tw-ec.com Open in urlscan Pro
66.113.180.84 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
Submission: On June 17 via automatic, source openphish (June 17th 2020, 1:27:17 am UTC)

Summary HTTP 79 Redirects Links 37 Behaviour Indicators

Summary

This website contacted 24 IPs in 6 countries across 21 domains to perform 79 HTTP transactions. The main IP is 66.113.180.84, located in Chicago, United States and belongs to NETNATION, CA. The main domain is tw-ec.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on June 1st 2020. Valid for: 3 months.

This is the only time tw-ec.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citibank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
2	66.113.180.84 66.113.180.84	14280 (NETNATION) (NETNATION)
1	172.217.21.194 172.217.21.194	15169 (GOOGLE) (GOOGLE)
2	151.101.13.175 151.101.13.175	54113 (FASTLY) (FASTLY)
2	13.226.154.56 13.226.154.56	16509 (AMAZON-02) (AMAZON-02)
8	2a00:1450:400... 2a00:1450:4001:824::2008	15169 (GOOGLE) (GOOGLE)
1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.226.145.171 13.226.145.171	16509 (AMAZON-02) (AMAZON-02)
1	104.111.247.111 104.111.247.111	16625 (AKAMAI-AS) (AKAMAI-AS)
1	104.111.245.241 104.111.245.241	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
17	18.197.253.20 18.197.253.20	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:820::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:816::200e	15169 (GOOGLE) (GOOGLE)
21	92.123.176.136 92.123.176.136	16625 (AKAMAI-AS) (AKAMAI-AS)
2	151.101.114.133 151.101.114.133	54113 (FASTLY) (FASTLY)
2 4	2a00:1450:400... 2a00:1450:4001:81e::2013	15169 (GOOGLE) (GOOGLE)
2 2	52.29.85.133 52.29.85.133	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:819::2004	15169 (GOOGLE) (GOOGLE)
1 5	34.241.125.133 34.241.125.133	16509 (AMAZON-02) (AMAZON-02)
1	15.188.154.177 15.188.154.177	16509 (AMAZON-02) (AMAZON-02)
1 1	66.117.28.86 66.117.28.86	15224 (OMNITURE) (OMNITURE)
2	185.31.128.128 185.31.128.128	54312 (ROCKETFUEL) (ROCKETFUEL)
1	35.241.8.149 35.241.8.149	15169 (GOOGLE) (GOOGLE)
1	23.43.114.84 23.43.114.84	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	52.48.230.192 52.48.230.192	16509 (AMAZON-02) (AMAZON-02)
1	35.241.45.82 35.241.45.82	15169 (GOOGLE) (GOOGLE)
79	24

2 66.113.180.84 (Chicago, United States)

ASN14280 (NETNATION, CA)
PTR: server.loginmktdigital.com

tw-ec.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.21.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s12-in-f194.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.13.175 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

nebula-cdn.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.226.154.56 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-154-56.dus51.r.cloudfront.net

cdn.pbbl.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:824::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.226.145.171 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-145-171.dus51.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.247.111 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-247-111.deploy.static.akamaitechnologies.com

c1.rfihub.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.245.241 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-245-241.deploy.static.akamaitechnologies.com

tags.bkrtx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 18.197.253.20 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com

nexus.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:816::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cse.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 92.123.176.136 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a92-123-176-136.deploy.static.akamaitechnologies.com

online.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.114.133 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

resources.digital-cloud-citi.medallia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:81e::2013 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

px0.pbbl.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.29.85.133 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-29-85-133.eu-central-1.compute.amazonaws.com

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:819::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.241.125.133 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-241-125-133.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
citi.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.188.154.177 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-188-154-177.eu-west-3.compute.amazonaws.com

metrics1.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.117.28.86 (United States) 1 redirects

ASN15224 (OMNITURE, US)

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.31.128.128 (Netherlands)

ASN54312 (ROCKETFUEL, US)

a.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
20766699p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.8.149 (Ascension Island)

ASN15169 (GOOGLE, US)
PTR: 149.8.241.35.bc.googleusercontent.com

sr.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.43.114.84 (Netherlands)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a23-43-114-84.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.48.230.192 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-48-230-192.eu-west-1.compute.amazonaws.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.82 (Ascension Island)

ASN15169 (GOOGLE, US)
PTR: 82.45.241.35.bc.googleusercontent.com

udc-neb.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	citi.com online.citi.com metrics1.citi.com	551 KB
17	ensighten.com nexus.ensighten.com	174 KB
8	googletagmanager.com www.googletagmanager.com	260 KB
6	pbbl.co 2 redirects cdn.pbbl.co px0.pbbl.co	10 KB
5	demdex.net 1 redirects dpm.demdex.net citi.demdex.net	4 KB
4	google.com cse.google.com www.google.com	101 KB
3	kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com	10 KB
2	rfihub.com a.rfihub.com 20766699p.rfihub.com	686 B
2	agkn.com 2 redirects aa.agkn.com	798 B
2	medallia.com resources.digital-cloud-citi.medallia.com	58 KB
2	ytimg.com s.ytimg.com	50 KB
2	adsrvr.org js.adsrvr.org insight.adsrvr.org	2 KB
2	tw-ec.com tw-ec.com	13 KB
1	bluekai.com stags.bluekai.com
1	rlcdn.com sr.rlcdn.com
1	everesttech.net 1 redirects cm.everesttech.net	554 B
1	youtube.com www.youtube.com	920 B
1	bkrtx.com tags.bkrtx.com	11 KB
1	rfihub.net c1.rfihub.net	7 KB
1	bing.com bat.bing.com	8 KB
1	googleadservices.com www.googleadservices.com	11 KB
79	21

	Domain	Requested by
21	online.citi.com	tw-ec.com online.citi.com
17	nexus.ensighten.com	tw-ec.com nexus.ensighten.com
8	www.googletagmanager.com	tw-ec.com
4	dpm.demdex.net	1 redirects tw-ec.com nexus.ensighten.com
4	px0.pbbl.co	2 redirects tw-ec.com
3	www.google.com	cse.google.com
2	aa.agkn.com	2 redirects
2	resources.digital-cloud-citi.medallia.com	tw-ec.com resources.digital-cloud-citi.medallia.com
2	s.ytimg.com	tw-ec.com www.youtube.com
2	cdn.pbbl.co	tw-ec.com cdn.pbbl.co
2	nebula-cdn.kampyle.com	tw-ec.com resources.digital-cloud-citi.medallia.com
2	tw-ec.com	tw-ec.com
1	udc-neb.kampyle.com
1	insight.adsrvr.org	js.adsrvr.org
1	stags.bluekai.com	tags.bkrtx.com
1	sr.rlcdn.com	nexus.ensighten.com
1	20766699p.rfihub.com	c1.rfihub.net
1	a.rfihub.com	c1.rfihub.net
1	cm.everesttech.net	1 redirects
1	metrics1.citi.com	nexus.ensighten.com
1	citi.demdex.net	nexus.ensighten.com
1	cse.google.com	tw-ec.com
1	www.youtube.com	tw-ec.com
1	tags.bkrtx.com	tw-ec.com
1	c1.rfihub.net	tw-ec.com
1	js.adsrvr.org	tw-ec.com
1	bat.bing.com	tw-ec.com
1	www.googleadservices.com	tw-ec.com
79	28

This site contains links to these domains. Also see Links.

Domain
online.citi.com
www.citi.com
www.citicards.com
www.facebook.com
www.twitter.com
www.youtube.com
www.citigroup.com
jobs.citi.com
citieasydeals.com
www.citiprivatepass.com
www.privatebank.citibank.com
itunes.apple.com
play.google.com
www.ipbus.citi.com

Subject Issuer	Validity	Valid
tw-ec.com cPanel, Inc. Certification Authority	`2020-06-01` - `2020-08-30`	3 months	crt.sh
www.googleadservices.com GTS CA 1O1	`2020-05-26` - `2020-08-18`	3 months	crt.sh
j.ssl.fastly.net GlobalSign Organization Validation CA - SHA256 - G2	`2020-05-18` - `2022-08-21`	2 years	crt.sh
*.pbbl.co Amazon	`2020-01-01` - `2021-02-01`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-05-26` - `2020-08-18`	3 months	crt.sh
www.bing.com Microsoft IT TLS CA 2	`2019-04-30` - `2021-04-30`	2 years	crt.sh
*.adsrvr.org Trustwave Organization Validation SHA256 CA, Level 1	`2019-03-07` - `2021-04-19`	2 years	crt.sh
*.rfihub.net DigiCert SHA2 Secure Server CA	`2020-04-01` - `2021-07-01`	a year	crt.sh
*.bkrtx.com DigiCert SHA2 Secure Server CA	`2020-02-28` - `2021-05-29`	a year	crt.sh
*.google.com GTS CA 1O1	`2020-05-26` - `2020-08-18`	3 months	crt.sh
nexus.ensighten.com DigiCert SHA2 Secure Server CA	`2019-10-03` - `2020-10-02`	a year	crt.sh
online.citibank.com DigiCert SHA2 Extended Validation Server CA	`2020-03-13` - `2022-05-14`	2 years	crt.sh
*.digital-cloud-citi.medallia.com SSL.com DV CA	`2018-11-13` - `2020-11-12`	2 years	crt.sh
px0.pbbl.co GTS CA 1D2	`2020-04-30` - `2020-07-29`	3 months	crt.sh
www.google.com GTS CA 1O1	`2020-05-26` - `2020-08-18`	3 months	crt.sh
*.demdex.net DigiCert SHA2 High Assurance Server CA	`2018-01-09` - `2021-02-12`	3 years	crt.sh
metrics1.citi.com DigiCert SHA2 Extended Validation Server CA	`2018-08-31` - `2020-08-30`	2 years	crt.sh
*.rfihub.com DigiCert SHA2 Secure Server CA	`2019-08-27` - `2020-08-31`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-14` - `2021-04-23`	a year	crt.sh
odc-prod-01.oracle.com DigiCert Secure Site ECC CA-1	`2020-04-14` - `2021-04-10`	a year	crt.sh
*.kampyle.com RapidSSL RSA CA 2018	`2020-02-11` - `2022-03-06`	2 years	crt.sh

This page contains 7 frames:

