windysblog.com Open in urlscan Pro
207.55.244.15 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://windysblog.com/citi/Verification.php
Submission: On December 18 via manual (December 18th 2018, 1:55:23 am UTC) from US

Summary HTTP 61 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 9 IPs in 4 countries across 6 domains to perform 61 HTTP transactions. The main IP is 207.55.244.15, located in Saint Petersburg, United States and belongs to AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US. The main domain is windysblog.com.
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on April 17th 2018. Valid for: a year.

This is the only time windysblog.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citibank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
24	207.55.244.15 207.55.244.15	17054 (AS17054) (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA)
20	104.111.235.119 104.111.235.119	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	52.56.99.238 52.56.99.238	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	91.235.134.21 91.235.134.21	30286 (THM) (THM - ThreatMetrix Inc.)
5	34.255.224.164 34.255.224.164	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	23.43.127.7 23.43.127.7	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
7	2a00:1450:400... 2a00:1450:4001:815::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
1	104.108.51.30 104.108.51.30	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
61	9

24 207.55.244.15 (Saint Petersburg, United States)

ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US)
PTR: cp34.deluxehosting.com

windysblog.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 104.111.235.119 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-235-119.deploy.static.akamaitechnologies.com

online.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.56.99.238 (London, United Kingdom)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-56-99-238.eu-west-2.compute.amazonaws.com

nexus.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.235.134.21 (Netherlands)

ASN30286 (THM - ThreatMetrix Inc., US)

content22.online.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.255.224.164 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-255-224-164.eu-west-1.compute.amazonaws.com

nexus.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.43.127.7 (Amsterdam, Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-43-127-7.deploy.static.akamaitechnologies.com

tags.bkrtx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:815::2008 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.108.51.30 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-108-51-30.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
24	windysblog.com windysblog.com	273 KB
21	citi.com online.citi.com content22.online.citi.com	327 KB
7	googletagmanager.com www.googletagmanager.com	221 KB
6	ensighten.com nexus.ensighten.com	144 KB
1	bluekai.com stags.bluekai.com
1	bkrtx.com tags.bkrtx.com	10 KB
61	6

	Domain	Requested by
24	windysblog.com	windysblog.com
20	online.citi.com	windysblog.com
7	www.googletagmanager.com	nexus.ensighten.com
6	nexus.ensighten.com	windysblog.com nexus.ensighten.com
1	stags.bluekai.com	tags.bkrtx.com
1	tags.bkrtx.com	nexus.ensighten.com
1	content22.online.citi.com	windysblog.com
61	7

This site contains links to these domains. Also see Links.

Domain
online.citi.com

Subject Issuer	Validity	Valid
www.windysblog.com COMODO RSA Domain Validation Secure Server CA	`2018-04-17` - `2019-04-17`	a year	crt.sh
online.citibank.com DigiCert SHA2 Extended Validation Server CA	`2018-03-14` - `2020-05-14`	2 years	crt.sh
nexus.ensighten.com DigiCert SHA2 Secure Server CA	`2018-10-17` - `2020-01-05`	a year	crt.sh
content22.online.citi.com DigiCert SHA2 Extended Validation Server CA	`2018-08-06` - `2020-08-06`	2 years	crt.sh
*.bkrtx.com DigiCert SHA2 Secure Server CA	`2018-02-01` - `2019-02-01`	a year	crt.sh
*.google-analytics.com Google Internet Authority G3	`2018-11-27` - `2019-02-19`	3 months	crt.sh
odc-prod-01.oracle.com DigiCert ECC Secure Server CA	`2018-12-10` - `2020-03-10`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://windysblog.com/citi/Verification.php
Frame ID: 03325557BE21F87ED5537366C62CC80A
Requests: 60 HTTP requests in this frame

Frame: https://stags.bluekai.com/site/63068?ret=html&phint=language&phint=product&phint=event&phint=category&phint=page&phint=section1&phint=section2&phint=section3&phint=section4&phint=productID&phint=__bk_t%3DUpdate%20Your%20Account%20-%20Citibank&phint=__bk_k%3D&phint=__bk_l%3Dhttps%3A%2F%2Fwindysblog.com%2Fciti%2FVerification.php&limit=10&r=23439626
Frame ID: FA3D5F4DFF9E94F149934F70F1EB7B77
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

OpenSSL (Web Server Extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

env /^google_tag_manager$/i

SiteCatalyst (Analytics) Expand

Overall confidence: 100%
Detected patterns

env /^s_(?:account|objectID|code|INST)$/i

Page Statistics

61
Requests

98 %
HTTPS

13 %
IPv6

6
Domains

7
Subdomains

9
IPs

4
Countries

975 kB
Transfer

2292 kB
Size

0
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://online.citi.com/US/JSO/signoff/SummaryRecord.do?logOff=true
Title: Sign Off

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JSO/signon/DisplayUsernameSignon.do?JFP_TOKEN=AF6OQPO9
Title: YES

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/Welcome.c

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=TermsDisclaimer
Title: Terms & Conditions

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=Privacy
Title: Privacy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

61 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set Verification.php Show response
windysblog.com/citi/ 267 KB
267 KB 720ms
269ms Document
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: https://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: f089858a4b6b04bb7374e02735cd3568e4b4d68d2e5dc05bfd56a32e0b579bc7

