www.civista.bank Open in urlscan Pro
20.118.17.184 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://citizensbankco.com/
Effective URL:
https://www.civista.bank/
Submission: On December 05 via automatic, source certstream-suspicious (December 5th 2023, 6:48:17 pm UTC) — Scanned from DE

Summary HTTP 142 Redirects Links 19 Behaviour Indicators

Summary

This website contacted 40 IPs in 6 countries across 39 domains to perform 142 HTTP transactions. The main IP is 20.118.17.184, located in Des Moines, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is www.civista.bank.
TLS certificate: Issued by GeoTrust TLS RSA CA G1 on September 5th 2023. Valid for: a year.

This is the only time www.civista.bank was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	74.200.39.23 74.200.39.23	14010 (JACKHENRY) (JACKHENRY)
38	20.118.17.184 20.118.17.184	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	192.0.63.252 192.0.63.252	62659 (Q2HOLDINGS) (Q2HOLDINGS)
2	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
3	2600:9000:219... 2600:9000:2190:5000:17:4c3f:1b80:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:212... 2600:9000:2127:f000:1b:ef38:3680:21	16509 (AMAZON-02) (AMAZON-02)
3	52.189.67.130 52.189.67.130	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a02:26f0:350... 2a02:26f0:3500:16::215:148d	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c00::9d	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
8 9	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	13.107.43.14 13.107.43.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	2a03:2880:f08... 2a03:2880:f084:d:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	41.63.96.2 41.63.96.2	22822 (LLNW) (LLNW)
12	35.204.89.238 35.204.89.238	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
6	2600:9000:212... 2600:9000:2127:4a00:0:99b9:cd80:93a1	16509 (AMAZON-02) (AMAZON-02)
19 25	35.204.158.49 35.204.158.49	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2600:9000:236... 2600:9000:2362:7400:1b:5138:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
2 3	46.228.174.117 46.228.174.117	56396 (AMOBEE) (AMOBEE)
1	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
1	2600:1f18:612... 2600:1f18:612b:4280:bda1:9df6:36cc:93	14618 (AMAZON-AES) (AMAZON-AES)
1 7	34.111.113.62 34.111.113.62	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	63.34.248.140 63.34.248.140	16509 (AMAZON-02) (AMAZON-02)
1 1	35.157.159.187 35.157.159.187	16509 (AMAZON-02) (AMAZON-02)
1	65.9.95.58 65.9.95.58	16509 (AMAZON-02) (AMAZON-02)
2 3	2600:1901:0:8... 2600:1901:0:8eee::	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
4 4	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
1 7	18.198.126.47 18.198.126.47	16509 (AMAZON-02) (AMAZON-02)
1	52.3.119.146 52.3.119.146	14618 (AMAZON-AES) (AMAZON-AES)
1	2.19.244.177 2.19.244.177	16625 (AKAMAI-AS) (AKAMAI-AS)
1	34.241.138.233 34.241.138.233	16509 (AMAZON-02) (AMAZON-02)
1	216.52.2.86 216.52.2.86	30282 (AS-INAPCD...) (AS-INAPCDN-OCY)
6	35.244.174.68 35.244.174.68	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
1 2	37.252.171.85 37.252.171.85	29990 (ASN-APPNEX) (ASN-APPNEX)
1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
1	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2a03:2880:f17... 2a03:2880:f177:185:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
8 18	98.98.134.241 98.98.134.241	21859 (ZEN-ECN) (ZEN-ECN)
5 10	54.75.61.252 54.75.61.252	16509 (AMAZON-02) (AMAZON-02)
5	54.170.64.73 54.170.64.73	16509 (AMAZON-02) (AMAZON-02)
1	52.222.139.116 52.222.139.116	16509 (AMAZON-02) (AMAZON-02)
1	52.7.4.58 52.7.4.58	14618 (AMAZON-AES) (AMAZON-AES)
142	40

1 74.200.39.23 (United States) 1 redirects

ASN14010 (JACKHENRY, US)
PTR: bankofoxford.com

citizensbankco.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

38 20.118.17.184 (Des Moines, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.civista.bank	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.63.252 (United States)

ASN62659 (Q2HOLDINGS, US)

cds-sdkcfg.onlineaccess1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2190:5000:17:4c3f:1b80:93a1 (United States)

ASN16509 (AMAZON-02, US)

api.glia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.salemove.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2127:f000:1b:ef38:3680:21 (United States)

ASN16509 (AMAZON-02, US)

d21y75miwcfqoq.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.189.67.130 (Des Moines, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

banno.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
kernel-serve.banno.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3500:16::215:148d (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2620:1ec:21::14 (United States) 8 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.107.43.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 41.63.96.2 (Frankfurt am Main, Germany)

ASN22822 (LLNW, US)
PTR: https-41-63-96-2.hhn.llnw.net

up.pixel.ad	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 35.204.89.238 (Groningen, Netherlands)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 238.89.204.35.bc.googleusercontent.com

tag.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:2127:4a00:0:99b9:cd80:93a1 (United States)

ASN16509 (AMAZON-02, US)

libs.salemove.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 35.204.158.49 (Groningen, Netherlands) 19 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 49.158.204.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2362:7400:1b:5138:8a40:93a1 (United States)

ASN16509 (AMAZON-02, US)

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 46.228.174.117 (United Kingdom) 2 redirects

ASN56396 (AMOBEE, GB)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 76.223.111.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:612b:4280:bda1:9df6:36cc:93 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

simplifi.partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 34.111.113.62 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.34.248.140 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-63-34-248-140.eu-west-1.compute.amazonaws.com

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.157.159.187 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-159-187.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.95.58 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-95-58.prg50.r.cloudfront.net

sync.intentiq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:1901:0:8eee:: (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)

fei.pro-market.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pbid.pro-market.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.162 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 18.198.126.47 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-198-126-47.eu-central-1.compute.amazonaws.com

loadm.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.3.119.146 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-3-119-146.compute-1.amazonaws.com

sync.bfmio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.19.244.177 (Düsseldorf, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-19-244-177.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.241.138.233 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-241-138-233.eu-west-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.52.2.86 (United States)

ASN30282 (AS-INAPCDN-OCY, US)

ce.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.244.174.68 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.226 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.252.171.85 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f177:185:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 98.98.134.241 (United States) 8 redirects

ASN21859 (ZEN-ECN, US)

pixel.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 54.75.61.252 (Dublin, Ireland) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-75-61-252.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 54.170.64.73 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-170-64-73.eu-west-1.compute.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.139.116 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-139-116.ams50.r.cloudfront.net

widget.ellieservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.7.4.58 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-7-4-58.compute-1.amazonaws.com

client-logger.salemove.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
38	civista.bank www.civista.bank	1 MB
37	simpli.fi 19 redirects tag.simpli.fi — Cisco Umbrella Rank: 4333 i.simpli.fi — Cisco Umbrella Rank: 3745 um.simpli.fi — Cisco Umbrella Rank: 780	20 KB
18	sitescout.com 8 redirects pixel.sitescout.com — Cisco Umbrella Rank: 3501	13 KB
11	linkedin.com 8 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 327 www.linkedin.com — Cisco Umbrella Rank: 629 px4.ads.linkedin.com — Cisco Umbrella Rank: 6419	10 KB
10	demdex.net 5 redirects dpm.demdex.net — Cisco Umbrella Rank: 208	6 KB
8	salemove.com libs.salemove.com — Cisco Umbrella Rank: 19253 api.salemove.com — Cisco Umbrella Rank: 20535 client-logger.salemove.com — Cisco Umbrella Rank: 14212	420 KB
7	exelator.com 1 redirects loadm.exelator.com — Cisco Umbrella Rank: 1661	5 KB
7	tapad.com 1 redirects pixel.tapad.com — Cisco Umbrella Rank: 465	2 KB
6	rlcdn.com idsync.rlcdn.com — Cisco Umbrella Rank: 408	308 B
6	crwdcntrl.net bcp.crwdcntrl.net — Cisco Umbrella Rank: 850 sync.crwdcntrl.net — Cisco Umbrella Rank: 799	2 KB
6	doubleclick.net 5 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 75 cm.g.doubleclick.net — Cisco Umbrella Rank: 219 googleads.g.doubleclick.net — Cisco Umbrella Rank: 33	2 KB
3	pro-market.net 2 redirects fei.pro-market.net — Cisco Umbrella Rank: 2174 pbid.pro-market.net — Cisco Umbrella Rank: 7195	1 KB
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 168	117 KB
3	banno.com banno.com — Cisco Umbrella Rank: 26741 kernel-serve.banno.com — Cisco Umbrella Rank: 98657	355 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 98	216 B
2	adnxs.com 1 redirects ib.adnxs.com — Cisco Umbrella Rank: 229	2 KB
2	agkn.com 2 redirects aa.agkn.com — Cisco Umbrella Rank: 499 d.agkn.com — Cisco Umbrella Rank: 686	1 KB
2	1rx.io 2 redirects sync.1rx.io — Cisco Umbrella Rank: 546	712 B
2	google.de www.google.de — Cisco Umbrella Rank: 6765	562 B
2	google.com 1 redirects region1.analytics.google.com — Cisco Umbrella Rank: 2693 www.google.com — Cisco Umbrella Rank: 2	914 B
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 763	13 KB
2	cloudfront.net d21y75miwcfqoq.cloudfront.net	911 B
2	glia.com api.glia.com — Cisco Umbrella Rank: 15222	23 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 36	191 KB
1	ellieservices.com widget.ellieservices.com — Cisco Umbrella Rank: 186054	45 KB
1	openx.net us-u.openx.net — Cisco Umbrella Rank: 491	264 B
1	rubiconproject.com pixel.rubiconproject.com — Cisco Umbrella Rank: 339	239 B
1	googleadservices.com 1 redirects www.googleadservices.com — Cisco Umbrella Rank: 138	544 B
1	lijit.com ce.lijit.com — Cisco Umbrella Rank: 835	311 B
1	bluekai.com stags.bluekai.com — Cisco Umbrella Rank: 848	445 B
1	bfmio.com sync.bfmio.com — Cisco Umbrella Rank: 1556	421 B
1	intentiq.com sync.intentiq.com — Cisco Umbrella Rank: 846
1	tremorhub.com simplifi.partners.tremorhub.com — Cisco Umbrella Rank: 6102	175 B
1	3lift.com eb2.3lift.com — Cisco Umbrella Rank: 372	140 B
1	unrulymedia.com sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1258	378 B
1	smaato.net s.ad.smaato.net — Cisco Umbrella Rank: 674	236 B
1	pixel.ad up.pixel.ad — Cisco Umbrella Rank: 11062	2 KB
1	onlineaccess1.com cds-sdkcfg.onlineaccess1.com — Cisco Umbrella Rank: 16777	164 KB
1	citizensbankco.com 1 redirects citizensbankco.com	80 B
142	39

