www.civista.bank Open in urlscan Pro
20.118.17.184 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://champaignbank.com/
Effective URL:
https://www.civista.bank/
Submission: On December 08 via api (December 8th 2023, 8:50:10 pm UTC) from US — Scanned from US

Summary HTTP 139 Redirects Links 19 Behaviour Indicators

Summary

This website contacted 46 IPs in 1 countries across 44 domains to perform 139 HTTP transactions. The main IP is 20.118.17.184, located in Des Moines, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is www.civista.bank.
TLS certificate: Issued by GeoTrust TLS RSA CA G1 on September 5th 2023. Valid for: a year.

This is the only time www.civista.bank was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	74.200.57.137 74.200.57.137	14010 (JACKHENRY) (JACKHENRY)
1 1	74.200.39.25 74.200.39.25	14010 (JACKHENRY) (JACKHENRY)
38	20.118.17.184 20.118.17.184	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	192.0.54.4 192.0.54.4	62659 (Q2HOLDINGS) (Q2HOLDINGS)
2	2607:f8b0:400... 2607:f8b0:4004:c08::61	15169 (GOOGLE) (GOOGLE)
2	2600:9000:24f... 2600:9000:24f2:aa00:17:4c3f:1b80:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:250... 2600:9000:2501:4800:1b:ef38:3680:21	16509 (AMAZON-02) (AMAZON-02)
3	52.189.67.130 52.189.67.130	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2600:1402:b80... 2600:1402:b800:3::172f:cc34	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2001:4860:480... 2001:4860:4802:38::181	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c17::9a	15169 (GOOGLE) (GOOGLE)
3	2a03:2880:f00... 2a03:2880:f003:c0e:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	69.28.187.147 69.28.187.147	22822 (LLNW) (LLNW)
11	34.86.70.109 34.86.70.109	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
4 6	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
6	2600:9000:250... 2600:9000:250a:4e00:0:99b9:cd80:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f10... 2a03:2880:f103:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
22 25	34.150.170.96 34.150.170.96	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	2600:9000:230... 2600:9000:2305:b800:1b:5138:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
1	192.0.77.40 192.0.77.40	2635 (AUTOMATTIC) (AUTOMATTIC)
2 3	199.127.204.171 199.127.204.171	26120 (RHYTHMONE) (RHYTHMONE)
1 2	52.223.22.214 52.223.22.214	16509 (AMAZON-02) (AMAZON-02)
1	2600:1f18:612... 2600:1f18:612b:4216:f7a5:eced:3275:207a	14618 (AMAZON-AES) (AMAZON-AES)
1 6	34.111.113.62 34.111.113.62	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	13.249.39.110 13.249.39.110	16509 (AMAZON-02) (AMAZON-02)
1 1	2600:9000:219... 2600:9000:2199:a600:19:fc2c:a140:93a1	16509 (AMAZON-02) (AMAZON-02)
1 1	2600:9000:207... 2600:9000:2073:b400:1b:6b7d:2300:93a1	16509 (AMAZON-02) (AMAZON-02)
1	52.85.132.15 52.85.132.15	16509 (AMAZON-02) (AMAZON-02)
2	8.28.7.83 8.28.7.83	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	63.251.28.133 63.251.28.133	26558 (FREEWHEEL) (FREEWHEEL)
2 3	2600:1901:0:8... 2600:1901:0:8eee::	15169 (GOOGLE) (GOOGLE)
4 5	142.251.163.155 142.251.163.155	15169 (GOOGLE) (GOOGLE)
5 6	50.16.197.56 50.16.197.56	14618 (AMAZON-AES) (AMAZON-AES)
1 2	3.225.218.10 3.225.218.10	14618 (AMAZON-AES) (AMAZON-AES)
1	52.72.122.107 52.72.122.107	14618 (AMAZON-AES) (AMAZON-AES)
2	23.219.12.236 23.219.12.236	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	54.83.134.184 54.83.134.184	14618 (AMAZON-AES) (AMAZON-AES)
1 2	63.251.86.50 63.251.86.50	10913 (INTERNAP-BLK) (INTERNAP-BLK)
2 6	35.244.154.8 35.244.154.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	107.178.254.65 107.178.254.65	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	172.253.63.155 172.253.63.155	15169 (GOOGLE) (GOOGLE)
1 1	2607:f8b0:400... 2607:f8b0:4004:c06::9c	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c08::67	15169 (GOOGLE) (GOOGLE)
1 3	68.67.160.26 68.67.160.26	29990 (ASN-APPNEX) (ASN-APPNEX)
1	69.173.151.100 69.173.151.100	26667 (RUBICONPR...) (RUBICONPROJECT)
1 3	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2600:9000:24f... 2600:9000:24f2:7e00:17:4c3f:1b80:93a1	16509 (AMAZON-02) (AMAZON-02)
8 18	207.198.113.230 207.198.113.230	13768 (COGECO-PEER1) (COGECO-PEER1)
4 8	18.214.161.191 18.214.161.191	14618 (AMAZON-AES) (AMAZON-AES)
4	2a02:6ea0:e20... 2a02:6ea0:e200::2	60068 (CDN77 ^_^) (CDN77 ^_^)
4	3.225.254.35 3.225.254.35	14618 (AMAZON-AES) (AMAZON-AES)
1	18.160.10.117 18.160.10.117	16509 (AMAZON-02) (AMAZON-02)
1	52.7.4.58 52.7.4.58	14618 (AMAZON-AES) (AMAZON-AES)
139	46

1 74.200.57.137 (Nashville, United States) 1 redirects

ASN14010 (JACKHENRY, US)

champaignbank.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.200.39.25 (United States) 1 redirects

ASN14010 (JACKHENRY, US)
PTR: cvnb.com

www.citizensbankco.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

38 20.118.17.184 (Des Moines, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.civista.bank	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.54.4 (United States)

ASN62659 (Q2HOLDINGS, US)

cds-sdkcfg.onlineaccess1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c08::61 (Ashburn, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:24f2:aa00:17:4c3f:1b80:93a1 (United States)

ASN16509 (AMAZON-02, US)

api.glia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2501:4800:1b:ef38:3680:21 (United States)

ASN16509 (AMAZON-02, US)

d21y75miwcfqoq.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.189.67.130 (Des Moines, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

banno.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
kernel-serve.banno.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1402:b800:3::172f:cc34 (Atlanta, United States)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:38::181 (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c17::9a (Washington, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f003:c0e:face:b00c:0:3 (Ashburn, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.28.187.147 (New York, United States)

ASN22822 (LLNW, US)
PTR: https-69-28-187-147.iad.llnw.net

up.pixel.ad	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 34.86.70.109 (Washington, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 109.70.86.34.bc.googleusercontent.com

tag.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:250a:4e00:0:99b9:cd80:93a1 (United States)

ASN16509 (AMAZON-02, US)

libs.salemove.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f103:83:face:b00c:0:25de (Ashburn, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 34.150.170.96 (Washington, United States) 22 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 96.170.150.34.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2305:b800:1b:5138:8a40:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.40 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: assets.tumblr.com

www.tumblr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 199.127.204.171 (United States) 2 redirects

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.223.22.214 (Seattle, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: afb83dd09526a6517.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:612b:4216:f7a5:eced:3275:207a (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

simplifi.partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 34.111.113.62 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.249.39.110 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-249-39-110.iad89.r.cloudfront.net

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2199:a600:19:fc2c:a140:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2073:b400:1b:6b7d:2300:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

sync.intentiq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.85.132.15 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-132-15.iad50.r.cloudfront.net

sync1.intentiq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 8.28.7.83 (United States)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.251.28.133 (Secaucus, United States)

ASN26558 (FREEWHEEL, US)

ads.stickyadstv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:1901:0:8eee:: (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)

fei.pro-market.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pbid.pro-market.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.251.163.155 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: wv-in-f155.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 50.16.197.56 (Ashburn, United States) 5 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-50-16-197-56.compute-1.amazonaws.com

loadm.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.225.218.10 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-225-218-10.compute-1.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.72.122.107 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-72-122-107.compute-1.amazonaws.com

sync.bfmio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.219.12.236 (Ashburn, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-219-12-236.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.83.134.184 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-83-134-184.compute-1.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 63.251.86.50 (Beecher, United States) 1 redirects

ASN10913 (INTERNAP-BLK, US)

ce.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.244.154.8 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.154.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 107.178.254.65 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 65.254.178.107.bc.googleusercontent.com

pippio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.253.63.155 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: bi-in-f155.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c06::9c (Washington, United States) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c08::67 (Ashburn, United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 68.67.160.26 (Jersey City, United States) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 567.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.151.100 (United States)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.98.64.218 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:24f2:7e00:17:4c3f:1b80:93a1 (United States)

ASN16509 (AMAZON-02, US)

api.salemove.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 207.198.113.230 (Herndon, United States) 8 redirects

ASN13768 (COGECO-PEER1, CA)

pixel.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 18.214.161.191 (Ashburn, United States) 4 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-214-161-191.compute-1.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:6ea0:e200::2 (Ashburn, United States)

ASN60068 (CDN77 ^_^, GB)

load77.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.225.254.35 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-225-254-35.compute-1.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.160.10.117 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-160-10-117.iad12.r.cloudfront.net

widget.ellieservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.7.4.58 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-7-4-58.compute-1.amazonaws.com

client-logger.salemove.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
38	civista.bank www.civista.bank	1 MB
36	simpli.fi 22 redirects tag.simpli.fi — Cisco Umbrella Rank: 4333 i.simpli.fi — Cisco Umbrella Rank: 3745 um.simpli.fi — Cisco Umbrella Rank: 780	19 KB
18	sitescout.com 8 redirects pixel.sitescout.com — Cisco Umbrella Rank: 3501	13 KB
10	exelator.com 5 redirects loadm.exelator.com — Cisco Umbrella Rank: 1661 load77.exelator.com — Cisco Umbrella Rank: 3503	6 KB
8	demdex.net 4 redirects dpm.demdex.net — Cisco Umbrella Rank: 208	5 KB
8	salemove.com libs.salemove.com — Cisco Umbrella Rank: 19253 api.salemove.com — Cisco Umbrella Rank: 20535 client-logger.salemove.com — Cisco Umbrella Rank: 14212	421 KB
7	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 327 www.linkedin.com — Cisco Umbrella Rank: 629 px4.ads.linkedin.com — Cisco Umbrella Rank: 6419	6 KB
7	doubleclick.net 5 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 75 cm.g.doubleclick.net — Cisco Umbrella Rank: 219 googleads.g.doubleclick.net — Cisco Umbrella Rank: 33	2 KB
6	rlcdn.com 2 redirects idsync.rlcdn.com — Cisco Umbrella Rank: 408	1 KB
6	crwdcntrl.net 1 redirects bcp.crwdcntrl.net — Cisco Umbrella Rank: 850 sync.crwdcntrl.net — Cisco Umbrella Rank: 799	2 KB
6	tapad.com 1 redirects pixel.tapad.com — Cisco Umbrella Rank: 465	2 KB
3	openx.net 1 redirects us-u.openx.net — Cisco Umbrella Rank: 491	562 B
3	adnxs.com 1 redirects ib.adnxs.com — Cisco Umbrella Rank: 229	2 KB
3	pro-market.net 2 redirects fei.pro-market.net — Cisco Umbrella Rank: 2174 pbid.pro-market.net — Cisco Umbrella Rank: 7195	1 KB
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 168	116 KB
3	banno.com banno.com — Cisco Umbrella Rank: 26741 kernel-serve.banno.com — Cisco Umbrella Rank: 98657	355 KB
2	lijit.com 1 redirects ce.lijit.com — Cisco Umbrella Rank: 835	1 KB
2	bluekai.com stags.bluekai.com — Cisco Umbrella Rank: 848 tags.bluekai.com — Cisco Umbrella Rank: 638	802 B
2	yahoo.com 1 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 307	492 B
2	pubmatic.com image2.pubmatic.com — Cisco Umbrella Rank: 859	894 B
2	intentiq.com 1 redirects sync.intentiq.com — Cisco Umbrella Rank: 846 sync1.intentiq.com — Cisco Umbrella Rank: 2869	2 KB
2	agkn.com 2 redirects aa.agkn.com — Cisco Umbrella Rank: 499 d.agkn.com — Cisco Umbrella Rank: 686	1 KB
2	3lift.com 1 redirects eb2.3lift.com — Cisco Umbrella Rank: 372	730 B
2	1rx.io 2 redirects sync.1rx.io — Cisco Umbrella Rank: 546	993 B
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 98	239 B
2	google.com analytics.google.com — Cisco Umbrella Rank: 152 www.google.com — Cisco Umbrella Rank: 2	701 B
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 763	13 KB
2	cloudfront.net d21y75miwcfqoq.cloudfront.net	910 B
2	glia.com api.glia.com — Cisco Umbrella Rank: 15222	23 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 36	191 KB
1	ellieservices.com widget.ellieservices.com — Cisco Umbrella Rank: 186054	45 KB
1	rubiconproject.com pixel.rubiconproject.com — Cisco Umbrella Rank: 339	923 B
1	googleadservices.com 1 redirects www.googleadservices.com — Cisco Umbrella Rank: 138	547 B
1	pippio.com 1 redirects pippio.com — Cisco Umbrella Rank: 777	632 B
1	bfmio.com sync.bfmio.com — Cisco Umbrella Rank: 1556	421 B
1	stickyadstv.com ads.stickyadstv.com — Cisco Umbrella Rank: 526	654 B
1	tremorhub.com simplifi.partners.tremorhub.com — Cisco Umbrella Rank: 6102	175 B
1	unrulymedia.com sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1258	452 B
1	tumblr.com www.tumblr.com — Cisco Umbrella Rank: 6412	1 KB
1	smaato.net 1 redirects s.ad.smaato.net — Cisco Umbrella Rank: 674	527 B
1	pixel.ad up.pixel.ad — Cisco Umbrella Rank: 11062	2 KB
1	onlineaccess1.com cds-sdkcfg.onlineaccess1.com — Cisco Umbrella Rank: 16777	165 KB
1	citizensbankco.com 1 redirects www.citizensbankco.com	80 B
1	champaignbank.com 1 redirects champaignbank.com	114 B
139	44

	Domain	Requested by
38	www.civista.bank	www.civista.bank cds-sdkcfg.onlineaccess1.com
25	um.simpli.fi	22 redirects www.civista.bank
18	pixel.sitescout.com	8 redirects www.civista.bank
10	tag.simpli.fi	www.googletagmanager.com
8	dpm.demdex.net	4 redirects
6	idsync.rlcdn.com	2 redirects www.civista.bank pixel.sitescout.com
6	loadm.exelator.com	5 redirects www.civista.bank
6	pixel.tapad.com	1 redirects www.civista.bank pixel.sitescout.com
6	libs.salemove.com	api.glia.com libs.salemove.com
5	cm.g.doubleclick.net	4 redirects www.civista.bank
5	px.ads.linkedin.com	3 redirects cds-sdkcfg.onlineaccess1.com www.civista.bank
4	sync.crwdcntrl.net	www.civista.bank pixel.sitescout.com
4	load77.exelator.com
3	us-u.openx.net	1 redirects www.civista.bank
3	ib.adnxs.com	1 redirects www.civista.bank
3	connect.facebook.net	www.civista.bank connect.facebook.net
2	ce.lijit.com	1 redirects www.civista.bank
2	bcp.crwdcntrl.net	1 redirects www.civista.bank
2	ups.analytics.yahoo.com	1 redirects www.civista.bank
2	fei.pro-market.net	2 redirects
2	image2.pubmatic.com	www.civista.bank
2	eb2.3lift.com	1 redirects www.civista.bank
2	sync.1rx.io	2 redirects
2	www.facebook.com	www.civista.bank
2	kernel-serve.banno.com	www.civista.bank kernel-serve.banno.com
2	snap.licdn.com	www.civista.bank snap.licdn.com
2	d21y75miwcfqoq.cloudfront.net	www.civista.bank
2	api.glia.com	www.civista.bank cds-sdkcfg.onlineaccess1.com
2	www.googletagmanager.com	www.civista.bank
1	client-logger.salemove.com	cds-sdkcfg.onlineaccess1.com
1	widget.ellieservices.com	www.civista.bank
1	tags.bluekai.com	www.civista.bank
1	api.salemove.com	cds-sdkcfg.onlineaccess1.com
1	pixel.rubiconproject.com	www.civista.bank
1	www.google.com	www.civista.bank
1	googleads.g.doubleclick.net	1 redirects
1	www.googleadservices.com	1 redirects
1	pippio.com	1 redirects
1	stags.bluekai.com	www.civista.bank
1	sync.bfmio.com	www.civista.bank
1	pbid.pro-market.net	www.civista.bank
1	ads.stickyadstv.com	www.civista.bank
1	sync1.intentiq.com	www.civista.bank
1	sync.intentiq.com	1 redirects
1	d.agkn.com	1 redirects
1	aa.agkn.com	1 redirects
1	simplifi.partners.tremorhub.com	www.civista.bank
1	sync.targeting.unrulymedia.com	www.civista.bank
1	www.tumblr.com	www.civista.bank
1	s.ad.smaato.net	1 redirects
1	i.simpli.fi	tag.simpli.fi
1	px4.ads.linkedin.com	www.civista.bank
1	www.linkedin.com	1 redirects
1	up.pixel.ad	www.googletagmanager.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	analytics.google.com	www.googletagmanager.com
1	banno.com	www.civista.bank
1	cds-sdkcfg.onlineaccess1.com	www.civista.bank
1	www.citizensbankco.com	1 redirects
1	champaignbank.com	1 redirects
139	60

This site contains links to these domains. Also see Links.

Domain
get.adobe.com
brokercheck.finra.org
secure.civista.bank
civista.accessasc.com
myaccountviewonline.com
www.myaccountaccess.com
orderpoint.deluxe.com
bazing.com
www.civb.com
recruiting.paylocity.com
www.facebook.com
www.linkedin.com
civb.com
apps.apple.com
play.google.com
www.fdic.gov
www.hud.gov

Subject Issuer	Validity	Valid
www.civista.bank GeoTrust TLS RSA CA G1	`2023-09-05` - `2024-09-04`	a year	crt.sh
onlineaccess1.com GTS CA 1P5	`2023-11-13` - `2024-02-11`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.glia.com Amazon RSA 2048 M01	`2023-06-18` - `2024-07-15`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2023-10-10` - `2024-09-19`	a year	crt.sh
*.banno.com RapidSSL TLS RSA CA G1	`2023-11-13` - `2024-12-13`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-09-17` - `2023-12-16`	3 months	crt.sh
*.pixel.ad GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2023-01-24` - `2024-02-02`	a year	crt.sh
*.simpli.fi DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-11-07` - `2024-12-07`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2023-11-03` - `2024-05-03`	6 months	crt.sh
*.sitescout.com GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2023-01-09` - `2024-02-02`	a year	crt.sh
*.tapad.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-18` - `2024-09-17`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2023-02-02` - `2024-03-03`	a year	crt.sh
*.crwdcntrl.net Amazon RSA 2048 M01	`2023-10-08` - `2024-11-05`	a year	crt.sh
odc-pixel-prod-01.oracle.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-07` - `2024-02-08`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2023-04-20` - `2024-05-20`	a year	crt.sh
*.openx.net RapidSSL TLS RSA CA G1	`2023-08-18` - `2024-08-18`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
widget.ellieservices.com Amazon RSA 2048 M03	`2023-10-19` - `2024-11-16`	a year	crt.sh

This page contains 6 frames:

Primary Page: https://www.civista.bank/
Frame ID: 30917BA939B8EA7118AD42B36353476E
Requests: 110 HTTP requests in this frame

Frame: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1
Frame ID: 84BA6EDA8DBF14392E93EE13B3387227
Requests: 6 HTTP requests in this frame

Frame: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1
Frame ID: CA6B896EBA62F49BE47B1FA0A1EFF956
Requests: 6 HTTP requests in this frame

Frame: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1
Frame ID: F8E09AE3683E478EAD4565451BBDC672
Requests: 6 HTTP requests in this frame

Frame: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1
Frame ID: 5B1F672BB0838305505D0ADEE1D826A7
Requests: 6 HTTP requests in this frame

Frame: https://pixel.sitescout.com/dmp/asyncPixelSync
Frame ID: 747BA8066BF9A167701EE91AA47A4F08
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Civista Bank > Focused On You

Page URL History Show full URLs

http://champaignbank.com/ HTTP 301
https://www.citizensbankco.com/ HTTP 301
https://www.civista.bank/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

139
Requests

74 %
HTTPS

35 %
IPv6

44
Domains

60
Subdomains

46
IPs

1
Countries

2758 kB
Transfer

5309 kB
Size

69
Cookies

19 Outgoing links

These are links going to different origins than the main page.

URL: http://get.adobe.com/reader/
Title: download Adobe® Acrobat Reader.