Request headers

Host: windysblog.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 18 Dec 2018 01:54:48 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=h1gu6bmbejvc799ea5eup4h146; path=/
Keep-Alive: timeout=30, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK amw.js Show response
windysblog.com/JFP/amw/ 0
250 B 379ms
265ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: https://windysblog.com/JFP/amw/amw.js
Requested by: Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=h1gu6bmbejvc799ea5eup4h146
Connection: keep-alive
Cache-Control: no-cache
Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 18 Dec 2018 01:54:49 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=99
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 Citi_Universal.min.css
online.citi.com/CBOL/nga/common/ui/uxf/css/ 201 KB
35 KB 1300ms
57ms Stylesheet
text/css 104.111.235.119
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/nga/common/ui/uxf/css/Citi_Universal.min.css

Requested by

Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-111-235-119.deploy.static.akamaitechnologies.com

Software

Resource Hash

5bcafc26b27b50ec2e96ce4f9d3225b1287e9d8abec69593c7c47e1c61cf41e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: GTDC
date: Tue, 18 Dec 2018 01:54:50 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-type: text/css
content-length: 35073
expires: Tue, 18 Dec 2018 07:54:50 GMT

GET
H2 200 JPPWidgetUxf.css
online.citi.com/JFP/css/common/ 194 KB
25 KB 1318ms
75ms Stylesheet
text/css 104.111.235.119
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JFP/css/common/JPPWidgetUxf.css

Requested by

Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-111-235-119.deploy.static.akamaitechnologies.com

Software

Resource Hash

7a56e5f8a88d9644a0df7479b285ca29dad092fc3177283e9953bb613d41c655

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 30 Oct 2018 06:18:02 GMT
x-akamai-citisite: SWDC
date: Tue, 18 Dec 2018 01:54:50 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-type: text/css
content-length: 25610
expires: Tue, 18 Dec 2018 07:54:50 GMT

GET
H2 200 useregbnkcrd.min.css
online.citi.com/CBOL/sec/useregbnkcrd/css/ 22 KB
5 KB 1927ms
686ms Stylesheet
text/css 104.111.235.119
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/sec/useregbnkcrd/css/useregbnkcrd.min.css

Requested by

Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-111-235-119.deploy.static.akamaitechnologies.com

Software

Resource Hash

cb00188bf688d97c7aa19b6d0ea9b6e3f69a4c08240f5039042478a4c9020ee8

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 03 Apr 2018 06:30:04 GMT
x-akamai-citisite: SWDC
date: Tue, 18 Dec 2018 01:54:51 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-type: text/css
content-length: 4580
expires: Tue, 18 Dec 2018 07:54:51 GMT

GET
H/1.1 200
OK jquery-combined.min.js Show response
windysblog.com/CBOL/portal/layout/js/ 0
251 B 600ms
246ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: https://windysblog.com/CBOL/portal/layout/js/jquery-combined.min.js
Requested by: Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=h1gu6bmbejvc799ea5eup4h146
Connection: keep-alive
Cache-Control: no-cache
Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 18 Dec 2018 01:54:49 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=100
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK jfp.combined.min.js Show response
windysblog.com/CBOL/common/js/ 0
250 B 634ms
251ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: https://windysblog.com/CBOL/common/js/jfp.combined.min.js
Requested by: Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=h1gu6bmbejvc799ea5eup4h146
Connection: keep-alive
Cache-Control: no-cache
Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 18 Dec 2018 01:54:49 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=98
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK Citi_Responsive.min.js Show response
windysblog.com/CBOL/common/js/ 0
250 B 858ms
252ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: https://windysblog.com/CBOL/common/js/Citi_Responsive.min.js
Requested by: Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=h1gu6bmbejvc799ea5eup4h146
Connection: keep-alive
Cache-Control: no-cache
Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 18 Dec 2018 01:54:49 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=99
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK useregbnkcrd.min.js Show response
windysblog.com/CBOL/sec/useregbnkcrd/js/ 0
250 B 900ms
261ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: https://windysblog.com/CBOL/sec/useregbnkcrd/js/useregbnkcrd.min.js
Requested by: Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=h1gu6bmbejvc799ea5eup4h146
Connection: keep-alive
Cache-Control: no-cache
Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 18 Dec 2018 01:54:49 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=97
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 RDSoverlay.css
online.citi.com/JRS/css/common/ 3 KB
1 KB 1286ms
45ms Stylesheet
text/css 104.111.235.119
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JRS/css/common/RDSoverlay.css

Requested by

Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-111-235-119.deploy.static.akamaitechnologies.com

Software

Resource Hash

b7b30ac023f5c53ce801b8886ce0f2802ee7ca5751ea7f98b9c0318496271ed9

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
date: Tue, 18 Dec 2018 01:54:50 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-type: text/css
content-length: 947
expires: Tue, 18 Dec 2018 07:54:50 GMT

GET
H2 200 CitiEasyDeals.css
online.citi.com/NCCS/rewards/css/ 7 KB
2 KB 1297ms
57ms Stylesheet
text/css 104.111.235.119
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/NCCS/rewards/css/CitiEasyDeals.css

Requested by

Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-111-235-119.deploy.static.akamaitechnologies.com

Software

Resource Hash

6975145b0d8bd5a952b4dfd4f4da82182c7488f67415a8012af227fcb95c3666

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 17:24:53 GMT
x-akamai-citisite: GTDC
date: Tue, 18 Dec 2018 01:54:50 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-type: text/css
content-length: 2052
expires: Tue, 18 Dec 2018 07:54:50 GMT