	Domain	Requested by
38	www.civista.bank	www.civista.bank cds-sdkcfg.onlineaccess1.com
25	um.simpli.fi	19 redirects www.civista.bank
18	pixel.sitescout.com	8 redirects www.civista.bank
10	dpm.demdex.net	5 redirects www.civista.bank
10	tag.simpli.fi	www.googletagmanager.com
7	loadm.exelator.com	1 redirects www.civista.bank pixel.sitescout.com
7	pixel.tapad.com	1 redirects www.civista.bank pixel.sitescout.com
7	px.ads.linkedin.com	6 redirects cds-sdkcfg.onlineaccess1.com
6	idsync.rlcdn.com	www.civista.bank pixel.sitescout.com
6	libs.salemove.com	api.glia.com libs.salemove.com
5	sync.crwdcntrl.net	www.civista.bank pixel.sitescout.com
4	cm.g.doubleclick.net	4 redirects
3	connect.facebook.net	www.civista.bank connect.facebook.net
2	www.facebook.com	www.civista.bank
2	kernel-serve.banno.com	www.civista.bank kernel-serve.banno.com
2	ib.adnxs.com	1 redirects www.civista.bank
2	fei.pro-market.net	2 redirects
2	sync.1rx.io	2 redirects
2	i.simpli.fi	tag.simpli.fi
2	px4.ads.linkedin.com	www.civista.bank
2	www.linkedin.com	2 redirects
2	www.google.de	www.civista.bank
2	snap.licdn.com	www.civista.bank snap.licdn.com
2	d21y75miwcfqoq.cloudfront.net	www.civista.bank
2	api.glia.com	www.civista.bank cds-sdkcfg.onlineaccess1.com
2	www.googletagmanager.com	www.civista.bank
1	client-logger.salemove.com	cds-sdkcfg.onlineaccess1.com
1	widget.ellieservices.com	www.civista.bank
1	api.salemove.com	cds-sdkcfg.onlineaccess1.com
1	us-u.openx.net	www.civista.bank
1	pixel.rubiconproject.com	www.civista.bank
1	www.google.com	1 redirects
1	googleads.g.doubleclick.net	1 redirects
1	www.googleadservices.com	1 redirects
1	ce.lijit.com	www.civista.bank
1	bcp.crwdcntrl.net	www.civista.bank
1	stags.bluekai.com	www.civista.bank
1	sync.bfmio.com	www.civista.bank
1	pbid.pro-market.net	www.civista.bank
1	sync.intentiq.com	www.civista.bank
1	d.agkn.com	1 redirects
1	aa.agkn.com	1 redirects
1	simplifi.partners.tremorhub.com	www.civista.bank
1	eb2.3lift.com	www.civista.bank
1	sync.targeting.unrulymedia.com	www.civista.bank
1	s.ad.smaato.net	www.civista.bank
1	up.pixel.ad	www.googletagmanager.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	region1.analytics.google.com	www.googletagmanager.com
1	banno.com	www.civista.bank
1	cds-sdkcfg.onlineaccess1.com	www.civista.bank
1	citizensbankco.com	1 redirects
142	52

This site contains links to these domains. Also see Links.

Domain
get.adobe.com
brokercheck.finra.org
secure.civista.bank
civista.accessasc.com
myaccountviewonline.com
www.myaccountaccess.com
orderpoint.deluxe.com
bazing.com
www.civb.com
recruiting.paylocity.com
www.facebook.com
www.linkedin.com
civb.com
apps.apple.com
play.google.com
www.fdic.gov
www.hud.gov

Subject Issuer	Validity	Valid
www.civista.bank GeoTrust TLS RSA CA G1	`2023-09-05` - `2024-09-04`	a year	crt.sh
onlineaccess1.com GTS CA 1P5	`2023-11-13` - `2024-02-11`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.glia.com Amazon RSA 2048 M01	`2023-06-18` - `2024-07-15`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2023-10-10` - `2024-09-19`	a year	crt.sh
*.banno.com RapidSSL TLS RSA CA G1	`2023-11-13` - `2024-12-13`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-09-14` - `2023-12-13`	3 months	crt.sh
*.pixel.ad GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2023-01-24` - `2024-02-02`	a year	crt.sh
*.simpli.fi DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-11-07` - `2024-12-07`	a year	crt.sh
*.sitescout.com GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2023-01-09` - `2024-02-02`	a year	crt.sh
*.tapad.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-18` - `2024-09-17`	a year	crt.sh
*.exelator.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-29` - `2024-06-11`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2023-02-02` - `2024-03-03`	a year	crt.sh
*.crwdcntrl.net Amazon RSA 2048 M02	`2023-10-08` - `2024-11-06`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2023-11-03` - `2024-05-03`	6 months	crt.sh
widget.ellieservices.com Amazon RSA 2048 M03	`2023-10-19` - `2024-11-16`	a year	crt.sh

This page contains 6 frames:

Primary Page: https://www.civista.bank/
Frame ID: C4099D3E76274D8DEA06B0BD7379FAB3
Requests: 113 HTTP requests in this frame

Frame: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1
Frame ID: 19AE6F12E6614C27D9FD89F46DE9CD03
Requests: 6 HTTP requests in this frame

Frame: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1
Frame ID: 24A2C255BE499751F6BAC800CCA665F5
Requests: 6 HTTP requests in this frame

Frame: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1
Frame ID: 5043CA948B6A2AA93541A3E637EF1A76
Requests: 6 HTTP requests in this frame

Frame: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1
Frame ID: C743349595FAF74C4F0307057EE0C23C
Requests: 6 HTTP requests in this frame

Frame: https://pixel.sitescout.com/dmp/asyncPixelSync
Frame ID: 150B506260B65BFFF68461856DA53E5B
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Civista Bank > Focused On You

Page URL History Show full URLs

https://citizensbankco.com/ HTTP 301
https://www.civista.bank/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

142
Requests

78 %
HTTPS

35 %
IPv6

39
Domains

52
Subdomains

40
IPs

6
Countries

2755 kB
Transfer

5303 kB
Size

41
Cookies

19 Outgoing links

These are links going to different origins than the main page.

URL: http://get.adobe.com/reader/
Title: download Adobe® Acrobat Reader.

Search URL Search Domain Scan URL

URL: https://brokercheck.finra.org/
Title: Brokerage Check (Opens in a new Window)

Search URL Search Domain Scan URL

URL: https://secure.civista.bank/civistabankonlinebanking/sdk/AutoEnrollmentE2E
Title: Enroll

Search URL Search Domain Scan URL

URL: https://secure.civista.bank/civistabankonlinebanking/sdk/AutoEnrollmentE2E/AccountRecovery
Title: Forgot/Unlock User ID

Search URL Search Domain Scan URL

URL: https://secure.civista.bank/civistabankonlinebanking/uux.aspx#/login/resetPasswordUsername
Title: Forgot Password

Search URL Search Domain Scan URL

URL: https://civista.accessasc.com/Account/Login
Title: Go to Wealth Management

Search URL Search Domain Scan URL

URL: https://myaccountviewonline.com/
Title: Go to Brokerage

Search URL Search Domain Scan URL

URL: https://www.myaccountaccess.com/onlineCard/login.do
Title: Go to Credit Cards

Search URL Search Domain Scan URL

URL: https://orderpoint.deluxe.com/personal-checks/login.htm?execution=e1s1
Title: Go to Order Checks

Search URL Search Domain Scan URL

URL: https://bazing.com/Register.aspx
Title: Go to BaZing

Search URL Search Domain Scan URL

URL: http://www.civb.com/CorporateProfile.aspx?iid=100876
Title: (Opens in a new Window)

Search URL Search Domain Scan URL

URL: https://recruiting.paylocity.com/recruiting/jobs/List/2930/Civista-Bank
Title: Join Our Team (Opens in a new Window)