Search URL Search Domain Scan URL

URL: https://brokercheck.finra.org/
Title: Brokerage Check (Opens in a new Window)

Search URL Search Domain Scan URL

URL: https://secure.civista.bank/civistabankonlinebanking/sdk/AutoEnrollmentE2E
Title: Enroll

Search URL Search Domain Scan URL

URL: https://secure.civista.bank/civistabankonlinebanking/sdk/AutoEnrollmentE2E/AccountRecovery
Title: Forgot/Unlock User ID

Search URL Search Domain Scan URL

URL: https://secure.civista.bank/civistabankonlinebanking/uux.aspx#/login/resetPasswordUsername
Title: Forgot Password

Search URL Search Domain Scan URL

URL: https://civista.accessasc.com/Account/Login
Title: Go to Wealth Management

Search URL Search Domain Scan URL

URL: https://myaccountviewonline.com/
Title: Go to Brokerage

Search URL Search Domain Scan URL

URL: https://www.myaccountaccess.com/onlineCard/login.do
Title: Go to Credit Cards

Search URL Search Domain Scan URL

URL: https://orderpoint.deluxe.com/personal-checks/login.htm?execution=e1s1
Title: Go to Order Checks

Search URL Search Domain Scan URL

URL: https://bazing.com/Register.aspx
Title: Go to BaZing

Search URL Search Domain Scan URL

URL: http://www.civb.com/CorporateProfile.aspx?iid=100876
Title: (Opens in a new Window)

Search URL Search Domain Scan URL

URL: https://recruiting.paylocity.com/recruiting/jobs/List/2930/Civista-Bank
Title: Join Our Team (Opens in a new Window)

Search URL Search Domain Scan URL

URL: https://www.facebook.com/CivistaBank/
Title: Facebook (Opens in a new Window)

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/civista-bank
Title: LinkedIn (Opens in a new Window)

Search URL Search Domain Scan URL

URL: https://civb.com/ir-home/default.aspx
Title: Investor Relations (Opens in a new Window)

Search URL Search Domain Scan URL

URL: https://apps.apple.com/us/app/cb-mobile-banking/id836729799
Title: Apple App (Opens in a new Window)

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.fi6134.godough
Title: Google Play App (Opens in a new Window)

Search URL Search Domain Scan URL

URL: https://www.fdic.gov/
Title: Member FDIC

Search URL Search Domain Scan URL

URL: https://www.hud.gov/
Title: Equal Housing Lender

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://champaignbank.com/ HTTP 301
https://www.citizensbankco.com/ HTTP 301
https://www.civista.bank/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 43

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5503186%2C1930026&time=1702068604224&url=https%3A%2F%2Fwww.civista.bank%2F&tm=gtmv2 HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5503186%2C1930026&time=1702068604224&url=https%3A%2F%2Fwww.civista.bank%2F&tm=gtmv2&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D5503186%252C1930026%26time%3D1702068604224%26url%3Dhttps%253A%252F%252Fwww.civista.bank%252F%26tm%3Dgtmv2%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5503186%2C1930026&time=1702068604224&url=https%3A%2F%2Fwww.civista.bank%2F&tm=gtmv2&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=5503186%2C1930026&time=1702068604224&url=https%3A%2F%2Fwww.civista.bank%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQLQfhkKM1oX5QAAAYxLMc9yYo8lsZOTulrqm-bq2IbvBkGwFPtzH3JRlLsBzZY6MR87lQ

Request Chain 61

https://um.simpli.fi/smaato HTTP 302
https://s.ad.smaato.net/c/?dspInit=1001136&dspCookie=AC639ECFFF794E4D856012A090030733 HTTP 302
https://www.tumblr.com/ads-user-sync?partner=smaato&uid=c6c628f935&gdpr=0&gdpr_consent=

Request Chain 62

https://um.simpli.fi/nexxen HTTP 302
https://sync.1rx.io/usersync/simplifi/AC639ECFFF794E4D856012A090030733 HTTP 302
https://sync.1rx.io/usersync/simplifi/AC639ECFFF794E4D856012A090030733?zcc=1&cb=1702068605037 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-e12b8804-cc76-41dd-ac87-e62b45183045-005

Request Chain 63

https://um.simpli.fi/triplelift HTTP 302
https://eb2.3lift.com/xuid?mid=7969&xuid=AC639ECFFF794E4D856012A090030733&dongle=yf3 HTTP 302
https://eb2.3lift.com/xuid?ld=1&mid=7969&xuid=AC639ECFFF794E4D856012A090030733&dongle=yf3&gdpr=0&cmp_cs=&us_privacy=

Request Chain 64

https://um.simpli.fi/telaria_p HTTP 302
https://simplifi.partners.tremorhub.com/sync?UISF=AC639ECFFF794E4D856012A090030733

Request Chain 65

https://um.simpli.fi/tapad HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=2305&partner_device_id=AC639ECFFF794E4D856012A090030733 HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=AC639ECFFF794E4D856012A090030733

Request Chain 66

https://um.simpli.fi/ad_advisor HTTP 302
https://aa.agkn.com/adscores/g.pixel?sid=9201915418&sifi_uid=AC639ECFFF794E4D856012A090030733 HTTP 302
https://d.agkn.com/pixel/10751/?che=1702068605040&ip=96.9.249.43&l1=https%3A%2F%2Fum.simpli.fi%2Faa_px%3Fsk%3D212530604724009679971 HTTP 302
https://um.simpli.fi/aa_px?sk=212530604724009679971 HTTP 302
https://um.simpli.fi/empty.gif

Request Chain 67

https://um.simpli.fi/intentiq HTTP 302
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=AC639ECFFF794E4D856012A090030733 HTTP 302
https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=AC639ECFFF794E4D856012A090030733&ckls=true&ci=GX5GgJkNg0&nc=false&trid=129437616

Request Chain 68

https://um.simpli.fi/pubmatic HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:AC639ECFFF794E4D856012A090030733

Request Chain 69

https://um.simpli.fi/freewheel HTTP 302
https://ads.stickyadstv.com/user-registering?dataProviderId=753&userId=AC639ECFFF794E4D856012A090030733

Request Chain 70

https://um.simpli.fi/dtnx HTTP 302
https://fei.pro-market.net/engine?du=24;csync=AC639ECFFF794E4D856012A090030733;mimetype=img; HTTP 302
https://fei.pro-market.net/engine?du=24;csync=AC639ECFFF794E4D856012A090030733;mimetype=img;sr HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datonics-ddp&google_cm&google_hm=MTU1NDA2NDUyODMzNjgzMTg0Mg== HTTP 302
https://pbid.pro-market.net/engine?du=53&mimetype=img&google_gid=CAESEAw_BDDXiWuOZU7gElcN0jw&google_cver=1

Request Chain 71

https://um.simpli.fi/exelatem HTTP 302
https://loadm.exelator.com/load/?p=204&g=2191&simid=AC639ECFFF794E4D856012A090030733&j=0 HTTP 302
https://loadm.exelator.com/load/?p=204&g=2191&simid=AC639ECFFF794E4D856012A090030733&j=0&xl8blockcheck=1

Request Chain 72

https://um.simpli.fi/yahoo HTTP 302
https://ups.analytics.yahoo.com/ups/55964/sync?uid=AC639ECFFF794E4D856012A090030733 HTTP 302
https://ups.analytics.yahoo.com/ups/55964/sync?uid=AC639ECFFF794E4D856012A090030733&verify=true

Request Chain 73

https://um.simpli.fi/beachfront HTTP 302
https://sync.bfmio.com/sync?pid=141&uid=AC639ECFFF794E4D856012A090030733

Request Chain 74

https://um.simpli.fi/bluekai HTTP 302
https://stags.bluekai.com/site/29931?id=AC639ECFFF794E4D856012A090030733

Request Chain 75

https://um.simpli.fi/crwdcntrl HTTP 302
https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=AC639ECFFF794E4D856012A090030733 HTTP 302
https://bcp.crwdcntrl.net/map/ct=y/c=7625/tp=SIMP/tpid=AC639ECFFF794E4D856012A090030733

Request Chain 76

https://um.simpli.fi/lj_match HTTP 302
https://ce.lijit.com/merge?pid=2&3pid=AC639ECFFF794E4D856012A090030733 HTTP 302
https://ce.lijit.com/merge?pid=2&3pid=AC639ECFFF794E4D856012A090030733&dnr=1

Request Chain 77

https://um.simpli.fi/liveramp_match HTTP 302
https://idsync.rlcdn.com/419566.gif?partner_uid=AC639ECFFF794E4D856012A090030733 HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CO7NGRIrCicIARDuJBogQUM2MzlFQ0ZGRjc5NEU0RDg1NjAxMkEwOTAwMzA3MzMQABoNCP2CzqsGEgUI6AcQAEIASgA HTTP 307
https://pippio.com/api/sync?pid=5324&it=1&iv=0d243a86ff0a848a2966f112e4bf6ce4add05442169d6b3f4519806749ad407b791426b5417dce21&_=2 HTTP 307
https://px.ads.linkedin.com/db_sync?pid=10339&puuid=0d243a86ff0a848a2966f112e4bf6ce4add05442169d6b3f4519806749ad407b791426b5417dce21&rand=05304910

Request Chain 78

https://www.googleadservices.com/pagead/conversion/1026675585/?random=1702068604641&cv=7&fst=1702068604641&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON HTTP 302
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1026675585/?random=1253365459&cv=7&fst=1702068604641&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&ocp_id=fIFzZejhN4jSoPMPx9WZ4AM&sscte=1&crd=&pscrd=IhMI6I_R1NuAgwMVCCloCB3HagY8 HTTP 302
https://www.google.com/pagead/1p-conversion/1026675585/?random=1253365459&cv=7&fst=1702068604641&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&sscte=1&crd=&pscrd=IhMI6I_R1NuAgwMVCCloCB3HagY8&is_vtc=1&ocp_id=fIFzZejhN4jSoPMPx9WZ4AM&cid=CAQSKQDICaaN21oXdAvTwNyYTfHT7WkSzJpShr5elLZ3uZQWybkF_T_TaZKN&random=2008263577

Request Chain 80

https://um.simpli.fi/an HTTP 302
https://ib.adnxs.com/setuid?entity=66&code=AC639ECFFF794E4D856012A090030733 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3DAC639ECFFF794E4D856012A090030733

Request Chain 81

https://um.simpli.fi/rb_match HTTP 302
https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=AC639ECFFF794E4D856012A090030733&expires=365

Request Chain 82

https://um.simpli.fi/ox_match HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072966&val=AC639ECFFF794E4D856012A090030733 HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072966&val=AC639ECFFF794E4D856012A090030733

Request Chain 83

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm&google_sc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm=&google_sc=&google_tc= HTTP 302
https://um.simpli.fi/g_match?id=&google_gid=CAESEKpC-fc-PJ8_3RjPlM9Dm1Q&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=AC639ECFFF794E4D856012A090030733 HTTP 302
https://um.simpli.fi/g_match?id=

Request Chain 93

https://pixel.sitescout.com/dmp/asyncPixelSync HTTP 302
https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1

Request Chain 94

https://pixel.sitescout.com/up/36982fd7215fac8e?cntr_url=https%3A%2F%2Fwww.civista.bank%2F HTTP 302
https://pixel.sitescout.com/up/36982fd7215fac8e?cookieQ=1&cntr_url=https%3A%2F%2Fwww.civista.bank%2F

Request Chain 95

https://pixel.sitescout.com/dmp/asyncPixelSync HTTP 302
https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1

Request Chain 96

https://pixel.sitescout.com/up/b9b3db3266ee4d75?cntr_url=https%3A%2F%2Fwww.civista.bank%2F HTTP 302
https://pixel.sitescout.com/up/b9b3db3266ee4d75?cookieQ=1&cntr_url=https%3A%2F%2Fwww.civista.bank%2F

Request Chain 97

https://pixel.sitescout.com/dmp/asyncPixelSync HTTP 302
https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1

Request Chain 98

https://pixel.sitescout.com/up/eb55ff7c1f7ae19f?cntr_url=https%3A%2F%2Fwww.civista.bank%2F HTTP 302
https://pixel.sitescout.com/up/eb55ff7c1f7ae19f?cookieQ=1&cntr_url=https%3A%2F%2Fwww.civista.bank%2F

Request Chain 100

https://pixel.sitescout.com/dmp/asyncPixelSync HTTP 302
https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1

Request Chain 101

https://pixel.sitescout.com/up/aedb6fde05d12965?cntr_url=https%3A%2F%2Fwww.civista.bank%2F HTTP 302
https://pixel.sitescout.com/up/aedb6fde05d12965?cookieQ=1&cntr_url=https%3A%2F%2Fwww.civista.bank%2F

Request Chain 104

https://dpm.demdex.net/ibs:dpid=82530&dpuuid=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent= HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent=

Request Chain 106

https://loadm.exelator.com/load/?p=204&g=700&j=0&buid=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent= HTTP 302
https://load77.exelator.com/pixel.gif

Request Chain 109

https://dpm.demdex.net/ibs:dpid=82530&dpuuid=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent= HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent=

Request Chain 111

https://loadm.exelator.com/load/?p=204&g=700&j=0&buid=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent= HTTP 302
https://load77.exelator.com/pixel.gif

Request Chain 114

https://dpm.demdex.net/ibs:dpid=82530&dpuuid=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent= HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent=

Request Chain 116

https://loadm.exelator.com/load/?p=204&g=700&j=0&buid=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent= HTTP 302
https://load77.exelator.com/pixel.gif

Request Chain 119

https://dpm.demdex.net/ibs:dpid=82530&dpuuid=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent= HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent=

Request Chain 121

https://loadm.exelator.com/load/?p=204&g=700&j=0&buid=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent= HTTP 302
https://load77.exelator.com/pixel.gif

139 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.civista.bank/
Redirect Chain

http://champaignbank.com/
https://www.citizensbankco.com/
https://www.civista.bank/

49 KB
12 KB

651ms
263ms

Document
text/html

20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

cf9bf1413e1c0379298b2486dd9b185c092868cc3bae938965e6faef6cbb46a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 0
cache-control: public, max-age=0
content-encoding: gzip
content-length: 11205
content-type: text/html; charset=utf-8
date: Fri, 08 Dec 2023 20:50:03 GMT
expires: Fri, 08 Dec 2023 20:50:03 GMT
server: nginx
strict-transport-security: max-age=16070400
vary: Accept-Encoding
via: varnish
x-ad-insert-result: success - index
x-b3-traceid: 21c5fc138c1e2835
x-content-type-options: nosniff
x-envoy-upstream-service-time: 115
x-frame-options: SAMEORIGIN
x-request-id: 41dbadae-e8a0-947e-89e5-41e14e6a4771
x-varnish: 25613142
x-varnish-count: 0
x-varnish-hitmiss: MISS
x-varnish-ttl: 0.000
x-xss-protection: 1; mode=block

Redirect headers

content-length: 162
content-type: text/html
date: Fri, 08 Dec 2023 20:50:02 GMT
location: https://www.civista.bank/
server: nginx

GET
H2 200 common.js Show response
cds-sdkcfg.onlineaccess1.com/ 300 KB
165 KB 150ms
92ms Script
application/javascript 192.0.54.4
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to

Full URL

https://cds-sdkcfg.onlineaccess1.com/common.js

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.54.4 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cfeeb2130ad18bd761eb05f659ae17d881f769a75ed819426e8d4c342dfa01e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 20:50:03 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript; charset=UTF-8
x-ion-hop: prod
cache-control: no-cache, no-store, must-revalidate
cf-ray: 8327e0e4fc7336a1-YYZ
alt-svc: h3=":443"; ma=86400
expires: 0

GET
H2 200 main.min.css
www.civista.bank/assets/css/ 269 KB
33 KB 52ms
52ms Stylesheet
text/css 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.civista.bank/assets/css/main.min.css

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

e6d2b8c65da84c33609e81de8970a76017537a50433cf4e43f61b2fe1a2126ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=16070400
via: varnish
x-b3-traceid: b737cd5e1d1031f5
age: 103578
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 1
content-disposition: filename="main.min.css"
content-length: 33256
x-xss-protection: 1; mode=block
x-request-id: 2b49323b-f52d-964d-a54f-ee2c3a10c8e3
x-varnish-count: 3190
last-modified: Mon, 28 Aug 2023 13:33:28 GMT
server: nginx
etag: "2444e368659eef4b747039c00e4b3ea4"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
x-varnish: 29702230 458836
cache-control: public, max-age=0
accept-ranges: bytes
expires: Thu, 07 Dec 2023 16:03:45 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 286 KB
94 KB 121ms
48ms Script
application/javascript 2607:f8b0:4004:c08::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-6ZSG1S7BHC

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::61 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4b472b1ccba4066856eec81fcd149429ab3db9e389c3d7729cfbdc926a38511a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:03 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 95416
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 08 Dec 2023 20:50:03 GMT

GET
H2 200 salemove_integration.js Show response
api.glia.com/ 9 KB
9 KB 240ms
32ms Script
application/javascript 2600:9000:24f2:aa00:17:4c3f:1b80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.glia.com/salemove_integration.js

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f2:aa00:17:4c3f:1b80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

98c4f278eda9ece02de780ade87040aded5a31e7a4f62779e6b138ea75a1fab5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:42:41 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
via: 1.1 7d30b02170e051a5fc315a8f4ba8c20c.cloudfront.net (CloudFront)
last-modified: Fri, 08 Dec 2023 20:16:45 GMT
server: AmazonS3
x-amz-cf-pop: IAD55-P1
age: 444
x-amz-server-side-encryption: AES256
etag: "f8d4588f3f471377a4aa0e43effd9b27"
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 8885
x-amz-cf-id: G-Fvj3q6mreWqdtUEldm5Vv3Gwno_LXvanK8cW5-zbPmxtLLoc1ejA==

GET
H2 200 d2164115
d21y75miwcfqoq.cloudfront.net/ 68 B
455 B 404ms
313ms Image
image/png 2600:9000:2501:4800:1b:ef38:3680:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d21y75miwcfqoq.cloudfront.net/d2164115
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2501:4800:1b:ef38:3680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:04 GMT
x-amz-version-id: null
via: 1.1 f67d20cc5e893094f1f2660dce32bf4a.cloudfront.net (CloudFront)
last-modified: Wed, 17 Feb 2021 19:21:37 GMT
server: AmazonS3
x-amz-cf-pop: IAD55-P5
etag: "91e42db1c66c0b276abf6234dc50b2eb"
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 68
x-amz-cf-id: ygI-1SaUQt5ZfY0mpDgeew4zvN6I4uNdSeS6aSHA4SEWix0K60xlug==

GET
H2 200 civista-bank-logo-with-tagline.svg
www.civista.bank/assets/img/ 2 KB
2 KB 51ms
51ms Image
image/svg+xml 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/img/civista-bank-logo-with-tagline.svg

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

928e0bed1caa547044604f8ef199cba485e65e79e47e50f1b83b2909416a456a

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=16070400
via: varnish
x-b3-traceid: f20c98d4e43a8afa
age: 103488
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 1
content-disposition: filename="civista-bank-logo-with-tagline.svg"
content-length: 1049
x-xss-protection: 1; mode=block
x-request-id: 7f7f35c7-150f-9b19-ad0f-299b3f007295
x-varnish-count: 2963
last-modified: Mon, 28 Aug 2023 13:33:29 GMT
server: nginx
etag: "a29310e878df136371166540d6f4e162"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
x-varnish: 32344494 262447
cache-control: public, max-age=0
accept-ranges: bytes
expires: Thu, 07 Dec 2023 16:05:15 GMT

GET
H2 200 civista-bank-logo.svg
www.civista.bank/assets/img/ 483 B
835 B 51ms
50ms Image
image/svg+xml 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/img/civista-bank-logo.svg

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

e841091b9cc472fae2b280436664f8dcfc2610537e08408e3a526d449baa77e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=16070400
via: varnish
x-b3-traceid: b969b7f03022e833
age: 103578
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 1
content-disposition: filename="civista-bank-logo.svg"
content-length: 268
x-xss-protection: 1; mode=block
x-request-id: fb0281f0-2dcd-93d4-a0cd-af5636bbe6c9
x-varnish-count: 3176
last-modified: Mon, 28 Aug 2023 13:33:29 GMT
server: nginx
etag: "698e66690420786e8b1150e93ba2e551"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
x-varnish: 31632225 1179678
cache-control: public, max-age=0
accept-ranges: bytes
expires: Thu, 07 Dec 2023 16:03:45 GMT

GET
H2 200 search-background.png
www.civista.bank/assets/img/ 421 KB
422 KB 50ms
50ms Image
image/png 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/img/search-background.png

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

a5a52b76a2554d4f48b7935039f1985ce9e48dfae1de1add27541eae6c2b1e3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:03 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: 63f549d62ba21f5f
age: 103539
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="search-background.png"
content-length: 430891
x-xss-protection: 1; mode=block
x-request-id: cba49f5d-4ef6-9812-a596-0214a100de03
x-varnish-count: 2925
last-modified: Mon, 28 Aug 2023 13:33:29 GMT
server: nginx
etag: "86b7f3944283a118f53c7064e56d6a30"
x-frame-options: SAMEORIGIN
content-type: image/png
x-varnish: 30612160 426260
cache-control: public, max-age=0
accept-ranges: bytes
expires: Thu, 07 Dec 2023 16:04:24 GMT

GET
H2 200 civista-arrow.svg
www.civista.bank/assets/img/ 227 B
744 B 184ms
175ms Image
image/svg+xml 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/img/civista-arrow.svg

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

648adf118cca42f02168916370feed7b85fd3539b5c75f4b7af4b70a09203bf2

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=16070400
via: varnish
x-b3-traceid: 3a9b89a205029ec8
age: 103459
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="civista-arrow.svg"
content-length: 182
x-xss-protection: 1; mode=block
x-request-id: be641281-e2f1-9653-bc10-91cb4a5916ca
x-varnish-count: 2987
last-modified: Mon, 28 Aug 2023 13:33:28 GMT
server: nginx
etag: "3be8b2d5a6996f950b923e6a23a117f3"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
x-varnish: 31701297 2130341
cache-control: public, max-age=0
accept-ranges: bytes
expires: Thu, 07 Dec 2023 16:05:44 GMT

GET
H2 200 olb-background.png
www.civista.bank/assets/img/ 250 KB
251 KB 187ms
179ms Image
image/png 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/img/olb-background.png