GET
H/1.1 200
OK jfpm.autocomplete.off.js Show response
windysblog.com/JFP/js/modules/ 0
250 B 3383ms
277ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: https://windysblog.com/JFP/js/modules/jfpm.autocomplete.off.js
Requested by: Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=h1gu6bmbejvc799ea5eup4h146
Connection: keep-alive
Cache-Control: no-cache
Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 18 Dec 2018 01:54:52 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=90
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK Bootstrap.js Show response
nexus.ensighten.com/citi/na_prod/ 104 KB
31 KB 15258ms
42ms Script
application/javascript 52.56.99.238
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Requested by: Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.56.99.238 London, United Kingdom, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-56-99-238.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: 931aefa86319c10aca18975b05786644b6de9565d0c0d8c44d59cca6a328c6fa

Request headers

Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 18 Dec 2018 01:55:04 GMT
Content-Encoding: gzip
Last-Modified: Thu, 13 Dec 2018 16:47:32 GMT
Server: nginx
ETag: W/"5c128d24-19f94"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=300
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK BkDmp.js Show response
windysblog.com/DMP/ 0
250 B 1115ms
249ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: https://windysblog.com/DMP/BkDmp.js
Requested by: Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=h1gu6bmbejvc799ea5eup4h146
Connection: keep-alive
Cache-Control: no-cache
Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 18 Dec 2018 01:54:50 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=98
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 US-Regional.css
online.citi.com/JRS/css/ 48 KB
10 KB 1264ms
25ms Stylesheet
text/css 104.111.235.119
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JRS/css/US-Regional.css

Requested by

Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-111-235-119.deploy.static.akamaitechnologies.com

Software

Resource Hash

888682b6f8961bc407df2027baf9ea22da7be5f298d037845c1724f7004c4338

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
date: Tue, 18 Dec 2018 01:54:50 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-type: text/css
content-length: 9928
expires: Tue, 18 Dec 2018 07:54:50 GMT

GET
H/1.1 200
OK SitecatCampaigns.js Show response
windysblog.com/JPS/portal/js/ 0
250 B 1168ms
249ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: https://windysblog.com/JPS/portal/js/SitecatCampaigns.js
Requested by: Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=h1gu6bmbejvc799ea5eup4h146
Connection: keep-alive
Cache-Control: no-cache
Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 18 Dec 2018 01:54:50 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=96
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK citi_Common.js Show response
windysblog.com/GFC/common/js/ 0
250 B 1370ms
255ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: https://windysblog.com/GFC/common/js/citi_Common.js
Requested by: Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=h1gu6bmbejvc799ea5eup4h146
Connection: keep-alive
Cache-Control: no-cache
Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 18 Dec 2018 01:54:50 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=97
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK jquery.autocomplete.js Show response
windysblog.com/JFP/js/jquery/plugins/ 0
236 B 1449ms
275ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: https://windysblog.com/JFP/js/jquery/plugins/jquery.autocomplete.js
Requested by: Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=h1gu6bmbejvc799ea5eup4h146
Connection: keep-alive
Cache-Control: no-cache
Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 18 Dec 2018 01:54:50 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=95
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK JFPNav.js Show response
windysblog.com/JPS/portal/js/ 0
250 B 1652ms
281ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: https://windysblog.com/JPS/portal/js/JFPNav.js
Requested by: Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=h1gu6bmbejvc799ea5eup4h146
Connection: keep-alive
Cache-Control: no-cache
Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 18 Dec 2018 01:54:50 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=96
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK tags.js Show response
content22.online.citi.com/fp/ 23 KB
7 KB 124ms
19ms Script
text/javascript 91.235.134.21
ThreatMetrix Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/tags.js?org_id=89oebq5k&session_id=0562eba5337963e6a5bd4781cff4574c3d36ebfde923d9cb2696eb4a2e05fd83&allow_reprofile=1

Requested by

Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.235.134.21 , Netherlands, ASN30286 (THM - ThreatMetrix Inc., US),

Reverse DNS

Software

Apache /

Resource Hash

bf3d34a5713cfdbfb46353889cc9e66f673dfdc47a5510445d37d212dbdf5b0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 18 Dec 2018 01:54:49 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: Apache
Vary: Accept-Encoding
P3P: CP=IVAa PSAa
Cache-Control: no-cache, no-store, must-revalidate
Transfer-Encoding: chunked
tmx-nonce: ddfa77d71b19e113
Connection: Keep-Alive, Keep-Alive
Content-Type: text/javascript;charset=UTF-8
Keep-Alive: timeout=2, max=100
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 branding_main_citi.css
online.citi.com/GFC/branding/css/ 38 KB
7 KB 1175ms
75ms Stylesheet
text/css 104.111.235.119
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/GFC/branding/css/branding_main_citi.css

Requested by

Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-111-235-119.deploy.static.akamaitechnologies.com

Software

Resource Hash

fea2ce318fe3e06af7549e140581f16de9801c39cdb33edbbd4293a505a3eb3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Mon, 12 Nov 2018 04:06:58 GMT
x-akamai-citisite: SWDC
date: Tue, 18 Dec 2018 01:54:50 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-type: text/css
content-length: 6550
expires: Tue, 18 Dec 2018 07:54:50 GMT

GET
H2 200 responsivePlain_citi.css
online.citi.com/GFC/branding/css/ 6 KB
2 KB 1180ms
81ms Stylesheet
text/css 104.111.235.119
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/GFC/branding/css/responsivePlain_citi.css

