7c943a9379f1e7c4
7aaf6df215bb7018439342fe6bcd1058de3e7dfa2c7b4e1176c842b1a8e529ac
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
8a1cceddce9450beca0ca70232dc3568845ee0a3f688225f76450aa8f4a83205
8bd43f1d8c5213f23b998c43bf69fa490d05375b7b04a2f7cc2039cad3f0bff3
8f3ae46aab2ae21e857c18c686174090d311a852507cd16f23dd796178c41d37
91afb84bded857517d6a7e43932e3d4a43eaf42d1e4d0b77a8bc9c07973e21d2
99975f334655703578e77034bebce02b63668d2d8a0144c2e5b72b40d234a386
9af5181113e5d0eacfc3d9c0b3ad627dc3ad50708755fbe45ab18e0cad4f3b36
9b4ffac9ea755d2aaff724fa471d90fd63ae5648e18f60a67db0a5c3bffd84e5
a5ec545801c483a0bb18f6c9c6ed675eada482ba56a46e3fdc554c83aca779d8
b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115
bbb90a8f240e6dbbda1d3da534f8848f256e623ed470d045e1d86a465e424d69
bf99a3203217c802888087df8a2c84b92e087829e7e24d38581a57cee763923b
c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42
c8cd0b0d514cecdaf4e7214325a70bba9bae301e156265bd0d880f9065d1d183
cad0f4b1f9bfa3f4ef94d78c20ae16464bda0fb3902fd7689e26a2904cea29d9
cf82e79b8bb096812095ae48ed7f1371108afc393eb3599df944bec83130200c
d6b8f5782c784b78c4a127f2284de4d4ea9c3e2ffc5e8ebaded7d453153231b2
dddb031e5144ce20d909dbf4829d637738efa477bf5ab4eab67b1990ef0efb2d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e98c61d19f0e628139216fc2f3103faedad7910a4653db598c120b8fa7537ac8
eb175662762ef5f2c9011cc1c4f9d09361c50a366fad8a544bda1c439b99d3a0
ed651cffee659ef1f7a1bf87056664859a564cdbc82f50b12063482f66b1ad06
fdd05b738b34277c9b69bd1d1cb198820f593b68e43cdbd54fe6d16659004f73
fe3ddc37707c93f338a1f6359dfa03019e096df14454808aaccbb7538aa3c67b