Search URL Search Domain Scan URL

URL: https://www.facebook.com/CivistaBank/
Title: Facebook (Opens in a new Window)

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/civista-bank
Title: LinkedIn (Opens in a new Window)

Search URL Search Domain Scan URL

URL: https://civb.com/ir-home/default.aspx
Title: Investor Relations (Opens in a new Window)

Search URL Search Domain Scan URL

URL: https://apps.apple.com/us/app/cb-mobile-banking/id836729799
Title: Apple App (Opens in a new Window)

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.fi6134.godough
Title: Google Play App (Opens in a new Window)

Search URL Search Domain Scan URL

URL: https://www.fdic.gov/
Title: Member FDIC

Search URL Search Domain Scan URL

URL: https://www.hud.gov/
Title: Equal Housing Lender

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://citizensbankco.com/ HTTP 301
https://www.civista.bank/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 37

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1930026&time=1701802091115&url=https%3A%2F%2Fwww.civista.bank%2F HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1930026&time=1701802091115&url=https%3A%2F%2Fwww.civista.bank%2F&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1930026%26time%3D1701802091115%26url%3Dhttps%253A%252F%252Fwww.civista.bank%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1930026&time=1701802091115&url=https%3A%2F%2Fwww.civista.bank%2F&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1930026&time=1701802091115&url=https%3A%2F%2Fwww.civista.bank%2F&cookiesTest=true&liSync=true&e_ipv6=AQIlAn8whFSn-gAAAYw7TyUTg_48gADMZyonwQhW8Sv6gRDhilsh823otBKOz8ZYshDymCGi1yxfRSnfZFK4yqQPZa0IMg

Request Chain 42

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5503186%2C1930026&time=1701802091127&url=https%3A%2F%2Fwww.civista.bank%2F&tm=gtmv2 HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5503186%2C1930026&time=1701802091127&url=https%3A%2F%2Fwww.civista.bank%2F&tm=gtmv2&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D5503186%252C1930026%26time%3D1701802091127%26url%3Dhttps%253A%252F%252Fwww.civista.bank%252F%26tm%3Dgtmv2%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5503186%2C1930026&time=1701802091127&url=https%3A%2F%2Fwww.civista.bank%2F&tm=gtmv2&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=5503186%2C1930026&time=1701802091127&url=https%3A%2F%2Fwww.civista.bank%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQLNmId-huLSUAAAAYw7TyWCFH5AeFQDV2aQa1_8zZDm-gOatkenlGjKT6ihFyhSKKc8wjZrwxUZEV507sSg8O9a6kMajQ

Request Chain 54

https://um.simpli.fi/smaato HTTP 302
https://s.ad.smaato.net/c/?dspInit=1001136&dspCookie=03FB0DEB38E043B88B7FF11F3E0E55D3

Request Chain 55

https://um.simpli.fi/nexxen HTTP 302
https://sync.1rx.io/usersync/simplifi/03FB0DEB38E043B88B7FF11F3E0E55D3 HTTP 302
https://sync.1rx.io/usersync/simplifi/03FB0DEB38E043B88B7FF11F3E0E55D3?zcc=1&cb=1701802091444 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-8df60451-5f48-4b9b-8e62-ccf96a11c8aa-003

Request Chain 56

https://um.simpli.fi/triplelift HTTP 302
https://eb2.3lift.com/xuid?mid=7969&xuid=03FB0DEB38E043B88B7FF11F3E0E55D3&dongle=yf3

Request Chain 57

https://um.simpli.fi/telaria_p HTTP 302
https://simplifi.partners.tremorhub.com/sync?UISF=03FB0DEB38E043B88B7FF11F3E0E55D3

Request Chain 58

https://um.simpli.fi/tapad HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=2305&partner_device_id=03FB0DEB38E043B88B7FF11F3E0E55D3 HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=03FB0DEB38E043B88B7FF11F3E0E55D3

Request Chain 59

https://um.simpli.fi/ad_advisor HTTP 302
https://aa.agkn.com/adscores/g.pixel?sid=9201915418&sifi_uid=03FB0DEB38E043B88B7FF11F3E0E55D3 HTTP 302
https://d.agkn.com/pixel/10751/?che=1701802091521&ip=138.199.38.133&l1=https%3A%2F%2Fum.simpli.fi%2Faa_px%3Fsk%3D219563204721004128953 HTTP 302
https://um.simpli.fi/aa_px?sk=219563204721004128953 HTTP 302
https://um.simpli.fi/empty.gif

Request Chain 60

https://um.simpli.fi/intentiq HTTP 302
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=03FB0DEB38E043B88B7FF11F3E0E55D3

Request Chain 63

https://um.simpli.fi/dtnx HTTP 302
https://fei.pro-market.net/engine?du=24;csync=03FB0DEB38E043B88B7FF11F3E0E55D3;mimetype=img; HTTP 302
https://fei.pro-market.net/engine?du=24;csync=03FB0DEB38E043B88B7FF11F3E0E55D3;mimetype=img;sr HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datonics-ddp&google_cm&google_hm=NjgyODc1NjI3NDI3MTk2NDE1NA== HTTP 302
https://pbid.pro-market.net/engine?du=53&mimetype=img&google_gid=CAESEOvDFsO6rdIrKEOjCGsU9lM&google_cver=1

Request Chain 64

https://um.simpli.fi/exelatem HTTP 302
https://loadm.exelator.com/load/?p=204&g=2191&simid=03FB0DEB38E043B88B7FF11F3E0E55D3&j=0 HTTP 302
https://loadm.exelator.com/load/?p=204&g=2191&simid=03FB0DEB38E043B88B7FF11F3E0E55D3&j=0&xl8blockcheck=1

Request Chain 66

https://um.simpli.fi/beachfront HTTP 302
https://sync.bfmio.com/sync?pid=141&uid=03FB0DEB38E043B88B7FF11F3E0E55D3

Request Chain 67

https://um.simpli.fi/bluekai HTTP 302
https://stags.bluekai.com/site/29931?id=03FB0DEB38E043B88B7FF11F3E0E55D3

Request Chain 68

https://um.simpli.fi/crwdcntrl HTTP 302
https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=03FB0DEB38E043B88B7FF11F3E0E55D3

Request Chain 69

https://um.simpli.fi/lj_match HTTP 302
https://ce.lijit.com/merge?pid=2&3pid=03FB0DEB38E043B88B7FF11F3E0E55D3

Request Chain 70

https://um.simpli.fi/liveramp_match HTTP 302
https://idsync.rlcdn.com/419566.gif?partner_uid=03FB0DEB38E043B88B7FF11F3E0E55D3

Request Chain 71

https://www.googleadservices.com/pagead/conversion/1026675585/?random=1701802091321&cv=7&fst=1701802091321&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON HTTP 302
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1026675585/?random=1579668347&cv=7&fst=1701802091321&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&ocp_id=a3BvZcu6F_ObiM0P4uidsAs&sscte=1&crd=&pscrd=IhMIi5yK6fr4ggMV8w2iAx1idAe2 HTTP 302
https://www.google.com/pagead/1p-conversion/1026675585/?random=1579668347&cv=7&fst=1701802091321&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&sscte=1&crd=&pscrd=IhMIi5yK6fr4ggMV8w2iAx1idAe2&is_vtc=1&ocp_id=a3BvZcu6F_ObiM0P4uidsAs&cid=CAQSKQDICaaN30HnMh8Ko3Ikc1d6SA52eZQmalglnUI-QUp-mWFLFg75-fPs&random=1768908303 HTTP 302
https://www.google.de/pagead/1p-conversion/1026675585/?random=1579668347&cv=7&fst=1701802091321&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&sscte=1&crd=&pscrd=IhMIi5yK6fr4ggMV8w2iAx1idAe2&is_vtc=1&ocp_id=a3BvZcu6F_ObiM0P4uidsAs&cid=CAQSKQDICaaN30HnMh8Ko3Ikc1d6SA52eZQmalglnUI-QUp-mWFLFg75-fPs&random=1768908303&ipr=y

Request Chain 73

https://um.simpli.fi/an HTTP 302
https://ib.adnxs.com/setuid?entity=66&code=03FB0DEB38E043B88B7FF11F3E0E55D3 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3D03FB0DEB38E043B88B7FF11F3E0E55D3

Request Chain 74

https://um.simpli.fi/rb_match HTTP 302
https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=03FB0DEB38E043B88B7FF11F3E0E55D3&expires=365

Request Chain 75

https://um.simpli.fi/ox_match HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072966&val=03FB0DEB38E043B88B7FF11F3E0E55D3

Request Chain 76

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm&google_sc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm=&google_sc=&google_tc= HTTP 302
https://um.simpli.fi/g_match?id=&google_gid=CAESEE_kY3aqGohNMaNUeihzw0o&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=03FB0DEB38E043B88B7FF11F3E0E55D3 HTTP 302
https://um.simpli.fi/g_match?id=

Request Chain 94

https://pixel.sitescout.com/dmp/asyncPixelSync HTTP 302
https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1

Request Chain 95

https://pixel.sitescout.com/up/36982fd7215fac8e?cntr_url=https%3A%2F%2Fwww.civista.bank%2F HTTP 302
https://pixel.sitescout.com/up/36982fd7215fac8e?cookieQ=1&cntr_url=https%3A%2F%2Fwww.civista.bank%2F

Request Chain 96

https://pixel.sitescout.com/dmp/asyncPixelSync HTTP 302
https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1