Requested by

Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-111-235-119.deploy.static.akamaitechnologies.com

Software

Resource Hash

3582aed1f26fa2ba256161fb50028844b2a726b4ef45c82663e5108cd39bf034

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 05 Dec 2017 12:36:48 GMT
x-akamai-citisite: SWDC
date: Tue, 18 Dec 2018 01:54:50 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-type: text/css
content-length: 1249
expires: Tue, 18 Dec 2018 07:54:50 GMT

GET
H2 200 regionalBrandingResponsivePatch.css
online.citi.com/JRS/ 2 KB
1 KB 1133ms
35ms Stylesheet
text/css 104.111.235.119
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JRS/regionalBrandingResponsivePatch.css

Requested by

Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-111-235-119.deploy.static.akamaitechnologies.com

Software

Resource Hash

1a1d7795e2fa34d6a9ae37358f8aea2bf8e60f19726078a0185a05035a7f8925

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: GTDC
date: Tue, 18 Dec 2018 01:54:50 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-type: text/css
content-length: 791
expires: Tue, 18 Dec 2018 07:54:50 GMT

GET
H2 200 costcoOnboarding.css
online.citi.com/JRS/branding/css/ 2 KB
930 B 1711ms
613ms Stylesheet
text/css 104.111.235.119
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JRS/branding/css/costcoOnboarding.css

Requested by

Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-111-235-119.deploy.static.akamaitechnologies.com

Software

Resource Hash

9b6605a9eb8923449d13063b127bfdc46ac82fd3a2fba6c843d0becc6d7554ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 17:24:52 GMT
x-akamai-citisite: GTDC
date: Tue, 18 Dec 2018 01:54:50 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-type: text/css
content-length: 612
expires: Tue, 18 Dec 2018 07:54:50 GMT

GET
H/1.1 200
OK s_code.js Show response
windysblog.com/JRS/js/ 0
250 B 1579ms
269ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: https://windysblog.com/JRS/js/s_code.js
Requested by: Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=h1gu6bmbejvc799ea5eup4h146
Connection: keep-alive
Cache-Control: no-cache
Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 18 Dec 2018 01:54:50 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=94
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK dp.min.js Show response
windysblog.com/CBOL/sec/rba/js/ 0
250 B 1780ms
262ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: https://windysblog.com/CBOL/sec/rba/js/dp.min.js
Requested by: Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=h1gu6bmbejvc799ea5eup4h146
Connection: keep-alive
Cache-Control: no-cache
Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 18 Dec 2018 01:54:50 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=95
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK mbox.js Show response
windysblog.com/JRS/js/ 0
250 B 1843ms
257ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: https://windysblog.com/JRS/js/mbox.js
Requested by: Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=h1gu6bmbejvc799ea5eup4h146
Connection: keep-alive
Cache-Control: no-cache
Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 18 Dec 2018 01:54:50 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=93
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK appendToken.js Show response
windysblog.com/JSE/token/ 0
250 B 2134ms
344ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: https://windysblog.com/JSE/token/appendToken.js
Requested by: Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=h1gu6bmbejvc799ea5eup4h146
Connection: keep-alive
Cache-Control: no-cache
Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 18 Dec 2018 01:54:51 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=94
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK MFAOverlay.js Show response
windysblog.com/JPS/portal/js/ 0
250 B 2131ms
273ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: https://windysblog.com/JPS/portal/js/MFAOverlay.js
Requested by: Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=h1gu6bmbejvc799ea5eup4h146
Connection: keep-alive
Cache-Control: no-cache
Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 18 Dec 2018 01:54:51 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=92
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK Citi-Enterprise-Blue.png
windysblog.com/GFC/branding/img/ 0
250 B 864ms
282ms Image
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://windysblog.com/GFC/branding/img/Citi-Enterprise-Blue.png
Requested by: Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=h1gu6bmbejvc799ea5eup4h146; JSESSIONID=null
Connection: keep-alive
Cache-Control: no-cache
Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 18 Dec 2018 01:54:52 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=88
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 Citi-Enterprise-White.png
online.citi.com/GFC/branding/img/ 1 KB
1 KB 56ms
55ms Image
image/png 104.111.235.119
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/GFC/branding/img/Citi-Enterprise-White.png

Requested by

Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-111-235-119.deploy.static.akamaitechnologies.com

Software

Resource Hash

7cb24e06c00e47bb6bc6c38b935d6bc62817f656703387e4fb7591add96c7454

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=300
last-modified: Wed, 14 Jun 2017 18:29:05 GMT
x-akamai-citisite: GTDC
date: Tue, 18 Dec 2018 01:54:50 GMT
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
accept-ranges: bytes
content-type: image/png
content-length: 1040

GET
H2 200 spacer.gif
online.citi.com/JFP/images/ 43 B
252 B 588ms
587ms Image
image/gif 104.111.235.119
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JFP/images/spacer.gif

Requested by

Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-111-235-119.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=300
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: GTDC
date: Tue, 18 Dec 2018 01:54:50 GMT
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
accept-ranges: bytes
content-type: image/gif
content-length: 43

GET
H2 200 useregresponsive.min.css
online.citi.com/CBOL/sec/useregbnkcrd/css/ 27 KB
5 KB 1784ms
687ms Stylesheet
text/css 104.111.235.119
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/sec/useregbnkcrd/css/useregresponsive.min.css

Requested by

Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-111-235-119.deploy.static.akamaitechnologies.com

