urlscan.io logo urlscan.io
SecurityTrails logo

citirewards.cc Open in urlscan Pro
2606:4700:3032::6818:7ebe  Public Scan

Go To Rescan Add Verdict Report
URL: https://citirewards.cc/
Submission: On March 31 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 2 countries across 6 domains to perform 18 HTTP transactions. The main IP is 2606:4700:3032::6818:7ebe, located in United States and belongs to CLOUDFLARENET, US. The main domain is citirewards.cc.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on March 31st 2020. Valid for: 6 months.
This is the only time citirewards.cc was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
9 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700:303... 13335 (CLOUDFLAR...)
2 2a03:2880:f02... 32934 (FACEBOOK)
2 2620:1ec:c11:... 8068 (MICROSOFT...)
2 2a03:2880:f12... 32934 (FACEBOOK)
18 6
9    2606:4700:3032::6818:7ebe (United States)

ASN13335 (CLOUDFLARENET, US)
citirewards.cc
1    2606:4700::6811:4004 (United States)

ASN13335 (CLOUDFLARENET, US)
ajax.cloudflare.com
2    2606:4700:3034::6818:64f1 (United States)

ASN13335 (CLOUDFLARENET, US)
analytics.googleadservices.company
2    2a03:2880:f02d:12:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)
connect.facebook.net
2    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
2    2a03:2880:f12d:83:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)
www.facebook.com
Domain Requested by
9 citirewards.cc citirewards.cc
2 www.facebook.com
2 bat.bing.com citirewards.cc
2 connect.facebook.net citirewards.cc
connect.facebook.net
2 analytics.googleadservices.company citirewards.cc
1 ajax.cloudflare.com citirewards.cc
18 6

This site contains links to these domains. Also see Links.

Domain
www.googleadservices.cc
Subject Issuer Validity Valid
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2020-03-31 -
2020-10-09		 6 months crt.sh
ssl412106.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2019-12-05 -
2020-06-12		 6 months crt.sh
googleadservices.company
CloudFlare Inc ECC CA-2		 2019-08-17 -
2020-08-16		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2020-03-01 -
2020-05-30		 3 months crt.sh
www.bing.com
Microsoft IT TLS CA 2		 2019-04-30 -
2021-04-30		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://citirewards.cc/
Frame ID: 04F92120FCCE35B5650331E55C1A5F89
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i
Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Page Statistics

18
Requests

100 %
HTTPS

100 %
IPv6

6
Domains

6
Subdomains

6
IPs

2
Countries

1109 kB
Transfer

1609 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
citirewards.cc/ 		5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://citirewards.cc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6818:7ebe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2095979d6eda4bf5c6651b456c52c9d7e46e7893f1fdc7995eec6937c059553b

Request headers

:method
GET
:authority
citirewards.cc
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
document
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document

Response headers

status
200
date
Tue, 31 Mar 2020 23:01:47 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=dbf7f15c1d8b73cd519483a9a59f1d9101585695706; expires=Thu, 30-Apr-20 23:01:46 GMT; path=/; domain=.citirewards.cc; HttpOnly; SameSite=Lax
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
57cdb1b7084216e6-FRA
content-encoding
br
style.css
citirewards.cc/css/ 		489 B
287 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://citirewards.cc/css/style.css
Requested by
Host: citirewards.cc
URL: https://citirewards.cc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6818:7ebe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7e436f09596caffc58a3be49783ec22da3f41bc56ea2872fa2f86d83465d3458

Request headers

Referer
https://citirewards.cc/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Tue, 31 Mar 2020 23:01:47 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Tue, 31 Mar 2020 22:28:11 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=14400
cf-ray
57cdb1b96c3e16e6-FRA
LandingPage1.gif
citirewards.cc/images/ 		247 KB
247 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://citirewards.cc/images/LandingPage1.gif
Requested by
Host: citirewards.cc
URL: https://citirewards.cc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6818:7ebe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
75a188f363adc67dd94221224c7e4762f460581fe0417da79256b51553340fa9