Request Chain 97

https://pixel.sitescout.com/up/b9b3db3266ee4d75?cntr_url=https%3A%2F%2Fwww.civista.bank%2F HTTP 302
https://pixel.sitescout.com/up/b9b3db3266ee4d75?cookieQ=1&cntr_url=https%3A%2F%2Fwww.civista.bank%2F

Request Chain 98

https://pixel.sitescout.com/dmp/asyncPixelSync HTTP 302
https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1

Request Chain 99

https://pixel.sitescout.com/up/eb55ff7c1f7ae19f?cntr_url=https%3A%2F%2Fwww.civista.bank%2F HTTP 302
https://pixel.sitescout.com/up/eb55ff7c1f7ae19f?cookieQ=1&cntr_url=https%3A%2F%2Fwww.civista.bank%2F

Request Chain 100

https://pixel.sitescout.com/dmp/asyncPixelSync HTTP 302
https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1

Request Chain 101

https://pixel.sitescout.com/up/aedb6fde05d12965?cntr_url=https%3A%2F%2Fwww.civista.bank%2F HTTP 302
https://pixel.sitescout.com/up/aedb6fde05d12965?cookieQ=1&cntr_url=https%3A%2F%2Fwww.civista.bank%2F

Request Chain 104

https://dpm.demdex.net/ibs:dpid=82530&dpuuid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent= HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent=

Request Chain 109

https://dpm.demdex.net/ibs:dpid=82530&dpuuid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent= HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent=

Request Chain 114

https://dpm.demdex.net/ibs:dpid=82530&dpuuid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent= HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent=

Request Chain 119

https://dpm.demdex.net/ibs:dpid=82530&dpuuid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent= HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent=

Request Chain 124

https://dpm.demdex.net/ibs:dpid=82530&dpuuid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent= HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent=

142 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.civista.bank/
Redirect Chain

https://citizensbankco.com/
https://www.civista.bank/

49 KB
12 KB

575ms
312ms

Document
text/html

20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

a7509aeead0b6cd1afc43f9ec34d02aa869279dc97ca29f650ad95fcc0bd0d43

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
cache-control: public, max-age=0
content-encoding: gzip
content-length: 11206
content-type: text/html; charset=utf-8
date: Tue, 05 Dec 2023 18:48:10 GMT
expires: Tue, 05 Dec 2023 18:48:10 GMT
server: nginx
strict-transport-security: max-age=16070400
vary: Accept-Encoding
via: varnish
x-ad-insert-result: success - index
x-b3-traceid: 6eb4db4643b8d589
x-content-type-options: nosniff
x-envoy-upstream-service-time: 188
x-frame-options: SAMEORIGIN
x-request-id: 24e940c5-177c-9d1f-8199-6b20e9f0f4cb
x-varnish: 599169172
x-varnish-count: 0
x-varnish-hitmiss: MISS
x-varnish-ttl: 0.000
x-xss-protection: 1; mode=block

Redirect headers

content-length: 162
content-type: text/html
date: Tue, 05 Dec 2023 18:48:10 GMT
location: https://www.civista.bank/
server: nginx

GET
H2 200 common.js Show response
cds-sdkcfg.onlineaccess1.com/ 296 KB
164 KB 183ms
142ms Script
application/javascript 192.0.63.252
Q2HOLDINGS

General

Check archive.org

Show headers Download Go to

Full URL

https://cds-sdkcfg.onlineaccess1.com/common.js

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.63.252 , United States, ASN62659 (Q2HOLDINGS, US),

Reverse DNS

Software

cloudflare /

Resource Hash

67f0be929f6383bed47c6d52cc8a33409a1c9d7f8224ba4c12554f03081d787a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 18:48:10 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-type: application/javascript; charset=UTF-8
x-ion-hop: prod
cache-control: no-cache, no-store, must-revalidate
cf-ray: 830e763afbb39b45-FRA
alt-svc: h3=":443"; ma=86400
expires: 0

GET
H2 200 main.min.css
www.civista.bank/assets/css/ 269 KB
33 KB 125ms
124ms Stylesheet
text/css 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.civista.bank/assets/css/main.min.css

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

e6d2b8c65da84c33609e81de8970a76017537a50433cf4e43f61b2fe1a2126ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:10 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
content-encoding: gzip
x-b3-traceid: c3ef5f52503c448d
age: 935
via: varnish
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="main.min.css"
content-length: 33256
x-xss-protection: 1; mode=block
x-request-id: 1bbd3a66-0337-93ae-9fdc-bc78038fe74f
x-varnish-count: 52
last-modified: Mon, 28 Aug 2023 13:33:28 GMT
server: nginx
etag: "2444e368659eef4b747039c00e4b3ea4"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
x-varnish: 436861894 514395423
cache-control: public, max-age=0
accept-ranges: bytes
expires: Tue, 05 Dec 2023 18:32:35 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 286 KB
94 KB 70ms
24ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-6ZSG1S7BHC

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a4b2fa9e5e40c017a235e0390db70a21cd690ce21d96b77cd45a538325e686c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 95556
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 05 Dec 2023 18:48:11 GMT

GET
H2 200 salemove_integration.js Show response
api.glia.com/ 9 KB
9 KB 90ms
22ms Script
application/javascript 2600:9000:2190:5000:17:4c3f:1b80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.glia.com/salemove_integration.js

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2190:5000:17:4c3f:1b80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

085fa63bd5ca5ec9e2fb93e761032cbb85a9f11c5f984842bb63230b539bbeab

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubdomains; preload
date: Tue, 05 Dec 2023 18:48:11 GMT
via: 1.1 cd66c5a89ae3376f15c155e3b52a758c.cloudfront.net (CloudFront)
last-modified: Sat, 02 Dec 2023 00:29:57 GMT
server: AmazonS3
x-amz-cf-pop: ZRH50-C1
age: 14
x-amz-server-side-encryption: AES256
etag: "1a8fd57b4a2524648ffd2624368c9cac"
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 8905
x-amz-cf-id: zB7M_oLDLBYU7okJwLnAX6qZ2WVKeRs8Ys4a0zOw1YsChUBRnj_MRA==

GET
H2 200 d2164115
d21y75miwcfqoq.cloudfront.net/ 68 B
456 B 660ms
620ms Image
image/png 2600:9000:2127:f000:1b:ef38:3680:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d21y75miwcfqoq.cloudfront.net/d2164115
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:f000:1b:ef38:3680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:12 GMT
x-amz-version-id: null
via: 1.1 168125097acf734cd7750e139a974b38.cloudfront.net (CloudFront)
last-modified: Wed, 17 Feb 2021 19:21:37 GMT
server: AmazonS3
x-amz-cf-pop: PRG50-C1
etag: "91e42db1c66c0b276abf6234dc50b2eb"
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 68
x-amz-cf-id: lEOTRZ1nwoVmZOP2qpxxHpjurQs5ge-lga9ObPdLjxwpQ4ajXKrP7Q==

GET
H2 200 civista-bank-logo-with-tagline.svg
www.civista.bank/assets/img/ 2 KB
2 KB 123ms
123ms Image
image/svg+xml 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/img/civista-bank-logo-with-tagline.svg

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

928e0bed1caa547044604f8ef199cba485e65e79e47e50f1b83b2909416a456a

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=16070400
via: varnish
x-b3-traceid: eb70f6e8e9ce3cb0
age: 1422
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="civista-bank-logo-with-tagline.svg"
content-length: 1049
x-xss-protection: 1; mode=block
x-request-id: ecd3a93f-1e85-9c0b-a5ca-6a41b08dc910
x-varnish-count: 76
last-modified: Mon, 28 Aug 2023 13:33:29 GMT
server: nginx
etag: "a29310e878df136371166540d6f4e162"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
x-varnish: 598780626 597022290
cache-control: public, max-age=0
accept-ranges: bytes
expires: Tue, 05 Dec 2023 18:24:28 GMT

GET
H2 200 civista-bank-logo.svg
www.civista.bank/assets/img/ 483 B
834 B 124ms
124ms Image
image/svg+xml 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/img/civista-bank-logo.svg

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

e841091b9cc472fae2b280436664f8dcfc2610537e08408e3a526d449baa77e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=16070400
via: varnish
x-b3-traceid: 849e273d02c21549
age: 1461
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="civista-bank-logo.svg"
content-length: 268
x-xss-protection: 1; mode=block
x-request-id: c3b677ca-e5ff-9c1f-a8bc-357c857971e3
x-varnish-count: 92
last-modified: Mon, 28 Aug 2023 13:33:29 GMT
server: nginx
etag: "698e66690420786e8b1150e93ba2e551"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
x-varnish: 598519755 598708641
cache-control: public, max-age=0
accept-ranges: bytes
expires: Tue, 05 Dec 2023 18:23:49 GMT

GET
H2 200 search-background.png
www.civista.bank/assets/img/ 421 KB
422 KB 125ms
124ms Image
image/png 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/img/search-background.png

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

a5a52b76a2554d4f48b7935039f1985ce9e48dfae1de1add27541eae6c2b1e3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:10 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: efc8af4a26f28427
age: 1070
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="search-background.png"
content-length: 430891
x-xss-protection: 1; mode=block
x-request-id: d12820a7-eb88-90ba-a996-fb627b260a64
x-varnish-count: 59
last-modified: Mon, 28 Aug 2023 13:33:29 GMT
server: nginx
etag: "86b7f3944283a118f53c7064e56d6a30"
x-frame-options: SAMEORIGIN
content-type: image/png
x-varnish: 329979162 326913819
cache-control: public, max-age=0
accept-ranges: bytes
expires: Tue, 05 Dec 2023 18:30:20 GMT