Software

Resource Hash

8376fd61ad9aeb99e290d4a3a7fb753f9c8923d9b6b0224c5d256496beea8869

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
date: Tue, 18 Dec 2018 01:54:51 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-type: text/css
content-length: 5154
expires: Tue, 18 Dec 2018 07:54:51 GMT

GET
H/1.1 200
OK CBOL.mask.min.js Show response
windysblog.com/CBOL/common/js/ 0
250 B 807ms
255ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: https://windysblog.com/CBOL/common/js/CBOL.mask.min.js
Requested by: Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=h1gu6bmbejvc799ea5eup4h146
Connection: keep-alive
Cache-Control: no-cache
Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 18 Dec 2018 01:54:51 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=91
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 citi-logo-footer.png
online.citi.com/CBOL/common/ddl/1.1.0/images/catalogue/ 2 KB
2 KB 59ms
59ms Image
image/png 104.111.235.119
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/CBOL/common/ddl/1.1.0/images/catalogue/citi-logo-footer.png

Requested by

Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-111-235-119.deploy.static.akamaitechnologies.com

Software

Resource Hash

c03c473373b74ec78cd18149c63791f1879e0521776846e6ffd9dcfecd413b1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=300
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
date: Tue, 18 Dec 2018 01:54:50 GMT
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
accept-ranges: bytes
content-type: image/png
content-length: 1705

GET
H/1.1 200
OK branding_universal_megaMenu.js Show response
windysblog.com/GFC/branding/js/ 0
250 B 602ms
245ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: https://windysblog.com/GFC/branding/js/branding_universal_megaMenu.js
Requested by: Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=h1gu6bmbejvc799ea5eup4h146
Connection: keep-alive
Cache-Control: no-cache
Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 18 Dec 2018 01:54:51 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=93
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK le-mtagconfig.js Show response
windysblog.com/JRS/js/chat/ 0
250 B 823ms
284ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: https://windysblog.com/JRS/js/chat/le-mtagconfig.js
Requested by: Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=h1gu6bmbejvc799ea5eup4h146; JSESSIONID=null
Connection: keep-alive
Cache-Control: no-cache
Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 18 Dec 2018 01:54:51 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=92
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK LPAttributes.js Show response
windysblog.com/JRS/js/chat/ 0
250 B 559ms
295ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: https://windysblog.com/JRS/js/chat/LPAttributes.js
Requested by: Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=h1gu6bmbejvc799ea5eup4h146; JSESSIONID=null
Connection: keep-alive
Cache-Control: no-cache
Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 18 Dec 2018 01:54:51 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=90
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK chatMask.js Show response
windysblog.com/JRS/js/chat/ 0
250 B 816ms
272ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: https://windysblog.com/JRS/js/chat/chatMask.js
Requested by: Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=h1gu6bmbejvc799ea5eup4h146; JSESSIONID=null
Connection: keep-alive
Cache-Control: no-cache
Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 18 Dec 2018 01:54:52 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=91
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK chatLPHandler.js Show response
windysblog.com/JRS/js/chat/ 0
250 B 582ms
276ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: https://windysblog.com/JRS/js/chat/chatLPHandler.js
Requested by: Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate, br
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=h1gu6bmbejvc799ea5eup4h146; JSESSIONID=null
Connection: keep-alive
Cache-Control: no-cache
Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 18 Dec 2018 01:54:52 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=89
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 cobrowse_overlay.css
online.citi.com/GPS/portal/css/ 7 KB
2 KB 1128ms
39ms Stylesheet
text/css 104.111.235.119
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/GPS/portal/css/cobrowse_overlay.css

Requested by

Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-111-235-119.deploy.static.akamaitechnologies.com

Software

Resource Hash

d636d0f6c2e9c491b04ed9a5f1fb2120da61b3cbbf4caef3f1ae265bd0bfae43

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Jun 2018 05:31:28 GMT
x-akamai-citisite: GTDC
date: Tue, 18 Dec 2018 01:54:50 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-type: text/css
content-length: 1589
expires: Tue, 18 Dec 2018 07:54:50 GMT

GET
H2 200 branding_main.css
online.citi.com/GFC/branding/css/ 110 KB
16 KB 13ms
13ms Stylesheet
text/css 104.111.235.119
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/GFC/branding/css/branding_main.css

Requested by

Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-111-235-119.deploy.static.akamaitechnologies.com

Software

Resource Hash

f01d6dfe7e76d3338980e1cca73c26d13829daecc59ca18344f52170893e878f

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Wed, 14 Nov 2018 17:31:43 GMT
x-akamai-citisite: SWDC
date: Tue, 18 Dec 2018 01:55:04 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-type: text/css
content-length: 16449
expires: Tue, 18 Dec 2018 07:55:04 GMT

GET
H/1.1 200
OK serverComponent.php Show response
nexus.ensighten.com/citi/na_prod/ 927 B
1 KB 1243ms
38ms Script
text/javascript 34.255.224.164
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/serverComponent.php?r=0.9366366827044104&ClientID=1129&PageID=https%3A%2F%2Fwindysblog.com%2Fciti%2FVerification.php
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.255.224.164 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-34-255-224-164.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: fa6590103c5220d208d26f6cff02f318aec5351ca7174d1c790239a7d5302468

Request headers

Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 18 Dec 2018 01:55:05 GMT
Cache-Control: no-cache, no-store
Expires: Tue, 18 Dec 2018 01:55:04 GMT
Server: nginx
Connection: keep-alive
Content-Length: 927
Content-Type: text/javascript