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

56504ecadb3da960ca8bd8d9c2c1c998be10c8e55013a5523d3a3d768ef64054

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:03 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: b218567e558b48fa
age: 103506
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="olb-background.png"
content-length: 255799
x-xss-protection: 1; mode=block
x-request-id: c02b6832-2e76-9c99-bf95-b8a621b25d61
x-varnish-count: 3005
last-modified: Mon, 28 Aug 2023 13:33:29 GMT
server: nginx
etag: "b0704a4ee33e6697d791d20c19e9dec9"
x-frame-options: SAMEORIGIN
content-type: image/png
x-varnish: 31669305 1605726
cache-control: public, max-age=0
accept-ranges: bytes
expires: Thu, 07 Dec 2023 16:04:57 GMT

GET
H2 200 07821427-d5a1-4f7c-9d44-680cb6bd2a6c
banno.com/a/assets/api/institutions/bd22c266-ec46-4d92-b47b-118400006986/assets/ 349 KB
349 KB 248ms
139ms Image
image/jpeg 52.189.67.130
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://banno.com/a/assets/api/institutions/bd22c266-ec46-4d92-b47b-118400006986/assets/07821427-d5a1-4f7c-9d44-680cb6bd2a6c

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.189.67.130 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

930037884f6d2069832b954a1ae8e89e09b8d3f07c88651312b2041d75409a11

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:04 GMT
strict-transport-security: max-age=15724800
x-b3-traceid: 299d2df6ebe40f2f307d85e49a900e82
etag: "6aa91f7c-f64f-4f8f-af96-9c5cbd371fb2"
content-type: image/jpeg
x-b3-spanid: 8702284455920116
x-b3-sampled: 1
x-request-id: 0bde40832be8dbc738a01e5b2c875fdb

GET
H2 200 link_personal_family.jpg
www.civista.bank/assets/content/JzoOrnCo/ 32 KB
33 KB 236ms
229ms Image
image/jpeg 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/content/JzoOrnCo/link_personal_family.jpg

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

74902c573003ed131ea7b67903e64abb31767177e4a3db2e3b7b6b03e2b382ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:03 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: e50883090d72e416
age: 103408
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="link_personal_family.jpg"
content-length: 32867
x-xss-protection: 1; mode=block
x-request-id: 928b5ef3-4f70-9cfd-a8ae-70d5b678ea51
x-varnish-count: 799
last-modified: Mon, 23 Apr 2018 20:48:54 GMT
server: nginx
etag: "8782016815988fa2faf59c3f81b5bec4"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
x-varnish: 30598045 34299
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 06 Dec 2024 16:06:35 GMT

GET
H2 200 link_business_man.jpg
www.civista.bank/assets/content/eXKrSPUp/ 29 KB
29 KB 184ms
177ms Image
image/jpeg 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/content/eXKrSPUp/link_business_man.jpg

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

478b2c65ea4510e8e85def80e88756125a6e3d765b273e50edd6b128a98d6795

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:03 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: 8f8458ae920ec0d3
age: 103528
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="link_business_man.jpg"
content-length: 29529
x-xss-protection: 1; mode=block
x-request-id: a825dfe2-662a-9b17-bf75-8bc0a41ac2e1
x-varnish-count: 796
last-modified: Mon, 23 Apr 2018 20:48:54 GMT
server: nginx
etag: "8ce74902e4d819a69ac853a9e9f3618e"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
x-varnish: 30140238 1704373
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 06 Dec 2024 16:04:35 GMT

GET
H2 200 link_wealth_mature_couple_boating.jpg
www.civista.bank/assets/content/jhwmWKT0/ 35 KB
35 KB 233ms
226ms Image
image/jpeg 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/content/jhwmWKT0/link_wealth_mature_couple_boating.jpg

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

a683f14820a79e88d7e4794ac05b75186ffebfa246c43ece72d5cd8c106ebe7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:03 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: bb2f93fc0026fe08
age: 103527
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="link_wealth_mature_couple_boating.jpg"
content-length: 35549
x-xss-protection: 1; mode=block
x-request-id: 1030dcb3-0131-92d7-8ce5-0a3a2e4e802c
x-varnish-count: 752
last-modified: Mon, 23 Apr 2018 20:48:54 GMT
server: nginx
etag: "908511ddd586d3f95322224d2c68e8d5"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
x-varnish: 30654508 1376491
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 06 Dec 2024 16:04:35 GMT

GET
H2 200 Test_bm_image.jpg
www.civista.bank/assets/content/SeoImBix/ 8 KB
9 KB 234ms
228ms Image
image/jpeg 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/content/SeoImBix/Test_bm_image.jpg

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

bbe57ca1655cecfcbbde5df09da30ba90bfe6ba753564731457aed8d46c8067d

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:03 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: 156206c0b2b0c047
age: 103548
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="Test_bm_image.jpg"
content-length: 8370
x-xss-protection: 1; mode=block
x-request-id: 8de7234d-73f4-9b98-bda5-c714bc58a6bc
x-varnish-count: 798
last-modified: Mon, 23 Apr 2018 20:48:44 GMT
server: nginx
etag: "8e6394ad2ef37a039a7b6d039bc0b5e1"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
x-varnish: 32212572 786662
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 06 Dec 2024 16:04:15 GMT

GET
H2 200 para_meet_civista.jpg
www.civista.bank/assets/content/y33c3QN5/ 157 KB
158 KB 183ms
176ms Image
image/jpeg 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/content/y33c3QN5/para_meet_civista.jpg

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

a7bd843a5785809b0eb4e100b4d3c9e7fab2369724dee4b860a8149f91b84517

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:03 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: 6caecfb5a22558b8
age: 103459
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="para_meet_civista.jpg"
content-length: 160902
x-xss-protection: 1; mode=block
x-request-id: e50e1e85-f8e0-932c-beb5-e57c4aeca662
x-varnish-count: 752
last-modified: Mon, 23 Apr 2018 20:48:58 GMT
server: nginx
etag: "9d2a90c32347e480b9290688d210dcd6"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
x-varnish: 30728219 491793
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 06 Dec 2024 16:05:44 GMT

GET
H2 200 about_us-2x.png
www.civista.bank/assets/content/IxbDBLHK/ 1 KB
2 KB 184ms
178ms Image
image/png 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/content/IxbDBLHK/about_us-2x.png

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

97ee72b14f50d479618bb24513476073444442e617a89f3bcec806211cb031cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:03 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: b26b06b9ab14f42b
age: 103488
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="about_us-2x.png"
content-length: 1127
x-xss-protection: 1; mode=block
x-request-id: ea2897b5-d156-971d-bad2-91dae3ca3341
x-varnish-count: 668
last-modified: Mon, 23 Apr 2018 20:48:47 GMT
server: nginx
etag: "9cc7ec48633001f61bcf62245bbdeddc"
x-frame-options: SAMEORIGIN
content-type: image/png
x-varnish: 31178616 426654
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 06 Dec 2024 16:05:15 GMT

GET
H2 200 calc-2x.png
www.civista.bank/assets/content/kh0NwZRG/ 1 KB
2 KB 181ms
175ms Image
image/png 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/content/kh0NwZRG/calc-2x.png

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

2b5157404dd236d1dbe9702a7380ec86f9c1bc95c966974d2446a308c6a0f98f

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:03 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: 76c97e8ff5c520c6
age: 103488
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="calc-2x.png"
content-length: 1024
x-xss-protection: 1; mode=block
x-request-id: d396541c-aed6-9dbe-a815-aa5bd28502d4
x-varnish-count: 742
last-modified: Mon, 23 Apr 2018 20:48:47 GMT
server: nginx
etag: "e1e03477549bb54d0ec68ae19cf8a27a"
x-frame-options: SAMEORIGIN
content-type: image/png
x-varnish: 32510944 1016432
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 06 Dec 2024 16:05:15 GMT

GET
H2 200 join_our_team-2x.png
www.civista.bank/assets/content/ss0wicXF/ 1 KB
2 KB 325ms
320ms Image
image/png 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/content/ss0wicXF/join_our_team-2x.png

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

54a5e355f3a119807712d6f5b7c61e7bd48c5a2019d14d4dc589acfff48b8536

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:03 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: 3c909b01e795887d
age: 103459
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="join_our_team-2x.png"
content-length: 1164
x-xss-protection: 1; mode=block
x-request-id: 7da9f816-b22a-9af0-8974-6974b24ebd9a
x-varnish-count: 801
last-modified: Mon, 23 Apr 2018 20:48:51 GMT
server: nginx
etag: "7ad8744ed1cd424d39e56e24364d47b2"
x-frame-options: SAMEORIGIN
content-type: image/png
x-varnish: 31308464 1311233
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 06 Dec 2024 16:05:44 GMT

GET
H2 200 news_events-2x.png
www.civista.bank/assets/content/Xs8mlhbk/ 2 KB
2 KB 325ms
319ms Image
image/png 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/content/Xs8mlhbk/news_events-2x.png

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

d264def9723170f4d0200d77ee68db07c977645443ba1d6edcdfae101ab82c3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:03 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: 58f5d015a4fa47bf
age: 103488
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="news_events-2x.png"
content-length: 1770
x-xss-protection: 1; mode=block
x-request-id: be769adb-a3d2-9d66-8266-d13fbe131765
x-varnish-count: 731
last-modified: Mon, 23 Apr 2018 20:48:57 GMT
server: nginx
etag: "bfc78afd812468d32d8dd7c332a35a30"
x-frame-options: SAMEORIGIN
content-type: image/png
x-varnish: 30079818 1540349
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 06 Dec 2024 16:05:15 GMT

GET
H2 200 grid_mobile_app.jpg
www.civista.bank/assets/files/fSPZASNf/ 59 KB
60 KB 328ms
323ms Image
image/jpeg 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/files/fSPZASNf/grid_mobile_app.jpg

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

998da1e65a145fb491f05db115a5da5442c31e14c25dbb63de9718c9b10245c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:03 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: e7b90f6d65eb7dfa
age: 0
x-varnish-hitmiss: MISS
x-envoy-upstream-service-time: 7
content-disposition: filename="grid_mobile_app.jpg"
x-varnish-count: 0
x-xss-protection: 1; mode=block
x-request-id: 838c91c7-64b9-907b-a818-00a159060dd8
last-modified: Mon, 23 Apr 2018 20:48:10 GMT
server: nginx
etag: "f4b6a9a8bc56f5725f88c939186bf431"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
x-varnish: 30880958
cache-control: private
accept-ranges: bytes
expires: Fri, 08 Dec 2023 20:50:03 GMT

GET
H2 200 Grid_Shoppers_1.jpg
www.civista.bank/assets/files/olyPCnCf/ 53 KB
54 KB 325ms
321ms Image
image/jpeg 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/files/olyPCnCf/Grid_Shoppers_1.jpg

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

11176922b89043f15f577e74217026353b8110969c3e6375afc31d9248c6ec5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:03 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: 63ebc744551ba6bc
age: 0
x-varnish-hitmiss: MISS
x-envoy-upstream-service-time: 4
content-disposition: filename="Grid_Shoppers_1.jpg"
x-varnish-count: 0
x-xss-protection: 1; mode=block
x-request-id: 38c27228-b6de-9377-b1d1-ab9192a3464b
last-modified: Wed, 11 Dec 2019 14:59:52 GMT
server: nginx
etag: "2665cd71842e07183177f6efcb3e527d"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
x-varnish: 31468513
cache-control: private
accept-ranges: bytes
expires: Fri, 08 Dec 2023 20:50:03 GMT

GET
H2 200 Grid_shopowner_blkwoman_1.jpg
www.civista.bank/assets/files/mC4b1XP8/ 49 KB
50 KB 326ms
321ms Image
image/jpeg 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/files/mC4b1XP8/Grid_shopowner_blkwoman_1.jpg

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

9f3736528278e5b8675b41d2eede4bbff5e2f4bc93cf623d62d79de819a26f66

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:03 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: caccc3c485fd88e9
age: 0
x-varnish-hitmiss: MISS
x-envoy-upstream-service-time: 5
content-disposition: filename="Grid_shopowner_blkwoman_1.jpg"
x-varnish-count: 0
x-xss-protection: 1; mode=block
x-request-id: 61162c7c-6af9-99f4-80a6-b6d97f733b71
last-modified: Wed, 11 Dec 2019 14:59:51 GMT
server: nginx
etag: "fffab18e3679b25341739b29c0d1e481"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
x-varnish: 32574277
cache-control: private
accept-ranges: bytes
expires: Fri, 08 Dec 2023 20:50:03 GMT

GET
H2 200 civista-tagline.svg
www.civista.bank/assets/img/ 5 KB
2 KB 234ms
230ms Image
image/svg+xml 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/img/civista-tagline.svg

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

bb26bd7da4f067c4040e6080cf3dcdd9b61f96f9a28e3e47a83e36b677d815d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=16070400
via: varnish
x-b3-traceid: db7b595397bdb89e
age: 103582
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="civista-tagline.svg"
content-length: 1529
x-xss-protection: 1; mode=block
x-request-id: 49c76f1a-daee-9373-85de-d66f314d72ee
x-varnish-count: 2907
last-modified: Mon, 28 Aug 2023 13:33:29 GMT
server: nginx
etag: "f153187b27f053016801a7204cb84160"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
x-varnish: 30847069 819213
cache-control: public, max-age=0
accept-ranges: bytes
expires: Thu, 07 Dec 2023 16:03:41 GMT

GET
H2 200 phone-icon.svg
www.civista.bank/assets/img/ 357 B
833 B 235ms
231ms Image
image/svg+xml 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/img/phone-icon.svg

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

51ea59b3afccd2310d1520a22ad1f2ad5e3d4835faea3371b682fad727174a55

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=16070400
via: varnish
x-b3-traceid: e4944ddc5a01cbea
age: 103552
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="phone-icon.svg"
content-length: 271
x-xss-protection: 1; mode=block
x-request-id: d111ed3e-d02a-9e7b-8891-3e4507597546
x-varnish-count: 2941
last-modified: Mon, 28 Aug 2023 13:33:29 GMT
server: nginx
etag: "7f2350fa9b894bf590a3d36119154bd4"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
x-varnish: 30264891 1540264
cache-control: public, max-age=0
accept-ranges: bytes
expires: Thu, 07 Dec 2023 16:04:10 GMT

GET
H2 200 location-icon.svg
www.civista.bank/assets/img/ 455 B
850 B 321ms
318ms Image
image/svg+xml 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/img/location-icon.svg

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

b7f41e48325490ed45989eeabd75a7f6846d0961b55ddefb41c508e614b36323

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=16070400
via: varnish
x-b3-traceid: 98c5e51e61ce024b
age: 103518
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="location-icon.svg"
content-length: 289
x-xss-protection: 1; mode=block
x-request-id: 2060221f-c9ff-972a-952b-a1721e236c1c
x-varnish-count: 2946
last-modified: Mon, 28 Aug 2023 13:33:29 GMT
server: nginx
etag: "7036e69dd5ffb4108612242fdea83ac7"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
x-varnish: 28948938 720979
cache-control: public, max-age=0
accept-ranges: bytes
expires: Thu, 07 Dec 2023 16:04:45 GMT

GET
H2 200 jquery.min.js Show response
www.civista.bank/assets/js/ 86 KB
31 KB 182ms
173ms Script
application/javascript 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.civista.bank/assets/js/jquery.min.js

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

794a9f4e50e2d7bdc08c8667306093df59340c34d9da9c90faf82bf466d4089a

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=16070400
via: varnish
x-b3-traceid: 511ecd34c8e857ae
age: 103488
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="jquery.min.js"
content-length: 30943
x-xss-protection: 1; mode=block
x-request-id: c0cec025-49b8-9e72-b0fe-5dbd5f60a9ed
x-varnish-count: 3059
last-modified: Mon, 28 Aug 2023 13:33:28 GMT
server: nginx
etag: "6cd24b024a26d71b724d4591c2557251"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-varnish: 31502399 754035
cache-control: public, max-age=0
accept-ranges: bytes
expires: Thu, 07 Dec 2023 16:05:15 GMT

GET
H2 200 script.min.js Show response
www.civista.bank/assets/js/ 141 KB
37 KB 322ms
319ms Script
application/javascript 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.civista.bank/assets/js/script.min.js

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

f0d3c514978da4ae042567cb511f332d42c39f6b9ee448ffc1b96566599871a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=16070400
via: varnish
x-b3-traceid: 43ef1bf0738ee2df
age: 103506
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="script.min.js"
content-length: 36979
x-xss-protection: 1; mode=block
x-request-id: e1b2a6ae-5612-9c41-ad64-9b051d97d81e
x-varnish-count: 3108
last-modified: Mon, 28 Aug 2023 13:33:28 GMT
server: nginx
etag: "76be477d21e35c7e5ca0da7d521269e8"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-varnish: 30923919 1278070
cache-control: public, max-age=0
accept-ranges: bytes
expires: Thu, 07 Dec 2023 16:04:57 GMT

GET
H2 200 disclaimers.js Show response
www.civista.bank/assets/target/ 3 KB
2 KB 234ms
231ms Script
application/javascript 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.civista.bank/assets/target/disclaimers.js?bh=d325a4

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

e62bdb1248c7e4d856eb804738ef310e28d3d8b4a9ef40bccb0a5059a61313d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=16070400
via: varnish
x-b3-traceid: 30896cc1989dab56
age: 15422
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-length: 1400
x-xss-protection: 1; mode=block
x-request-id: 0f9dab1f-ba8a-9e85-ae12-c5509fc256c3
x-varnish-count: 443
last-modified: Fri, 08 Dec 2023 15:18:08 GMT
server: nginx
etag: "0cb1ccf40f33f2a839c457c1ddd7b296"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
x-varnish: 31081225 24185894
cache-control: public, max-age=15552000
accept-ranges: bytes
expires: Wed, 05 Jun 2024 16:33:01 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 310 KB
97 KB 161ms
95ms Script
application/javascript 2607:f8b0:4004:c08::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5JSBQT

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::61 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

04d471baf857c16dfec75a76df7c86ac8bfdf373de7c1b4d85c7dd497099639b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:03 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 99559
x-xss-protection: 0
last-modified: Fri, 08 Dec 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 08 Dec 2023 20:50:03 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 1 KB
805 B 160ms
45ms Script
application/javascript 2600:1402:b800:3::172f:cc34
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1402:b800:3::172f:cc34 Atlanta, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

ecf9967a9685eff0fdc0555125aeb40dc81a85c8de18c48c2a705132ef6129bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 07 Dec 2023 10:28:06 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=40466
accept-ranges: bytes
content-length: 595

GET
H2 200 Icons.woff2
www.civista.bank/assets/font/ 4 KB
4 KB 228ms
228ms Font
application/octet-stream 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.civista.bank/assets/font/Icons.woff2

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/assets/css/main.min.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

8ecb9dd92f240ddac622fb56fcaae3ec8ae803a3d83d6e6fa6a463b621891193

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.civista.bank/assets/css/main.min.css
Origin: https://www.civista.bank
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:03 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: 043b4a0e29594397
age: 103577
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="Icons.woff2"
content-length: 3736
x-xss-protection: 1; mode=block
x-request-id: 714edd4e-2c81-94e4-8a24-c14172b4f7fd
x-varnish-count: 2966
last-modified: Mon, 28 Aug 2023 13:33:29 GMT
server: nginx
etag: "78bf8f5e7bcdfba17c261b5b27a1799e"
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
x-varnish: 30063201 262260
cache-control: public, max-age=0
accept-ranges: bytes
expires: Thu, 07 Dec 2023 16:03:46 GMT

GET
H2 200 insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 31 KB
12 KB 45ms
45ms Script
application/javascript 2600:1402:b800:3::172f:cc34
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.old.min.js

Requested by

Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1402:b800:3::172f:cc34 Atlanta, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

15838004d5e196b563a00a0ba16ce432fed6deb3dd4fab7122601f2c4f41560a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 04 Dec 2023 13:47:15 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=32244
accept-ranges: bytes
content-length: 12150

GET
H2 200 kernel.js Show response
kernel-serve.banno.com/ 6 KB
6 KB 143ms
136ms Script
application/javascript 52.189.67.130
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://kernel-serve.banno.com/kernel.js

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.189.67.130 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

7cae47a88d24c17da61cc71f1baf4614bee4655d81280c92fc2475747ce34230

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:04 GMT
strict-transport-security: max-age=15724800
etag: "13313E3976F35F88B2181A14ED86D18A"
content-length: 5713
content-type: application/javascript

GET
H2 200 d2164115
d21y75miwcfqoq.cloudfront.net/ 68 B
455 B 107ms
107ms Image
image/png 2600:9000:2501:4800:1b:ef38:3680:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d21y75miwcfqoq.cloudfront.net/d2164115
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2501:4800:1b:ef38:3680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:05 GMT
x-amz-version-id: null
via: 1.1 f67d20cc5e893094f1f2660dce32bf4a.cloudfront.net (CloudFront)
last-modified: Wed, 17 Feb 2021 19:21:37 GMT
server: AmazonS3
x-amz-cf-pop: IAD55-P5
etag: "91e42db1c66c0b276abf6234dc50b2eb"
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 68
x-amz-cf-id: 0ptI7Rj_jeMuzCc9IxjztwHWppC1BOoUgdb3OfcrUC9WEqP9qGP44g==