Request headers

Referer
https://citirewards.cc/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 31 Mar 2020 23:01:47 GMT
cf-cache-status
MISS
last-modified
Tue, 31 Mar 2020 20:37:18 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
57cdb1b97c3f16e6-FRA
content-length
252591
LandingPage2.gif
citirewards.cc/images/ 		91 KB
91 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://citirewards.cc/images/LandingPage2.gif
Requested by
Host: citirewards.cc
URL: https://citirewards.cc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6818:7ebe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f4c9480f846915c526a25c1bc93a3ee2c34143251f28b0f96a3afc658ffbaac4

Request headers

Referer
https://citirewards.cc/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 31 Mar 2020 23:01:47 GMT
cf-cache-status
MISS
last-modified
Tue, 31 Mar 2020 20:37:18 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
57cdb1b97c4916e6-FRA
content-length
93347
LandingPage3.gif
citirewards.cc/images/ 		43 KB
43 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://citirewards.cc/images/LandingPage3.gif
Requested by
Host: citirewards.cc
URL: https://citirewards.cc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6818:7ebe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5d3434e5685abf0b70b5edaad8f5bd0cc7561a41db5ef1c729d3469d691bb1ae

Request headers

Referer
https://citirewards.cc/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 31 Mar 2020 23:01:47 GMT
cf-cache-status
MISS
last-modified
Tue, 31 Mar 2020 20:37:18 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
57cdb1b97c6016e6-FRA
content-length
44080
LandingPage4.gif
citirewards.cc/images/ 		242 KB
242 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://citirewards.cc/images/LandingPage4.gif
Requested by
Host: citirewards.cc
URL: https://citirewards.cc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6818:7ebe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c8b79a5996e60d62a97d2fd503aef7c53d625938335c47575a47b88bdd64bfa7

Request headers

Referer
https://citirewards.cc/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 31 Mar 2020 23:01:47 GMT
cf-cache-status
MISS
last-modified
Tue, 31 Mar 2020 20:37:18 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
57cdb1b97c6116e6-FRA
content-length
247658
LandingPage5.gif
citirewards.cc/images/ 		34 KB
34 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://citirewards.cc/images/LandingPage5.gif
Requested by
Host: citirewards.cc
URL: https://citirewards.cc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6818:7ebe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0b516cc165478a66660f5cc12bedb37fc06b9215d10fbc26054b09e287eafb39

Request headers

Referer
https://citirewards.cc/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 31 Mar 2020 23:01:47 GMT
cf-cache-status
MISS
last-modified
Tue, 31 Mar 2020 20:37:18 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
57cdb1b97c6216e6-FRA
content-length
34920
LandingPage6.gif
citirewards.cc/images/ 		68 KB
69 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://citirewards.cc/images/LandingPage6.gif
Requested by
Host: citirewards.cc
URL: https://citirewards.cc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6818:7ebe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7370cd9d643fea0cee223f925c4afea510caa51de50e4cc6d456a1c1f8c9ce3b

Request headers

Referer
https://citirewards.cc/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 31 Mar 2020 23:01:47 GMT
cf-cache-status
MISS
last-modified
Tue, 31 Mar 2020 20:37:18 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
57cdb1b97c6316e6-FRA
content-length
70103
LandingPage7.gif
citirewards.cc/images/ 		202 KB
202 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://citirewards.cc/images/LandingPage7.gif
Requested by
Host: citirewards.cc
URL: https://citirewards.cc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6818:7ebe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f805f4a245e9a295bc406e6d36e42a9e570672c22fe7b4118b25268d69faca34

Request headers

Referer
https://citirewards.cc/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 31 Mar 2020 23:01:47 GMT
cf-cache-status
MISS
last-modified
Tue, 31 Mar 2020 20:37:18 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
57cdb1b97c6616e6-FRA
content-length
206665
rocket-loader.min.js
ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.cloudflare.com/cdn-cgi/scripts/7089c43e/cloudflare-static/rocket-loader.min.js
Requested by
Host: citirewards.cc
URL: https://citirewards.cc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:4004 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b08cdbc2d30e656a86b20f8342428d5863f70f4b30135b4f4061f754ce932f5e
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://citirewards.cc/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 31 Mar 2020 23:01:47 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Mon, 23 Mar 2020 15:58:02 GMT
server
cloudflare
etag
W/"5e78dc8a-3016"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
SAMEORIGIN
content-type
application/javascript
status
200
cache-control
max-age=172800, public
strict-transport-security
max-age=15780000; includeSubDomains
cf-ray
57cdb1b978ab3244-FRA
expires
Thu, 02 Apr 2020 23:01:47 GMT
matomo.js
analytics.googleadservices.company/ 		67 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.googleadservices.company/matomo.js
Requested by
Host: citirewards.cc
URL: https://citirewards.cc/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:3034::6818:64f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9819ba7dda127bfc9dd442cdecd7852d37e4144e051841ebac48b1095cb5f5eb