GET
H/1.1 200
OK Bootstrap.js Show response
nexus.ensighten.com/citi/na_stage/ 151 KB
46 KB 1296ms
61ms Script
application/javascript 34.255.224.164
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_stage/Bootstrap.js
Requested by: Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.255.224.164 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-34-255-224-164.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1186f3e5c682f91ae9c86271f6b77a6a2c6a64edd249fa0197984470d5173785

Request headers

Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 18 Dec 2018 01:55:05 GMT
Content-Encoding: gzip
Last-Modified: Fri, 14 Dec 2018 16:18:44 GMT
Server: nginx
ETag: W/"5c13d7e4-25bea"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=300
Transfer-Encoding: chunked
Connection: keep-alive

GET CBOLClassic.min.css
online.citi.com/JFP/css/ 0
0

GET
H2 200 Interstate-Light.woff
online.citi.com/GFC/branding/fonts/ 74 KB
74 KB 7091ms
20ms Font
application/octet-stream 104.111.235.119
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/GFC/branding/fonts/Interstate-Light.woff

Requested by

Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-111-235-119.deploy.static.akamaitechnologies.com

Software

Resource Hash

f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://online.citi.com/GFC/branding/css/branding_main_citi.css
Origin: https://windysblog.com

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 17:12:07 GMT
x-akamai-citisite: GTDC
date: Tue, 18 Dec 2018 01:55:11 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
content-type: text/plain
access-control-allow-origin: *
content-length: 75483

GET
H2 200 Interstate-Bold.woff
online.citi.com/GFC/branding/fonts/ 70 KB
71 KB 7084ms
35ms Font
application/octet-stream 104.111.235.119
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/GFC/branding/fonts/Interstate-Bold.woff

Requested by

Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-111-235-119.deploy.static.akamaitechnologies.com

Software

Resource Hash

e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://online.citi.com/GFC/branding/css/branding_main_citi.css
Origin: https://windysblog.com

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 17:20:58 GMT
x-akamai-citisite: GTDC
date: Tue, 18 Dec 2018 01:55:11 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
content-type: text/plain
access-control-allow-origin: *
content-length: 71859

GET
H2 200 Interstate-ExtraLight.woff
online.citi.com/JFP/fonts/ 38 KB
38 KB 7682ms
633ms Font
application/octet-stream 104.111.235.119
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JFP/fonts/Interstate-ExtraLight.woff

Requested by

Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-111-235-119.deploy.static.akamaitechnologies.com

Software

Resource Hash

9a93b0d48f5d73e23d7eff3e2c5f855b84398c37939253ce5eb3c2873a99a8bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://online.citi.com/CBOL/nga/common/ui/uxf/css/Citi_Universal.min.css
Origin: https://windysblog.com

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
date: Tue, 18 Dec 2018 01:55:12 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
content-type: text/plain
access-control-allow-origin: *
content-length: 38001

GET
H2 200 glyphicons-halflings-regular.woff
online.citi.com/CBOL/sec/common/fonts/ 23 KB
23 KB 7732ms
683ms Font
application/octet-stream 104.111.235.119
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/sec/common/fonts/glyphicons-halflings-regular.woff

Requested by

Host: windysblog.com
URL: https://windysblog.com/citi/Verification.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.235.119 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-111-235-119.deploy.static.akamaitechnologies.com

Software

Resource Hash

fc969dc1c6ff531abcf368089dcbaf5775133b0626ff56b52301a059fc0f9e1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://online.citi.com/CBOL/sec/useregbnkcrd/css/useregbnkcrd.min.css
Origin: https://windysblog.com

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 03 Apr 2018 06:30:04 GMT
x-akamai-citisite: GTDC
date: Tue, 18 Dec 2018 01:55:12 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
content-type: text/plain
access-control-allow-origin: *
content-length: 23132

GET
H/1.1 200
OK dc13aafad88956d38224208751c4071f.js Show response
nexus.ensighten.com/citi/na_prod/code/ 7 KB
3 KB 157ms
30ms Script
application/javascript 34.255.224.164
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/dc13aafad88956d38224208751c4071f.js?conditionId0=467299
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.255.224.164 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-34-255-224-164.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 60340ee9f67e0ba4879757ce19457447ec2a7904f093ad83bd2009532836f76c

Request headers

Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 18 Dec 2018 01:55:05 GMT
Content-Encoding: gzip
Last-Modified: Thu, 16 Aug 2018 20:47:21 GMT
Server: nginx
ETag: W/"5b75e2d9-1a60"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK 44eb2c358c48ef254d2019b3bba3a890.js Show response
nexus.ensighten.com/citi/na_prod/code/ 127 KB
34 KB 195ms
33ms Script
application/javascript 34.255.224.164
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/44eb2c358c48ef254d2019b3bba3a890.js?conditionId0=421908
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.255.224.164 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-34-255-224-164.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 4b06adadc1d9e8d48ee741e02a2c159ee87ee2478b7ee844efcb5b600da49b6e