Primary Page: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
Frame ID: 989CB0194C4AA263DEC25DE010BC6E57
Requests: 73 HTTP requests in this frame

Frame: https://citi.demdex.net/dest5.html?d_nsid=0
Frame ID: 42CE2F1166172F1DF546A3BB3771089C
Requests: 1 HTTP requests in this frame

Frame: https://20766699p.rfihub.com/ca.html?rfiidc=1582522693320699064&rfiaid=5ff938107f65498890492ad76d7601a8&ver=9&ra=1821&rb=648&ca=20766699&_o=17169175&_t=&ssv_cuuid=&ssv_pagename=&pe=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2F343072ff50612a1e354ddf2c40313a51%2Fgri.php%3Femail%3D&pf=&ra=8032883282881249
Frame ID: D3EFDB38CF58A0265B333D2327ADEAB0
Requests: 1 HTTP requests in this frame

Frame: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Frame ID: 99B4A9FCF9C71A6289DE22295DB25D8F
Requests: 1 HTTP requests in this frame

Frame: https://stags.bluekai.com/site/63068?ret=html&phint=language&phint=product&phint=event&phint=category&phint=page&phint=section1&phint=section2&phint=section3&phint=section4&phint=bankappstatus&phint=productID&phint=__bk_t%3DSign%20On%20to%20view%20your%20account&phint=__bk_k%3D&phint=__bk_l%3Dhttps%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2F343072ff50612a1e354ddf2c40313a51%2Fgri.php%3Femail%3D&phint=__bk_v%3D3.1.5&limit=10&r=46906633
Frame ID: 45963782B51315B21E1B61F2064BC40F
Requests: 1 HTTP requests in this frame

Frame: https://cdn.pbbl.co/i/pp.html
Frame ID: 5B4A4512C4F6024A83BB3F22EDE5F3D6
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=1jw5cvl&ref=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2F343072ff50612a1e354ddf2c40313a51%2Fgri.php%3Femail%3D&upid=t1sl5ty&upv=1.1.0&orderid={orderid}&v={v}&vf={vf}&td1=undefined&td2=undefined&td3=undefined&td4=undefined&td5=https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=&td6={td6}&td7={td7}&td8={td8}&td9={td9}&td10={td10}
Frame ID: CBC6DB582C6E764BB83F36BDFE4ABF58
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

OpenSSL (Web Server Extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Ensighten (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

script /\/\/nexus\.ensighten\.com\//i

Page Statistics

79
Requests

100 %
HTTPS

27 %
IPv6

21
Domains

28
Subdomains

24
IPs

6
Countries

1270 kB
Transfer

3793 kB
Size

8
Cookies

37 Outgoing links

These are links going to different origins than the main page.

URL: https://online.citi.com/US/JSO/loginpage/retarget.action?loginscreenId=SignOn&next_page=jfp|dashboard&deepdrop=true&locale=es_US
Title: Español

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/open-a-bank-account
Title: Open an Account

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare/view-all-credit-cards
Title: View All Credit Cards

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare/0-percent-intro-apr-credit-cards
Title: 0% Intro APR Credit Cards

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare/balance-transfer-credit-cards
Title: Balance Transfer Credit Cards

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare/savings-and-cash-back-credit-cards
Title: Cash Back Credit Cards

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare/rewards-credit-cards
Title: Rewards Credit Cards

Search URL Search Domain Scan URL

URL: https://www.citicards.com/cards/credit/application/flow.action?isInvitation=N&OC=CC-CITI-3D5
Title: See If You're Pre-Qualified

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare/business-credit-cards
Title: Small Business Credit Cards

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=CitigoldOverview
Title: Citigold®

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/activate/index
Title: Activate a Card

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JSO/reg/Setup.do?loginscreenId=SignOn&next_page=jfp|dashboard&deepdrop=true
Title: Register for Online Access

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/login.do
Title: Citi Bank Logo

Search URL Search Domain Scan URL

URL: https://www.facebook.com/citi
Title:

Search URL Search Domain Scan URL

URL: https://www.twitter.com/citi
Title:

Search URL Search Domain Scan URL

URL: https://www.youtube.com/citi
Title:

Search URL Search Domain Scan URL

URL: http://www.citigroup.com/citi/
Title: Our Story

Search URL Search Domain Scan URL

URL: https://jobs.citi.com/
Title: Careers

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=ServicesOverview
Title: Benefits and Services

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=Rewards
Title: Rewards

Search URL Search Domain Scan URL

URL: https://citieasydeals.com/
Title: Citi Easy DealsSM

Search URL Search Domain Scan URL

URL: http://www.citiprivatepass.com/
Title: Citi EntertainmentSM

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=SpecialOffers
Title: Special Offers

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=CitiPriorityOverview
Title: Citi Priority

Search URL Search Domain Scan URL

URL: https://www.privatebank.citibank.com/
Title: Citi Private Bank

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/small-business-banking
Title: Small Business Accounts

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=CitiCommercialBanking
Title: Commercial Accounts

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/current-interest-rates/checking-saving-accounts
Title: Personal Banking

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=home_equity_rates
Title: Home Equity

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/current-interest-rates/personal-loans-and-lines-of-credit
Title: Lending

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/contactus
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/helpcenter/main.do
Title: Help & FAQs

Search URL Search Domain Scan URL

URL: https://online.citi.com/JRS/pands/detail.do?ID=SecurityCenter
Title: Security Center

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/app/citi-mobile-sm/id301724680?mt=8
Title:

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.citi.citimobile
Title:

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=todays_mortgage_rates&type=buy
Title: Mortgage

Search URL Search Domain Scan URL

URL: https://www.ipbus.citi.com/
Title: International Personal Bank U.S.

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 46

https://px0.pbbl.co/ns/__p2.gif?ppid=&chk=true&brid=&brcid=&email=&orderId=&orderValue=&productId=&offerCode=&label=&pageUrl=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2F343072ff50612a1e354ddf2c40313a51%2Fgri.php%3Femail%3D&referrerUrl=&targetUrl=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2F343072ff50612a1e354ddf2c40313a51%2Fgri.php%3Femail%3D&sessionId=&markerType=seg&rand=QpPGXZXgkgAkPE0S&iabOptOut=-&jsVer=3.2.1&frVer=&markerId=348192 HTTP 302
https://aa.agkn.com/adscores/g.pixel?sid=9212282598&_ppid=b15408b7-b793-4bef-aa57-24bf6c933e04&_segid=99&iid=5d44944e-944b-4cf7-98ce-20c89a105f78 HTTP 302
https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=b15408b7-b793-4bef-aa57-24bf6c933e04&_segid=99&_zip=&hk=&iid=5d44944e-944b-4cf7-98ce-20c89a105f78&mt=&bd=

Request Chain 50

https://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1592357219186 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1592357219186

Request Chain 63

https://cm.everesttech.net/cm/dd?d_uuid=67232432352243423460244777640383369962 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=XulxYwAAAnEccRTJ

Request Chain 76

https://px0.pbbl.co/ns/__p2.gif?ppid=a5f03234-1fda-4562-9adc-55d57cbcf39d&chk=true&brid=1560&brcid=&email=&orderId=&orderValue=&productId=&offerCode=&label=&pageUrl=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2F343072ff50612a1e354ddf2c40313a51%2Fgri.php%3Femail%3D&referrerUrl=&targetUrl=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2F343072ff50612a1e354ddf2c40313a51%2Fgri.php%3Femail%3D&sessionId=&markerType=seg&rand=RQczrxIxfoUgrcwG&iabOptOut=-&jsVer=3.2.1&frVer=1.1&markerId=348192 HTTP 302
https://aa.agkn.com/adscores/g.pixel?sid=9212282598&_ppid=a5f03234-1fda-4562-9adc-55d57cbcf39d&_segid=99&iid=19e14b30-38c2-410a-9650-3ee76d79c5de HTTP 302
https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=a5f03234-1fda-4562-9adc-55d57cbcf39d&_segid=99&_zip=&hk=&iid=19e14b30-38c2-410a-9650-3ee76d79c5de&mt=&bd=

79 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request gri.php Show response
tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/ 59 KB
13 KB 550ms
238ms Document
text/html 66.113.180.84
NETNATION

General

Check archive.org

Show headers Download Go to

Full URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 66.113.180.84 Chicago, United States, ASN14280 (NETNATION, CA),
Reverse DNS: server.loginmktdigital.com
Software: Apache/2.4.43 (cPanel) OpenSSL/1.1.1g mod_bwlimited/1.4 /
Resource Hash: bd6b476b1dacf9e210d8f883df696fa1d32d1721655e0a9cea0100752a93cab1

Request headers

Host: tw-ec.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Jun 2020 01:26:56 GMT
Server: Apache/2.4.43 (cPanel) OpenSSL/1.1.1g mod_bwlimited/1.4
Content-Encoding: gzip
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 29 KB
11 KB 32ms
32ms Script
text/javascript 172.217.21.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.21.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s12-in-f194.1e100.net

Software

cafe /

Resource Hash

a693efa7265b630e27e537f6ba09c5558a23b9ed2f57abdbf417c237a50a5156

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 11020
x-xss-protection: 0
server: cafe
etag: 13497728949557021888
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 17 Jun 2020 01:26:56 GMT

GET
H2 200 cool-2.1.15.min.js Show response
nebula-cdn.kampyle.com/resources/onsite/js/ 14 KB
5 KB 22ms
22ms Script
application/javascript 151.101.13.175
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.175 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:56 GMT
content-encoding: gzip
age: 0
accept-ranges: bytes
x-cache: HIT, HIT
status: 200
x-amz-request-id: 9951A5F978E3F1C8
x-amz-id-2: XqVaKHOURU7MwBcpCCMUctvOEFoT/DWescBxrAjf4sZMYSxmxYYg9yZGPXef3JTIqggebmjHsaM=
x-served-by: cache-iad2139-IAD, cache-fra19164-FRA
access-control-allow-origin: *
last-modified: Tue, 17 Mar 2020 11:10:17 GMT
server: AmazonS3
x-timer: S1592357217.843021,VS0,VE0
etag: "80dd5e3be5152c5c72d552c6a26ef6ff"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=31536000
content-length: 5197
x-cache-hits: 1, 253727

GET
H2 200 1560.js Show response
cdn.pbbl.co/r/ 33 KB
9 KB 119ms
119ms Script
application/javascript 13.226.154.56
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.pbbl.co/r/1560.js