Request headers

Referer
https://citirewards.cc/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 31 Mar 2020 23:01:48 GMT
content-encoding
gzip
cf-cache-status
MISS
last-modified
Tue, 21 Jan 2020 05:13:47 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
57cdb1bdea989766-FRA
fbevents.js
connect.facebook.net/en_US/ 		126 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: citirewards.cc
URL: https://citirewards.cc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
5a91c6d3e635c0bd1551a53cf0769328132151a7732039170280d500dbcb4685
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://citirewards.cc/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-27=":443"; ma=3600
content-length
30466
x-xss-protection
0
pragma
public
x-fb-debug
yeHDHjpcR34DKqX4CyVU5242RgNhVtsrXBH6URx3ElyM+R4vmePLh7Qduq4/Z+zF30AOKCwD+8a7jomzGk4koQ==
x-fb-trip-id
1850256238
date
Tue, 31 Mar 2020 23:01:47 GMT, Tue, 31 Mar 2020 23:01:47 GMT
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
bat.js
bat.bing.com/ 		24 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: citirewards.cc
URL: https://citirewards.cc/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
0d0cbd713d59b1214b24864c2d86699c88d951162983b8e20011a8738be20589

Request headers

Referer
https://citirewards.cc/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 31 Mar 2020 23:01:47 GMT
content-encoding
gzip
last-modified
Thu, 19 Mar 2020 02:21:04 GMT
x-msedge-ref
Ref A: 8624798AA65549CC93FE7F4FD910E0D1 Ref B: FRAEDGE0213 Ref C: 2020-03-31T23:01:47Z
access-control-allow-origin
*
etag
"0682da95fdd51:0"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
7461
1019323218451256
connect.facebook.net/signals/config/ 		447 KB
112 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1019323218451256?v=2.9.15&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
73aa81aa2901b7a9138551b620cee0663444133aaaaeab38932dcb7c94eb7b9c
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://citirewards.cc/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-27=":443"; ma=3600
x-xss-protection
0
pragma
public
x-fb-debug
OUihVXlTrTVO1BB00hUm/pPYcQnoOR40zOnGV95I9nEp8yh1vfFzRB3KSUE2tAD6sHLIqN8i40/fB09K/MVU6w==
x-fb-trip-id
1850256238
date
Tue, 31 Mar 2020 23:01:47 GMT, Tue, 31 Mar 2020 23:01:47 GMT
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
0
bat.bing.com/action/ 		0
148 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=14004967&Ver=2&mid=d5ee6fee-5c42-4cda-66f8-8f460da2552d&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Citi%20Card%20Rewards%20Plus%20Card&kw=Citi%20Card%20Rewards%20Plus%20Card,%20Citi%20Card%20Card,%20Citi%20Card%20Rewards,Citi%20Card&p=https%3A%2F%2Fcitirewards.cc%2F&r=&lt=1098&evt=pageLoad&msclkid=N&rn=665732
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://citirewards.cc/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