Request headers

Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 18 Dec 2018 01:55:05 GMT
Content-Encoding: gzip
Last-Modified: Thu, 13 Dec 2018 16:47:32 GMT
Server: nginx
ETag: W/"5c128d24-1fd6f"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK f04c5b50298b4704020615c60c2f1ae8.js Show response
nexus.ensighten.com/citi/na_prod/code/ 98 KB
29 KB 228ms
32ms Script
application/javascript 34.255.224.164
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/f04c5b50298b4704020615c60c2f1ae8.js?conditionId0=486757
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.255.224.164 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-34-255-224-164.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6a696ac98a391d139157ffa78da863939c76379d0d2bcc06191546aa4aeeeff6

Request headers

Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 18 Dec 2018 01:55:05 GMT
Content-Encoding: gzip
Last-Modified: Thu, 13 Dec 2018 16:47:32 GMT
Server: nginx
ETag: W/"5c128d24-18780"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK bk-coretag.js Show response
tags.bkrtx.com/js/ 31 KB
10 KB 7056ms
8ms Script
text/javascript 23.43.127.7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.bkrtx.com/js/bk-coretag.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/44eb2c358c48ef254d2019b3bba3a890.js?conditionId0=421908
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.43.127.7 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-43-127-7.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 2c7b95e516f24a2da447755f07b107bd8566745dc36322a1419ef92662019cf6

Request headers

Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 18 Dec 2018 01:55:12 GMT
Content-Encoding: gzip
Last-Modified: Mon, 23 Jul 2018 20:07:28 GMT
Server: Apache
ETag: "3160052-7a94-571b031e6f476"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 10358
Expires: Tue, 25 Dec 2018 01:55:12 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 87 KB
32 KB 16ms
16ms Script
application/javascript 2a00:1450:4001:815::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6260004

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:815::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager (scaffolding) /

Resource Hash

63aa09de1e414ffc834001fa40dd9ba1f276c985603fc5f1f923bba2af48a0a8

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 18 Dec 2018 01:55:05 GMT
content-encoding: gzip
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
server: Google Tag Manager (scaffolding)
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 32162
x-xss-protection: 1; mode=block
expires: Tue, 18 Dec 2018 01:55:05 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 87 KB
32 KB 17ms
16ms Script
application/javascript 2a00:1450:4001:815::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6417343

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:815::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager (scaffolding) /

Resource Hash

097ae780e0d51a99c71b9bed4e2a147a33a00d812cbc9c361aab07eb328c4363

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 18 Dec 2018 01:55:05 GMT
content-encoding: gzip
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
server: Google Tag Manager (scaffolding)
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 32162
x-xss-protection: 1; mode=block
expires: Tue, 18 Dec 2018 01:55:05 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 87 KB
32 KB 19ms
18ms Script
application/javascript 2a00:1450:4001:815::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6269322

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:815::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager (scaffolding) /

Resource Hash

f38bc0c3aefa476b121c0a4f9f9a3de1c821dc4aae10583a4dc524fdb9b8a9c7

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 18 Dec 2018 01:55:05 GMT
content-encoding: gzip
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
server: Google Tag Manager (scaffolding)
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 32163
x-xss-protection: 1; mode=block
expires: Tue, 18 Dec 2018 01:55:05 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 87 KB
32 KB 17ms
17ms Script
application/javascript 2a00:1450:4001:815::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-9001195

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:815::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager (scaffolding) /

Resource Hash

cfbdd52ff7d416c792fcf53be488f99083155c916392a69eacd88a450dcc0615

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 18 Dec 2018 01:55:05 GMT
content-encoding: gzip
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
server: Google Tag Manager (scaffolding)
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 32162
x-xss-protection: 1; mode=block
expires: Tue, 18 Dec 2018 01:55:05 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 87 KB
32 KB 20ms
20ms Script
application/javascript 2a00:1450:4001:815::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6268858

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:815::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager (scaffolding) /

Resource Hash

91aa28af2e29d3c037a6b5d80f1af0d8337ec41b0fe9d244b275dc129bbc84a4

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 18 Dec 2018 01:55:05 GMT
content-encoding: gzip
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
server: Google Tag Manager (scaffolding)
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 32163
x-xss-protection: 1; mode=block
expires: Tue, 18 Dec 2018 01:55:05 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 87 KB
32 KB 20ms
20ms Script
application/javascript 2a00:1450:4001:815::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-8114478

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:815::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager (scaffolding) /

Resource Hash

4cb6a2910f4374340b3d394bc469b27254982844ef63d0f7a392ce671ba3de4b

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 18 Dec 2018 01:55:05 GMT
content-encoding: gzip
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
server: Google Tag Manager (scaffolding)
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 32162
x-xss-protection: 1; mode=block
expires: Tue, 18 Dec 2018 01:55:05 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 87 KB
32 KB 27ms
26ms Script
application/javascript 2a00:1450:4001:815::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6256710

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:815::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager (scaffolding) /

Resource Hash

a34f0371d7d2c31a3af5fe600a71629bd0afc664ca7c42d5c79e38a89910beec

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Tue, 18 Dec 2018 01:55:05 GMT
content-encoding: gzip
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
server: Google Tag Manager (scaffolding)
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 32163
x-xss-protection: 1; mode=block
expires: Tue, 18 Dec 2018 01:55:05 GMT