POST
H2 204 collect
analytics.google.com/g/ 0
246 B 103ms
40ms Ping
text/plain 2001:4860:4802:38::181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-6ZSG1S7BHC&gtm=45je3bt0v874458427&_p=1702068603879&_gaz=1&gcd=11l1l1l1l1&dma=0&cid=1231163232.1702068604&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1702068604&sct=1&seg=0&dl=https%3A%2F%2Fwww.civista.bank%2F&dt=Civista%20Bank%20%3E%20Focused%20On%20You&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1822
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-6ZSG1S7BHC
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:38::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 20:50:04 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.civista.bank
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
255 B 105ms
38ms Ping
text/plain 2607:f8b0:4004:c17::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-6ZSG1S7BHC&cid=1231163232.1702068604&gtm=45je3bt0v874458427&aip=1&dma=0&gcd=11l1l1l1l1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-6ZSG1S7BHC
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c17::9a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 20:50:04 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.civista.bank
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 202 KB
54 KB 106ms
34ms Script
application/x-javascript 2a03:2880:f003:c0e:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f003:c0e:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), otp-credentials=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 08 Dec 2023 20:50:04 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 54273
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: H5T6gkvWifibaQfx6/JfBKyfEYO4G5rWLlzBQPH28eCdQDD7KH5kE361Lq+ksGOFC6R77PkdBrvi08jdcXC7ug==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 up.js Show response
up.pixel.ad/assets/ 3 KB
2 KB 109ms
35ms Script
application/javascript 69.28.187.147
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://up.pixel.ad/assets/up.js?um=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JSBQT
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 69.28.187.147 New York, United States, ASN22822 (LLNW, US),
Reverse DNS: https-69-28-187-147.iad.llnw.net
Software: AC1.1 /
Resource Hash: 25b33a7a853f39e447b14be3e6662ccbb0fbce73620bf7778d194cb3fef1d3ab

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:04 GMT
content-encoding: gzip
last-modified: Wed, 16 Mar 2022 16:22:21 GMT
server: AC1.1
age: 444958
vary: accept-encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 1550
x-llid: 227b948b7465e6a407e3a5bea3e9f43c

GET
H2 200 c34dbe20-7fec-0137-6130-067f653fa718 Show response
tag.simpli.fi/sifitag/ 0
445 B 110ms
34ms Script
application/javascript 34.86.70.109
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.simpli.fi/sifitag/c34dbe20-7fec-0137-6130-067f653fa718
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JSBQT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.86.70.109 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 109.70.86.34.bc.googleusercontent.com
Software: openresty /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 20:50:04 GMT
server: openresty
content-type: application/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
x-request-id: F572YK6xrtUL3ambeviE
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 85214ef0-8b0a-0137-e8b9-06a9ed4ca31b Show response
tag.simpli.fi/sifitag/ 3 KB
2 KB 109ms
33ms Script
application/javascript 34.86.70.109
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.simpli.fi/sifitag/85214ef0-8b0a-0137-e8b9-06a9ed4ca31b
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JSBQT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.86.70.109 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 109.70.86.34.bc.googleusercontent.com
Software: openresty /
Resource Hash: 67ac4b2652a4b1479731dbd28536a6995de913a4e14f48630a4d766544b151a7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 20:50:04 GMT
content-encoding: gzip
server: openresty
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
x-request-id: F572YK6n9oeE9kA1QyJJ
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
564 B 129ms
61ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: cds-sdkcfg.onlineaccess1.com
URL: https://cds-sdkcfg.onlineaccess1.com/common.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://www.civista.bank/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 08 Dec 2023 20:50:03 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 1E058A944CD94E3DA8CA2ED6462E7739 Ref B: NYCEDGE1419 Ref C: 2023-12-08T20:50:04Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
access-control-allow-origin: https://www.civista.bank
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYMBbqK+G7oiWmeEmHYJA==

POST
H2 200 visitor_config Show response
api.glia.com/ 12 KB
14 KB 53ms
53ms XHR
application/json 2600:9000:24f2:aa00:17:4c3f:1b80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.glia.com/visitor_config?referrer=https%3A%2F%2Fwww.civista.bank%2F&

Requested by

Host: cds-sdkcfg.onlineaccess1.com
URL: https://cds-sdkcfg.onlineaccess1.com/common.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f2:aa00:17:4c3f:1b80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

4c4344ce4f1d5e6d7653fd631df7979b612cf4937210aa4946bb91716189cb74

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.civista.bank/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Fri, 08 Dec 2023 20:50:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 7d30b02170e051a5fc315a8f4ba8c20c.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD55-P1
x-cache: Miss from cloudfront
content-length: 12740
access-control-max-age: 7200
access-control-allow-methods: ["GET, POST, PUT, PATCH, OPTIONS, HEAD, DELETE"]
content-type: application/json
access-control-allow-origin: https://www.civista.bank
access-control-expose-headers
cache-control: no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
vary: Origin
x-site-visitor-config: true
access-control-allow-headers: Content-Type, Accept, Authorization
x-amz-cf-id: W4FbrH-3UHpuXiPHmSOi_ER7heodijsOc7NeZjFVrsTLcm5-yTbJbw==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5503186%2C1930026&time=1702068604224&url=https%3A%2F%2Fwww.civista.bank%2F&tm=gtmv2
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5503186%2C1930026&time=1702068604224&url=https%3A%2F%2Fwww.civista.bank%2F&tm=gtmv2&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D5503186%252C1930026%26time%3D1702068604224%26url%3Dhttps%253A%252F%252Fwww.civist...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5503186%2C1930026&time=1702068604224&url=https%3A%2F%2Fwww.civista.bank%2F&tm=gtmv2&cookiesTest=true&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=5503186%2C1930026&time=1702068604224&url=https%3A%2F%2Fwww.civista.bank%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQLQfhkKM1oX5QAAAYxLMc9yY...

0
489 B

181ms
107ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=5503186%2C1930026&time=1702068604224&url=https%3A%2F%2Fwww.civista.bank%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQLQfhkKM1oX5QAAAYxLMc9yYo8lsZOTulrqm-bq2IbvBkGwFPtzH3JRlLsBzZY6MR87lQ
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:04 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 0DE6FAFC338448D2BD0C2F10BC5CB347 Ref B: YTO01EDGE0707 Ref C: 2023-12-08T20:50:04Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYMBbqVGLcoiPP3Vi68wg==

Redirect headers

date: Fri, 08 Dec 2023 20:50:04 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 9B493071E3E74B489B13B16859B7EE28 Ref B: NYCEDGE1419 Ref C: 2023-12-08T20:50:04Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=5503186%2C1930026&time=1702068604224&url=https%3A%2F%2Fwww.civista.bank%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQLQfhkKM1oX5QAAAYxLMc9yYo8lsZOTulrqm-bq2IbvBkGwFPtzH3JRlLsBzZY6MR87lQ
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYMBbqSO/zpXGnPS05vTQ==

GET
H2 200 disclaimer Show response
www.civista.bank/_/api/ 1 KB
1 KB 53ms
53ms XHR
application/json 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.civista.bank/_/api/disclaimer

Requested by

Host: cds-sdkcfg.onlineaccess1.com
URL: https://cds-sdkcfg.onlineaccess1.com/common.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

6142858266eb1e6ca87ffb0c951ac2877f342bbc4f03552adf8193c7ccbb79ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://www.civista.bank/
X-Requested-With: XMLHttpRequest
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 08 Dec 2023 20:50:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=16070400
via: varnish
x-b3-traceid: f6208c5998d6780d
age: 0
x-varnish-ttl: 0.000
x-varnish-hitmiss: MISS
x-envoy-upstream-service-time: 3
content-length: 598
x-xss-protection: 1; mode=block
x-request-id: a07ac34f-3ff1-9d3a-8bdf-0acf3385f1f8
x-varnish-count: 0
server: nginx
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
x-varnish: 31986470
cache-control: public, max-age=0
accept-ranges: bytes
expires: Fri, 08 Dec 2023 20:50:04 GMT

GET
H2 200 facebook.svg
www.civista.bank/assets/img/ 420 B
853 B 51ms
50ms Image
image/svg+xml 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/img/facebook.svg

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/assets/css/main.min.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

58510900dc15eb6d4bc049131d6ed32f65889177e6feed5c6ddc219a8161aeb0

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/assets/css/main.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=16070400
via: varnish
x-b3-traceid: e3a2ea8b0347d55a
age: 103539
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="facebook.svg"
content-length: 292
x-xss-protection: 1; mode=block
x-request-id: 3a08b831-ca33-9048-8b62-4aa86d5cc3dd
x-varnish-count: 2121
last-modified: Mon, 28 Aug 2023 13:33:29 GMT
server: nginx
etag: "19e68ea7440cb99e2ad43295467f882c"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
x-varnish: 30364507 1671590
cache-control: public, max-age=0
accept-ranges: bytes
expires: Thu, 07 Dec 2023 16:04:25 GMT

GET
H2 200 apple-icon.svg
www.civista.bank/assets/img/ 485 B
872 B 52ms
51ms Image
image/svg+xml 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/img/apple-icon.svg

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/assets/css/main.min.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

86f21077af6a18a17c863919c55f3a30e9339b6b37179219b1fef19f41f7a1a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/assets/css/main.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=16070400
via: varnish
x-b3-traceid: 8d9836f39261755f
age: 103560
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="apple-icon.svg"
content-length: 310
x-xss-protection: 1; mode=block
x-request-id: 805ca88b-2b57-95d8-b928-3015b95d12a4
x-varnish-count: 2088
last-modified: Mon, 28 Aug 2023 13:33:28 GMT
server: nginx
etag: "e7431a65df9ec7f076f72d302ec5e751"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
x-varnish: 31862433 1081517
cache-control: public, max-age=0
accept-ranges: bytes
expires: Thu, 07 Dec 2023 16:04:03 GMT

GET
H2 200 google-play-icon.svg
www.civista.bank/assets/img/ 764 B
995 B 50ms
49ms Image
image/svg+xml 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/img/google-play-icon.svg

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/assets/css/main.min.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

3d0123a14cf02aebfdad7a564809ce0fc8cd3f4436b273fdcb4cc346d8f19284

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/assets/css/main.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=16070400
via: varnish
x-b3-traceid: f71be9441b57499a
age: 103525
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="google-play-icon.svg"
content-length: 430
x-xss-protection: 1; mode=block
x-request-id: 2c6246f9-2981-95eb-8739-f82beac8b112
x-varnish-count: 2096
last-modified: Mon, 28 Aug 2023 13:33:29 GMT
server: nginx
etag: "41b489bf0483ccc25ec610902255fe6e"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
x-varnish: 30598051 197031
cache-control: public, max-age=0
accept-ranges: bytes
expires: Thu, 07 Dec 2023 16:04:38 GMT

GET
H2 200 bootstrapper-b4d280865.js Show response
libs.salemove.com/visitor/ 635 KB
165 KB 108ms
34ms Script
application/javascript 2600:9000:250a:4e00:0:99b9:cd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://libs.salemove.com/visitor/bootstrapper-b4d280865.js

Requested by

Host: api.glia.com
URL: https://api.glia.com/salemove_integration.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:250a:4e00:0:99b9:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

6df5acc8f74ff4bbe678d342d64e6efe7f90702ab0312d1e04c7734eb7c6eb33

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 10:35:09 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
via: 1.1 caafbc8a9aa04b09dd564a3ddef60622.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD12-P3
age: 36896
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Fri, 08 Dec 2023 09:55:57 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:9275905d88901eaaf9396fe8942db60d
etag: W/"9275905d88901eaaf9396fe8942db60d"
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method,Origin
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: ZvMcqu-5POuaM3obNNhJ-VfX2Mewn2aqgiCMEWQv4b_BVf2hvkDUyA==

GET
H2 200 visit Show response
kernel-serve.banno.com/institutions/bd22c266-ec46-4d92-b47b-118400006986/profiles/5c7b3890-960b-11ee-b6ac-02426b88e02c/ 0
120 B 69ms
69ms Script
application/javascript 52.189.67.130
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://kernel-serve.banno.com/institutions/bd22c266-ec46-4d92-b47b-118400006986/profiles/5c7b3890-960b-11ee-b6ac-02426b88e02c/visit?keywords=Civista%20Bank,%20community%20bank,%20checking%20account,%20business%20account,%20loans,%20mortgage,%20commercial%20lending&url=https%3A%2F%2Fwww.civista.bank%2F

Requested by

Host: kernel-serve.banno.com
URL: https://kernel-serve.banno.com/kernel.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.189.67.130 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:04 GMT
cache-control: no-cache, no-store, max-age=0
strict-transport-security: max-age=15724800
content-length: 0
content-type: application/javascript

GET
H2 200 c4554380-8d79-0138-1abd-06a60fe5fe77 Show response
tag.simpli.fi/sifitag/ 0
246 B 34ms
33ms Script
application/javascript 34.86.70.109
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.simpli.fi/sifitag/c4554380-8d79-0138-1abd-06a60fe5fe77
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JSBQT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.86.70.109 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 109.70.86.34.bc.googleusercontent.com
Software: openresty /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 20:50:04 GMT
server: openresty
content-type: application/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
x-request-id: F572YLplIW94kwH4lEEB
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 a415d490-8d7a-0138-2e8e-06abc14c0bc6 Show response
tag.simpli.fi/sifitag/ 3 KB
1 KB 34ms
34ms Script
application/javascript 34.86.70.109
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.simpli.fi/sifitag/a415d490-8d7a-0138-2e8e-06abc14c0bc6
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JSBQT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.86.70.109 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 109.70.86.34.bc.googleusercontent.com
Software: openresty /
Resource Hash: 69b83ab1af39a754922825e1f6759725a5f86cb9d572ad69b38668e1e2c3de1d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 20:50:04 GMT
content-encoding: gzip
server: openresty
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
x-request-id: F572YLpsDMyJrrWR99MF
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 152066585500691 Show response
connect.facebook.net/signals/config/ 116 KB
31 KB 137ms
135ms Script
application/x-javascript 2a03:2880:f003:c0e:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/152066585500691?v=2.9.138&r=stable&domain=www.civista.bank

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f003:c0e:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f10e9c0a33a080645f78215348a1bbdfc1edcda847c728ba55bace9fe2a8320b

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), otp-credentials=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 08 Dec 2023 20:50:04 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: 3Y352+6+jt1lkpp/0jRbl7Bpep7gQVvZmpMoumVZt5OBZ02lzeqiZ14EmxahH23vXtxl4HAtWQr4myScww1ibg==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
DATA 200
OK truncated
/ 89 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 50e6072d26098d48004a30addeecabd5b22b91e5ccdf9dd86f96459783e3ac23

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 6f7f3220-e3ae-0137-600b-06659b33d47c Show response
tag.simpli.fi/sifitag/ 0
245 B 33ms
33ms Script
application/javascript 34.86.70.109
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.simpli.fi/sifitag/6f7f3220-e3ae-0137-600b-06659b33d47c
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JSBQT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.86.70.109 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 109.70.86.34.bc.googleusercontent.com
Software: openresty /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 20:50:04 GMT
server: openresty
content-type: application/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
x-request-id: F572YMJ9kotEpVM1QzbJ
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 p Show response
i.simpli.fi/ 798 B
762 B 41ms
36ms Script
application/javascript 34.86.70.109
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.simpli.fi/p?cid=216143&cb=sifi_att_42656._hp
Requested by: Host: tag.simpli.fi
URL: https://tag.simpli.fi/sifitag/85214ef0-8b0a-0137-e8b9-06a9ed4ca31b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.86.70.109 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 109.70.86.34.bc.googleusercontent.com
Software: openresty /
Resource Hash: 31237847c4f17d88b68af803f3f4bb8d671d8f56853b628a024d3b91a10b517d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 20:50:04 GMT
content-encoding: gzip
server: openresty
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 b0e18e80-92fd-0138-2f00-06abc14c0bc6 Show response
tag.simpli.fi/sifitag/ 3 KB
1 KB 33ms
33ms Script
application/javascript 34.86.70.109
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.simpli.fi/sifitag/b0e18e80-92fd-0138-2f00-06abc14c0bc6
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JSBQT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.86.70.109 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 109.70.86.34.bc.googleusercontent.com
Software: openresty /
Resource Hash: f8e9bdeb7d15c402a8b58ef1ad9fb370a5399110b1c54d9b0bde53bb4a4736a9

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 20:50:04 GMT
content-encoding: gzip
server: openresty
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
x-request-id: F572YMKRd7Mc54WbewiE
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 webcomponents_es5-b4d280865.js Show response
libs.salemove.com/visitor/ 936 B
1 KB 30ms
30ms Script
application/javascript 2600:9000:250a:4e00:0:99b9:cd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://libs.salemove.com/visitor/webcomponents_es5-b4d280865.js

Requested by

Host: libs.salemove.com
URL: https://libs.salemove.com/visitor/bootstrapper-b4d280865.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:250a:4e00:0:99b9:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

832dbd199f70ade357e88a3f5d32920c8c63e69258dc173d3b261686320895db

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 10:12:12 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
via: 1.1 caafbc8a9aa04b09dd564a3ddef60622.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD12-P3
age: 38273
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 936
last-modified: Fri, 08 Dec 2023 09:55:58 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:f86098c5208655efb405300993461936
etag: "f86098c5208655efb405300993461936"
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin
content-type: application/javascript
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: FoeVrCBYjleG2fM4oURIqtocTUZ5eLL1U4Q_U1oEf34QHCqJKFe4tg==

GET
H2 200 a5c88610-92fd-0138-2f00-06abc14c0bc6 Show response
tag.simpli.fi/sifitag/ 0
246 B 33ms
33ms Script
application/javascript 34.86.70.109
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.simpli.fi/sifitag/a5c88610-92fd-0138-2f00-06abc14c0bc6
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JSBQT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.86.70.109 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 109.70.86.34.bc.googleusercontent.com
Software: openresty /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 20:50:04 GMT
server: openresty
content-type: application/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
x-request-id: F572YMzwCUjCC7986rlG
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 2630065057249545 Show response
connect.facebook.net/signals/config/ 120 KB
31 KB 126ms
125ms Script
application/x-javascript 2a03:2880:f003:c0e:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/2630065057249545?v=2.9.138&r=stable&domain=www.civista.bank

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f003:c0e:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c9d23a52a58995ff5a110af912186b3c23e0efb95b9ac90daf726adcaf2effb0

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), otp-credentials=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 08 Dec 2023 20:50:04 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: p5e5R4sFsgnndN79AGOhr4CEgxuPNuRM1oILtLke36p/QjDOQmlUuPkodS421sTm4rGdmSZZz5Wa9dlg+DfDcw==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 100ms
34ms Image
text/plain 2a03:2880:f103:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=152066585500691&ev=PageView&dl=https%3A%2F%2Fwww.civista.bank&rl=&if=false&ts=1702068604799&sw=1600&sh=1200&v=2.9.138&r=stable&ec=0&o=4124&fbp=fb.1.1702068604797.1233218223&pm=1&hrl=9fc523&ler=empty&it=1702068604493&coo=false&cs_cc=1&rqm=GET

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f103:83:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 08 Dec 2023 20:50:04 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2

200

ads-user-sync
www.tumblr.com/
Redirect Chain

https://um.simpli.fi/smaato
https://s.ad.smaato.net/c/?dspInit=1001136&dspCookie=AC639ECFFF794E4D856012A090030733
https://www.tumblr.com/ads-user-sync?partner=smaato&uid=c6c628f935&gdpr=0&gdpr_consent=

70 B
1 KB

107ms
51ms

Image
image/png

192.0.77.40
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tumblr.com/ads-user-sync?partner=smaato&uid=c6c628f935&gdpr=0&gdpr_consent=

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Server

192.0.77.40 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

assets.tumblr.com

Software

nginx /

Resource Hash

a73237a07cec4d81b7cb7995220839f554e2e8936e5d5ae25cc47753f9737c07

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://*.gemini.yahoo.com https://s.yimg.com/av/gemini/ga/gemini-iframe.js https://s.yimg.com/av/curveball/ 'unsafe-eval' 'nonce-5lV9lfnLf90kUYI15Jzsj2bb21g'; object-src 'none'; worker-src blob:; base-uri 'self'; report-uri https://www.tumblr.com/svc/cspreports;
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-nc: jfk 2
date: Fri, 08 Dec 2023 20:50:05 GMT
content-security-policy: script-src 'self' https://assets.tumblr.com https://sb.scorecardresearch.com/beacon.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/analytics.js https://fc.yahoo.com/sdarla/php/client.php https://s.yimg.com/rq/darla/ https://www.googletagservices.com/tag/js/gpt.js https://securepubads.g.doubleclick.net/gpt/ https://securepubads.g.doubleclick.net/gampad/ads https://pagead2.googlesyndication.com/pagead/osd.js https://www.google.com/recaptcha/api.js https://*.gemini.yahoo.com https://s.yimg.com/av/gemini/ga/gemini-iframe.js https://s.yimg.com/av/curveball/ 'unsafe-eval' 'nonce-5lV9lfnLf90kUYI15Jzsj2bb21g'; object-src 'none'; worker-src blob:; base-uri 'self'; report-uri https://www.tumblr.com/svc/cspreports;
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin
server: nginx
strict-transport-security: max-age=31536000; preload
x-frame-options: deny
p3p: CP="Tumblr's privacy policy is available here: https://www.tumblr.com/policy/en/privacy"
content-type: image/png
x-rid: 9ad100cb2bd27d07035a8ca2ec3c1f50
alt-svc: h3=":443"; ma=86400
content-length: 70
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge,chrome=1

Redirect headers

date: Fri, 08 Dec 2023 20:50:05 GMT
via: 1.1 8348c06ca24c7faf1ae00ad6facc20b2.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: IAD89-P2
x-cache: Miss from cloudfront
location: https://www.tumblr.com/ads-user-sync?partner=smaato&uid=c6c628f935&gdpr=0&gdpr_consent=
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: JiatNh0RpOFBfhP_VOS6f15q9DV0ghgjNXLRs__Kfs6rXpn6KjVzyw==

GET
H/1.1

200
OK

RX-e12b8804-cc76-41dd-ac87-e62b45183045-005
sync.targeting.unrulymedia.com/csync/
Redirect Chain

https://um.simpli.fi/nexxen
https://sync.1rx.io/usersync/simplifi/AC639ECFFF794E4D856012A090030733
https://sync.1rx.io/usersync/simplifi/AC639ECFFF794E4D856012A090030733?zcc=1&cb=1702068605037
https://sync.targeting.unrulymedia.com/csync/RX-e12b8804-cc76-41dd-ac87-e62b45183045-005