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.226.154.56 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-226-154-56.dus51.r.cloudfront.net

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

8e60e8edaca8a3167fe48e62f9b53ba1989a5b6a23283555f09ab12175fed96e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Tue, 03 Mar 2020 17:36:15 GMT
server: nginx/1.10.3 (Ubuntu)
x-amz-cf-pop: DUS51-C1
status: 200
date: Wed, 17 Jun 2020 01:26:57 GMT
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
via: 1.1 50f438df6dbb947f3e4702890bc9cc06.cloudfront.net (CloudFront)
cache-control: max-age=1800, public
x-amz-cf-id: 8giQMhQgLKQX8vY9qwwPMjvwrLr3UmMASn4o3u8sMSWl9WGjIoYGEw==
x-xss-protection: 1
expires: Wed, 17 Jun 2020 01:56:57 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 83 KB
33 KB 20ms
20ms Script
application/javascript 2a00:1450:4001:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-677332377&l=dataLayer&cx=c

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8a29e88d6b49a7fd837d0e975baf34d816f9e18ae069ae691096278a35a73701

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:57 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33232
x-xss-protection: 0
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 17 Jun 2020 01:26:57 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 83 KB
33 KB 15ms
15ms Script
application/javascript 2a00:1450:4001:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c755d17450214bd5a8a1ce910845e29343980d8ddf9812f443503bfd34723475

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:57 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33231
x-xss-protection: 0
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 17 Jun 2020 01:26:57 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 83 KB
33 KB 19ms
18ms Script
application/javascript 2a00:1450:4001:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f689ff5f873be3f1749ed3299474e5b792c700d0ab230372a2b5a7cd9fda0a8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:57 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33232
x-xss-protection: 0
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 17 Jun 2020 01:26:57 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 83 KB
33 KB 15ms
15ms Script
application/javascript 2a00:1450:4001:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-916451471&l=dataLayer&cx=c

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6319178797b6a3400b501cd79ec72c77e74d96e7c74de4302880652c958a444a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:57 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33231
x-xss-protection: 0
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 17 Jun 2020 01:26:57 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 83 KB
33 KB 21ms
21ms Script
application/javascript 2a00:1450:4001:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e85a58eccc2a478531699234f67f8b7d7eb826b7fc111b25ddc65335c58870b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:57 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33233
x-xss-protection: 0
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 17 Jun 2020 01:26:57 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 25 KB
8 KB 28ms
28ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: b6f7b31210a709daca9760b215660b2cbe719757df3059364beeda005fca2dbe

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:57 GMT
content-encoding: gzip
last-modified: Wed, 10 Jun 2020 19:59:59 GMT
x-msedge-ref: Ref A: 1C7C96F31A604F80931CD31612D485E8 Ref B: FRAEDGE1518 Ref C: 2020-06-17T01:26:57Z
status: 200
etag: "804946b8613fd61:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 7791

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 4 KB
2 KB 27ms
26ms Script
application/x-javascript 13.226.145.171
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.145.171 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-145-171.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0615974c40d602afdbf9759533e352bc17b0458c85aad6694b1a1ad20659625b

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Jun 2020 16:28:36 GMT
Content-Encoding: gzip
Last-Modified: Mon, 13 Jan 2020 19:16:48 GMT
Server: AmazonS3
Age: 32309
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
Via: 1.1 2395e6175733260a159a0b484ed8febd.cloudfront.net (CloudFront)
Connection: keep-alive
Transfer-Encoding: chunked
X-Amz-Cf-Pop: DUS51-C1
X-Amz-Cf-Id: 1g0AQ604I85jF9BSVsC3VKNvA5Pv1NRGld085QyiglZ5OF0NmqIwGw==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 83 KB
33 KB 16ms
15ms Script
application/javascript 2a00:1450:4001:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6256710&l=dataLayer&cx=c

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1a494eeab02f36c9e54dac13dda7671dc383e7be18ca9ebf181008cd062975be

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:57 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33245
x-xss-protection: 0
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 17 Jun 2020 01:26:57 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 83 KB
33 KB 16ms
16ms Script
application/javascript 2a00:1450:4001:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6269322&l=dataLayer&cx=c

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a8eedbe1e0481498041c775d09b94d7b45f7a798d70d8824ade377490681597b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:57 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33244
x-xss-protection: 0
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 17 Jun 2020 01:26:57 GMT

GET
H/1.1 200
OK tc.min.js Show response
c1.rfihub.net/js/ 20 KB
7 KB 25ms
25ms Script
application/x-javascript 104.111.247.111
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.rfihub.net/js/tc.min.js
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.247.111 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-247-111.deploy.static.akamaitechnologies.com
Software: Jetty(9.0.6.v20130930) /
Resource Hash: cb2bb21705b9cce9781d02c9223f3344a65bd5314027d11c5a8518ad4bd84e84

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Jun 2020 01:26:57 GMT
Content-Encoding: gzip
Last-Modified: Wed, 08 Apr 2020 01:56:14 GMT
Server: Jetty(9.0.6.v20130930)
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: public, max-age=3600
Connection: keep-alive
Content-Type: application/x-javascript
Content-Length: 6375
Expires: Wed, 17 Jun 2020 02:26:57 GMT

GET
H/1.1 200
OK bk-coretag.js Show response
tags.bkrtx.com/js/ 30 KB
11 KB 28ms
27ms Script
application/javascript 104.111.245.241
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://tags.bkrtx.com/js/bk-coretag.js

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.245.241 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-245-241.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

d406a6cab9bdacdbb630437c932d1c38fa7ebbfedccb57b90952610e8b2b2130

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15724800; includeSubDomains
Content-Encoding: gzip
Last-Modified: Tue, 26 May 2020 20:03:16 GMT
Server: nginx/1.15.8
ETag: W/"5ecd7604-784f"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=604800
Date: Wed, 17 Jun 2020 01:26:57 GMT
Connection: keep-alive
Content-Length: 10652
Expires: Wed, 24 Jun 2020 01:26:57 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 83 KB
33 KB 16ms
15ms Script
application/javascript 2a00:1450:4001:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6260004

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

dc98dcf67096a5abf3b5e5f0e964aa8efbadbef9258abc2516e182a49de030e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:57 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33207
x-xss-protection: 0
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 17 Jun 2020 01:26:57 GMT

GET
H2 200 www-widgetapi.js Show response
s.ytimg.com/yts/jsbin/www-widgetapi-vfl_t-EQa/ 68 KB
25 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s.ytimg.com/yts/jsbin/www-widgetapi-vfl_t-EQa/www-widgetapi.js

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f925b6e79c9db6aef97728f7c4799d0a6b2de63f02b85f5f6623bb7fcb9e3c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 14 Jun 2020 05:44:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 243745
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25703
x-xss-protection: 0
last-modified: Fri, 12 Jun 2020 21:42:42 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=691200
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
expires: Mon, 22 Jun 2020 05:44:32 GMT

GET
H2 200 557566dc60916e3de69e006bef252459.js Show response
nexus.ensighten.com/citi/na_prod/code/ 2 KB
952 B 23ms
23ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 31b00ff4929696dfca06885da68e58c3e09f6ecb4ae0fe1ae287e99a3fd1f716

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:57 GMT
content-encoding: gzip
last-modified: Tue, 27 Aug 2019 16:59:12 GMT
server: nginx
etag: W/"5d656160-887"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H2 200 119cb7baf6c8377b2b2693b16e566a65.js Show response
nexus.ensighten.com/citi/na_prod/code/ 588 B
761 B 23ms
23ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/119cb7baf6c8377b2b2693b16e566a65.js?conditionId0=4824253
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 08c82aa4b25dca6ee19448742bec9104d74edf74ddaad926de6bf1d68edd23b7

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:57 GMT
last-modified: Tue, 22 Oct 2019 16:59:12 GMT
server: nginx
etag: "5daf3560-24c"
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 588

GET
H2 200 7a9abd5b52a3e438cec898587d77cfa0.js Show response
nexus.ensighten.com/citi/na_prod/code/ 24 B
238 B 23ms
23ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/7a9abd5b52a3e438cec898587d77cfa0.js?conditionId0=3013337
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1eeac0c64e470dee27f5a247a04d72fdc46f8b5e6809fdd865c01dc56a2853a8

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:57 GMT
last-modified: Thu, 05 Apr 2012 12:15:43 GMT
server: nginx
etag: "4f7d8cef-18"
content-type: application/javascript; charset=utf-8
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 24
expires: Wed, 17 Jun 2020 01:26:47 GMT

GET
H2 200 8637af7c210f4e79436bc39f71b49bfa.js Show response
nexus.ensighten.com/citi/na_prod/code/ 1 KB
728 B 23ms
22ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/8637af7c210f4e79436bc39f71b49bfa.js?conditionId0=4827153
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 06dfb367edf9bbff810def9f75f8695b3ccfbcb2813306609fc6e18fcacfc17e

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:57 GMT
content-encoding: gzip
last-modified: Wed, 10 Jul 2019 12:57:13 GMT
server: nginx
etag: W/"5d25e0a9-412"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H2 200 8e65688c37e3cfac5fcf631a6bbebaf5.js Show response
nexus.ensighten.com/citi/na_prod/code/ 24 B
238 B 23ms
23ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/8e65688c37e3cfac5fcf631a6bbebaf5.js?conditionId0=467299
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1eeac0c64e470dee27f5a247a04d72fdc46f8b5e6809fdd865c01dc56a2853a8

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:57 GMT
last-modified: Thu, 05 Apr 2012 12:15:43 GMT
server: nginx
etag: "4f7d8cef-18"
content-type: application/javascript; charset=utf-8
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 24
expires: Wed, 17 Jun 2020 01:26:47 GMT

GET
H2 200 6079f51b39f93dfe6843f5f9d6980bc1.js Show response
nexus.ensighten.com/citi/na_prod/code/ 3 KB
1 KB 23ms
23ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/6079f51b39f93dfe6843f5f9d6980bc1.js?conditionId0=472983
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: c1abc9ffd5c0db801942f609d24750804687683543ad5194d5044a87829c5e31