GET
H2 200 civista-arrow.svg
www.civista.bank/assets/img/ 227 B
746 B 469ms
465ms Image
image/svg+xml 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/img/civista-arrow.svg

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

648adf118cca42f02168916370feed7b85fd3539b5c75f4b7af4b70a09203bf2

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=16070400
via: varnish
x-b3-traceid: 25399c31fa0dd2e0
age: 1306
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 46
content-disposition: filename="civista-arrow.svg"
content-length: 182
x-xss-protection: 1; mode=block
x-request-id: 80e8ad6e-b63c-9aa4-8bb6-16229b972e92
x-varnish-count: 67
last-modified: Mon, 28 Aug 2023 13:33:28 GMT
server: nginx
etag: "3be8b2d5a6996f950b923e6a23a117f3"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
x-varnish: 513370819 513844242
cache-control: public, max-age=0
accept-ranges: bytes
expires: Tue, 05 Dec 2023 18:26:24 GMT

GET
H2 200 olb-background.png
www.civista.bank/assets/img/ 250 KB
251 KB 427ms
423ms Image
image/png 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/img/olb-background.png

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

56504ecadb3da960ca8bd8d9c2c1c998be10c8e55013a5523d3a3d768ef64054

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: a5f5105188570084
age: 898
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="olb-background.png"
content-length: 255799
x-xss-protection: 1; mode=block
x-request-id: 09254cae-f693-91bc-b87b-0137d84967b1
x-varnish-count: 45
last-modified: Mon, 28 Aug 2023 13:33:29 GMT
server: nginx
etag: "b0704a4ee33e6697d791d20c19e9dec9"
x-frame-options: SAMEORIGIN
content-type: image/png
x-varnish: 512523545 514138050
cache-control: public, max-age=0
accept-ranges: bytes
expires: Tue, 05 Dec 2023 18:33:12 GMT

GET
H2 200 07821427-d5a1-4f7c-9d44-680cb6bd2a6c
banno.com/a/assets/api/institutions/bd22c266-ec46-4d92-b47b-118400006986/assets/ 349 KB
349 KB 512ms
203ms Image
image/jpeg 52.189.67.130
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://banno.com/a/assets/api/institutions/bd22c266-ec46-4d92-b47b-118400006986/assets/07821427-d5a1-4f7c-9d44-680cb6bd2a6c

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.189.67.130 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

930037884f6d2069832b954a1ae8e89e09b8d3f07c88651312b2041d75409a11

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=15724800
x-b3-traceid: 1eb99717789cdbb573b5382b973c1f38
etag: "6aa91f7c-f64f-4f8f-af96-9c5cbd371fb2"
content-type: image/jpeg
x-b3-spanid: 29b6b75abcf0c18a
x-b3-sampled: 1
x-request-id: 1957015316f483fa7fff5b243b0c011d

GET
H2 200 link_personal_family.jpg
www.civista.bank/assets/content/JzoOrnCo/ 32 KB
33 KB 435ms
432ms Image
image/jpeg 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/content/JzoOrnCo/link_personal_family.jpg

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

74902c573003ed131ea7b67903e64abb31767177e4a3db2e3b7b6b03e2b382ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: 2c8636f6e739a6dc
age: 783
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="link_personal_family.jpg"
content-length: 32867
x-xss-protection: 1; mode=block
x-request-id: 11b72e65-4abd-9eb7-a9fd-0f71d83e6a11
x-varnish-count: 9
last-modified: Mon, 23 Apr 2018 20:48:54 GMT
server: nginx
etag: "8782016815988fa2faf59c3f81b5bec4"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
x-varnish: 514984742 508485636
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 04 Dec 2024 18:35:07 GMT

GET
H2 200 link_business_man.jpg
www.civista.bank/assets/content/eXKrSPUp/ 29 KB
29 KB 434ms
431ms Image
image/jpeg 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/content/eXKrSPUp/link_business_man.jpg

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

478b2c65ea4510e8e85def80e88756125a6e3d765b273e50edd6b128a98d6795

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: 71d3276ddc76eb70
age: 925
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="link_business_man.jpg"
content-length: 29529
x-xss-protection: 1; mode=block
x-request-id: 0793b5db-990d-9193-aec5-3cfa31c5d20b
x-varnish-count: 13
last-modified: Mon, 23 Apr 2018 20:48:54 GMT
server: nginx
etag: "8ce74902e4d819a69ac853a9e9f3618e"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
x-varnish: 515016945 513267021
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 04 Dec 2024 18:32:45 GMT

GET
H2 200 link_wealth_mature_couple_boating.jpg
www.civista.bank/assets/content/jhwmWKT0/ 35 KB
35 KB 429ms
425ms Image
image/jpeg 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/content/jhwmWKT0/link_wealth_mature_couple_boating.jpg

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

a683f14820a79e88d7e4794ac05b75186ffebfa246c43ece72d5cd8c106ebe7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: a1c905227e9e8e99
age: 900
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="link_wealth_mature_couple_boating.jpg"
content-length: 35549
x-xss-protection: 1; mode=block
x-request-id: 9d20fc9a-8519-95f0-9d3a-85652125e388
x-varnish-count: 13
last-modified: Mon, 23 Apr 2018 20:48:54 GMT
server: nginx
etag: "908511ddd586d3f95322224d2c68e8d5"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
x-varnish: 598716678 598904923
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 04 Dec 2024 18:33:10 GMT

GET
H2 200 Test_bm_image.jpg
www.civista.bank/assets/content/SeoImBix/ 8 KB
9 KB 430ms
427ms Image
image/jpeg 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/content/SeoImBix/Test_bm_image.jpg

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

bbe57ca1655cecfcbbde5df09da30ba90bfe6ba753564731457aed8d46c8067d

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: 8efb86464f5edf32
age: 879
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="Test_bm_image.jpg"
content-length: 8370
x-xss-protection: 1; mode=block
x-request-id: e359d15c-f7c3-9c1d-9cb8-9b707521399a
x-varnish-count: 9
last-modified: Mon, 23 Apr 2018 20:48:44 GMT
server: nginx
etag: "8e6394ad2ef37a039a7b6d039bc0b5e1"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
x-varnish: 328099483 329811170
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 04 Dec 2024 18:33:31 GMT

GET
H2 200 para_meet_civista.jpg
www.civista.bank/assets/content/y33c3QN5/ 157 KB
158 KB 431ms
428ms Image
image/jpeg 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/content/y33c3QN5/para_meet_civista.jpg

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

a7bd843a5785809b0eb4e100b4d3c9e7fab2369724dee4b860a8149f91b84517

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: efc23fea387977f3
age: 31
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="para_meet_civista.jpg"
content-length: 160902
x-xss-protection: 1; mode=block
x-request-id: 84144a9b-bab8-967b-a2fe-0c91d07a35a5
x-varnish-count: 1
last-modified: Mon, 23 Apr 2018 20:48:58 GMT
server: nginx
etag: "9d2a90c32347e480b9290688d210dcd6"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
x-varnish: 514272893 511736338
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 04 Dec 2024 18:47:39 GMT

GET
H2 200 about_us-2x.png
www.civista.bank/assets/content/IxbDBLHK/ 1 KB
2 KB 429ms
426ms Image
image/png 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/content/IxbDBLHK/about_us-2x.png

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

97ee72b14f50d479618bb24513476073444442e617a89f3bcec806211cb031cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: b16b164c84dbb5f9
age: 783
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="about_us-2x.png"
content-length: 1127
x-xss-protection: 1; mode=block
x-request-id: cd72b102-9ffb-9a90-b5e4-d2f46c472449
x-varnish-count: 7
last-modified: Mon, 23 Apr 2018 20:48:47 GMT
server: nginx
etag: "9cc7ec48633001f61bcf62245bbdeddc"
x-frame-options: SAMEORIGIN
content-type: image/png
x-varnish: 514174143 514851737
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 04 Dec 2024 18:35:07 GMT

GET
H2 200 calc-2x.png
www.civista.bank/assets/content/kh0NwZRG/ 1 KB
2 KB 552ms
549ms Image
image/png 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/content/kh0NwZRG/calc-2x.png

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

2b5157404dd236d1dbe9702a7380ec86f9c1bc95c966974d2446a308c6a0f98f

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: e319e7a96c07c052
age: 746
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="calc-2x.png"
content-length: 1024
x-xss-protection: 1; mode=block
x-request-id: 79f02e55-e110-997f-aacf-a2e4cd9862b7
x-varnish-count: 10
last-modified: Mon, 23 Apr 2018 20:48:47 GMT
server: nginx
etag: "e1e03477549bb54d0ec68ae19cf8a27a"
x-frame-options: SAMEORIGIN
content-type: image/png
x-varnish: 513370820 513978346
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 04 Dec 2024 18:35:44 GMT

GET
H2 200 join_our_team-2x.png
www.civista.bank/assets/content/ss0wicXF/ 1 KB
2 KB 469ms
466ms Image
image/png 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/content/ss0wicXF/join_our_team-2x.png