43 B
452 B

323ms
40ms

Image
image/gif

199.127.204.171
RHYTHMONE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.targeting.unrulymedia.com/csync/RX-e12b8804-cc76-41dd-ac87-e62b45183045-005
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: HTTP/1.1
Server: 199.127.204.171 , United States, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software: Tengine /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Fri, 08 Dec 2023 20:50:05 GMT
Server: Tengine
Connection: keep-alive
Content-Length: 43
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"

Redirect headers

Pragma: no-cache
Date: Fri, 08 Dec 2023 20:50:05 GMT
Server: Tengine
Transfer-Encoding: chunked
Content-Type: text/html
Location: https://sync.targeting.unrulymedia.com/csync/RX-e12b8804-cc76-41dd-ac87-e62b45183045-005
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Expires: 0

GET
H2

200

xuid
eb2.3lift.com/
Redirect Chain

https://um.simpli.fi/triplelift
https://eb2.3lift.com/xuid?mid=7969&xuid=AC639ECFFF794E4D856012A090030733&dongle=yf3
https://eb2.3lift.com/xuid?ld=1&mid=7969&xuid=AC639ECFFF794E4D856012A090030733&dongle=yf3&gdpr=0&cmp_cs=&us_privacy=

37 B
354 B

50ms
50ms

Image
image/gif

52.223.22.214
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?ld=1&mid=7969&xuid=AC639ECFFF794E4D856012A090030733&dongle=yf3&gdpr=0&cmp_cs=&us_privacy=
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Server: 52.223.22.214 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: afb83dd09526a6517.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-type: image/gif
date: Fri, 08 Dec 2023 20:50:05 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: /xuid?ld=1&mid=7969&xuid=AC639ECFFF794E4D856012A090030733&dongle=yf3&gdpr=0&cmp_cs=&us_privacy=
date: Fri, 08 Dec 2023 20:50:05 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

200

sync
simplifi.partners.tremorhub.com/
Redirect Chain

https://um.simpli.fi/telaria_p
https://simplifi.partners.tremorhub.com/sync?UISF=AC639ECFFF794E4D856012A090030733

43 B
175 B

102ms
32ms

Image
image/gif

2600:1f18:612b:4216:f7a5:eced:3275:207a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simplifi.partners.tremorhub.com/sync?UISF=AC639ECFFF794E4D856012A090030733
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Server: 2600:1f18:612b:4216:f7a5:eced:3275:207a Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
date: Fri, 08 Dec 2023 20:50:05 GMT
server: nginx
content-type: image/gif

Redirect headers

date: Fri, 08 Dec 2023 20:50:04 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://simplifi.partners.tremorhub.com/sync?UISF=AC639ECFFF794E4D856012A090030733
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Thu, 07 Dec 2023 20:50:04 GMT

GET
H2

200

check
pixel.tapad.com/idsync/ex/receive/
Redirect Chain

https://um.simpli.fi/tapad
https://pixel.tapad.com/idsync/ex/receive?partner_id=2305&partner_device_id=AC639ECFFF794E4D856012A090030733
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=AC639ECFFF794E4D856012A090030733

95 B
427 B

52ms
49ms

Image
image/png

34.111.113.62
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=AC639ECFFF794E4D856012A090030733

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Server

34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

62.113.111.34.bc.googleusercontent.com

Software

Jetty(11.0.13) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:05 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: Jetty(11.0.13)
content-type: image/png
access-control-allow-origin: *
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95

Redirect headers

date: Fri, 08 Dec 2023 20:50:05 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: Jetty(11.0.13)
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
access-control-allow-origin: *
location: https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=AC639ECFFF794E4D856012A090030733
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

200

empty.gif
um.simpli.fi/
Redirect Chain

https://um.simpli.fi/ad_advisor
https://aa.agkn.com/adscores/g.pixel?sid=9201915418&sifi_uid=AC639ECFFF794E4D856012A090030733
https://d.agkn.com/pixel/10751/?che=1702068605040&ip=96.9.249.43&l1=https%3A%2F%2Fum.simpli.fi%2Faa_px%3Fsk%3D212530604724009679971
https://um.simpli.fi/aa_px?sk=212530604724009679971
https://um.simpli.fi/empty.gif

43 B
361 B

31ms
31ms

Image
image/gif

34.150.170.96
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/empty.gif

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Server

34.150.170.96 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

96.170.150.34.bc.googleusercontent.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:05 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43

Redirect headers

date: Fri, 08 Dec 2023 20:50:05 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: /empty.gif
access-control-allow-origin: *
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142

GET
H2

200

ProfilesEngineServlet
sync1.intentiq.com/profiles_engine/
Redirect Chain

https://um.simpli.fi/intentiq
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=AC639ECFFF794E4D856012A090030733
https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=AC639ECFFF794E4D856012A090030733&ckls=true&ci=GX5GgJkNg0&nc=false&trid=129437616

43 B
1 KB

115ms
39ms

Image
image/gif

52.85.132.15
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=AC639ECFFF794E4D856012A090030733&ckls=true&ci=GX5GgJkNg0&nc=false&trid=129437616
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Server: 52.85.132.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-132-15.iad50.r.cloudfront.net
Software: /
Resource Hash: caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 20:50:05 GMT
via: 1.1 5893c71b6cde828b408a700f9c0673b0.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD50-C2
x-cache: Miss from cloudfront
content-type: image/gif
p3p: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=86400
content-length: 43
x-amz-cf-id: EG4Uysd80yRMmyh3nPmFCb2I9U7nh6koPkacPk259xQunkJtJG8OGg==
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 08 Dec 2023 20:50:05 GMT
via: 1.1 13af704549c5ac5d9fb78e3b737019ec.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD50-C2
x-cache: Miss from cloudfront
p3p: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
location: https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=AC639ECFFF794E4D856012A090030733&ckls=true&ci=GX5GgJkNg0&nc=false&trid=129437616
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
patent: https://www.almondnet.com/ip
alt-svc: h3=":443"; ma=86400
content-length: 43
x-amz-cf-id: IrynVWAEWKMRFSot4xfniKhW7wrz45_F4IJ2ePtw5b4X2YaiFVRdAw==
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/
Redirect Chain

https://um.simpli.fi/pubmatic
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:AC639ECFFF794E4D856012A090030733

42 B
550 B

104ms
33ms

Image
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:AC639ECFFF794E4D856012A090030733
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Fri, 08 Dec 2023 20:50:04 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

date: Fri, 08 Dec 2023 20:50:04 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:AC639ECFFF794E4D856012A090030733
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Thu, 07 Dec 2023 20:50:04 GMT

GET
H/1.1

200

user-registering
ads.stickyadstv.com/
Redirect Chain

https://um.simpli.fi/freewheel
https://ads.stickyadstv.com/user-registering?dataProviderId=753&userId=AC639ECFFF794E4D856012A090030733

43 B
654 B

242ms
35ms

Image
image/gif

63.251.28.133
FREEWHEEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.stickyadstv.com/user-registering?dataProviderId=753&userId=AC639ECFFF794E4D856012A090030733
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: HTTP/1.1
Server: 63.251.28.133 Secaucus, United States, ASN26558 (FREEWHEEL, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 08 Dec 2023 20:50:05 GMT
Server: nginx
Transfer-Encoding: chunked
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Connection: keep-alive
x-sticky-vk: 1702068605162039-306

Redirect headers

date: Fri, 08 Dec 2023 20:50:04 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://ads.stickyadstv.com/user-registering?dataProviderId=753&userId=AC639ECFFF794E4D856012A090030733
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Thu, 07 Dec 2023 20:50:04 GMT

GET
H2

200

engine
pbid.pro-market.net/
Redirect Chain

https://um.simpli.fi/dtnx
https://fei.pro-market.net/engine?du=24;csync=AC639ECFFF794E4D856012A090030733;mimetype=img;
https://fei.pro-market.net/engine?du=24;csync=AC639ECFFF794E4D856012A090030733;mimetype=img;sr
https://cm.g.doubleclick.net/pixel?google_nid=datonics-ddp&google_cm&google_hm=MTU1NDA2NDUyODMzNjgzMTg0Mg==
https://pbid.pro-market.net/engine?du=53&mimetype=img&google_gid=CAESEAw_BDDXiWuOZU7gElcN0jw&google_cver=1

43 B
405 B

57ms
54ms

Image
image/gif

2600:1901:0:8eee::
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pbid.pro-market.net/engine?du=53&mimetype=img&google_gid=CAESEAw_BDDXiWuOZU7gElcN0jw&google_cver=1
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Server: 2600:1901:0:8eee:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 3331a0486cb3e8a75c8c2fdf02bf80fd8fe2b811dfe5c7b4aa892d38bfcf604a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 20:50:04 GMT
via: 1.1 google
server: Apache-Coyote/1.1
anserver: gapp1
p3p: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
access-control-allow-origin: *
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 43
expires: Mon, 1 Jan 1990 0:0:0 GMT

Redirect headers

pragma: no-cache
date: Fri, 08 Dec 2023 20:50:05 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://pbid.pro-market.net/engine?du=53&mimetype=img&google_gid=CAESEAw_BDDXiWuOZU7gElcN0jw&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 315
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

204

/
loadm.exelator.com/load/
Redirect Chain

https://um.simpli.fi/exelatem
https://loadm.exelator.com/load/?p=204&g=2191&simid=AC639ECFFF794E4D856012A090030733&j=0
https://loadm.exelator.com/load/?p=204&g=2191&simid=AC639ECFFF794E4D856012A090030733&j=0&xl8blockcheck=1

0
767 B

49ms
47ms

Image
text/plain

50.16.197.56
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://loadm.exelator.com/load/?p=204&g=2191&simid=AC639ECFFF794E4D856012A090030733&j=0&xl8blockcheck=1
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Server: 50.16.197.56 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-50-16-197-56.compute-1.amazonaws.com
Software: nginx / Undertow/1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:05 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA

Redirect headers

date: Fri, 08 Dec 2023 20:50:05 GMT
server: nginx
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
location: https://loadm.exelator.com/load/?p=204&g=2191&simid=AC639ECFFF794E4D856012A090030733&j=0&xl8blockcheck=1
content-type: image/gif
cache-control: no-cache
access-control-allow-credentials: true
content-length: 0

GET
H2

204

sync
ups.analytics.yahoo.com/ups/55964/
Redirect Chain

https://um.simpli.fi/yahoo
https://ups.analytics.yahoo.com/ups/55964/sync?uid=AC639ECFFF794E4D856012A090030733
https://ups.analytics.yahoo.com/ups/55964/sync?uid=AC639ECFFF794E4D856012A090030733&verify=true

0
121 B

45ms
43ms

Image
text/plain

3.225.218.10
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55964/sync?uid=AC639ECFFF794E4D856012A090030733&verify=true

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Server

3.225.218.10 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-225-218-10.compute-1.amazonaws.com

Software

ATS/9.1.10.94 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:05 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.94
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/55964/sync?uid=AC639ECFFF794E4D856012A090030733&verify=true
date: Fri, 08 Dec 2023 20:50:05 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.94
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

204

sync
sync.bfmio.com/
Redirect Chain

https://um.simpli.fi/beachfront
https://sync.bfmio.com/sync?pid=141&uid=AC639ECFFF794E4D856012A090030733

0
421 B

166ms
40ms

Image
text/plain

52.72.122.107
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.bfmio.com/sync?pid=141&uid=AC639ECFFF794E4D856012A090030733
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: HTTP/1.1
Server: 52.72.122.107 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-122-107.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Connection: keep-alive
Date: Fri, 08 Dec 2023 20:50:05 GMT

Redirect headers

date: Fri, 08 Dec 2023 20:50:04 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://sync.bfmio.com/sync?pid=141&uid=AC639ECFFF794E4D856012A090030733
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Thu, 07 Dec 2023 20:50:04 GMT

GET
H2

200

29931
stags.bluekai.com/site/
Redirect Chain

https://um.simpli.fi/bluekai
https://stags.bluekai.com/site/29931?id=AC639ECFFF794E4D856012A090030733

62 B
443 B

193ms
116ms

Image
image/gif

23.219.12.236
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://stags.bluekai.com/site/29931?id=AC639ECFFF794E4D856012A090030733
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Server: 23.219.12.236 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-219-12-236.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
date: Fri, 08 Dec 2023 20:50:05 GMT
content-length: 62
content-type: image/gif

Redirect headers

date: Fri, 08 Dec 2023 20:50:04 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://stags.bluekai.com/site/29931?id=AC639ECFFF794E4D856012A090030733
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Thu, 07 Dec 2023 20:50:04 GMT

GET
H2

200

tpid=AC639ECFFF794E4D856012A090030733
bcp.crwdcntrl.net/map/ct=y/c=7625/tp=SIMP/
Redirect Chain

https://um.simpli.fi/crwdcntrl
https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=AC639ECFFF794E4D856012A090030733
https://bcp.crwdcntrl.net/map/ct=y/c=7625/tp=SIMP/tpid=AC639ECFFF794E4D856012A090030733

49 B
264 B

64ms
62ms

Image
image/gif

54.83.134.184
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bcp.crwdcntrl.net/map/ct=y/c=7625/tp=SIMP/tpid=AC639ECFFF794E4D856012A090030733
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Server: 54.83.134.184 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-83-134-184.compute-1.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 20:50:05 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.40.63.10
content-length: 49
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 08 Dec 2023 20:50:05 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://bcp.crwdcntrl.net/map/ct=y/c=7625/tp=SIMP/tpid=AC639ECFFF794E4D856012A090030733
cache-control: no-cache
x-server: 10.40.63.168
content-length: 0
expires: 0

GET
H/1.1

200
OK

merge
ce.lijit.com/
Redirect Chain

https://um.simpli.fi/lj_match
https://ce.lijit.com/merge?pid=2&3pid=AC639ECFFF794E4D856012A090030733
https://ce.lijit.com/merge?pid=2&3pid=AC639ECFFF794E4D856012A090030733&dnr=1

43 B
679 B

76ms
74ms

Image
image/gif

63.251.86.50
INTERNAP-BLK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=2&3pid=AC639ECFFF794E4D856012A090030733&dnr=1
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: HTTP/1.1
Server: 63.251.86.50 Beecher, United States, ASN10913 (INTERNAP-BLK, US),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 08 Dec 2023 20:50:05 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Type: image/gif
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap2dca1
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 08 Dec 2023 20:50:05 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Location: https://ce.lijit.com/merge?pid=2&3pid=AC639ECFFF794E4D856012A090030733&dnr=1
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap2dca1
Content-Length: 0
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H2

200

db_sync
px.ads.linkedin.com/
Redirect Chain

https://um.simpli.fi/liveramp_match
https://idsync.rlcdn.com/419566.gif?partner_uid=AC639ECFFF794E4D856012A090030733
https://idsync.rlcdn.com/1000.gif?memo=CO7NGRIrCicIARDuJBogQUM2MzlFQ0ZGRjc5NEU0RDg1NjAxMkEwOTAwMzA3MzMQABoNCP2CzqsGEgUI6AcQAEIASgA
https://pippio.com/api/sync?pid=5324&it=1&iv=0d243a86ff0a848a2966f112e4bf6ce4add05442169d6b3f4519806749ad407b791426b5417dce21&_=2
https://px.ads.linkedin.com/db_sync?pid=10339&puuid=0d243a86ff0a848a2966f112e4bf6ce4add05442169d6b3f4519806749ad407b791426b5417dce21&rand=05304910

0
141 B

135ms
134ms

Image
text/plain

2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/db_sync?pid=10339&puuid=0d243a86ff0a848a2966f112e4bf6ce4add05442169d6b3f4519806749ad407b791426b5417dce21&rand=05304910
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:04 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 5375D90FACA144D2AAFFB31AF356ADC6 Ref B: NYCEDGE1419 Ref C: 2023-12-08T20:50:05Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYMBbqaX2eci4TegqgmXg==

Redirect headers

date: Fri, 08 Dec 2023 20:50:05 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://px.ads.linkedin.com/db_sync?pid=10339&puuid=0d243a86ff0a848a2966f112e4bf6ce4add05442169d6b3f4519806749ad407b791426b5417dce21&rand=05304910
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

200

/
www.google.com/pagead/1p-conversion/1026675585/
Redirect Chain

https://www.googleadservices.com/pagead/conversion/1026675585/?random=1702068604641&cv=7&fst=1702068604641&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1026675585/?random=1253365459&cv=7&fst=1702068604641&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&ocp_id=...
https://www.google.com/pagead/1p-conversion/1026675585/?random=1253365459&cv=7&fst=1702068604641&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&sscte=1&crd=&pscrd=IhMI6I_R1...

42 B
455 B

115ms
48ms

Image
image/gif

2607:f8b0:4004:c08::67
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-conversion/1026675585/?random=1253365459&cv=7&fst=1702068604641&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&sscte=1&crd=&pscrd=IhMI6I_R1NuAgwMVCCloCB3HagY8&is_vtc=1&ocp_id=fIFzZejhN4jSoPMPx9WZ4AM&cid=CAQSKQDICaaN21oXdAvTwNyYTfHT7WkSzJpShr5elLZ3uZQWybkF_T_TaZKN&random=2008263577

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Server

2607:f8b0:4004:c08::67 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 20:50:05 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 08 Dec 2023 20:50:05 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://www.google.com/pagead/1p-conversion/1026675585/?random=1253365459&cv=7&fst=1702068604641&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&sscte=1&crd=&pscrd=IhMI6I_R1NuAgwMVCCloCB3HagY8&is_vtc=1&ocp_id=fIFzZejhN4jSoPMPx9WZ4AM&cid=CAQSKQDICaaN21oXdAvTwNyYTfHT7WkSzJpShr5elLZ3uZQWybkF_T_TaZKN&random=2008263577
content-type: image/gif
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 spotx_match
um.simpli.fi/ 0
272 B 63ms
61ms Image
text/plain 34.150.170.96
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/spotx_match

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

34.150.170.96 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

96.170.150.34.bc.googleusercontent.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 08 Dec 2023 20:50:04 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS

GET
H2

200

bounce
ib.adnxs.com/
Redirect Chain

https://um.simpli.fi/an
https://ib.adnxs.com/setuid?entity=66&code=AC639ECFFF794E4D856012A090030733
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3DAC639ECFFF794E4D856012A090030733

43 B
890 B

62ms
62ms

Image
image/gif

68.67.160.26
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3DAC639ECFFF794E4D856012A090030733

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Server

68.67.160.26 Jersey City, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

567.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 20:50:05 GMT
an-x-request-uuid: 8fd32fb7-db72-4bc4-a66b-7487ac07b629
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 96.9.249.43; 96.9.249.43; 567.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 08 Dec 2023 20:50:05 GMT
an-x-request-uuid: 3b97eb9e-76ef-47a4-a3ee-046d82a9cf1e
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3DAC639ECFFF794E4D856012A090030733
cache-control: no-store, no-cache, private
x-proxy-origin: 96.9.249.43; 96.9.249.43; 567.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/
Redirect Chain

https://um.simpli.fi/rb_match
https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=AC639ECFFF794E4D856012A090030733&expires=365

42 B
923 B

208ms
34ms

Image
image/gif

69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=AC639ECFFF794E4D856012A090030733&expires=365
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: HTTP/1.1
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: af308bb17a856a105b8c87aaae7d7f8c
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

date: Fri, 08 Dec 2023 20:50:04 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=AC639ECFFF794E4D856012A090030733&expires=365
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Thu, 07 Dec 2023 20:50:04 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://um.simpli.fi/ox_match
https://us-u.openx.net/w/1.0/sd?id=537072966&val=AC639ECFFF794E4D856012A090030733
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072966&val=AC639ECFFF794E4D856012A090030733

43 B
171 B

48ms
46ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537072966&val=AC639ECFFF794E4D856012A090030733
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 20:50:05 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537072966&val=AC639ECFFF794E4D856012A090030733
date: Fri, 08 Dec 2023 20:50:05 GMT
via: 1.1 google
server: OXGW/0.0.0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
p3p: CP="CUR ADM OUR NOR STA NID"

GET
H2

204

g_match
um.simpli.fi/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm&google_sc
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm=&google_sc=&google_tc=
https://um.simpli.fi/g_match?id=&google_gid=CAESEKpC-fc-PJ8_3RjPlM9Dm1Q&google_cver=1
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=AC639ECFFF794E4D856012A090030733
https://um.simpli.fi/g_match?id=

0
320 B

31ms
31ms

Image
text/plain

34.150.170.96
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/g_match?id=

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Server

34.150.170.96 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

96.170.150.34.bc.googleusercontent.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:05 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Thu, 07 Dec 2023 20:50:05 GMT

Redirect headers

pragma: no-cache
date: Fri, 08 Dec 2023 20:50:05 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://um.simpli.fi/g_match?id=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 229
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 8e57bf60-92fc-0138-1b41-06a60fe5fe77 Show response
tag.simpli.fi/sifitag/ 3 KB
1 KB 33ms
33ms Script
application/javascript 34.86.70.109
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.simpli.fi/sifitag/8e57bf60-92fc-0138-1b41-06a60fe5fe77
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JSBQT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.86.70.109 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 109.70.86.34.bc.googleusercontent.com
Software: openresty /
Resource Hash: 640f788e740207fea509698cb157f42a3126f70211439f7847629f927ebfb1e8

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 20:50:04 GMT
content-encoding: gzip
server: openresty
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
x-request-id: F572YM4ppQOSwrTSy1DC
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 visitor-app.85b5c859.min.js Show response
libs.salemove.com/ 686 KB
198 KB 36ms
35ms Script
application/javascript 2600:9000:250a:4e00:0:99b9:cd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://libs.salemove.com/visitor-app.85b5c859.min.js

Requested by

Host: libs.salemove.com
URL: https://libs.salemove.com/visitor/bootstrapper-b4d280865.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:250a:4e00:0:99b9:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