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:57 GMT
content-encoding: gzip
last-modified: Tue, 04 Feb 2020 18:16:27 GMT
server: nginx
etag: W/"5e39b4fb-afb"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H2 200 d06a7425889facdccb0c0703252e84f2.js Show response
nexus.ensighten.com/citi/na_prod/code/ 24 B
238 B 22ms
22ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/d06a7425889facdccb0c0703252e84f2.js?conditionId0=486757
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1eeac0c64e470dee27f5a247a04d72fdc46f8b5e6809fdd865c01dc56a2853a8

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:57 GMT
last-modified: Thu, 05 Apr 2012 12:15:43 GMT
server: nginx
etag: "4f7d8cef-18"
content-type: application/javascript; charset=utf-8
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 24
expires: Wed, 17 Jun 2020 01:26:47 GMT

GET
H2 200 fdf45a7c15c1cee06bb71e10dac4e26e.js Show response
nexus.ensighten.com/citi/na_prod/code/ 989 B
1 KB 23ms
23ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 7df13706eaab8ce9a3dcd2a501f60bc66987c83834d07dfaf07ae56ef814c110

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:57 GMT
last-modified: Tue, 14 May 2019 17:01:42 GMT
server: nginx
etag: "5cdaf476-3dd"
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 989

GET
H2 200 2f8cdd7d5384233c3c08b77d77830f4b.js Show response
nexus.ensighten.com/citi/na_prod/code/ 3 KB
1 KB 23ms
22ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/2f8cdd7d5384233c3c08b77d77830f4b.js?conditionId0=4854834
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 64a50e5d7873ed91d8816ef8a4e583dbab9b2c41bb78c4e293723aed29ad61b4

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:57 GMT
content-encoding: gzip
last-modified: Wed, 27 May 2020 04:03:42 GMT
server: nginx
etag: W/"5ecde69e-cc8"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H2 200 452786ced3e658890f8f25121c88ab98.js Show response
nexus.ensighten.com/citi/na_prod/code/ 24 B
238 B 23ms
22ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/452786ced3e658890f8f25121c88ab98.js?conditionId0=421908
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1eeac0c64e470dee27f5a247a04d72fdc46f8b5e6809fdd865c01dc56a2853a8

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:57 GMT
last-modified: Thu, 05 Apr 2012 12:15:43 GMT
server: nginx
etag: "4f7d8cef-18"
content-type: application/javascript; charset=utf-8
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 24
expires: Wed, 17 Jun 2020 01:26:47 GMT

GET
H2 200 f1c71c10d3e2f87f440821ca1f9e2e65.js Show response
nexus.ensighten.com/citi/na_prod/code/ 2 KB
854 B 23ms
22ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/f1c71c10d3e2f87f440821ca1f9e2e65.js?conditionId0=480881
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e226935ba96b671378a7552d0669729f2b4733fab20624ed8018e86bad35401e

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:57 GMT
content-encoding: gzip
last-modified: Tue, 04 Feb 2020 18:16:27 GMT
server: nginx
etag: W/"5e39b4fb-631"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H2 200 iframe_api Show response
www.youtube.com/ 859 B
920 B 25ms
23ms Script
application/javascript 2a00:1450:4001:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

3aef97201683f9a1f0344c1626b5713626aa9108c7de5c79f1f3e34dd7b207d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:56 GMT
x-content-type-options: nosniff
server: YouTube Frontend Proxy
content-type: application/javascript
status: 200
cache-control: no-cache
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
expires: Tue, 27 Apr 1971 19:44:06 GMT

GET
H2 200 cse.js Show response
cse.google.com/cse/ 10 KB
4 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gws /

Resource Hash

604450ca35ba4325e705c453da23aca99d7144504044d639428f3f804c2b7db8

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:57 GMT
content-encoding: br
server: gws
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
status: 200
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-28=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3477
x-xss-protection: 0
expires: Wed, 17 Jun 2020 01:26:57 GMT

GET
H2 200 serverComponent.php Show response
nexus.ensighten.com/citi/na_prod/ 2 KB
836 B 25ms
23ms Script
text/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/serverComponent.php?r=382814.40512243094&ClientID=1129&PageID=https%3A%2F%2Fonline.citi.com%2FUS%2FJSO%2Floginpage%2Fretarget.action%3Fnext_page%3Ddashboard%26loginscreenId%3DSignOn%26deepdrop%3Dtrue%26intc%3D1~7~51~3~191101~8~LegacyHeader~LoginLink
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: c451772248a707259756c57bb7ef7cb253d535e2af27221ae055339dcccd71f6

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:56 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: no-cache, no-store
expires: Wed, 17 Jun 2020 01:26:46 GMT

GET
H/1.1 404
Not Found tagging.js
tw-ec.com/CBOL/taggingTransformation/ 0
0 2264ms
2165ms Script
text/html 66.113.180.84
NETNATION

General

Check archive.org

Show headers Download Go to

Full URL: https://tw-ec.com/CBOL/taggingTransformation/tagging.js
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 66.113.180.84 Chicago, United States, ASN14280 (NETNATION, CA),
Reverse DNS: server.loginmktdigital.com
Software: Apache/2.4.43 (cPanel) OpenSSL/1.1.1g mod_bwlimited/1.4 /
Resource Hash

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Jun 2020 01:26:57 GMT
Content-Encoding: gzip
Server: Apache/2.4.43 (cPanel) OpenSSL/1.1.1g mod_bwlimited/1.4
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate, max-age=0
Transfer-Encoding: chunked
Connection: Keep-Alive
Link: <https://tw-ec.com/wp-json/>; rel="https://api.w.org/"
Keep-Alive: timeout=5, max=99
Expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 ddl.min.css
online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/ 624 KB
69 KB 41ms
39ms Stylesheet
text/css 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

6177c6163dc1ad67fb596a94ef3d18a277bfd437dbb3c1a928cd6caacefeff2e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 17:16:57 GMT
x-akamai-citisite: GTDC
date: Wed, 17 Jun 2020 01:26:56 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
expires: Wed, 17 Jun 2020 07:26:56 GMT
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 69738
content-type: text/css
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 jfpm.autocomplete.off.js Show response
online.citi.com/JFP/js/modules/ 1 KB
834 B 39ms
39ms Script
application/x-javascript 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JFP/js/modules/jfpm.autocomplete.off.js

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

9dad502247a8488c21ef5beb32aed1a78b17b748711bec817c472911f76b4ead

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
date: Wed, 17 Jun 2020 01:26:57 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
expires: Wed, 17 Jun 2020 07:26:57 GMT
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 344
content-type: application/x-javascript
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 main_branding.css
online.citi.com/GFC/branding/responsivebranding/css/ 273 KB
43 KB 48ms
46ms Stylesheet
text/css 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/GFC/branding/responsivebranding/css/main_branding.css

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

242cb1fe2274ec738de60067a2c54568126e01792e55d2db82f8cfb48cbb4f24

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 05 May 2020 09:06:51 GMT
x-akamai-citisite: GTDC
date: Wed, 17 Jun 2020 01:26:56 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
expires: Wed, 17 Jun 2020 07:26:56 GMT
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 43751
content-type: text/css
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 vendor.js Show response
online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/ 204 KB
64 KB 63ms
62ms Script
application/x-javascript 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/vendor.js

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

f2dd1ff20c3df202418f9d59c76f40bdb304d7a85d7163fc9935391528f3dee8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 17:22:45 GMT
x-akamai-citisite: GTDC
date: Wed, 17 Jun 2020 01:26:56 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
expires: Wed, 17 Jun 2020 07:26:56 GMT
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 64910
content-type: application/x-javascript
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 Bootstrap.js Show response
nexus.ensighten.com/citi/na_prod/ 311 KB
102 KB 25ms
24ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: d250860d730986fa3e4643c1aa67d3bb80af668ae140aa8b6888acdef53e739c

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:56 GMT
content-encoding: gzip
last-modified: Mon, 15 Jun 2020 15:13:13 GMT
server: nginx
etag: W/"5ee79009-4dbbb"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=300

GET
H2 200 homePage.min.css
online.citi.com/loginpage/styles/ 24 KB
5 KB 52ms
51ms Stylesheet
text/css 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/loginpage/styles/homePage.min.css

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

ed48ae9c1a324d49404d9fb4c508b880ca97a65f8fd21d352e241d1e4dfc50e2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Jun 2018 05:31:28 GMT
x-akamai-citisite: GTDC
date: Wed, 17 Jun 2020 01:26:56 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
expires: Wed, 17 Jun 2020 07:26:56 GMT
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 5032
content-type: text/css
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 jquery.tmpl.js Show response
online.citi.com/JFP/js/jquery/plugins/ 6 KB
3 KB 69ms
68ms Script
application/x-javascript 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JFP/js/jquery/plugins/jquery.tmpl.js

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

629b48196dcc270143a42ce57535b251c655617f8d510277d4a05306c426fd38

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
date: Wed, 17 Jun 2020 01:26:56 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
expires: Wed, 17 Jun 2020 07:26:56 GMT
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 2905
content-type: application/x-javascript
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 fp.min.js Show response
online.citi.com/JSO/js/ 15 KB
5 KB 39ms
39ms Script
application/x-javascript 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JSO/js/fp.min.js

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

c3c994c3fe9bd4e055f6d0eb42067ecd6bdd3247e136bc22835b9882cfe77c61

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 17:12:07 GMT
x-akamai-citisite: GTDC
date: Wed, 17 Jun 2020 01:26:57 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
expires: Wed, 17 Jun 2020 07:26:57 GMT
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 4322
content-type: application/x-javascript
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 cbol-smartSearch.css
online.citi.com/NCCS/smartSearch/css/ 8 KB
1 KB 58ms
57ms Stylesheet
text/css 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/NCCS/smartSearch/css/cbol-smartSearch.css

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

6d3001c9deac8cb1f88ea5254105f8d678de5532f1998a24eab1b59906eaf86b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 13 Feb 2018 16:10:30 GMT
x-akamai-citisite: GTDC
date: Wed, 17 Jun 2020 01:26:56 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
expires: Wed, 17 Jun 2020 07:26:56 GMT
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 899
content-type: text/css
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 HowCanWeHelpButton_default.png
online.citi.com/GFC/branding/img/ 3 KB
4 KB 39ms
38ms Image
image/png 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/GFC/branding/img/HowCanWeHelpButton_default.png