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

54a5e355f3a119807712d6f5b7c61e7bd48c5a2019d14d4dc589acfff48b8536

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: 553f4856500e5677
age: 900
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="join_our_team-2x.png"
content-length: 1164
x-xss-protection: 1; mode=block
x-request-id: b3a2066b-de1c-9652-899d-037201a00ec7
x-varnish-count: 9
last-modified: Mon, 23 Apr 2018 20:48:51 GMT
server: nginx
etag: "7ad8744ed1cd424d39e56e24364d47b2"
x-frame-options: SAMEORIGIN
content-type: image/png
x-varnish: 597940390 598744834
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 04 Dec 2024 18:33:10 GMT

GET
H2 200 news_events-2x.png
www.civista.bank/assets/content/Xs8mlhbk/ 2 KB
2 KB 469ms
467ms Image
image/png 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/content/Xs8mlhbk/news_events-2x.png

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

d264def9723170f4d0200d77ee68db07c977645443ba1d6edcdfae101ab82c3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: 7be8815d1c7c96dc
age: 783
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="news_events-2x.png"
content-length: 1770
x-xss-protection: 1; mode=block
x-request-id: 68c3ad53-595d-911f-817a-df8a0c1a5b1e
x-varnish-count: 8
last-modified: Mon, 23 Apr 2018 20:48:57 GMT
server: nginx
etag: "bfc78afd812468d32d8dd7c332a35a30"
x-frame-options: SAMEORIGIN
content-type: image/png
x-varnish: 597672246 597737475
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 04 Dec 2024 18:35:07 GMT

GET
H2 200 grid_mobile_app.jpg
www.civista.bank/assets/files/fSPZASNf/ 59 KB
60 KB 555ms
552ms Image
image/jpeg 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/files/fSPZASNf/grid_mobile_app.jpg

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

998da1e65a145fb491f05db115a5da5442c31e14c25dbb63de9718c9b10245c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: cb97c027051f0440
age: 0
x-varnish-hitmiss: MISS
x-envoy-upstream-service-time: 8
content-disposition: filename="grid_mobile_app.jpg"
x-varnish-count: 0
x-xss-protection: 1; mode=block
x-request-id: 137d5082-686d-9393-985b-b354dee8328b
last-modified: Mon, 23 Apr 2018 20:48:10 GMT
server: nginx
etag: "f4b6a9a8bc56f5725f88c939186bf431"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
x-varnish: 512523546
cache-control: private
accept-ranges: bytes
expires: Tue, 05 Dec 2023 18:48:11 GMT

GET
H2 200 Grid_Shoppers_1.jpg
www.civista.bank/assets/files/olyPCnCf/ 53 KB
54 KB 554ms
551ms Image
image/jpeg 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/files/olyPCnCf/Grid_Shoppers_1.jpg

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

11176922b89043f15f577e74217026353b8110969c3e6375afc31d9248c6ec5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: 76cda8a0312ec56f
age: 0
x-varnish-hitmiss: MISS
x-envoy-upstream-service-time: 7
content-disposition: filename="Grid_Shoppers_1.jpg"
x-varnish-count: 0
x-xss-protection: 1; mode=block
x-request-id: b32e46c5-4d5c-9d2d-b4cb-a37f767d9b11
last-modified: Wed, 11 Dec 2019 14:59:52 GMT
server: nginx
etag: "2665cd71842e07183177f6efcb3e527d"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
x-varnish: 598232344
cache-control: private
accept-ranges: bytes
expires: Tue, 05 Dec 2023 18:48:11 GMT

GET
H2 200 Grid_shopowner_blkwoman_1.jpg
www.civista.bank/assets/files/mC4b1XP8/ 49 KB
50 KB 552ms
550ms Image
image/jpeg 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/files/mC4b1XP8/Grid_shopowner_blkwoman_1.jpg

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

9f3736528278e5b8675b41d2eede4bbff5e2f4bc93cf623d62d79de819a26f66

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: a59b2311cc1ef42c
age: 0
x-varnish-hitmiss: MISS
x-envoy-upstream-service-time: 6
content-disposition: filename="Grid_shopowner_blkwoman_1.jpg"
x-varnish-count: 0
x-xss-protection: 1; mode=block
x-request-id: b7493e99-9f40-9998-99a8-ca41d2aa04b6
last-modified: Wed, 11 Dec 2019 14:59:51 GMT
server: nginx
etag: "fffab18e3679b25341739b29c0d1e481"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
x-varnish: 514272894
cache-control: private
accept-ranges: bytes
expires: Tue, 05 Dec 2023 18:48:11 GMT

GET
H2 200 civista-tagline.svg
www.civista.bank/assets/img/ 5 KB
2 KB 548ms
546ms Image
image/svg+xml 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/img/civista-tagline.svg

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

bb26bd7da4f067c4040e6080cf3dcdd9b61f96f9a28e3e47a83e36b677d815d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=16070400
via: varnish
x-b3-traceid: f291237f62fc12f4
age: 1153
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="civista-tagline.svg"
content-length: 1529
x-xss-protection: 1; mode=block
x-request-id: ef47bf39-a78b-94b3-96db-e38091146594
x-varnish-count: 59
last-modified: Mon, 28 Aug 2023 13:33:29 GMT
server: nginx
etag: "f153187b27f053016801a7204cb84160"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
x-varnish: 329911918 327969889
cache-control: public, max-age=0
accept-ranges: bytes
expires: Tue, 05 Dec 2023 18:28:57 GMT

GET
H2 200 phone-icon.svg
www.civista.bank/assets/img/ 357 B
833 B 547ms
545ms Image
image/svg+xml 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/img/phone-icon.svg

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

51ea59b3afccd2310d1520a22ad1f2ad5e3d4835faea3371b682fad727174a55

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
content-encoding: gzip
x-b3-traceid: 1826255237809575
age: 1422
via: varnish
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="phone-icon.svg"
content-length: 271
x-xss-protection: 1; mode=block
x-request-id: d56fadf2-3d0e-9f39-bf93-7d63c6e2de2d
x-varnish-count: 83
last-modified: Mon, 28 Aug 2023 13:33:29 GMT
server: nginx
etag: "7f2350fa9b894bf590a3d36119154bd4"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
x-varnish: 597359474 597022307
cache-control: public, max-age=0
accept-ranges: bytes
expires: Tue, 05 Dec 2023 18:24:28 GMT

GET
H2 200 location-icon.svg
www.civista.bank/assets/img/ 455 B
852 B 549ms
547ms Image
image/svg+xml 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/img/location-icon.svg

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

b7f41e48325490ed45989eeabd75a7f6846d0961b55ddefb41c508e614b36323

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=16070400
via: varnish
x-b3-traceid: 9f5aae94ce571d61
age: 1422
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="location-icon.svg"
content-length: 289
x-xss-protection: 1; mode=block
x-request-id: 88aeb4e4-6e2b-9b2e-8155-997f61a3f326
x-varnish-count: 71
last-modified: Mon, 28 Aug 2023 13:33:29 GMT
server: nginx
etag: "7036e69dd5ffb4108612242fdea83ac7"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
x-varnish: 598654913 596800410
cache-control: public, max-age=0
accept-ranges: bytes
expires: Tue, 05 Dec 2023 18:24:28 GMT

GET
H2 200 jquery.min.js Show response
www.civista.bank/assets/js/ 86 KB
31 KB 308ms
303ms Script
application/javascript 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.civista.bank/assets/js/jquery.min.js

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

794a9f4e50e2d7bdc08c8667306093df59340c34d9da9c90faf82bf466d4089a

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=16070400
via: varnish
x-b3-traceid: b3c0f3fb08a6ac5d
age: 1432
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="jquery.min.js"
content-length: 30943
x-xss-protection: 1; mode=block
x-request-id: b64070f2-f0d1-94b0-a577-769224d2b34c
x-varnish-count: 74
last-modified: Mon, 28 Aug 2023 13:33:28 GMT
server: nginx
etag: "6cd24b024a26d71b724d4591c2557251"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
x-varnish: 329911916 327350796
cache-control: public, max-age=0
accept-ranges: bytes
expires: Tue, 05 Dec 2023 18:24:18 GMT

GET
H2 200 script.min.js Show response
www.civista.bank/assets/js/ 141 KB
37 KB 550ms
548ms Script
application/javascript 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.civista.bank/assets/js/script.min.js

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

f0d3c514978da4ae042567cb511f332d42c39f6b9ee448ffc1b96566599871a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
content-encoding: gzip
x-b3-traceid: f234c15f4cfa23d5
age: 1306
via: varnish
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="script.min.js"
content-length: 36979
x-xss-protection: 1; mode=block
x-request-id: c2aa8de2-5819-9a6c-a331-ebc2824418ea
x-varnish-count: 64
last-modified: Mon, 28 Aug 2023 13:33:28 GMT
server: nginx
etag: "76be477d21e35c7e5ca0da7d521269e8"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
x-varnish: 596899203 595736982
cache-control: public, max-age=0
accept-ranges: bytes
expires: Tue, 05 Dec 2023 18:26:24 GMT

GET
H2 200 disclaimers.js Show response
www.civista.bank/assets/target/ 3 KB
2 KB 546ms
544ms Script
application/javascript 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.civista.bank/assets/target/disclaimers.js?bh=d34662