06379a5856668548f0a4ef088a085f11529ca908e85ed70d6bafac01f09efe68

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 08:17:48 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
via: 1.1 caafbc8a9aa04b09dd564a3ddef60622.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD12-P3
age: 304337
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 05 Dec 2023 08:08:18 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:3ed039ff6ec68e63c937cbef7ffab5f5
etag: W/"3ed039ff6ec68e63c937cbef7ffab5f5"
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method,Origin
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: C_LMAnrAFNCoe1Ca4bkMKZf4Hk5kQ5CULZlYoq9Y5k_qK11L_tcPuw==

GET
H2 200 visitor-app.85b5c859.default.css
libs.salemove.com/ 206 KB
31 KB 31ms
31ms Stylesheet
text/css 2600:9000:250a:4e00:0:99b9:cd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://libs.salemove.com/visitor-app.85b5c859.default.css

Requested by

Host: libs.salemove.com
URL: https://libs.salemove.com/visitor/bootstrapper-b4d280865.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:250a:4e00:0:99b9:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

54a36ace3d2d860fd3e4f5e0d59f43b6653c4c2ba6fd87ce73e2d3fc22b61a52

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 08:17:48 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
via: 1.1 caafbc8a9aa04b09dd564a3ddef60622.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD12-P3
age: 304337
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 05 Dec 2023 08:08:18 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:593e94f08cd3472f4bd4420fc198b2a7
etag: W/"593e94f08cd3472f4bd4420fc198b2a7"
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method,Origin
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: TGwrOzAQrw7h4bhteFp7fce9N4lrEvXqLjR40hIQrhjWP9Tei_T40w==

GET
H2 200 515a094e70ede9 Show response
api.salemove.com/visitor_app/85b5c859/sites/e7b986f0-08c0-465d-87ee-8fe6d30c005b/custom_locales/civista-custom/ 14 KB
14 KB 121ms
35ms XHR
application/json 2600:9000:24f2:7e00:17:4c3f:1b80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.salemove.com/visitor_app/85b5c859/sites/e7b986f0-08c0-465d-87ee-8fe6d30c005b/custom_locales/civista-custom/515a094e70ede9

Requested by

Host: cds-sdkcfg.onlineaccess1.com
URL: https://cds-sdkcfg.onlineaccess1.com/common.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:24f2:7e00:17:4c3f:1b80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a101e8ebc59e3c586a31ac2e44a6318936dc3cda8853178aad2c5438d8ce85a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 09:08:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 f7c749b4d9ba39d7629c0f2f434dfc76.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD55-P1
age: 301295
x-cache: Hit from cloudfront
content-length: 13839
access-control-max-age: 7200
access-control-allow-methods: GET, POST, PUT, PATCH, OPTIONS, HEAD, DELETE
content-type: application/json
access-control-allow-origin: https://www.civista.bank
access-control-expose-headers
cache-control: public, max-age=31536000
vary: Origin
access-control-allow-headers: Content-Type, Accept, Authorization
x-amz-cf-id: gx-hr_VrU2nrT8mCAliTpvN4GuH4yJbSBQ9WN1tif_Un_0i7gs2YHw==

GET
H2 200 gva-custom-chat-renderer.9ee1ee1.js Show response
libs.salemove.com/ 23 KB
8 KB 70ms
70ms Script
application/javascript 2600:9000:250a:4e00:0:99b9:cd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://libs.salemove.com/gva-custom-chat-renderer.9ee1ee1.js

Requested by

Host: libs.salemove.com
URL: https://libs.salemove.com/visitor/bootstrapper-b4d280865.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:250a:4e00:0:99b9:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

a19e35c238665b103fff54c0a89023a450c1d40f5cd58e01a7f5e5616d9aace7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 02:25:18 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
via: 1.1 caafbc8a9aa04b09dd564a3ddef60622.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD12-P3
age: 671087
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Wed, 25 Oct 2023 07:25:06 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:0f7fb6803bd6390810b1bd3849ed1eca
etag: W/"0f7fb6803bd6390810b1bd3849ed1eca"
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method,Origin
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: kGm9m0PZ-V02voP_oGVJATynVO1A5E86Pt3leKJnBKfFXEMd0x9t_g==

GET
H2 200 gva-custom-chat-renderer.9ee1ee1.css
libs.salemove.com/ 8 KB
2 KB 64ms
64ms Stylesheet
text/css 2600:9000:250a:4e00:0:99b9:cd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://libs.salemove.com/gva-custom-chat-renderer.9ee1ee1.css

Requested by

Host: libs.salemove.com
URL: https://libs.salemove.com/visitor/bootstrapper-b4d280865.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:250a:4e00:0:99b9:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

d7e3733c4cb4fbd606eb5ce52c0ff6dbc8e175e2fb2b8199ea0387339f425186

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 02:25:18 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
via: 1.1 caafbc8a9aa04b09dd564a3ddef60622.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD12-P3
age: 671087
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Wed, 25 Oct 2023 07:25:06 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:4c01dddd167e508399fb3f31894d95f0
etag: W/"4c01dddd167e508399fb3f31894d95f0"
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method,Origin
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: WSXDH6NAbONeAf05UyNflnt6CS3dcJm_3wKkaeNRF0ti9owlriz7xA==

GET
BLOB 200
OK 39bd65e0-ee1a-4ce1-ae28-1e07afc68aeb
https://www.civista.bank/ 2 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.civista.bank/39bd65e0-ee1a-4ce1-ae28-1e07afc68aeb
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1eec5d0bc72fba33ce753f6009a277e07041fb92d221ae5839bbc5e8fff1d0bb

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Length: 2479
Content-Type: text/javascript

GET
H2 200 bf17e430-b891-0138-1e9f-06a60fe5fe77 Show response
tag.simpli.fi/sifitag/ 0
245 B 44ms
43ms Script
application/javascript 34.86.70.109
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.simpli.fi/sifitag/bf17e430-b891-0138-1e9f-06a60fe5fe77
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JSBQT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.86.70.109 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 109.70.86.34.bc.googleusercontent.com
Software: openresty /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 20:50:04 GMT
server: openresty
content-type: application/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
x-request-id: F572YNA6U2Uf68m8vlyD
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 082e7d60-b893-0138-1e9f-06a60fe5fe77 Show response
tag.simpli.fi/sifitag/ 3 KB
1 KB 42ms
42ms Script
application/javascript 34.86.70.109
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.simpli.fi/sifitag/082e7d60-b893-0138-1e9f-06a60fe5fe77
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JSBQT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.86.70.109 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 109.70.86.34.bc.googleusercontent.com
Software: openresty /
Resource Hash: bdd3c7800965a7a57e7ff2e5b48ca51e532d6920d35c3ca03cd23962d84e3d0d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 20:50:04 GMT
content-encoding: gzip
server: openresty
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
x-request-id: F572YNA2mOmJni0Bv0ZB
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

asyncPixelSync Show response
pixel.sitescout.com/dmp/ Frame 84BA
Redirect Chain

https://pixel.sitescout.com/dmp/asyncPixelSync
https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1

1 KB
2 KB

39ms
38ms

Document
text/html

207.198.113.230
COGECO-PEER1

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 207.198.113.230 Herndon, United States, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: A /
Resource Hash: a5545a636197b50ea730e79744a7679df61dae8694ae84c6ff720caf18cac4cc

Request headers

Referer: https://www.civista.bank/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

cache-control: max-age=0,no-cache,no-store
content-length: 1174
content-type: text/html;charset=UTF-8
date: Fri, 08 Dec 2023 20:50:04 GMT
expires: Tue, 11 Oct 1977 12:34:56 GMT
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
server: A

Redirect headers

content-length: 0
date: Fri, 08 Dec 2023 20:50:04 GMT
location: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1
server: A

GET
H2

200

36982fd7215fac8e
pixel.sitescout.com/up/
Redirect Chain

https://pixel.sitescout.com/up/36982fd7215fac8e?cntr_url=https%3A%2F%2Fwww.civista.bank%2F
https://pixel.sitescout.com/up/36982fd7215fac8e?cookieQ=1&cntr_url=https%3A%2F%2Fwww.civista.bank%2F

43 B
417 B

36ms
35ms

Image
image/gif

207.198.113.230
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.sitescout.com/up/36982fd7215fac8e?cookieQ=1&cntr_url=https%3A%2F%2Fwww.civista.bank%2F
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Server: 207.198.113.230 Herndon, United States, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 20:50:04 GMT
server: AC1.1
content-type: image/gif
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
cache-control: max-age=0,no-cache,no-store
content-length: 43
expires: Tue, 11 Oct 1977 12:34:56 GMT

Redirect headers

location: https://pixel.sitescout.com/up/36982fd7215fac8e?cookieQ=1&cntr_url=https%3A%2F%2Fwww.civista.bank%2F
date: Fri, 08 Dec 2023 20:50:04 GMT
server: AC1.1
content-length: 0

GET
H2

200

asyncPixelSync Show response
pixel.sitescout.com/dmp/ Frame CA6B
Redirect Chain

https://pixel.sitescout.com/dmp/asyncPixelSync
https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1

1 KB
2 KB

37ms
36ms

Document
text/html

207.198.113.230
COGECO-PEER1

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 207.198.113.230 Herndon, United States, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: A /
Resource Hash: a5545a636197b50ea730e79744a7679df61dae8694ae84c6ff720caf18cac4cc

Request headers

Referer: https://www.civista.bank/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

cache-control: max-age=0,no-cache,no-store
content-length: 1174
content-type: text/html;charset=UTF-8
date: Fri, 08 Dec 2023 20:50:04 GMT
expires: Tue, 11 Oct 1977 12:34:56 GMT
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
server: A

Redirect headers

content-length: 0
date: Fri, 08 Dec 2023 20:50:05 GMT
location: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1
server: A

GET
H2

200

b9b3db3266ee4d75
pixel.sitescout.com/up/
Redirect Chain

https://pixel.sitescout.com/up/b9b3db3266ee4d75?cntr_url=https%3A%2F%2Fwww.civista.bank%2F
https://pixel.sitescout.com/up/b9b3db3266ee4d75?cookieQ=1&cntr_url=https%3A%2F%2Fwww.civista.bank%2F

43 B
417 B

39ms
38ms

Image
image/gif

207.198.113.230
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.sitescout.com/up/b9b3db3266ee4d75?cookieQ=1&cntr_url=https%3A%2F%2Fwww.civista.bank%2F
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Server: 207.198.113.230 Herndon, United States, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 20:50:04 GMT
server: AC1.1
content-type: image/gif
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
cache-control: max-age=0,no-cache,no-store
content-length: 43
expires: Tue, 11 Oct 1977 12:34:56 GMT

Redirect headers

location: https://pixel.sitescout.com/up/b9b3db3266ee4d75?cookieQ=1&cntr_url=https%3A%2F%2Fwww.civista.bank%2F
date: Fri, 08 Dec 2023 20:50:04 GMT
server: AC1.1
content-length: 0

GET
H2

200

asyncPixelSync Show response
pixel.sitescout.com/dmp/ Frame F8E0
Redirect Chain

https://pixel.sitescout.com/dmp/asyncPixelSync
https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1

1 KB
2 KB

35ms
34ms

Document
text/html

207.198.113.230
COGECO-PEER1

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 207.198.113.230 Herndon, United States, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: A /
Resource Hash: a5545a636197b50ea730e79744a7679df61dae8694ae84c6ff720caf18cac4cc

Request headers

Referer: https://www.civista.bank/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

cache-control: max-age=0,no-cache,no-store
content-length: 1174
content-type: text/html;charset=UTF-8
date: Fri, 08 Dec 2023 20:50:05 GMT
expires: Tue, 11 Oct 1977 12:34:56 GMT
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
server: A

Redirect headers

content-length: 0
date: Fri, 08 Dec 2023 20:50:04 GMT
location: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1
server: A

GET
H2

200

eb55ff7c1f7ae19f
pixel.sitescout.com/up/
Redirect Chain

https://pixel.sitescout.com/up/eb55ff7c1f7ae19f?cntr_url=https%3A%2F%2Fwww.civista.bank%2F
https://pixel.sitescout.com/up/eb55ff7c1f7ae19f?cookieQ=1&cntr_url=https%3A%2F%2Fwww.civista.bank%2F

43 B
267 B

38ms
37ms

Image
image/gif

207.198.113.230
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.sitescout.com/up/eb55ff7c1f7ae19f?cookieQ=1&cntr_url=https%3A%2F%2Fwww.civista.bank%2F
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Server: 207.198.113.230 Herndon, United States, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 20:50:04 GMT
server: AC1.1
content-type: image/gif
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
cache-control: max-age=0,no-cache,no-store
content-length: 43
expires: Tue, 11 Oct 1977 12:34:56 GMT

Redirect headers

location: https://pixel.sitescout.com/up/eb55ff7c1f7ae19f?cookieQ=1&cntr_url=https%3A%2F%2Fwww.civista.bank%2F
date: Fri, 08 Dec 2023 20:50:04 GMT
server: AC1.1
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
54 B 33ms
32ms Image
text/plain 2a03:2880:f103:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=2630065057249545&ev=PageView&dl=https%3A%2F%2Fwww.civista.bank&rl=&if=false&ts=1702068605138&sw=1600&sh=1200&v=2.9.138&r=stable&ec=0&o=4124&fbp=fb.1.1702068604797.1233218223&pm=1&hrl=2973f7&ler=empty&it=1702068604493&coo=false&cs_cc=1&cas=5696318427105191%2C4014554915333592&rqm=GET

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f103:83:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 08 Dec 2023 20:50:05 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2

200

asyncPixelSync Show response
pixel.sitescout.com/dmp/ Frame 5B1F
Redirect Chain

https://pixel.sitescout.com/dmp/asyncPixelSync
https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1

1 KB
2 KB

38ms
36ms

Document
text/html

207.198.113.230
COGECO-PEER1

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 207.198.113.230 Herndon, United States, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: A /
Resource Hash: a5545a636197b50ea730e79744a7679df61dae8694ae84c6ff720caf18cac4cc

Request headers

Referer: https://www.civista.bank/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

cache-control: max-age=0,no-cache,no-store
content-length: 1174
content-type: text/html;charset=UTF-8
date: Fri, 08 Dec 2023 20:50:04 GMT
expires: Tue, 11 Oct 1977 12:34:56 GMT
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
server: A

Redirect headers

content-length: 0
date: Fri, 08 Dec 2023 20:50:04 GMT
location: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1
server: A

GET
H2

200

aedb6fde05d12965
pixel.sitescout.com/up/
Redirect Chain

https://pixel.sitescout.com/up/aedb6fde05d12965?cntr_url=https%3A%2F%2Fwww.civista.bank%2F
https://pixel.sitescout.com/up/aedb6fde05d12965?cookieQ=1&cntr_url=https%3A%2F%2Fwww.civista.bank%2F

43 B
267 B

39ms
39ms

Image
image/gif

207.198.113.230
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.sitescout.com/up/aedb6fde05d12965?cookieQ=1&cntr_url=https%3A%2F%2Fwww.civista.bank%2F
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Server: 207.198.113.230 Herndon, United States, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 20:50:04 GMT
server: AC1.1
content-type: image/gif
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
cache-control: max-age=0,no-cache,no-store
content-length: 43
expires: Tue, 11 Oct 1977 12:34:56 GMT

Redirect headers

location: https://pixel.sitescout.com/up/aedb6fde05d12965?cookieQ=1&cntr_url=https%3A%2F%2Fwww.civista.bank%2F
date: Fri, 08 Dec 2023 20:50:04 GMT
server: AC1.1
content-length: 0

GET
H2 200 asyncPixelSync Show response
pixel.sitescout.com/dmp/ Frame 747B 1 KB
2 KB 34ms
34ms Document
text/html 207.198.113.230
COGECO-PEER1

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.sitescout.com/dmp/asyncPixelSync
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 207.198.113.230 Herndon, United States, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: A /
Resource Hash: 59530519ba4c84751914980286d91d2ee1e2edec6fd659225e64a64bfa959d3d

Request headers

Referer: https://www.civista.bank/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

cache-control: max-age=0,no-cache,no-store
content-length: 1151
content-type: text/html;charset=UTF-8
date: Fri, 08 Dec 2023 20:50:05 GMT
expires: Tue, 11 Oct 1977 12:34:56 GMT
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
server: A

GET
H2 200 e53a95db421da9c8
pixel.sitescout.com/up/ 43 B
267 B 32ms
32ms Image
image/gif 207.198.113.230
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.sitescout.com/up/e53a95db421da9c8?cntr_url=https%3A%2F%2Fwww.civista.bank%2F
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 207.198.113.230 Herndon, United States, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 20:50:04 GMT
server: AC1.1
content-type: image/gif
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
cache-control: max-age=0,no-cache,no-store
content-length: 43
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2

200

demconf.jpg
dpm.demdex.net/ Frame F8E0
Redirect Chain

https://dpm.demdex.net/ibs:dpid=82530&dpuuid=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent=
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent=

42 B
716 B

60ms
57ms

Image
image/gif

18.214.161.191
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent=

Protocol

Server

18.214.161.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-214-161-191.compute-1.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

dcs: dcs-prod-va6-1-v053-08cf493c1.edge-va6.demdex.com 6 ms
pragma: no-cache
date: Fri, 08 Dec 2023 20:50:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: v0+Wc4qQRiM=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

dcs: dcs-prod-va6-1-v053-0828fa255.edge-va6.demdex.com 0 ms
pragma: no-cache
date: Fri, 08 Dec 2023 20:50:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-tid: 6jqUHtIZSkU=
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent=
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H3 200 receive
pixel.tapad.com/idsync/ex/ Frame F8E0 95 B
124 B 48ms
47ms Image
image/png 34.111.113.62
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive?partner_id=2499&partner_device_id=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

62.113.111.34.bc.googleusercontent.com

Software

Jetty(11.0.13) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:05 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: Jetty(11.0.13)
content-type: image/png
access-control-allow-origin: *
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95

GET
H2

200

pixel.gif
load77.exelator.com/ Frame F8E0
Redirect Chain

https://loadm.exelator.com/load/?p=204&g=700&j=0&buid=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent=
https://load77.exelator.com/pixel.gif

43 B
384 B

110ms
32ms

Image
image/gif

2a02:6ea0:e200::2
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://load77.exelator.com/pixel.gif
Protocol: H2
Server: 2a02:6ea0:e200::2 Ashburn, United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-77-pop: ashburnUSVA
date: Fri, 08 Dec 2023 20:50:05 GMT
x-age-lb: 222909
x-77-cache: HIT
x-accel-date: 1701845696
content-length: 43
x-77-nzt: EQwBJRPOBAH3vWYDAA
x-accel-expires: @1702882496
x-77-age: 222909
x-cache-lb: HIT
last-modified: Wed, 25 Oct 2017 17:03:56 GMT
server: CDN77-Turbo
etag: "59f0c3fc-2b"
x-77-nzt-ray: 8e305f1c2e116abd7d817365069c5321
content-type: image/gif
access-control-allow-origin: *
accept-ranges: bytes

Redirect headers

date: Fri, 08 Dec 2023 20:50:05 GMT
server: nginx
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
location: https://load77.exelator.com/pixel.gif
content-type: image/gif
cache-control: no-cache
access-control-allow-credentials: true
content-length: 0

GET
H3 200 384136.gif
idsync.rlcdn.com/ Frame F8E0 42 B
60 B 64ms
58ms Image
image/gif 35.244.154.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/384136.gif?partner_uid=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent=
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.154.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.154.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:05 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

GET
H2 200 qmap
sync.crwdcntrl.net/ Frame F8E0 49 B
264 B 158ms
78ms Image
image/gif 3.225.254.35
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent=
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.225.254.35 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-225-254-35.compute-1.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 20:50:05 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.40.49.42
content-length: 49
expires: 0

GET
H2

200

demconf.jpg
dpm.demdex.net/ Frame CA6B
Redirect Chain

https://dpm.demdex.net/ibs:dpid=82530&dpuuid=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent=
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent=

42 B
716 B

45ms
42ms

Image
image/gif

18.214.161.191
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent=

Protocol

Server

18.214.161.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-214-161-191.compute-1.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

dcs: dcs-prod-va6-1-v053-02e88a997.edge-va6.demdex.com 2 ms
pragma: no-cache
date: Fri, 08 Dec 2023 20:50:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: Ynw9ptu+QQA=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

dcs: dcs-prod-va6-2-v053-0ee09821b.edge-va6.demdex.com 0 ms
pragma: no-cache
date: Fri, 08 Dec 2023 20:50:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-tid: x+ExVqheQmA=
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent=
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H3 200 receive
pixel.tapad.com/idsync/ex/ Frame CA6B 95 B
124 B 54ms
49ms Image
image/png 34.111.113.62
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive?partner_id=2499&partner_device_id=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553

Requested by

Host: pixel.sitescout.com
URL: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1

Protocol

Security

QUIC, , AES_128_GCM

Server

34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

62.113.111.34.bc.googleusercontent.com

Software

Jetty(11.0.13) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:05 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: Jetty(11.0.13)
content-type: image/png
access-control-allow-origin: *
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95

GET
H2

200

pixel.gif
load77.exelator.com/ Frame CA6B
Redirect Chain

https://loadm.exelator.com/load/?p=204&g=700&j=0&buid=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent=
https://load77.exelator.com/pixel.gif