GET
H/1.1 200
OK 63068
stags.bluekai.com/site/ Frame FA3D 0
0 312ms
236ms Document
text/html 104.108.51.30
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://stags.bluekai.com/site/63068?ret=html&phint=language&phint=product&phint=event&phint=category&phint=page&phint=section1&phint=section2&phint=section3&phint=section4&phint=productID&phint=__bk_t%3DUpdate%20Your%20Account%20-%20Citibank&phint=__bk_k%3D&phint=__bk_l%3Dhttps%3A%2F%2Fwindysblog.com%2Fciti%2FVerification.php&limit=10&r=23439626
Requested by: Host: tags.bkrtx.com
URL: https://tags.bkrtx.com/js/bk-coretag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 104.108.51.30 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-108-51-30.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Host: stags.bluekai.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://windysblog.com/citi/Verification.php
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://windysblog.com/citi/Verification.php

Response headers

Content-Type: text/html
Content-Length: 71
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
BK-Server: 3cd6
Date: Tue, 18 Dec 2018 01:55:13 GMT
Connection: keep-alive
X-N: S

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: online.citi.com
URL: https://online.citi.com/JFP/css/CBOLClassic.min.css

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citibank (Banking)

294 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

content22.online.citi.com
nexus.ensighten.com
online.citi.com
stags.bluekai.com
tags.bkrtx.com
windysblog.com
www.googletagmanager.com
online.citi.com
104.108.51.30
104.111.235.119
207.55.244.15
23.43.127.7
2a00:1450:4001:815::2008
34.255.224.164
52.56.99.238
91.235.134.21
097ae780e0d51a99c71b9bed4e2a147a33a00d812cbc9c361aab07eb328c4363
1186f3e5c682f91ae9c86271f6b77a6a2c6a64edd249fa0197984470d5173785
1a1d7795e2fa34d6a9ae37358f8aea2bf8e60f19726078a0185a05035a7f8925
2c7b95e516f24a2da447755f07b107bd8566745dc36322a1419ef92662019cf6
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
3582aed1f26fa2ba256161fb50028844b2a726b4ef45c82663e5108cd39bf034
4b06adadc1d9e8d48ee741e02a2c159ee87ee2478b7ee844efcb5b600da49b6e
4cb6a2910f4374340b3d394bc469b27254982844ef63d0f7a392ce671ba3de4b
5bcafc26b27b50ec2e96ce4f9d3225b1287e9d8abec69593c7c47e1c61cf41e0
60340ee9f67e0ba4879757ce19457447ec2a7904f093ad83bd2009532836f76c
63aa09de1e414ffc834001fa40dd9ba1f276c985603fc5f1f923bba2af48a0a8
6975145b0d8bd5a952b4dfd4f4da82182c7488f67415a8012af227fcb95c3666
6a696ac98a391d139157ffa78da863939c76379d0d2bcc06191546aa4aeeeff6
7a56e5f8a88d9644a0df7479b285ca29dad092fc3177283e9953bb613d41c655
7cb24e06c00e47bb6bc6c38b935d6bc62817f656703387e4fb7591add96c7454
8376fd61ad9aeb99e290d4a3a7fb753f9c8923d9b6b0224c5d256496beea8869
888682b6f8961bc407df2027baf9ea22da7be5f298d037845c1724f7004c4338
91aa28af2e29d3c037a6b5d80f1af0d8337ec41b0fe9d244b275dc129bbc84a4
931aefa86319c10aca18975b05786644b6de9565d0c0d8c44d59cca6a328c6fa
9a93b0d48f5d73e23d7eff3e2c5f855b84398c37939253ce5eb3c2873a99a8bc
9b6605a9eb8923449d13063b127bfdc46ac82fd3a2fba6c843d0becc6d7554ee
a34f0371d7d2c31a3af5fe600a71629bd0afc664ca7c42d5c79e38a89910beec
b7b30ac023f5c53ce801b8886ce0f2802ee7ca5751ea7f98b9c0318496271ed9
bf3d34a5713cfdbfb46353889cc9e66f673dfdc47a5510445d37d212dbdf5b0c
c03c473373b74ec78cd18149c63791f1879e0521776846e6ffd9dcfecd413b1e
cb00188bf688d97c7aa19b6d0ea9b6e3f69a4c08240f5039042478a4c9020ee8
cfbdd52ff7d416c792fcf53be488f99083155c916392a69eacd88a450dcc0615
d636d0f6c2e9c491b04ed9a5f1fb2120da61b3cbbf4caef3f1ae265bd0bfae43
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7
f01d6dfe7e76d3338980e1cca73c26d13829daecc59ca18344f52170893e878f
f089858a4b6b04bb7374e02735cd3568e4b4d68d2e5dc05bfd56a32e0b579bc7
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296
f38bc0c3aefa476b121c0a4f9f9a3de1c821dc4aae10583a4dc524fdb9b8a9c7
fa6590103c5220d208d26f6cff02f318aec5351ca7174d1c790239a7d5302468
fc969dc1c6ff531abcf368089dcbaf5775133b0626ff56b52301a059fc0f9e1e
fea2ce318fe3e06af7549e140581f16de9801c39cdb33edbbd4293a505a3eb3b

windysblog.com Open in urlscan Pro 207.55.244.15 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

61 Requests

98 %HTTPS

13 %IPv6

6 Domains

7 Subdomains

9 IPs

4 Countries

975 kBTransfer

2292 kBSize

0 Cookies

5 Outgoing links

Redirected requests

61 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

windysblog.com Open in urlscan Pro
207.55.244.15 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

61
Requests

98 %
HTTPS

13 %
IPv6

6
Domains

7
Subdomains

9
IPs

4
Countries

975 kB
Transfer

2292 kB
Size

0
Cookies

61 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!