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

e62bdb1248c7e4d856eb804738ef310e28d3d8b4a9ef40bccb0a5059a61313d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=16070400
via: varnish
x-b3-traceid: 47bf317356857c97
age: 73971
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-length: 1400
x-xss-protection: 1; mode=block
x-request-id: 3a4ed3e8-fd10-94fd-9d4f-737807e1ee44
x-varnish-count: 829
last-modified: Fri, 01 Dec 2023 20:24:26 GMT
server: nginx
etag: "1ae488413f4116ac9d8fb0e028d94ca4"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
x-varnish: 597741654 579956403
cache-control: public, max-age=15552000
accept-ranges: bytes
expires: Sat, 01 Jun 2024 22:15:19 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 310 KB
97 KB 87ms
45ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5JSBQT

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

dacae89080a67aeece2f8a738d8012ae3968c4991c08a843e865fd2fe504e3c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 99488
x-xss-protection: 0
last-modified: Tue, 05 Dec 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 05 Dec 2023 18:48:11 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 1 KB
806 B 73ms
46ms Script
application/javascript 2a02:26f0:3500:16::215:148d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:148d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

96271179d44086ad6cfba78c4788e3ac34dac8c8bfd18d2c2226d12d5abd0063

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 04 Dec 2023 13:47:16 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=59735
accept-ranges: bytes
content-length: 596

GET
H2 200 Icons.woff2
www.civista.bank/assets/font/ 4 KB
4 KB 547ms
547ms Font
application/octet-stream 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.civista.bank/assets/font/Icons.woff2

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/assets/css/main.min.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

8ecb9dd92f240ddac622fb56fcaae3ec8ae803a3d83d6e6fa6a463b621891193

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.civista.bank/assets/css/main.min.css
Origin: https://www.civista.bank
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: 9edc06549d68a71e
age: 1306
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="Icons.woff2"
content-length: 3736
x-xss-protection: 1; mode=block
x-request-id: 12d328f2-7f19-9b31-8693-3834000c9437
x-varnish-count: 69
last-modified: Mon, 28 Aug 2023 13:33:29 GMT
server: nginx
etag: "78bf8f5e7bcdfba17c261b5b27a1799e"
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
x-varnish: 514889789 513198082
cache-control: public, max-age=0
accept-ranges: bytes
expires: Tue, 05 Dec 2023 18:26:24 GMT

GET
H2 200 insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 31 KB
12 KB 17ms
16ms Script
application/javascript 2a02:26f0:3500:16::215:148d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.old.min.js

Requested by

Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:148d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

15838004d5e196b563a00a0ba16ce432fed6deb3dd4fab7122601f2c4f41560a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 04 Dec 2023 13:47:15 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=59703
accept-ranges: bytes
content-length: 12150

POST
H2 200 visitor_config Show response
api.glia.com/ 12 KB
14 KB 123ms
121ms XHR
application/json 2600:9000:2190:5000:17:4c3f:1b80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.glia.com/visitor_config?referrer=https%3A%2F%2Fwww.civista.bank%2F&

Requested by

Host: cds-sdkcfg.onlineaccess1.com
URL: https://cds-sdkcfg.onlineaccess1.com/common.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2190:5000:17:4c3f:1b80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

82f2c050a779d693c08f80a84d8966bc940f5e4d58f61ccd3586660e5507c1af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.civista.bank/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 cd66c5a89ae3376f15c155e3b52a758c.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-cache: Miss from cloudfront
content-length: 12752
access-control-max-age: 7200
access-control-allow-methods: ["GET, POST, PUT, PATCH, OPTIONS, HEAD, DELETE"]
content-type: application/json
access-control-allow-origin: https://www.civista.bank
access-control-expose-headers
cache-control: no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
vary: Origin
x-site-visitor-config: true
access-control-allow-headers: Content-Type, Accept, Authorization
x-amz-cf-id: 6Sjv0mICu8Rp0BMj-cHAwaiPsrcoB6r9XjYsQ6R0v48UY54qVdB3_g==

POST
H2 204 collect
region1.analytics.google.com/g/ 0
255 B 166ms
14ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-6ZSG1S7BHC&gtm=45je3bt0v874458427&_p=1701802090985&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=2033370224.1701802091&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1701802091&sct=1&seg=0&dl=https%3A%2F%2Fwww.civista.bank%2F&dt=Civista%20Bank%20%3E%20Focused%20On%20You&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1501
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-6ZSG1S7BHC
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 18:48:11 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.civista.bank
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
255 B 168ms
17ms Ping
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-6ZSG1S7BHC&cid=2033370224.1701802091&gtm=45je3bt0v874458427&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-6ZSG1S7BHC
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 18:48:11 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.civista.bank
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 175ms
32ms Image
image/gif 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-6ZSG1S7BHC&cid=2033370224.1701802091&gtm=45je3bt0v874458427&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=647116323

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 18:48:11 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1930026&time=1701802091115&url=https%3A%2F%2Fwww.civista.bank%2F
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1930026&time=1701802091115&url=https%3A%2F%2Fwww.civista.bank%2F&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1930026%26time%3D1701802091115%26url%3Dhttps%253A%252F%252Fwww.civista.bank%252F%...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1930026&time=1701802091115&url=https%3A%2F%2Fwww.civista.bank%2F&cookiesTest=true&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1930026&time=1701802091115&url=https%3A%2F%2Fwww.civista.bank%2F&cookiesTest=true&liSync=true&e_ipv6=AQIlAn8whFSn-gAAAYw7TyUTg_48gADMZyonwQhW8Sv6...

0
265 B

249ms
207ms

Image
application/javascript

13.107.43.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1930026&time=1701802091115&url=https%3A%2F%2Fwww.civista.bank%2F&cookiesTest=true&liSync=true&e_ipv6=AQIlAn8whFSn-gAAAYw7TyUTg_48gADMZyonwQhW8Sv6gRDhilsh823otBKOz8ZYshDymCGi1yxfRSnfZFK4yqQPZa0IMg
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Server: 13.107.43.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:12 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 7DA6928B40504A2EB04457D7D90CD5F6 Ref B: VIEEDGE1817 Ref C: 2023-12-05T18:48:11Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYLx60sWIJWZXPL1Acjsw==

Redirect headers

date: Tue, 05 Dec 2023 18:48:11 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 7D7D90FC513049AF8AEF08E4840DD0E3 Ref B: FRAEDGE1807 Ref C: 2023-12-05T18:48:11Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1930026&time=1701802091115&url=https%3A%2F%2Fwww.civista.bank%2F&cookiesTest=true&liSync=true&e_ipv6=AQIlAn8whFSn-gAAAYw7TyUTg_48gADMZyonwQhW8Sv6gRDhilsh823otBKOz8ZYshDymCGi1yxfRSnfZFK4yqQPZa0IMg
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYLx60otZxrEPu4Mp5zDQ==

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 202 KB
55 KB 144ms
8ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), otp-credentials=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 05 Dec 2023 18:48:11 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 54273
x-xss-protection: 0
reporting-endpoints: coep_report="https://www.facebook.com/browser_reporting/?minimize=0"
pragma: public
x-fb-debug: SeB0xSuJ4tFbZ70FR5VdQkX/0Tc9YYOmXh/edp+P1utw93WDU4H9CndTjCLgkGL6GCuySZf6j1SoA9cvc2AyWg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 up.js Show response
up.pixel.ad/assets/ 3 KB
2 KB 154ms
18ms Script
application/javascript 41.63.96.2
LLNW

General

Check archive.org

Show headers Download Go to

Full URL: https://up.pixel.ad/assets/up.js?um=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JSBQT
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 41.63.96.2 Frankfurt am Main, Germany, ASN22822 (LLNW, US),
Reverse DNS: https-41-63-96-2.hhn.llnw.net
Software: AC1.1 /
Resource Hash: 25b33a7a853f39e447b14be3e6662ccbb0fbce73620bf7778d194cb3fef1d3ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
content-encoding: gzip
last-modified: Wed, 16 Mar 2022 16:22:21 GMT
server: AC1.1
age: 405466
vary: accept-encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 1550
x-llid: 06472f0983bdc830682a425a38c2172d

GET
H2 200 c34dbe20-7fec-0137-6130-067f653fa718 Show response
tag.simpli.fi/sifitag/ 0
447 B 151ms
15ms Script
application/javascript 35.204.89.238
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.simpli.fi/sifitag/c34dbe20-7fec-0137-6130-067f653fa718
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JSBQT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.204.89.238 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 238.89.204.35.bc.googleusercontent.com
Software: openresty /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 18:48:11 GMT
server: openresty
content-type: application/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
x-request-id: F54D_Eg0X73mMkBTH9ZB
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 85214ef0-8b0a-0137-e8b9-06a9ed4ca31b Show response
tag.simpli.fi/sifitag/ 3 KB
2 KB 151ms
16ms Script
application/javascript 35.204.89.238
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.simpli.fi/sifitag/85214ef0-8b0a-0137-e8b9-06a9ed4ca31b
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JSBQT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.204.89.238 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 238.89.204.35.bc.googleusercontent.com
Software: openresty /
Resource Hash: 67ac4b2652a4b1479731dbd28536a6995de913a4e14f48630a4d766544b151a7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 18:48:11 GMT
content-encoding: gzip
server: openresty
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
x-request-id: F54D_Eg2xpG3_9tE_ryC
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5503186%2C1930026&time=1701802091127&url=https%3A%2F%2Fwww.civista.bank%2F&tm=gtmv2
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5503186%2C1930026&time=1701802091127&url=https%3A%2F%2Fwww.civista.bank%2F&tm=gtmv2&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D5503186%252C1930026%26time%3D1701802091127%26url%3Dhttps%253A%252F%252Fwww.civist...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5503186%2C1930026&time=1701802091127&url=https%3A%2F%2Fwww.civista.bank%2F&tm=gtmv2&cookiesTest=true&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=5503186%2C1930026&time=1701802091127&url=https%3A%2F%2Fwww.civista.bank%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQLNmId-huLSUAAAAYw7TyWCF...