43 B
383 B

113ms
32ms

Image
image/gif

2a02:6ea0:e200::2
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://load77.exelator.com/pixel.gif
Protocol: H2
Server: 2a02:6ea0:e200::2 Ashburn, United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-77-pop: ashburnUSVA
date: Fri, 08 Dec 2023 20:50:05 GMT
x-age-lb: 222909
x-77-cache: HIT
x-accel-date: 1701845696
content-length: 43
x-77-nzt: EQwBJRPOBAH3vWYDAA
x-accel-expires: @1702882496
x-77-age: 222909
x-cache-lb: HIT
last-modified: Wed, 25 Oct 2017 17:03:56 GMT
server: CDN77-Turbo
etag: "59f0c3fc-2b"
x-77-nzt-ray: 8e305f1c2e116abd7d8173657d375d21
content-type: image/gif
access-control-allow-origin: *
accept-ranges: bytes

Redirect headers

date: Fri, 08 Dec 2023 20:50:05 GMT
server: nginx
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
location: https://load77.exelator.com/pixel.gif
content-type: image/gif
cache-control: no-cache
access-control-allow-credentials: true
content-length: 0

GET
H3 200 384136.gif
idsync.rlcdn.com/ Frame CA6B 42 B
60 B 63ms
58ms Image
image/gif 35.244.154.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/384136.gif?partner_uid=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent=
Requested by: Host: pixel.sitescout.com
URL: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.154.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.154.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:05 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

GET
H2 200 qmap
sync.crwdcntrl.net/ Frame CA6B 49 B
265 B 172ms
93ms Image
image/gif 3.225.254.35
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent=
Requested by: Host: pixel.sitescout.com
URL: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.225.254.35 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-225-254-35.compute-1.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 20:50:05 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.40.56.220
content-length: 49
expires: 0

GET
H2

200

demconf.jpg
dpm.demdex.net/ Frame 5B1F
Redirect Chain

https://dpm.demdex.net/ibs:dpid=82530&dpuuid=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent=
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent=

42 B
716 B

44ms
42ms

Image
image/gif

18.214.161.191
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent=

Protocol

Server

18.214.161.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-214-161-191.compute-1.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

dcs: dcs-prod-va6-2-v053-02bef33a2.edge-va6.demdex.com 2 ms
pragma: no-cache
date: Fri, 08 Dec 2023 20:50:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: b4/hMJ6fQSU=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

dcs: dcs-prod-va6-1-v053-0a2bb5007.edge-va6.demdex.com 0 ms
pragma: no-cache
date: Fri, 08 Dec 2023 20:50:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-tid: HeMDNPtFS0c=
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent=
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H3 200 receive
pixel.tapad.com/idsync/ex/ Frame 5B1F 95 B
124 B 53ms
50ms Image
image/png 34.111.113.62
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive?partner_id=2499&partner_device_id=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553

Requested by

Host: pixel.sitescout.com
URL: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1

Protocol

Security

QUIC, , AES_128_GCM

Server

34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

62.113.111.34.bc.googleusercontent.com

Software

Jetty(11.0.13) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:05 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: Jetty(11.0.13)
content-type: image/png
access-control-allow-origin: *
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95

GET
H2

200

pixel.gif
load77.exelator.com/ Frame 5B1F
Redirect Chain

https://loadm.exelator.com/load/?p=204&g=700&j=0&buid=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent=
https://load77.exelator.com/pixel.gif

43 B
383 B

112ms
33ms

Image
image/gif

2a02:6ea0:e200::2
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://load77.exelator.com/pixel.gif
Protocol: H2
Server: 2a02:6ea0:e200::2 Ashburn, United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-77-pop: ashburnUSVA
date: Fri, 08 Dec 2023 20:50:05 GMT
x-age-lb: 222909
x-77-cache: HIT
x-accel-date: 1701845696
content-length: 43
x-77-nzt: EQwBJRPOBAH3vWYDAA
x-accel-expires: @1702882496
x-77-age: 222909
x-cache-lb: HIT
last-modified: Wed, 25 Oct 2017 17:03:56 GMT
server: CDN77-Turbo
etag: "59f0c3fc-2b"
x-77-nzt-ray: 8e305f1c2e116abd7d81736575146c21
content-type: image/gif
access-control-allow-origin: *
accept-ranges: bytes

Redirect headers

date: Fri, 08 Dec 2023 20:50:05 GMT
server: nginx
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
location: https://load77.exelator.com/pixel.gif
content-type: image/gif
cache-control: no-cache
access-control-allow-credentials: true
content-length: 0

GET
H3 200 384136.gif
idsync.rlcdn.com/ Frame 5B1F 42 B
60 B 60ms
57ms Image
image/gif 35.244.154.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/384136.gif?partner_uid=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent=
Requested by: Host: pixel.sitescout.com
URL: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.154.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.154.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:05 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

GET
H2 200 qmap
sync.crwdcntrl.net/ Frame 5B1F 49 B
264 B 126ms
49ms Image
image/gif 3.225.254.35
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent=
Requested by: Host: pixel.sitescout.com
URL: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.225.254.35 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-225-254-35.compute-1.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 20:50:05 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.40.50.9
content-length: 49
expires: 0

GET
H2

200

demconf.jpg
dpm.demdex.net/ Frame 84BA
Redirect Chain

https://dpm.demdex.net/ibs:dpid=82530&dpuuid=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent=
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent=

42 B
715 B

44ms
40ms

Image
image/gif

18.214.161.191
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent=

Protocol

Server

18.214.161.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-214-161-191.compute-1.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

dcs: dcs-prod-va6-1-v053-03f38d59e.edge-va6.demdex.com 3 ms
pragma: no-cache
date: Fri, 08 Dec 2023 20:50:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: 0KD0Ks0zT90=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

dcs: dcs-prod-va6-2-v053-0b264a712.edge-va6.demdex.com 0 ms
pragma: no-cache
date: Fri, 08 Dec 2023 20:50:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-tid: kafrzpMERz8=
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent=
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H3 200 receive
pixel.tapad.com/idsync/ex/ Frame 84BA 95 B
124 B 49ms
47ms Image
image/png 34.111.113.62
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive?partner_id=2499&partner_device_id=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553

Requested by

Host: pixel.sitescout.com
URL: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1

Protocol

Security

QUIC, , AES_128_GCM

Server

34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

62.113.111.34.bc.googleusercontent.com

Software

Jetty(11.0.13) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:05 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: Jetty(11.0.13)
content-type: image/png
access-control-allow-origin: *
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95

GET
H2

200

pixel.gif
load77.exelator.com/ Frame 84BA
Redirect Chain

https://loadm.exelator.com/load/?p=204&g=700&j=0&buid=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent=
https://load77.exelator.com/pixel.gif

43 B
383 B

114ms
33ms

Image
image/gif

2a02:6ea0:e200::2
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://load77.exelator.com/pixel.gif
Protocol: H2
Server: 2a02:6ea0:e200::2 Ashburn, United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-77-pop: ashburnUSVA
date: Fri, 08 Dec 2023 20:50:05 GMT
x-age-lb: 222909
x-77-cache: HIT
x-accel-date: 1701845696
content-length: 43
x-77-nzt: EQwBJRPOBAH3vWYDAA
x-accel-expires: @1702882496
x-77-age: 222909
x-cache-lb: HIT
last-modified: Wed, 25 Oct 2017 17:03:56 GMT
server: CDN77-Turbo
etag: "59f0c3fc-2b"
x-77-nzt-ray: 8e305f1c2e116abd7d817365d3246421
content-type: image/gif
access-control-allow-origin: *
accept-ranges: bytes

Redirect headers

date: Fri, 08 Dec 2023 20:50:05 GMT
server: nginx
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
location: https://load77.exelator.com/pixel.gif
content-type: image/gif
cache-control: no-cache
access-control-allow-credentials: true
content-length: 0

GET
H3 200 384136.gif
idsync.rlcdn.com/ Frame 84BA 42 B
60 B 60ms
58ms Image
image/gif 35.244.154.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/384136.gif?partner_uid=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent=
Requested by: Host: pixel.sitescout.com
URL: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.154.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.154.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:05 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

GET
H2 200 qmap
sync.crwdcntrl.net/ Frame 84BA 49 B
264 B 311ms
236ms Image
image/gif 3.225.254.35
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent=
Requested by: Host: pixel.sitescout.com
URL: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.225.254.35 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-225-254-35.compute-1.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 20:50:05 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.40.54.15
content-length: 49
expires: 0

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 747B 170 B
188 B 45ms
44ms Image
image/png 142.251.163.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ssc&google_hm=36_qYOtZQVex_cRGgva7sWVzgX0

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.163.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wv-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 20:50:05 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 17724
tags.bluekai.com/site/ Frame 747B 62 B
359 B 115ms
109ms Image
image/gif 23.219.12.236
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.bluekai.com/site/17724?id=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.219.12.236 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-219-12-236.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
date: Fri, 08 Dec 2023 20:50:05 GMT
content-length: 62
content-type: image/gif

GET
H2 200 Pug
image2.pubmatic.com/AdServer/ Frame 747B 42 B
344 B 36ms
33ms Image
image/gif 8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MTI5NjAw&piggybackCookie=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent=
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Fri, 08 Dec 2023 20:50:05 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H3 200 sd
us-u.openx.net/w/1.0/ Frame 747B 43 B
61 B 48ms
47ms Image
image/gif 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072977&val=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent=
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 20:50:05 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 setuid
ib.adnxs.com/ Frame 747B 43 B
907 B 63ms
61ms Image
image/gif 68.67.160.26
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=133&code=dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&gdpr=0&gdpr_consent=

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.160.26 Jersey City, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

567.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 20:50:05 GMT
an-x-request-uuid: 6a6e5d33-9903-4e86-8a1e-7edfcef8056c
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 96.9.249.43; 96.9.249.43; 567.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 fonts.css Show response
www.civista.bank/assets/css/ 9 KB
2 KB 50ms
50ms XHR
text/css 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.civista.bank/assets/css/fonts.css?v=11242014

Requested by

Host: cds-sdkcfg.onlineaccess1.com
URL: https://cds-sdkcfg.onlineaccess1.com/common.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

8b169f3e534832ea2579d17af0e87c9b4a1beada4b7cae2ff04ec0475a293b76

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=16070400
via: varnish
x-b3-traceid: 06fe42290ec6aca7
age: 103566
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="fonts.css"
content-length: 1229
x-xss-protection: 1; mode=block
x-request-id: 8c9abeb6-5d27-9517-91bb-594b8d615b44
x-varnish-count: 516
last-modified: Mon, 28 Aug 2023 13:33:28 GMT
server: nginx
etag: "63e8626f859ae3f3f53081028102163c"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
x-varnish: 32277716 98525
cache-control: public, max-age=0
accept-ranges: bytes
expires: Thu, 07 Dec 2023 16:03:58 GMT

GET
H2 200 launcher.js Show response
widget.ellieservices.com/latest/ 150 KB
45 KB 383ms
306ms Script
application/javascript 18.160.10.117
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.ellieservices.com/latest/launcher.js?_=1702068604077
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/assets/js/jquery.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.160.10.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-160-10-117.iad12.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 059ce4240dfd40169375a005acc0a111c3a8cfe0fdf84b7575d971a04a1db6ae

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-amz-version-id: S9isk_SnBQPjNtaxNWy8IvmCETQvmLv.
content-encoding: gzip
via: 1.1 16d910967d343c8da7828222a653755e.cloudfront.net (CloudFront)
date: Fri, 08 Dec 2023 20:50:06 GMT
last-modified: Sun, 16 Oct 2022 04:43:15 GMT
server: AmazonS3
x-amz-cf-pop: IAD12-P3
x-amz-server-side-encryption: AES256
etag: W/"f579d437cfea72ee71a6ba6e1075d883"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
cache-control: max-age=0, no-cache
x-amz-cf-id: 1k2XbyRFXaJCVkZ8f2vxIzS5uVt6xxa-Cy0jbGMQV8k-4w8-undi6Q==

GET
H2 200 opensans-regular-webfont.woff2
www.civista.bank/assets/font/ 19 KB
19 KB 51ms
51ms Font
application/octet-stream 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.civista.bank/assets/font/opensans-regular-webfont.woff2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

9b5ed0b80f1e8863ca53c388c08ed83f6c344759958d94114b48dc1ed8ff04a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.civista.bank/
Origin: https://www.civista.bank
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:05 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: c8792cc83b2e8829
age: 103583
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="opensans-regular-webfont.woff2"
content-length: 19004
x-xss-protection: 1; mode=block
x-request-id: 1e15545a-eb09-9671-8419-0dc7cc6d6fa4
x-varnish-count: 2836
last-modified: Mon, 28 Aug 2023 13:33:29 GMT
server: nginx
etag: "89aa8f518c8d474c45236076313a3ebf"
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
x-varnish: 30598063 131094
cache-control: public, max-age=0
accept-ranges: bytes
expires: Thu, 07 Dec 2023 16:03:41 GMT

GET
H2 200 opensans-semibold-webfont.woff2
www.civista.bank/assets/font/ 18 KB
19 KB 51ms
51ms Font
application/octet-stream 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.civista.bank/assets/font/opensans-semibold-webfont.woff2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

de29febadc11297da12225f1573bc8085cf502d83b6c3f299e5116a7d8b37923

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.civista.bank/
Origin: https://www.civista.bank
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:05 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: 87c7a51110c7f081
age: 103575
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="opensans-semibold-webfont.woff2"
content-length: 18932
x-xss-protection: 1; mode=block
x-request-id: b5b86d03-83c9-9bf0-80a1-158c133d6875
x-varnish-count: 2827
last-modified: Mon, 28 Aug 2023 13:33:29 GMT
server: nginx
etag: "1b3ca172cfd099356ca0d363c30e471f"
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
x-varnish: 32152247 163963
cache-control: public, max-age=0
accept-ranges: bytes
expires: Thu, 07 Dec 2023 16:03:49 GMT

GET
H2 200 35C04F_0_0.woff2
www.civista.bank/assets/font/ 18 KB
19 KB 51ms
51ms Font
application/octet-stream 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.civista.bank/assets/font/35C04F_0_0.woff2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

180f75ca3c0aa05e9a774b4da426906d94482dfacd303ffda30764b5aa88ee69

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.civista.bank/
Origin: https://www.civista.bank
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:05 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: 763a95a21dc608a5
age: 103519
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="35C04F_0_0.woff2"
content-length: 18787
x-xss-protection: 1; mode=block
x-request-id: b3b7529d-18c9-9d29-8c3a-c395a0a368a8
x-varnish-count: 2840
last-modified: Mon, 28 Aug 2023 13:33:29 GMT
server: nginx
etag: "3508806e183e28ba1849427c3500a212"
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
x-varnish: 31762860 884770
cache-control: public, max-age=0
accept-ranges: bytes
expires: Thu, 07 Dec 2023 16:04:46 GMT

GET
H2 200 35C04F_2_0.woff2
www.civista.bank/assets/font/ 29 KB
30 KB 51ms
51ms Font
application/octet-stream 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.civista.bank/assets/font/35C04F_2_0.woff2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

915ab15e9b29ce608d8662463d299af37af61c9e43315d84da930e4b7edd8235

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.civista.bank/
Origin: https://www.civista.bank
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:05 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: cdde52130fe44098
age: 103570
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="35C04F_2_0.woff2"
content-length: 29753
x-xss-protection: 1; mode=block
x-request-id: 875a3d32-20de-99e1-b2e4-845041815717
x-varnish-count: 2662
last-modified: Mon, 28 Aug 2023 13:33:29 GMT
server: nginx
etag: "f9a55dbcc892ea915d51a46e46ed6bd9"
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
x-varnish: 32277717 852144
cache-control: public, max-age=0
accept-ranges: bytes
expires: Thu, 07 Dec 2023 16:03:55 GMT

GET
H2 200 35C04F_1_0.woff2
www.civista.bank/assets/font/ 20 KB
21 KB 51ms
50ms Font
application/octet-stream 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.civista.bank/assets/font/35C04F_1_0.woff2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

4cb5d9360d204bbfdb346c1d2c8c0ddffc8bbea569c267b4754710df62477018

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.civista.bank/
Origin: https://www.civista.bank
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:05 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: 5b05285150cfcd41
age: 103549
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="35C04F_1_0.woff2"
content-length: 20805
x-xss-protection: 1; mode=block
x-request-id: 091dbc30-2d50-98b0-b396-6a7ebdbb70b8
x-varnish-count: 2726
last-modified: Mon, 28 Aug 2023 13:33:29 GMT
server: nginx
etag: "6a149c71b2799c43a653a7e8bf1bc549"
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
x-varnish: 32152248 164206
cache-control: public, max-age=0
accept-ranges: bytes
expires: Thu, 07 Dec 2023 16:04:15 GMT

GET
H2 200 opensans-italic-webfont.woff2
www.civista.bank/assets/font/ 20 KB
21 KB 52ms
52ms Font
application/octet-stream 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.civista.bank/assets/font/opensans-italic-webfont.woff2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

4de18cf416fbb483a6c1b38200f53fca68c55fadd39a169956aaecdc79d8121d

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.civista.bank/
Origin: https://www.civista.bank
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:05 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: ecb6a59bd4100b22
age: 103519
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="opensans-italic-webfont.woff2"
content-length: 20804
x-xss-protection: 1; mode=block
x-request-id: 0511f031-0e89-95f2-b85c-b7e6e307aff1
x-varnish-count: 2613
last-modified: Mon, 28 Aug 2023 13:33:29 GMT
server: nginx
etag: "09963ae993cd857d757e269dbaad71dc"
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
x-varnish: 31762861 688190
cache-control: public, max-age=0
accept-ranges: bytes
expires: Thu, 07 Dec 2023 16:04:46 GMT

GET
H2 200 opensans-bold-webfont.woff2
www.civista.bank/assets/font/ 19 KB
20 KB 51ms
51ms Font
application/octet-stream 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.civista.bank/assets/font/opensans-bold-webfont.woff2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

4928f1ccc81d958e1cd88865ac953eceefc06b1f090336f48b3ff95c1e25cc63

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.civista.bank/
Origin: https://www.civista.bank
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 20:50:05 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: 8276ac904492e2a9
age: 103561
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="opensans-bold-webfont.woff2"
content-length: 19700
x-xss-protection: 1; mode=block
x-request-id: 7005dc92-0a89-9bfb-8f38-3161c6fbf7da
x-varnish-count: 2801
last-modified: Mon, 28 Aug 2023 13:33:29 GMT
server: nginx
etag: "61db671b3a4f01e9f79f93497c2aa136"
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
x-varnish: 31081245 1212672
cache-control: public, max-age=0
accept-ranges: bytes
expires: Thu, 07 Dec 2023 16:04:03 GMT

POST
H/1.1 204
No Content /
client-logger.salemove.com/ 0
0 144ms
54ms Fetch 52.7.4.58
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://client-logger.salemove.com/

Requested by

Host: cds-sdkcfg.onlineaccess1.com
URL: https://cds-sdkcfg.onlineaccess1.com/common.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.7.4.58 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-7-4-58.compute-1.amazonaws.com

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.civista.bank/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=31536000
date: Fri, 08 Dec 2023 20:50:07 GMT
server: envoy
vary: Origin
access-control-max-age: 7200
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-expose-headers
x-envoy-upstream-service-time: 4