status
204
pragma
no-cache
date
Tue, 31 Mar 2020 23:01:47 GMT
cache-control
no-cache, must-revalidate
x-msedge-ref
Ref A: 3EEBD3DD785349D2A95C540D46C612C6 Ref B: FRAEDGE0213 Ref C: 2020-03-31T23:01:47Z
access-control-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.facebook.com/tr/ 		44 B
248 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1019323218451256&ev=PageView&dl=https%3A%2F%2Fcitirewards.cc%2F&rl=&if=false&ts=1585695707925&sw=1600&sh=1200&v=2.9.15&r=stable&ec=0&o=30&fbp=fb.1.1585695707924.1918524391&it=1585695707826&coo=false&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://citirewards.cc/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 31 Mar 2020 23:01:47 GMT, Tue, 31 Mar 2020 23:01:47 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-27=":443"; ma=3600
content-length
44
expires
Tue, 31 Mar 2020 23:01:47 GMT
matomo.php
analytics.googleadservices.company/ 		43 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytics.googleadservices.company/matomo.php?action_name=Citi%20Card%20Rewards%20Plus%20Card&idsite=2&rec=1&r=351612&h=1&m=1&s=48&url=https%3A%2F%2Fcitirewards.cc%2F&_id=8b2a650b3f23f91a&_idts=1585695709&_idvc=1&_idn=0&_refts=0&_viewts=1585695709&send_image=1&cookie=1&res=1600x1200&gt_ms=376&pv_id=eS4KYd
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:3034::6818:64f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer
https://citirewards.cc/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 31 Mar 2020 23:01:49 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/gif
status
200
cache-control
no-store
cf-ray
57cdb1c40e839766-FRA
content-length
43
/
www.facebook.com/tr/ 		44 B
147 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1019323218451256&ev=Microdata&dl=https%3A%2F%2Fcitirewards.cc%2F&rl=&if=false&ts=1585695709431&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Citi%20Card%20Rewards%20Plus%20Card%22%2C%22meta%3Adescription%22%3A%22Citi%20Card%20Rewards%20Plus%20Card%22%2C%22meta%3Akeywords%22%3A%22Citi%20Card%20Rewards%20Plus%20Card%2C%20Citi%20Card%20Card%2C%20Citi%20Card%20Rewards%2CCiti%20Card%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.15&r=stable&ec=1&o=30&fbp=fb.1.1585695707924.1918524391&it=1585695707826&coo=false&es=automatic&tm=3&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://citirewards.cc/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Tue, 31 Mar 2020 23:01:49 GMT, Tue, 31 Mar 2020 23:01:49 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-27=":443"; ma=3600
content-length
44
expires
Tue, 31 Mar 2020 23:01:49 GMT

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| __cfQR object| _paq function| fbq function| _fbq object| uetq boolean| __cfRLUnblockHandlers function| UET object| JSON_PIWIK object| Piwik object| Matomo object| AnalyticsTracker function| piwik_log

1 Cookies

Domain/Path Name / Value
.citirewards.cc/ Name: __cfduid
Value: dbf7f15c1d8b73cd519483a9a59f1d9101585695706

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.cloudflare.com
analytics.googleadservices.company
bat.bing.com
citirewards.cc
connect.facebook.net
www.facebook.com
2606:4700:3032::6818:7ebe
2606:4700:3034::6818:64f1
2606:4700::6811:4004
2620:1ec:c11::200
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
0b516cc165478a66660f5cc12bedb37fc06b9215d10fbc26054b09e287eafb39
0d0cbd713d59b1214b24864c2d86699c88d951162983b8e20011a8738be20589
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
2095979d6eda4bf5c6651b456c52c9d7e46e7893f1fdc7995eec6937c059553b
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5a91c6d3e635c0bd1551a53cf0769328132151a7732039170280d500dbcb4685
5d3434e5685abf0b70b5edaad8f5bd0cc7561a41db5ef1c729d3469d691bb1ae
7370cd9d643fea0cee223f925c4afea510caa51de50e4cc6d456a1c1f8c9ce3b
73aa81aa2901b7a9138551b620cee0663444133aaaaeab38932dcb7c94eb7b9c
75a188f363adc67dd94221224c7e4762f460581fe0417da79256b51553340fa9
7e436f09596caffc58a3be49783ec22da3f41bc56ea2872fa2f86d83465d3458
9819ba7dda127bfc9dd442cdecd7852d37e4144e051841ebac48b1095cb5f5eb
b08cdbc2d30e656a86b20f8342428d5863f70f4b30135b4f4061f754ce932f5e
c8b79a5996e60d62a97d2fd503aef7c53d625938335c47575a47b88bdd64bfa7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f4c9480f846915c526a25c1bc93a3ee2c34143251f28b0f96a3afc658ffbaac4
f805f4a245e9a295bc406e6d36e42a9e570672c22fe7b4118b25268d69faca34