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

f35167f960fb0ce996db66bdfc5723771a4acc8e7206b282e7dfaa8c2ca81e3b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
last-modified: Mon, 27 Apr 2020 04:42:01 GMT
x-akamai-citisite: SWDC
date: Wed, 17 Jun 2020 01:26:57 GMT
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
content-length: 3364
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/png
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 main.css
online.citi.com/GFC/branding/responsivebranding/css/ 45 KB
7 KB 40ms
39ms Stylesheet
text/css 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/GFC/branding/responsivebranding/css/main.css

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

429d8af3190c76d5fcb9b1cad2aa6eb555684921323da905d62017fbdbf557c6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Wed, 26 Jun 2019 07:44:47 GMT
x-akamai-citisite: GTDC
date: Wed, 17 Jun 2020 01:26:56 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
expires: Wed, 17 Jun 2020 07:26:56 GMT
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 7108
content-type: text/css
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 rsa.js Show response
online.citi.com/CBOL/sec/debcaract/js/ 36 KB
11 KB 39ms
39ms Script
application/x-javascript 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/sec/debcaract/js/rsa.js

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

793c2f3d02d0bc3ad8a2cdc901b2134159b66245e951ac258fee1ac8b2709f44

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: GTDC
date: Wed, 17 Jun 2020 01:26:56 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
expires: Wed, 17 Jun 2020 07:26:56 GMT
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 10616
content-type: application/x-javascript
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 TMXProfiling.js Show response
online.citi.com/TMX/ 1 KB
1 KB 40ms
40ms Script
application/x-javascript 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/TMX/TMXProfiling.js

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

157430093a6d2ee63082eae5dabf826926d3b6259d33482aa6713c48728e82fa

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Fri, 10 Aug 2018 07:26:42 GMT
x-akamai-citisite: GTDC
date: Wed, 17 Jun 2020 01:26:57 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
expires: Wed, 17 Jun 2020 07:26:57 GMT
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 546
content-type: application/x-javascript
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 www-widgetapi.js Show response
s.ytimg.com/yts/jsbin/www-widgetapi-vflkajogJ/ 67 KB
25 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s.ytimg.com/yts/jsbin/www-widgetapi-vflkajogJ/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf976a6c8a6bb7206d93bad74c6029bc3739a12a81f2e32433d81195e8f9c416

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Jun 2020 21:12:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15261
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25512
x-xss-protection: 0
last-modified: Mon, 15 Jun 2020 18:02:10 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=691200
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
expires: Wed, 24 Jun 2020 21:12:36 GMT

GET
H2 200 embed.js Show response
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ 2 KB
770 B 20ms
20ms Script
application/javascript 151.101.114.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b84a6ee3aa9ea3d4b049cdb016d0005deade4abbe00ff05ec11c7efd366bff4a

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: mgQTkYdcRiRLQUJcdXLWi1M5ookEcoqM
content-encoding: gzip
etag: "9cae4dcb6a8a9556a0a5839bd5432d0d"
age: 46
via: 1.1 varnish
x-cache: HIT
status: 200
content-length: 675
x-amz-id-2: PGwWtWbcdjPe9HGXIO1yGg5ETDTyKDBY0jUWQPg2n5Cdq/UW9SXloiNJCETiwQm1s5k3515IlxQ=
x-served-by: cache-hhn4067-HHN
last-modified: Mon, 15 Jun 2020 20:21:11 GMT
server: AmazonS3
x-timer: S1592357217.049700,VS0,VE0
date: Wed, 17 Jun 2020 01:26:57 GMT
vary: Accept-Encoding
x-amz-request-id: 0CA505672AE3B401
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 5

GET
H2

200

adadvisor.gif
px0.pbbl.co/
Redirect Chain

https://px0.pbbl.co/ns/__p2.gif?ppid=&chk=true&brid=&brcid=&email=&orderId=&orderValue=&productId=&offerCode=&label=&pageUrl=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2F343072ff50612a1e354ddf2c40313a5...
https://aa.agkn.com/adscores/g.pixel?sid=9212282598&_ppid=b15408b7-b793-4bef-aa57-24bf6c933e04&_segid=99&iid=5d44944e-944b-4cf7-98ce-20c89a105f78
https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=b15408b7-b793-4bef-aa57-24bf6c933e04&_segid=99&_zip=&hk=&iid=5d44944e-944b-4cf7-98ce-20c89a105f78&mt=&bd=

42 B
127 B

136ms
135ms

Image
image/gif

2a00:1450:4001:81e::2013
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=b15408b7-b793-4bef-aa57-24bf6c933e04&_segid=99&_zip=&hk=&iid=5d44944e-944b-4cf7-98ce-20c89a105f78&mt=&bd=

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Jun 2020 01:26:58 GMT
x-content-type-options: nosniff
server: Google Frontend
content-type: image/gif
status: 200
x-cloud-trace-context: ffc1e0c245b27cf7c15aa6b517ab6162
cache-control: must-revalidate, no-cache, no-store
content-length: 42
x-xss-protection: 1
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 17 Jun 2020 01:26:58 GMT
server: AAWebServer
status: 302
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location: https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=b15408b7-b793-4bef-aa57-24bf6c933e04&_segid=99&_zip=&hk=&iid=5d44944e-944b-4cf7-98ce-20c89a105f78&mt=&bd=
cache-control: no-cache, no-store, must-revalidate
content-length: 0
expires: 0

GET
H2 200 cse_element__de.js Show response
www.google.com/cse/static/element/57975621473fd078/ 261 KB
87 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:819::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/57975621473fd078/cse_element__de.js?usqp=CAM%3D

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

390f8b1161ed9507a415fa57f33c7d8559dde560fcc8c7af3323da2fa8d211dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Jun 2020 09:33:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 29 Apr 2020 13:21:59 GMT
server: sffe
age: 57229
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 88534
x-xss-protection: 0
expires: Wed, 16 Jun 2021 09:33:09 GMT

GET
H2 200 default_v2+de.css
www.google.com/cse/static/element/57975621473fd078/ 40 KB
9 KB 6ms
5ms Stylesheet
text/css 2a00:1450:4001:819::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/57975621473fd078/default_v2+de.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a50f20ecac24eeea05e7fc20c4f5d20b5075e061fd067d1f956e424fe010dcf2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Jun 2020 08:17:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 29 Apr 2020 13:21:59 GMT
server: sffe
age: 61754
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8905
x-xss-protection: 0
expires: Wed, 16 Jun 2021 08:17:43 GMT

GET
H2 200 default.css
www.google.com/cse/static/style/look/v4/ 4 KB
1 KB 6ms
6ms Stylesheet
text/css 2a00:1450:4001:819::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/style/look/v4/default.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 00:58:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: sffe
age: 1737
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=3000
accept-ranges: bytes
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1345
x-xss-protection: 0
expires: Wed, 17 Jun 2020 01:48:00 GMT

GET
H/1.1

200
OK

rd Show response
dpm.demdex.net/id/
Redirect Chain

https://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1592357219186
https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1592357219186

363 B
1 KB

37ms
36ms

XHR
application/json

34.241.125.133
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1592357219186

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.241.125.133 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-241-125-133.eu-west-1.compute.amazonaws.com

Software

Resource Hash

5dc2de6157374044fc3db259459c867fc6ef2d44603072d63d085f0678084419

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

DCS: dcs-prod-irl1-v072-0fc2d484f.edge-irl1.demdex.com 5.73.2.20200611122118 2ms (+1ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-TID: l5j5VjMpTqc=
Vary: Origin, Accept-Encoding, User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://tw-ec.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 300
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: https://tw-ec.com
X-TID: ZgZtlMg2TzA=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1592357219186
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 Citi-Enterprise-White.png
online.citi.com/GFC/branding/img/ 1 KB
1 KB 40ms
40ms Image
image/png 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/GFC/branding/img/Citi-Enterprise-White.png

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

7cb24e06c00e47bb6bc6c38b935d6bc62817f656703387e4fb7591add96c7454

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://online.citi.com/GFC/branding/responsivebranding/css/main_branding.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
last-modified: Wed, 14 Jun 2017 18:29:05 GMT
x-akamai-citisite: SWDC
date: Wed, 17 Jun 2020 01:26:59 GMT
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
content-length: 1040
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/png
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 Interstate-Light.woff
online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/ 74 KB
74 KB 39ms
39ms Font
application/octet-stream 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Light.woff

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css
Origin: https://tw-ec.com

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
date: Wed, 17 Jun 2020 01:26:59 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 75483
content-type: text/plain
access-control-allow-origin: *
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 serverComponent.php Show response
nexus.ensighten.com/citi/na_prod/ 1 KB
703 B 32ms
32ms Script
text/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/serverComponent.php?r=524.0664629796037&ClientID=1129&PageID=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2F343072ff50612a1e354ddf2c40313a51%2Fgri.php%3Femail%3D
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1da22e013ff4a092aef9683b9cbdc72cc242a08105c2aaf7de2433e49643613e

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:59 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: no-cache, no-store
expires: Wed, 17 Jun 2020 01:26:58 GMT

GET
H2 200 LSO_4959.jpg
online.citi.com/JSO/customlogin/ 171 KB
172 KB 43ms
43ms Image
image/jpeg 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JSO/customlogin/LSO_4959.jpg

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

48e89b7e40e096b89d864a5c8ee340ce44ca60fe9675310ef2f3f40a53a7d593

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
last-modified: Wed, 19 Jun 2019 16:11:40 GMT
x-akamai-citisite: GTDC
date: Wed, 17 Jun 2020 01:26:59 GMT
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
content-length: 174933
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 Interstate-Bold.woff
online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/ 70 KB
71 KB 42ms
42ms Font
application/octet-stream 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Bold.woff

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css
Origin: https://tw-ec.com

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
date: Wed, 17 Jun 2020 01:26:59 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 71859
content-type: text/plain
access-control-allow-origin: *
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 Citi-Branding-Sprite.png
online.citi.com/GFC/branding/img/ 5 KB
5 KB 49ms
49ms Image
image/png 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/GFC/branding/img/Citi-Branding-Sprite.png

Requested by

Host: online.citi.com
URL: https://online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/vendor.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