Verdicts & Comments Add Verdict or Comment

67 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

69 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.civista.bank/	1970-01-20 16:48:21	Name: PLAY_SESSION Value: 61c522b509deb39b11b286c8afcb935f26615d4a-v=1
.www.civista.bank/	1970-01-21 02:23:48	Name: __bkp Value: 5c7b3890-960b-11ee-b6ac-02426b88e02c
.onlineaccess1.com/	1969-12-31 23:59:59	Name: __cfruid Value: c83c9693ed2291642478275868e8aeb69b21f950-1702068603
.civista.bank/	1970-01-21 02:23:48	Name: _ga_6ZSG1S7BHC Value: GS1.1.1702068604.1.0.1702068604.60.0.0
.civista.bank/	1970-01-21 02:23:48	Name: _ga Value: GA1.1.1231163232.1702068604
.civista.bank/	1970-01-20 18:57:24	Name: _gcl_au Value: 1.1.422160330.1702068604
api.glia.com/	1970-01-21 01:33:24	Name: visitor_session Value: eyJhbGciOiJFUzI1NiJ9.eyJpYXQiOjE3MDIwNjg2MDQsInZpc2l0b3JfaWQiOiI2ZGZhZDNiMS0yYjE2LTQ5MjctYjg4Ny0xMTU0ZmIzZGI0MTkiLCJpc3MiOiJHbGlhIFNpdGUgVmlzaXRvciBDb25maWciLCJraWQiOiI4OWVhNjI0OS1mZDdhLTQ5MDMtODZjNi0xYmJiYTg1ZDc5ZWIifQ.78tCxrgpQj7uQEl6b8L6jvr0C8ewnhIQpdmH70eL4140q9_g6xc6tC0Axv98hYf_4iQP8MKVbp_Vc1dRPXVhEw
api.glia.com/	1970-01-20 16:47:48	Name: partitioned_visitor_session Value: eyJhbGciOiJFUzI1NiJ9.eyJpYXQiOjE3MDIwNjg2MDQsInZpc2l0b3JfaWQiOiI2ZGZhZDNiMS0yYjE2LTQ5MjctYjg4Ny0xMTU0ZmIzZGI0MTkiLCJpc3MiOiJHbGlhIFNpdGUgVmlzaXRvciBDb25maWciLCJraWQiOiI4OWVhNjI0OS1mZDdhLTQ5MDMtODZjNi0xYmJiYTg1ZDc5ZWIifQ.78tCxrgpQj7uQEl6b8L6jvr0C8ewnhIQpdmH70eL4140q9_g6xc6tC0Axv98hYf_4iQP8MKVbp_Vc1dRPXVhEw
.simpli.fi/	1970-01-21 01:34:51	Name: suid Value: AC639ECFFF794E4D856012A090030733
.linkedin.com/	1970-01-20 18:57:24	Name: li_sugr Value: 9994f386-d4ac-4138-8b30-446b42c7d587
.linkedin.com/	1970-01-21 01:33:24	Name: bcookie Value: "v=2&797145f0-f190-4a73-867f-27c0ed32876a"
.linkedin.com/	1970-01-20 16:49:15	Name: lidc Value: "b=OGST01:s=O:r=O:a=O:p=O:g=3121:u=1:x=1:i=1702068604:t=1702155004:v=2:sig=AQHZpZeOyL7K9-K472DBDtepdMRgCmR5"
.civista.bank/	1970-01-21 02:23:48	Name: __bkp Value: 5c7b3890-960b-11ee-b6ac-02426b88e02c
.linkedin.com/	1970-01-20 17:31:00	Name: UserMatchHistory Value: AQI-DXxQznomFAAAAYxLMc5IaLvPTV7bVeJxz-dLAddPKO--WPOTfT1e1QuaXciNNmMZSPRQEXM9RQ
.linkedin.com/	1970-01-20 17:31:00	Name: AnalyticsSyncHistory Value: AQIpNjkSN1TA2AAAAYxLMc5Ifnkm67ioeHYzJe7F9s5OSf9zMpzhQXklRALcd2IzYgEClFRNaK_kd77zytskxA
.simpli.fi/	1970-01-20 16:57:53	Name: uid_syncd_secure Value: true
.www.linkedin.com/	1970-01-21 01:33:24	Name: bscookie Value: "v=1&202312082050049ed9cd5f-c839-48b8-85a7-d98c532bf828AQGor2o0aU2saMxYyoUffuUjme6FjHKX"
.civista.bank/	1970-01-20 18:57:24	Name: _fbp Value: fb.1.1702068604797.1233218223
.pubmatic.com/	1970-01-20 17:31:00	Name: KRTBCOOKIE_148 Value: 19421-uid:AC639ECFFF794E4D856012A090030733&KRTB&23486-uid:AC639ECFFF794E4D856012A090030733&KRTB&23489-uid:AC639ECFFF794E4D856012A090030733&KRTB&23539-uid:AC639ECFFF794E4D856012A090030733
.1rx.io/	1970-01-21 01:33:24	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-e12b8804-cc76-41dd-ac87-e62b45183045-005%22%7D
.agkn.com/	1970-01-21 01:33:24	Name: ab Value: 0001%3AbKDZOT6uqO%2BDZ%2BWytotSFcpx%2FMmtIHRe
.tapad.com/	1970-01-20 18:14:12	Name: TapAd_TS Value: 1702068605034
.tapad.com/	1970-01-20 18:14:12	Name: TapAd_DID Value: 2958de8f-72b7-4140-b25f-942a4e015ecf
.lijit.com/	1970-01-21 01:33:24	Name: ljt_reader Value: HyeCiQZHPafsab6DSWKVXnft
.openx.net/	1970-01-21 01:33:24	Name: i Value: 56b8eeff-afaf-492a-a5f3-16fe07ad62ed\|1702068605
.doubleclick.net/	1970-01-21 02:23:48	Name: IDE Value: AHWqTUku6n_CQgQf_rFzkrTV6lw9CBX7GOdJrYeySzp8OWdzyWE0S-yAxnuSqfyt
.rlcdn.com/	1970-01-21 01:33:24	Name: rlas3 Value: PP1RA4mQgPTKxA/DImddZJXaUwxrWMqTeXsaKrLadfk=
.3lift.com/	1970-01-20 18:57:24	Name: tluid Value: 3379683140289860150702
.yahoo.com/	1970-01-21 01:33:46	Name: A3 Value: d=AQABBH2Bc2UCEHevgzd6BXyeQRIVIMA4nbAFEgEBAQHSdGV9ZdxH0iMA_eMAAA&S=AQAAAhfvW9uvzgf9ceiGBMvxUis
.crwdcntrl.net/	1969-12-31 23:59:59	Name: _cc_cc Value: ctst
.exelator.com/	1970-01-20 19:40:36	Name: EE Value: "ed4a4d5a7ed29754dffab7bfbffcf666"
.smaato.net/	1970-01-20 17:18:03	Name: SCM Value: c6c628f935
.smaato.net/	1970-01-20 17:18:03	Name: SCMtu Value: c6c628f935
.smaato.net/	1970-01-20 17:18:03	Name: SCM1001136 Value: c6c628f935
.intentiq.com/	1970-01-21 02:23:48	Name: intentIQ Value: GX5GgJkNg0
.intentiq.com/	1970-01-21 02:23:48	Name: IQver Value: 1.9
.bfmio.com/	1970-01-21 01:33:24	Name: __141_cid Value: AC639ECFFF794E4D856012A090030733
.bfmio.com/	1970-01-21 01:33:24	Name: __io_cid Value: a43a4ddb0747a6223a9119ff679271f4718f345b
.tapad.com/	1970-01-20 18:14:12	Name: TapAd_3WAY_SYNCS Value:
.pro-market.net/	1970-01-20 17:31:00	Name: anHistory Value: "bt1xwcfqonz6+2+!#7%.%o#cB5"
.rlcdn.com/	1970-01-20 18:14:12	Name: pxrc Value: CP2CzqsGEgUI6AcQABIFCOhHEAA=
.adnxs.com/	1970-01-20 18:57:24	Name: uuid2 Value: 533410862667226526
.analytics.yahoo.com/	1970-01-21 01:33:24	Name: IDSYNC Value: 176k~2fhw
.bluekai.com/	1970-01-20 21:11:19	Name: bku Value: blx99ctOztPkBeGV
.lijit.com/	1970-01-21 01:33:24	Name: _ljtrtb_2 Value: AC639ECFFF794E4D856012A090030733
.exelator.com/	1970-01-20 19:40:36	Name: ud Value: "eJxrXxzq6XKLQSE1xSTRJMU00Tw1xcjS3NQkJS0tMck8KS0pLS05zczMbHFZatGCpaXFqSlJh5ZU5JTkNK0uiw91jHdz9PX0iVzmnFGUn5u6AiwU5hq02NDIYEl%252BUWb6otDgxUUpaQyLSopPBR9TnQkAGi0rlQ%253D%253D"
.rubiconproject.com/	1970-01-21 01:33:24	Name: khaos Value: LPX3P90D-U-6FO
.rubiconproject.com/	1970-01-21 01:33:24	Name: audit Value: 1\|diImm/z4kVZUtk1AXIhzo4MOQtgOFTOzYCXcbzvFTEMJuCL1SieyTYEi4lWB/xlGFCi9Z0fMiSBw0S94mtzOHxX1ClJMS060s8vYM4pkAik+MXrWHPddcWXEPa2GtBR9hDM9s4KUIWbzPBH/A0NlvlEd6oeyv3vtwP3NzD435qNZYr2f2sSAEVDfv570ZGhx
pixel.rubiconproject.com/	1970-01-20 18:57:24	Name: receive-cookie-deprecation Value: 1
.ads.stickyadstv.com/	1970-01-20 17:31:00	Name: UID Value: 947599a45df523a1befe2f6a4d81a69
.ads.stickyadstv.com/	1970-01-20 16:49:15	Name: uid-bp-26865 Value: AC639ECFFF794E4D856012A090030733
.agkn.com/	1970-01-21 01:33:24	Name: u Value: C\|0AAAAAAAALQY9_QAAAAAA
.sitescout.com/	1970-01-21 01:33:24	Name: ssi Value: dfafea60-eb59-4157-b1fd-c44682f6bbb1#1702068605197
.intentiq.com/	1970-01-21 02:23:48	Name: CSDT Value: UEQ6MTAwNDNfMCZUeHNvUE9y
.intentiq.com/	1970-01-21 02:23:48	Name: IQPData Value: 1611266347#1702068605207#0#1702068605207
.intentiq.com/	1970-01-21 02:23:48	Name: ASDT Value: 0
.intentiq.com/	1970-01-21 02:23:48	Name: intentIQCDate Value: 1702068605208
.pro-market.net/	1970-01-20 21:07:00	Name: anProfile Value: "bt1xwcfqonz6+1+1j=57:1+rs=s+rt=2602FFC8000201040000000000000007+s2=(s5d8jh)+vm=24-AC639ECFFF794E4D856012A090030733:53-CAESEAw_BDDXiWuOZU7gElcN0jw"
.pippio.com/	1970-01-21 01:33:24	Name: did Value: r_kGsEiLgd6tz6IU
.pippio.com/	1970-01-21 01:33:24	Name: didts Value: 1702068605
.pippio.com/	1970-01-20 18:14:12	Name: nnls Value:
.pippio.com/	1970-01-20 18:14:12	Name: pxrc Value: CP2CzqsGEgYIgr0rEAA=
.sitescout.com/	1970-01-20 17:31:00	Name: _ssuma Value: eyI0NSI6MTcwMjA2ODYwNTQwNiwiMiI6MTcwMjA2ODYwNTIzMiwiNjgiOjE3MDIwNjg2MDU0MDYsIjMiOjE3MDIwNjg2MDU0MDYsIjQiOjE3MDIwNjg2MDUyMzIsIjM5IjoxNzAyMDY4NjA1MjMyLCIxNyI6MTcwMjA2ODYwNTQwNiwiNyI6MTcwMjA2ODYwNTIzMiwiOCI6MTcwMjA2ODYwNTIzMiwiNDIiOjE3MDIwNjg2MDU0MDZ9
.targeting.unrulymedia.com/	1970-01-21 01:33:24	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-e12b8804-cc76-41dd-ac87-e62b45183045-005%22%7D
.pubmatic.com/	1970-01-20 18:57:24	Name: KRTBCOOKIE_188 Value: 3189-dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553&KRTB&23418-dfafea60-eb59-4157-b1fd-c44682f6bbb1-6573817d-5553
.pubmatic.com/	1970-01-20 17:31:00	Name: PugT Value: 1702068605
.adnxs.com/	1970-01-20 18:57:24	Name: anj Value: dTM7k!M40dWIy(ghqdmU(7S(qc`=)!]tbPl1N!7OnM$=BX%2gm4Dtl!1iilx]0pe8XYGgjZXLiH75KcyCL]kRD)Qj'.#J(j'l%--q9=5M(c$Ft0U)Q1Uy)[GeyUalI32p170AFiu]<0:6AC:ZUM.<T._NEzAd4*8Gx$az+D'I%KI%.wL4W1Qw1WTYAOT
.demdex.net/	1970-01-20 21:07:00	Name: demdex Value: 42796287584688052532860641547203653835
.dpm.demdex.net/	1970-01-20 21:07:00	Name: dpm Value: 42796287584688052532860641547203653835

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: https://cds-sdkcfg.onlineaccess1.com/common.js Message: Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
rendering	warning	URL: https://cds-sdkcfg.onlineaccess1.com/common.js Message: Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
rendering	warning	URL: https://cds-sdkcfg.onlineaccess1.com/common.js Message: Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aa.agkn.com
ads.stickyadstv.com
analytics.google.com
api.glia.com
api.salemove.com
banno.com
bcp.crwdcntrl.net
cds-sdkcfg.onlineaccess1.com
ce.lijit.com
champaignbank.com
client-logger.salemove.com
cm.g.doubleclick.net
connect.facebook.net
d.agkn.com
d21y75miwcfqoq.cloudfront.net
dpm.demdex.net
eb2.3lift.com
fei.pro-market.net
googleads.g.doubleclick.net
i.simpli.fi
ib.adnxs.com
idsync.rlcdn.com
image2.pubmatic.com
kernel-serve.banno.com
libs.salemove.com
load77.exelator.com
loadm.exelator.com
pbid.pro-market.net
pippio.com
pixel.rubiconproject.com
pixel.sitescout.com
pixel.tapad.com
px.ads.linkedin.com
px4.ads.linkedin.com
s.ad.smaato.net
simplifi.partners.tremorhub.com
snap.licdn.com
stags.bluekai.com
stats.g.doubleclick.net
sync.1rx.io
sync.bfmio.com
sync.crwdcntrl.net
sync.intentiq.com
sync.targeting.unrulymedia.com
sync1.intentiq.com
tag.simpli.fi
tags.bluekai.com
um.simpli.fi
up.pixel.ad
ups.analytics.yahoo.com
us-u.openx.net
widget.ellieservices.com
www.citizensbankco.com
www.civista.bank
www.facebook.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.tumblr.com
107.178.254.65
13.107.42.14
13.249.39.110
142.251.163.155
172.253.63.155
18.160.10.117
18.214.161.191
192.0.54.4
192.0.77.40
199.127.204.171
20.118.17.184
2001:4860:4802:38::181
207.198.113.230
23.219.12.236
2600:1402:b800:3::172f:cc34
2600:1901:0:8eee::
2600:1f18:612b:4216:f7a5:eced:3275:207a
2600:9000:2073:b400:1b:6b7d:2300:93a1
2600:9000:2199:a600:19:fc2c:a140:93a1
2600:9000:2305:b800:1b:5138:8a40:93a1
2600:9000:24f2:7e00:17:4c3f:1b80:93a1
2600:9000:24f2:aa00:17:4c3f:1b80:93a1
2600:9000:2501:4800:1b:ef38:3680:21
2600:9000:250a:4e00:0:99b9:cd80:93a1
2607:f8b0:4004:c06::9c
2607:f8b0:4004:c08::61
2607:f8b0:4004:c08::67
2607:f8b0:4004:c17::9a
2620:1ec:21::14
2a02:6ea0:e200::2
2a03:2880:f003:c0e:face:b00c:0:3
2a03:2880:f103:83:face:b00c:0:25de
3.225.218.10
3.225.254.35
34.111.113.62
34.150.170.96
34.86.70.109
34.98.64.218
35.244.154.8
50.16.197.56
52.189.67.130
52.223.22.214
52.7.4.58
52.72.122.107
52.85.132.15
54.83.134.184
63.251.28.133
63.251.86.50
68.67.160.26
69.173.151.100
69.28.187.147
74.200.39.25
74.200.57.137
8.28.7.83
04d471baf857c16dfec75a76df7c86ac8bfdf373de7c1b4d85c7dd497099639b
059ce4240dfd40169375a005acc0a111c3a8cfe0fdf84b7575d971a04a1db6ae
06379a5856668548f0a4ef088a085f11529ca908e85ed70d6bafac01f09efe68
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
11176922b89043f15f577e74217026353b8110969c3e6375afc31d9248c6ec5c
15838004d5e196b563a00a0ba16ce432fed6deb3dd4fab7122601f2c4f41560a
180f75ca3c0aa05e9a774b4da426906d94482dfacd303ffda30764b5aa88ee69
1eec5d0bc72fba33ce753f6009a277e07041fb92d221ae5839bbc5e8fff1d0bb
25b33a7a853f39e447b14be3e6662ccbb0fbce73620bf7778d194cb3fef1d3ab
2b5157404dd236d1dbe9702a7380ec86f9c1bc95c966974d2446a308c6a0f98f
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
31237847c4f17d88b68af803f3f4bb8d671d8f56853b628a024d3b91a10b517d
3331a0486cb3e8a75c8c2fdf02bf80fd8fe2b811dfe5c7b4aa892d38bfcf604a
3d0123a14cf02aebfdad7a564809ce0fc8cd3f4436b273fdcb4cc346d8f19284
3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
478b2c65ea4510e8e85def80e88756125a6e3d765b273e50edd6b128a98d6795
4928f1ccc81d958e1cd88865ac953eceefc06b1f090336f48b3ff95c1e25cc63
4b472b1ccba4066856eec81fcd149429ab3db9e389c3d7729cfbdc926a38511a
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c4344ce4f1d5e6d7653fd631df7979b612cf4937210aa4946bb91716189cb74
4cb5d9360d204bbfdb346c1d2c8c0ddffc8bbea569c267b4754710df62477018
4de18cf416fbb483a6c1b38200f53fca68c55fadd39a169956aaecdc79d8121d
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
50e6072d26098d48004a30addeecabd5b22b91e5ccdf9dd86f96459783e3ac23
51ea59b3afccd2310d1520a22ad1f2ad5e3d4835faea3371b682fad727174a55
54a36ace3d2d860fd3e4f5e0d59f43b6653c4c2ba6fd87ce73e2d3fc22b61a52
54a5e355f3a119807712d6f5b7c61e7bd48c5a2019d14d4dc589acfff48b8536
56504ecadb3da960ca8bd8d9c2c1c998be10c8e55013a5523d3a3d768ef64054
58510900dc15eb6d4bc049131d6ed32f65889177e6feed5c6ddc219a8161aeb0
59530519ba4c84751914980286d91d2ee1e2edec6fd659225e64a64bfa959d3d
6142858266eb1e6ca87ffb0c951ac2877f342bbc4f03552adf8193c7ccbb79ce
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
640f788e740207fea509698cb157f42a3126f70211439f7847629f927ebfb1e8
648adf118cca42f02168916370feed7b85fd3539b5c75f4b7af4b70a09203bf2
67ac4b2652a4b1479731dbd28536a6995de913a4e14f48630a4d766544b151a7
69b83ab1af39a754922825e1f6759725a5f86cb9d572ad69b38668e1e2c3de1d
6df5acc8f74ff4bbe678d342d64e6efe7f90702ab0312d1e04c7734eb7c6eb33
74902c573003ed131ea7b67903e64abb31767177e4a3db2e3b7b6b03e2b382ef
794a9f4e50e2d7bdc08c8667306093df59340c34d9da9c90faf82bf466d4089a
7cae47a88d24c17da61cc71f1baf4614bee4655d81280c92fc2475747ce34230
832dbd199f70ade357e88a3f5d32920c8c63e69258dc173d3b261686320895db
86f21077af6a18a17c863919c55f3a30e9339b6b37179219b1fef19f41f7a1a8
8b169f3e534832ea2579d17af0e87c9b4a1beada4b7cae2ff04ec0475a293b76
8ecb9dd92f240ddac622fb56fcaae3ec8ae803a3d83d6e6fa6a463b621891193
915ab15e9b29ce608d8662463d299af37af61c9e43315d84da930e4b7edd8235
928e0bed1caa547044604f8ef199cba485e65e79e47e50f1b83b2909416a456a
930037884f6d2069832b954a1ae8e89e09b8d3f07c88651312b2041d75409a11
97ee72b14f50d479618bb24513476073444442e617a89f3bcec806211cb031cc
98c4f278eda9ece02de780ade87040aded5a31e7a4f62779e6b138ea75a1fab5
998da1e65a145fb491f05db115a5da5442c31e14c25dbb63de9718c9b10245c2
9b5ed0b80f1e8863ca53c388c08ed83f6c344759958d94114b48dc1ed8ff04a9
9f3736528278e5b8675b41d2eede4bbff5e2f4bc93cf623d62d79de819a26f66
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a101e8ebc59e3c586a31ac2e44a6318936dc3cda8853178aad2c5438d8ce85a0
a19e35c238665b103fff54c0a89023a450c1d40f5cd58e01a7f5e5616d9aace7
a5545a636197b50ea730e79744a7679df61dae8694ae84c6ff720caf18cac4cc
a5a52b76a2554d4f48b7935039f1985ce9e48dfae1de1add27541eae6c2b1e3d
a683f14820a79e88d7e4794ac05b75186ffebfa246c43ece72d5cd8c106ebe7c
a73237a07cec4d81b7cb7995220839f554e2e8936e5d5ae25cc47753f9737c07
a7bd843a5785809b0eb4e100b4d3c9e7fab2369724dee4b860a8149f91b84517
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b7f41e48325490ed45989eeabd75a7f6846d0961b55ddefb41c508e614b36323
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb26bd7da4f067c4040e6080cf3dcdd9b61f96f9a28e3e47a83e36b677d815d7
bbe57ca1655cecfcbbde5df09da30ba90bfe6ba753564731457aed8d46c8067d
bdd3c7800965a7a57e7ff2e5b48ca51e532d6920d35c3ca03cd23962d84e3d0d
c9d23a52a58995ff5a110af912186b3c23e0efb95b9ac90daf726adcaf2effb0
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf9bf1413e1c0379298b2486dd9b185c092868cc3bae938965e6faef6cbb46a2
cfeeb2130ad18bd761eb05f659ae17d881f769a75ed819426e8d4c342dfa01e9
d264def9723170f4d0200d77ee68db07c977645443ba1d6edcdfae101ab82c3b
d7e3733c4cb4fbd606eb5ce52c0ff6dbc8e175e2fb2b8199ea0387339f425186
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de29febadc11297da12225f1573bc8085cf502d83b6c3f299e5116a7d8b37923
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e62bdb1248c7e4d856eb804738ef310e28d3d8b4a9ef40bccb0a5059a61313d7
e6d2b8c65da84c33609e81de8970a76017537a50433cf4e43f61b2fe1a2126ca
e841091b9cc472fae2b280436664f8dcfc2610537e08408e3a526d449baa77e9
ecf9967a9685eff0fdc0555125aeb40dc81a85c8de18c48c2a705132ef6129bd
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0d3c514978da4ae042567cb511f332d42c39f6b9ee448ffc1b96566599871a4
f10e9c0a33a080645f78215348a1bbdfc1edcda847c728ba55bace9fe2a8320b
f8e9bdeb7d15c402a8b58ef1ad9fb370a5399110b1c54d9b0bde53bb4a4736a9

www.civista.bank Open in urlscan Pro 20.118.17.184 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

139 Requests

74 %HTTPS

35 %IPv6

44 Domains

60 Subdomains

46 IPs

1 Countries

2758 kBTransfer

5309 kBSize

69 Cookies

19 Outgoing links

Page URL History

Redirected requests

139 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.civista.bank Open in urlscan Pro
20.118.17.184 Public Scan

Screenshot
Live screenshot

Full Image

139
Requests

74 %
HTTPS

35 %
IPv6

44
Domains

60
Subdomains

46
IPs

1
Countries

2758 kB
Transfer

5309 kB
Size

69
Cookies

139 HTTP transactions
1 data transactions