3fca3de24621f0f10186594054444d608016297c2e853e548710b3521e42a609

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://online.citi.com/GFC/branding/responsivebranding/css/main_branding.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
last-modified: Wed, 14 Jun 2017 18:29:01 GMT
x-akamai-citisite: GTDC
date: Wed, 17 Jun 2020 01:26:59 GMT
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
content-length: 4952
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/png
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 appStore_1px.png
online.citi.com/GFC/branding/responsivebranding/img/ 3 KB
4 KB 60ms
58ms Image
image/png 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/GFC/branding/responsivebranding/img/appStore_1px.png

Requested by

Host: online.citi.com
URL: https://online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/vendor.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

f44e4692a52b6a382cb481e23f8bcb9a6d4c24eec8aa60143c7e2ca3a85758b2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://online.citi.com/GFC/branding/responsivebranding/css/main_branding.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
last-modified: Thu, 27 Sep 2018 21:19:09 GMT
x-akamai-citisite: GTDC
date: Wed, 17 Jun 2020 01:26:59 GMT
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
content-length: 3513
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/png
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 googlePlay_1px.png
online.citi.com/GFC/branding/responsivebranding/img/ 4 KB
4 KB 60ms
58ms Image
image/png 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/GFC/branding/responsivebranding/img/googlePlay_1px.png

Requested by

Host: online.citi.com
URL: https://online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/vendor.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

1cc4ec61057f30cea6d47126e0444f119b2606720b1fe8d7e0deff1f5742a82b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://online.citi.com/GFC/branding/responsivebranding/css/main_branding.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
last-modified: Thu, 27 Sep 2018 21:21:52 GMT
x-akamai-citisite: SWDC
date: Wed, 17 Jun 2020 01:26:59 GMT
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
content-length: 3900
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/png
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 arrow-btn-next-white-sm-bold.svg
online.citi.com/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/ 918 B
997 B 176ms
176ms Image
image/svg+xml 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-white-sm-bold.svg

Requested by

Host: online.citi.com
URL: https://online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/vendor.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

4f918cd256712c03a1b88007176cabf623cc63740e919d35a217c18dc7ebe607

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://online.citi.com/loginpage/styles/homePage.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
date: Wed, 17 Jun 2020 01:26:59 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
content-length: 496
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/svg+xml
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 oo_icon_retina.gif
online.citi.com/GFC/branding/olab/images/ 2 KB
3 KB 43ms
42ms Image
image/gif 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/GFC/branding/olab/images/oo_icon_retina.gif

Requested by

Host: online.citi.com
URL: https://online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/vendor.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

701d2f9f02741b8429f4fb892b2b48c34a8a0f9189cb09013b2799031f22e484

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://online.citi.com/GFC/branding/responsivebranding/css/main_branding.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
last-modified: Tue, 12 Sep 2017 17:12:07 GMT
x-akamai-citisite: GTDC
date: Wed, 17 Jun 2020 01:26:59 GMT
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
content-length: 2204
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/gif
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H/1.1 200
OK Cookie set dest5.html
citi.demdex.net/ Frame 42CE 0
0 34ms
34ms Document
text/html 34.241.125.133
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://citi.demdex.net/dest5.html?d_nsid=0

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.241.125.133 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-241-125-133.eu-west-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Host: citi.demdex.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: demdex=67232432352243423460244777640383369962
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=21600
Content-Encoding: gzip
Content-Type: text/html
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified: Thu, 11 Jun 2020 14:12:20 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Set-Cookie: demdex=67232432352243423460244777640383369962;Path=/;Domain=.demdex.net;Expires=Mon, 14-Dec-2020 01:26:59 GMT;Max-Age=15552000;Secure;SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding, User-Agent
X-TID: ECNt7qSGT0o=
Content-Length: 2785
Connection: keep-alive

GET
H2 200 id Show response
metrics1.citi.com/ 89 B
621 B 87ms
29ms XHR
application/x-javascript 15.188.154.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics1.citi.com/id?d_visid_ver=3.1.2&d_fieldgroup=A&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&mid=61199258392714585370776314368955018057&ts=1592357219289

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.188.154.177 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-154-177.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

d4280e44d58cef6246169f5c336c6e5ef3b9f2895d370758adcdaa4034d0ffb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

status: 200
date: Wed, 17 Jun 2020 01:26:58 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-6f7565dc8b-jhc2n
vary: Origin
x-c: master-1308.I3d0a82.M0-421
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://tw-ec.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-type: application/x-javascript;charset=utf-8
content-length: 89
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=XulxYwAAAnEccRTJ
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=67232432352243423460244777640383369962
https://dpm.demdex.net/ibs:dpid=411&dpuuid=XulxYwAAAnEccRTJ

42 B
915 B

40ms
36ms

Image
image/gif

34.241.125.133
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=XulxYwAAAnEccRTJ

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.241.125.133 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-241-125-133.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

DCS: dcs-prod-irl1-v072-04b3a269c.edge-irl1.demdex.com 5.73.2.20200611122118 0ms (+1ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: Fkb9G6YoTu4=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date: Wed, 17 Jun 2020 01:26:59 GMT
Server: AMO-cookiemap/1.1
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=XulxYwAAAnEccRTJ
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=15,max=100
Content-Length: 0

GET
H2 200 29c31210f5090c402a7dd5c972af33d8.js Show response
nexus.ensighten.com/citi/na_prod/code/ 98 KB
22 KB 23ms
23ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/29c31210f5090c402a7dd5c972af33d8.js?conditionId0=421908
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6c5449f11408652805b0e758e1126bd334813c263228f4ba92892124bb572bf4

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:59 GMT
content-encoding: gzip
last-modified: Fri, 12 Jun 2020 20:38:54 GMT
server: nginx
etag: W/"5ee3e7de-186d1"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H2 200 6bf99ef458403d186da9a034d9628c7f.js Show response
nexus.ensighten.com/citi/na_prod/code/ 124 KB
34 KB 26ms
25ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/6bf99ef458403d186da9a034d9628c7f.js?conditionId0=486757
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 4aede649b1b4a3c290fa9d07fab79f2f64c9fe7581c6ca672b2002e384acb5b0

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:59 GMT
content-encoding: gzip
last-modified: Fri, 12 Jun 2020 02:03:22 GMT
server: nginx
etag: W/"5ee2e26a-1ee5b"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H2 200 da167c55d765aa5c0bbbeaa450af06e1.js Show response
nexus.ensighten.com/citi/na_prod/code/ 26 KB
6 KB 27ms
26ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/da167c55d765aa5c0bbbeaa450af06e1.js?conditionId0=467299
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e1ec332b96174cc27b767f6c047cd2623c7dbf299a8bf14b484b1e6991431d7d

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:59 GMT
content-encoding: gzip
last-modified: Fri, 12 Jun 2020 02:03:22 GMT
server: nginx
etag: W/"5ee2e26a-69f7"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H/1.1 200
OK idr.js Show response
a.rfihub.com/ 83 B
686 B 27ms
27ms Script
application/javascript 185.31.128.128
ROCKETFUEL

General

Check archive.org

Show headers Download Go to

Full URL: https://a.rfihub.com/idr.js?_callback=window.RocketfuelBCP.jsonpCallbacks.request_cmZpSWRJbkNhY2hl
Requested by: Host: c1.rfihub.net
URL: https://c1.rfihub.net/js/tc.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.31.128.128 , Netherlands, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.0.6.v20130930) /
Resource Hash: 7bba71f1c5b96496c8315d588cb2992c76f9dad54f1af0f8b2a1e974a9bab83b

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Cache-Control: public, max-age=33696000
Content-Type: application/javascript
Server: Jetty(9.0.6.v20130930)
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 83
Expires: Mon, 12 Jul 2021 01:26:59 GMT

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 363 B
1 KB 39ms
38ms XHR
application/json 34.241.125.133
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&d_mid=61199258392714585370776314368955018057&d_blob=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&d_cid_ic=AVID%012F74B8B18515F5E1-400007EC5D95A101&ts=1592357219431

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.241.125.133 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-241-125-133.eu-west-1.compute.amazonaws.com

Software

Resource Hash

b275008485d27d1797adef10835ad673746badd84827fa2d3a2b4d4d8b6acde5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-v072-0dd7d30a8.edge-irl1.demdex.com 5.73.2.20200611122118 2ms (+1ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-TID: RT75eqjlSbI=
Vary: Origin, Accept-Encoding, User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://tw-ec.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 300
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK Cookie set ca.html
20766699p.rfihub.com/ Frame D3EF 0
0 30ms
29ms Document
text/html 185.31.128.128
ROCKETFUEL

General

Check archive.org

Show headers Download Go to

Full URL: https://20766699p.rfihub.com/ca.html?rfiidc=1582522693320699064&rfiaid=5ff938107f65498890492ad76d7601a8&ver=9&ra=1821&rb=648&ca=20766699&_o=17169175&_t=&ssv_cuuid=&ssv_pagename=&pe=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2F343072ff50612a1e354ddf2c40313a51%2Fgri.php%3Femail%3D&pf=&ra=8032883282881249
Requested by: Host: c1.rfihub.net
URL: https://c1.rfihub.net/js/tc.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.31.128.128 , Netherlands, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.0.6.v20130930) /
Resource Hash

Request headers

Host: 20766699p.rfihub.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: rud=H4sIAAAAAAAAAOMSNjS1MDI1MjKzNDY2MjCztDQwMxHiM9T1DvQrKPU1DHAuLHKU4jU0tTQyNjU3MrQ0tjQFABwg1vU0AAAA; ruds=H4sIAAAAAAAAAOMSNjS1MDI1MjKzNDY2MjCztDQwMxHiM9T1DvQrKPU1DHAuLHIEAKHEKjMlAAAA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=

Response headers

P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rud=H4sIAAAAAAAAAOMSNjS1MDI1MjKzNDY2MjCztDQwMxHiM9T1DvQrKPU1DHAuLHKU4jU0tTQyNjU3MrQ0tjQFABwg1vU0AAAA; Path=/; Domain=.rfihub.com; Expires=Mon, 12 Jul 2021 01:26:59 GMT; Secure; SameSite=None ruds=H4sIAAAAAAAAAOMSNjS1MDI1MjKzNDY2MjCztDQwMxHiM9T1DvQrKPU1DHAuLHIEAKHEKjMlAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
Cache-Control: no-cache
Content-Type: text/html
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Transfer-Encoding: chunked
Server: Jetty(9.0.6.v20130930)

GET
H2 204 425466.html
sr.rlcdn.com/ Frame 99B4 0
0 119ms
119ms Document
text/plain 35.241.8.149
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/da167c55d765aa5c0bbbeaa450af06e1.js?conditionId0=467299
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.8.149 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 149.8.241.35.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: sr.rlcdn.com
:scheme: https
:path: /425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=

Response headers

status: 204
date: Wed, 17 Jun 2020 01:26:59 GMT
via: 1.1 google
alt-svc: clear

GET
H2 200 generic1592252470076.js Show response
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ 306 KB
57 KB 24ms
23ms Script
application/javascript 151.101.114.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1592252470076.js
Requested by: Host: resources.digital-cloud-citi.medallia.com
URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e58685eb1777eeef95348ce04c8d41ebaa048e748a618855e6a965ad4f234d11

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: tQ9017fc.zeF_GjfoDMNfMQpRZYcKHNO
content-encoding: gzip
etag: "1b861237647271927f8de45ff11c3a2a"
age: 51
via: 1.1 varnish
x-cache: HIT
status: 200
content-length: 58385
x-amz-id-2: sX1U7njeR1Hog7CLS93HENPvTzY0ig+wahzyo8PyvqWfIY6MsoHdxHz2x6oZZUOhkvzkFBRvulc=
x-served-by: cache-hhn4067-HHN
last-modified: Mon, 15 Jun 2020 20:21:11 GMT
server: AmazonS3
x-timer: S1592357219.499243,VS0,VE0
date: Wed, 17 Jun 2020 01:26:59 GMT
vary: Accept-Encoding
x-amz-request-id: 6F2F7577B058126A
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 5

GET
H/1.1 200
OK 63068
stags.bluekai.com/site/ Frame 4596 0
0 167ms
166ms Document
text/html 23.43.114.84
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://stags.bluekai.com/site/63068?ret=html&phint=language&phint=product&phint=event&phint=category&phint=page&phint=section1&phint=section2&phint=section3&phint=section4&phint=bankappstatus&phint=productID&phint=__bk_t%3DSign%20On%20to%20view%20your%20account&phint=__bk_k%3D&phint=__bk_l%3Dhttps%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2F343072ff50612a1e354ddf2c40313a51%2Fgri.php%3Femail%3D&phint=__bk_v%3D3.1.5&limit=10&r=46906633
Requested by: Host: tags.bkrtx.com
URL: https://tags.bkrtx.com/js/bk-coretag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.43.114.84 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a23-43-114-84.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Host: stags.bluekai.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=

Response headers

Content-Type: text/html
Content-Length: 71
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
BK-Server: d2a4
Date: Wed, 17 Jun 2020 01:26:59 GMT
Connection: keep-alive
X-N: S

GET
H2 200 pp.html
cdn.pbbl.co/i/ Frame 5B4A 0
0 33ms
32ms Document
text/html 13.226.154.56
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pbbl.co/i/pp.html
Requested by: Host: cdn.pbbl.co
URL: https://cdn.pbbl.co/r/1560.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.154.56 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-154-56.dus51.r.cloudfront.net
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash

Request headers

:method: GET
:authority: cdn.pbbl.co
:scheme: https
:path: /i/pp.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: pp_uid=b15408b7-b793-4bef-aa57-24bf6c933e04
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=

Response headers

status: 200
content-type: text/html
server: nginx/1.10.3 (Ubuntu)
date: Wed, 17 Jun 2020 00:44:58 GMT
last-modified: Thu, 30 Jan 2020 18:07:58 GMT
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 50f438df6dbb947f3e4702890bc9cc06.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: Zo4TtXUqhuORSwQ0-ZA9oD1yrvq_21mkqpGUCgYwjliS4YQf2ZuN7Q==
age: 2521

GET
H2 200 up
insight.adsrvr.org/track/ Frame CBC6 0
0 34ms
34ms Document
text/html 52.48.230.192
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=1jw5cvl&ref=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2F343072ff50612a1e354ddf2c40313a51%2Fgri.php%3Femail%3D&upid=t1sl5ty&upv=1.1.0&orderid={orderid}&v={v}&vf={vf}&td1=undefined&td2=undefined&td3=undefined&td4=undefined&td5=https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=&td6={td6}&td7={td7}&td8={td8}&td9={td9}&td10={td10}
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.230.192 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-48-230-192.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: insight.adsrvr.org
:scheme: https
:path: /track/up?adv=1jw5cvl&ref=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2F343072ff50612a1e354ddf2c40313a51%2Fgri.php%3Femail%3D&upid=t1sl5ty&upv=1.1.0&orderid={orderid}&v={v}&vf={vf}&td1=undefined&td2=undefined&td3=undefined&td4=undefined&td5=https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=&td6={td6}&td7={td7}&td8={td8}&td9={td9}&td10={td10}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=

Response headers

status: 200
date: Wed, 17 Jun 2020 01:26:59 GMT
content-type: text/html
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 cool-2.1.15.min.js Show response
nebula-cdn.kampyle.com/resources/onsite/js/ 14 KB
5 KB 23ms
22ms Script
application/javascript 151.101.13.175
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
Requested by: Host: resources.digital-cloud-citi.medallia.com
URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1592252470076.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.175 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:59 GMT
content-encoding: gzip
age: 0
accept-ranges: bytes
x-cache: HIT, HIT
status: 200
x-amz-request-id: 9951A5F978E3F1C8
x-amz-id-2: XqVaKHOURU7MwBcpCCMUctvOEFoT/DWescBxrAjf4sZMYSxmxYYg9yZGPXef3JTIqggebmjHsaM=
x-served-by: cache-iad2139-IAD, cache-fra19164-FRA
access-control-allow-origin: *
last-modified: Tue, 17 Mar 2020 11:10:17 GMT
server: AmazonS3
x-timer: S1592357220.576811,VS0,VE0
etag: "80dd5e3be5152c5c72d552c6a26ef6ff"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=31536000
content-length: 5197
x-cache-hits: 1, 253728

GET
H2

200

adadvisor.gif
px0.pbbl.co/
Redirect Chain

https://px0.pbbl.co/ns/__p2.gif?ppid=a5f03234-1fda-4562-9adc-55d57cbcf39d&chk=true&brid=1560&brcid=&email=&orderId=&orderValue=&productId=&offerCode=&label=&pageUrl=https%3A%2F%2Ftw-ec.com%2Flogin%...
https://aa.agkn.com/adscores/g.pixel?sid=9212282598&_ppid=a5f03234-1fda-4562-9adc-55d57cbcf39d&_segid=99&iid=19e14b30-38c2-410a-9650-3ee76d79c5de
https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=a5f03234-1fda-4562-9adc-55d57cbcf39d&_segid=99&_zip=&hk=&iid=19e14b30-38c2-410a-9650-3ee76d79c5de&mt=&bd=

42 B
128 B

136ms
136ms

Image
image/gif

2a00:1450:4001:81e::2013
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=a5f03234-1fda-4562-9adc-55d57cbcf39d&_segid=99&_zip=&hk=&iid=19e14b30-38c2-410a-9650-3ee76d79c5de&mt=&bd=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Jun 2020 01:26:59 GMT
x-content-type-options: nosniff
server: Google Frontend
content-type: image/gif
status: 200
x-cloud-trace-context: 6b9a0bcc57c0db0214ddf8cc4e6d4a01
cache-control: must-revalidate, no-cache, no-store
content-length: 42
x-xss-protection: 1
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 17 Jun 2020 01:26:59 GMT
server: AAWebServer
status: 302
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location: https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=a5f03234-1fda-4562-9adc-55d57cbcf39d&_segid=99&_zip=&hk=&iid=19e14b30-38c2-410a-9650-3ee76d79c5de&mt=&bd=
cache-control: no-cache, no-store, must-revalidate
content-length: 0
expires: 0

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
77 B 105ms
105ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKE1hY2ludG9zaDsgSW50ZWwgTWFjIE9TIFggMTBfMTRfNSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzgzLjAuNDEwMy42MSBTYWZhcmkvNTM3LjM2Iiwic2Vzc2lvbl9wbGF0Zm9ybSI6ICJMaW51eCB4ODZfNjQiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjEuMTUiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTU5MjM1NzIxOTU5OCIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDIsInVzZXJfaWQiOiAiMTcyYmZlMmVkMGM1ZTUtMDg3MjZiYWJlY2E5MjQtMWIzOTYyNTYtMWQ0YzAwLTE3MmJmZTJlZDBkOGNkIiwiZW52aXJvbWVudCI6ICJkaWdpdGFsLWNsb3VkLXVzLWNpdGkiLCJhY2NvdW50SWQiOiA0OSwidXJsIjogImh0dHBzOi8vdHctZWMuY29tL2xvZ2luL2NpdGkvMzQzMDcyZmY1MDYxMmExZTM1NGRkZjJjNDAzMTNhNTEvZ3JpLnBocD9lbWFpbD0iLCJ3ZWJzaXRlSWQiOiA1MCwiZmVlZGJhY2tfdXVpZCI6IG51bGwsImZvcm1JZCI6IG51bGwsImZvcm1UcmlnZ2VyVHlwZSI6IG51bGwsImthbXB5bGVfZGF0YSI6IHsiTEFTVF9JTlZJVEFUSU9OX1ZJRVciOiAiIiwiREVDTElORURfREFURSI6ICIiLCJrYW1weWxlSW52aXRlUHJlc2VudGVkIjogIiIsImthbXB5bGVfdXNlcmlkIjogIjJlZWQtZmI3Ny0wMjE2LTliMTgtNmMxMi1iOTY0LTM4YTUtMTFmNSIsImthbXB5bGVVc2VyU2Vzc2lvbiI6ICIxNTkyMzU3MjE5NTY1Iiwia2FtcHlsZVVzZXJQZXJjZW50aWxlIjogIiIsIlNVQk1JVFRFRF9EQVRFIjogIiJ9LCJjb29raWVfc2l6ZSI6IDEyMCwia2FtcHlsZV92ZXJzaW9uIjogIjAuMC4wLjAiLCJoaXN0b3J5X2xlbmd0aCI6IDIsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE1OTIzNTcyMTk1NjksInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlfQpdfQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.82 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/gri.php?email=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-me: prod-instance-gatewayservice-green-pqcv
date: Wed, 17 Jun 2020 01:26:59 GMT
via: 1.1 google
server: Jetty(9.2.11.v20150529)
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
status: 200
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-application-context: application:9090

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citibank (Banking)

149 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.rfihub.com/	1970-01-19 19:40:53	Name: rud Value: H4sIAAAAAAAAAOMSNjS1MDI1MjKzNDY2MjCztDQwMxHiM9T1DvQrKPU1DHAuLHKU4jU0tTQyNjU3MrQ0tjQFABwg1vU0AAAA
.tw-ec.com/	1970-01-19 12:28:53	Name: _gcl_au Value: 1.1.850839157.1592357219
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAAAOMSNjS1MDI1MjKzNDY2MjCztDQwMxHiM9T1DvQrKPU1DHAuLHIEAKHEKjMlAAAA
tw-ec.com/	1970-01-19 10:19:19	Name: 7018 Value:
.demdex.net/	1970-01-19 14:38:29	Name: demdex Value: 67232432352243423460244777640383369962
tw-ec.com/	1970-01-19 10:19:19	Name: 7830 Value: error
tw-ec.com/	1970-01-20 03:50:29	Name: AMCV_61834D9B5228A7430A490D45%40AdobeOrg Value: -330454231%7CMCIDTS%7C18431%7CMCMID%7C61199258392714585370776314368955018057%7CMCAAMLH-1592962019%7C6%7CMCAAMB-1592962019%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1592364419s%7CNONE%7CMCAID%7C2F74B8B18515F5E1-400007EC5D95A101%7CMCSYNCSOP%7C411-18438%7CvVersion%7C3.1.2
tw-ec.com/	1969-12-31 23:59:59	Name: AMCVS_61834D9B5228A7430A490D45%40AdobeOrg Value: 1

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	error	URL: https://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js(Line 13) Message: Cooladata error: 'cooladata' object not initialized. Ensure you are using the latest version of the Cooladata JS Library along with the snippet we provide.
console-api	log	URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js(Line 294) Message: addMbox_tnt_cards value is false
console-api	log	URL: https://online.citi.com/TMX/TMXProfiling.js(Line 4) Message: start tmxProfiling.js

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

20766699p.rfihub.com
a.rfihub.com
aa.agkn.com
bat.bing.com
c1.rfihub.net
cdn.pbbl.co
citi.demdex.net
cm.everesttech.net
cse.google.com
dpm.demdex.net
insight.adsrvr.org
js.adsrvr.org
metrics1.citi.com
nebula-cdn.kampyle.com
nexus.ensighten.com
online.citi.com
px0.pbbl.co
resources.digital-cloud-citi.medallia.com
s.ytimg.com
sr.rlcdn.com
stags.bluekai.com
tags.bkrtx.com
tw-ec.com
udc-neb.kampyle.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.youtube.com
104.111.245.241
104.111.247.111
13.226.145.171
13.226.154.56
15.188.154.177
151.101.114.133
151.101.13.175
172.217.21.194
18.197.253.20
185.31.128.128
23.43.114.84
2620:1ec:c11::200
2a00:1450:4001:808::200e
2a00:1450:4001:816::200e
2a00:1450:4001:819::2004
2a00:1450:4001:81e::2013
2a00:1450:4001:820::200e
2a00:1450:4001:824::2008
34.241.125.133
35.241.45.82
35.241.8.149
52.29.85.133
52.48.230.192
66.113.180.84
66.117.28.86
92.123.176.136
0615974c40d602afdbf9759533e352bc17b0458c85aad6694b1a1ad20659625b
06dfb367edf9bbff810def9f75f8695b3ccfbcb2813306609fc6e18fcacfc17e
08c82aa4b25dca6ee19448742bec9104d74edf74ddaad926de6bf1d68edd23b7
0f925b6e79c9db6aef97728f7c4799d0a6b2de63f02b85f5f6623bb7fcb9e3c5
157430093a6d2ee63082eae5dabf826926d3b6259d33482aa6713c48728e82fa
1a494eeab02f36c9e54dac13dda7671dc383e7be18ca9ebf181008cd062975be
1cc4ec61057f30cea6d47126e0444f119b2606720b1fe8d7e0deff1f5742a82b
1da22e013ff4a092aef9683b9cbdc72cc242a08105c2aaf7de2433e49643613e
1eeac0c64e470dee27f5a247a04d72fdc46f8b5e6809fdd865c01dc56a2853a8
242cb1fe2274ec738de60067a2c54568126e01792e55d2db82f8cfb48cbb4f24
31b00ff4929696dfca06885da68e58c3e09f6ecb4ae0fe1ae287e99a3fd1f716
390f8b1161ed9507a415fa57f33c7d8559dde560fcc8c7af3323da2fa8d211dc
3aef97201683f9a1f0344c1626b5713626aa9108c7de5c79f1f3e34dd7b207d9
3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1
3fca3de24621f0f10186594054444d608016297c2e853e548710b3521e42a609
429d8af3190c76d5fcb9b1cad2aa6eb555684921323da905d62017fbdbf557c6
48e89b7e40e096b89d864a5c8ee340ce44ca60fe9675310ef2f3f40a53a7d593
4aede649b1b4a3c290fa9d07fab79f2f64c9fe7581c6ca672b2002e384acb5b0
4f918cd256712c03a1b88007176cabf623cc63740e919d35a217c18dc7ebe607
5dc2de6157374044fc3db259459c867fc6ef2d44603072d63d085f0678084419
604450ca35ba4325e705c453da23aca99d7144504044d639428f3f804c2b7db8
6177c6163dc1ad67fb596a94ef3d18a277bfd437dbb3c1a928cd6caacefeff2e
629b48196dcc270143a42ce57535b251c655617f8d510277d4a05306c426fd38
6319178797b6a3400b501cd79ec72c77e74d96e7c74de4302880652c958a444a
64a50e5d7873ed91d8816ef8a4e583dbab9b2c41bb78c4e293723aed29ad61b4
6c5449f11408652805b0e758e1126bd334813c263228f4ba92892124bb572bf4
6d3001c9deac8cb1f88ea5254105f8d678de5532f1998a24eab1b59906eaf86b
701d2f9f02741b8429f4fb892b2b48c34a8a0f9189cb09013b2799031f22e484
793c2f3d02d0bc3ad8a2cdc901b2134159b66245e951ac258fee1ac8b2709f44
7bba71f1c5b96496c8315d588cb2992c76f9dad54f1af0f8b2a1e974a9bab83b
7cb24e06c00e47bb6bc6c38b935d6bc62817f656703387e4fb7591add96c7454
7df13706eaab8ce9a3dcd2a501f60bc66987c83834d07dfaf07ae56ef814c110
8a29e88d6b49a7fd837d0e975baf34d816f9e18ae069ae691096278a35a73701
8e60e8edaca8a3167fe48e62f9b53ba1989a5b6a23283555f09ab12175fed96e
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9dad502247a8488c21ef5beb32aed1a78b17b748711bec817c472911f76b4ead
a50f20ecac24eeea05e7fc20c4f5d20b5075e061fd067d1f956e424fe010dcf2
a693efa7265b630e27e537f6ba09c5558a23b9ed2f57abdbf417c237a50a5156
a8eedbe1e0481498041c775d09b94d7b45f7a798d70d8824ade377490681597b
b275008485d27d1797adef10835ad673746badd84827fa2d3a2b4d4d8b6acde5
b6f7b31210a709daca9760b215660b2cbe719757df3059364beeda005fca2dbe
b84a6ee3aa9ea3d4b049cdb016d0005deade4abbe00ff05ec11c7efd366bff4a
bd6b476b1dacf9e210d8f883df696fa1d32d1721655e0a9cea0100752a93cab1
c1abc9ffd5c0db801942f609d24750804687683543ad5194d5044a87829c5e31
c3c994c3fe9bd4e055f6d0eb42067ecd6bdd3247e136bc22835b9882cfe77c61
c451772248a707259756c57bb7ef7cb253d535e2af27221ae055339dcccd71f6
c755d17450214bd5a8a1ce910845e29343980d8ddf9812f443503bfd34723475
cb2bb21705b9cce9781d02c9223f3344a65bd5314027d11c5a8518ad4bd84e84
cf976a6c8a6bb7206d93bad74c6029bc3739a12a81f2e32433d81195e8f9c416
d250860d730986fa3e4643c1aa67d3bb80af668ae140aa8b6888acdef53e739c
d406a6cab9bdacdbb630437c932d1c38fa7ebbfedccb57b90952610e8b2b2130
d4280e44d58cef6246169f5c336c6e5ef3b9f2895d370758adcdaa4034d0ffb4
dc98dcf67096a5abf3b5e5f0e964aa8efbadbef9258abc2516e182a49de030e6
dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89
e1ec332b96174cc27b767f6c047cd2623c7dbf299a8bf14b484b1e6991431d7d
e226935ba96b671378a7552d0669729f2b4733fab20624ed8018e86bad35401e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e58685eb1777eeef95348ce04c8d41ebaa048e748a618855e6a965ad4f234d11
e85a58eccc2a478531699234f67f8b7d7eb826b7fc111b25ddc65335c58870b1
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7
ed48ae9c1a324d49404d9fb4c508b880ca97a65f8fd21d352e241d1e4dfc50e2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2dd1ff20c3df202418f9d59c76f40bdb304d7a85d7163fc9935391528f3dee8
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296
f35167f960fb0ce996db66bdfc5723771a4acc8e7206b282e7dfaa8c2ca81e3b
f44e4692a52b6a382cb481e23f8bcb9a6d4c24eec8aa60143c7e2ca3a85758b2
f689ff5f873be3f1749ed3299474e5b792c700d0ab230372a2b5a7cd9fda0a8f

tw-ec.com Open in urlscan Pro 66.113.180.84 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

79 Requests

100 %HTTPS

27 %IPv6

21 Domains

28 Subdomains

24 IPs

6 Countries

1270 kBTransfer

3793 kBSize

8 Cookies

37 Outgoing links

Redirected requests

79 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

tw-ec.com Open in urlscan Pro
66.113.180.84 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

79
Requests

100 %
HTTPS

27 %
IPv6

21
Domains

28
Subdomains

24
IPs

6
Countries

1270 kB
Transfer

3793 kB
Size

8
Cookies

79 HTTP transactions
0 data transactions