0
143 B

204ms
204ms

Image
application/javascript

13.107.43.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=5503186%2C1930026&time=1701802091127&url=https%3A%2F%2Fwww.civista.bank%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQLNmId-huLSUAAAAYw7TyWCFH5AeFQDV2aQa1_8zZDm-gOatkenlGjKT6ihFyhSKKc8wjZrwxUZEV507sSg8O9a6kMajQ
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Server: 13.107.43.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:12 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: A16FBC2CF778452A81B5AD4EB1A2D6A6 Ref B: VIEEDGE1817 Ref C: 2023-12-05T18:48:12Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYLx60tTa5vwo5H64+Qqg==

Redirect headers

date: Tue, 05 Dec 2023 18:48:11 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: BD381D86A47048A8965B3028C4D78919 Ref B: FRAEDGE1807 Ref C: 2023-12-05T18:48:11Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=5503186%2C1930026&time=1701802091127&url=https%3A%2F%2Fwww.civista.bank%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQLNmId-huLSUAAAAYw7TyWCFH5AeFQDV2aQa1_8zZDm-gOatkenlGjKT6ihFyhSKKc8wjZrwxUZEV507sSg8O9a6kMajQ
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYLx60qbNGTPdyUszrSew==

GET
H2 200 bootstrapper-fb051d12e.js Show response
libs.salemove.com/visitor/ 635 KB
165 KB 75ms
15ms Script
application/javascript 2600:9000:2127:4a00:0:99b9:cd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://libs.salemove.com/visitor/bootstrapper-fb051d12e.js

Requested by

Host: api.glia.com
URL: https://api.glia.com/salemove_integration.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2127:4a00:0:99b9:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

180d581f3cec69f0245e5c81e7cf068681f9b8e821c9f2ee601bb85803c04200

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 13:06:44 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
via: 1.1 7df0d6b4ce8f8b155434dd5d830b76be.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 20488
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 05 Dec 2023 12:28:59 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:c1069f3e6821e94809d4b4194c763a43
etag: W/"c1069f3e6821e94809d4b4194c763a43"
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method,Origin
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: WLTHy530PItZeDRKEJq4YIdWTGP9l2KLAsVihS-7mxujvXxTNFv_OQ==

GET
H2 200 c4554380-8d79-0138-1abd-06a60fe5fe77 Show response
tag.simpli.fi/sifitag/ 0
246 B 16ms
15ms Script
application/javascript 35.204.89.238
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.simpli.fi/sifitag/c4554380-8d79-0138-1abd-06a60fe5fe77
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JSBQT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.204.89.238 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 238.89.204.35.bc.googleusercontent.com
Software: openresty /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 18:48:11 GMT
server: openresty
content-type: application/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
x-request-id: F54D_EmDRqZS7jRTH9cB
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 a415d490-8d7a-0138-2e8e-06abc14c0bc6 Show response
tag.simpli.fi/sifitag/ 3 KB
1 KB 16ms
16ms Script
application/javascript 35.204.89.238
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.simpli.fi/sifitag/a415d490-8d7a-0138-2e8e-06abc14c0bc6
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JSBQT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.204.89.238 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 238.89.204.35.bc.googleusercontent.com
Software: openresty /
Resource Hash: 69b83ab1af39a754922825e1f6759725a5f86cb9d572ad69b38668e1e2c3de1d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 18:48:11 GMT
content-encoding: gzip
server: openresty
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
x-request-id: F54D_EmDRs3ubM5E_r3C
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 152066585500691 Show response
connect.facebook.net/signals/config/ 116 KB
31 KB 81ms
80ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/152066585500691?v=2.9.138&r=stable&domain=www.civista.bank

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f10e9c0a33a080645f78215348a1bbdfc1edcda847c728ba55bace9fe2a8320b

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), otp-credentials=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 05 Dec 2023 18:48:11 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coep_report="https://www.facebook.com/browser_reporting/?minimize=0"
pragma: public
x-fb-debug: qbGwmewMITKwEsUJP1Pol+h6/5UYjeibXdKBFoTurHryk18fNTsrvoaqBSQ3Uq9/griRUkH1TIEBxFStMDoQ8w==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 6f7f3220-e3ae-0137-600b-06659b33d47c Show response
tag.simpli.fi/sifitag/ 0
245 B 16ms
15ms Script
application/javascript 35.204.89.238
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.simpli.fi/sifitag/6f7f3220-e3ae-0137-600b-06659b33d47c
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JSBQT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.204.89.238 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 238.89.204.35.bc.googleusercontent.com
Software: openresty /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 18:48:11 GMT
server: openresty
content-type: application/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
x-request-id: F54D_ErLR03ziDBE_r8C
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 p Show response
i.simpli.fi/ 798 B
761 B 22ms
15ms Script
application/javascript 35.204.89.238
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.simpli.fi/p?cid=216143&cb=sifi_att_42656._hp
Requested by: Host: tag.simpli.fi
URL: https://tag.simpli.fi/sifitag/85214ef0-8b0a-0137-e8b9-06a9ed4ca31b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.204.89.238 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 238.89.204.35.bc.googleusercontent.com
Software: openresty /
Resource Hash: 764658eba5c1dd7af6cded2ca8fac7551ee59053ae7c7b1307bc1cf5600e824c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 18:48:11 GMT
content-encoding: gzip
server: openresty
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 b0e18e80-92fd-0138-2f00-06abc14c0bc6 Show response
tag.simpli.fi/sifitag/ 3 KB
1 KB 16ms
15ms Script
application/javascript 35.204.89.238
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.simpli.fi/sifitag/b0e18e80-92fd-0138-2f00-06abc14c0bc6
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JSBQT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.204.89.238 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 238.89.204.35.bc.googleusercontent.com
Software: openresty /
Resource Hash: f8e9bdeb7d15c402a8b58ef1ad9fb370a5399110b1c54d9b0bde53bb4a4736a9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 18:48:11 GMT
content-encoding: gzip
server: openresty
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
x-request-id: F54D_ErPzVq5ibdE_r9C
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 webcomponents_es5-fb051d12e.js Show response
libs.salemove.com/visitor/ 936 B
1 KB 13ms
13ms Script
application/javascript 2600:9000:2127:4a00:0:99b9:cd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://libs.salemove.com/visitor/webcomponents_es5-fb051d12e.js

Requested by

Host: libs.salemove.com
URL: https://libs.salemove.com/visitor/bootstrapper-fb051d12e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2127:4a00:0:99b9:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

832dbd199f70ade357e88a3f5d32920c8c63e69258dc173d3b261686320895db

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 13:06:45 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
via: 1.1 7df0d6b4ce8f8b155434dd5d830b76be.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 20487
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 936
last-modified: Tue, 05 Dec 2023 12:28:59 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:f86098c5208655efb405300993461936
etag: "f86098c5208655efb405300993461936"
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin
content-type: application/javascript
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: hIzAJ9uN75Jz892KF8UQoO_HrE-48br5NedjekO12AeHNzBZF-akOQ==

GET
H2 200 a5c88610-92fd-0138-2f00-06abc14c0bc6 Show response
tag.simpli.fi/sifitag/ 0
245 B 15ms
15ms Script
application/javascript 35.204.89.238
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.simpli.fi/sifitag/a5c88610-92fd-0138-2f00-06abc14c0bc6
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JSBQT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.204.89.238 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 238.89.204.35.bc.googleusercontent.com
Software: openresty /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 18:48:11 GMT
server: openresty
content-type: application/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
x-request-id: F54D_EysrzjipoNE_sAC
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 p Show response
i.simpli.fi/ 34 B
285 B 15ms
15ms Script
application/javascript 35.204.89.238
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.simpli.fi/p?cid=216143&cb=sifi_att_42656._hp
Requested by: Host: tag.simpli.fi
URL: https://tag.simpli.fi/sifitag/85214ef0-8b0a-0137-e8b9-06a9ed4ca31b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.204.89.238 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 238.89.204.35.bc.googleusercontent.com
Software: openresty /
Resource Hash: e09104e2d44f1a94518d3115e39e60dec46fd3486d07db5a0c815c434a7899f6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 18:48:11 GMT
content-encoding: gzip
server: openresty
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 8e57bf60-92fc-0138-1b41-06a60fe5fe77 Show response
tag.simpli.fi/sifitag/ 3 KB
1 KB 16ms
16ms Script
application/javascript 35.204.89.238
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.simpli.fi/sifitag/8e57bf60-92fc-0138-1b41-06a60fe5fe77
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JSBQT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.204.89.238 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 238.89.204.35.bc.googleusercontent.com
Software: openresty /
Resource Hash: 640f788e740207fea509698cb157f42a3126f70211439f7847629f927ebfb1e8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 18:48:11 GMT
content-encoding: gzip
server: openresty
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
x-request-id: F54D_Ey3KtSQaVtE_sCC
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

204

/
s.ad.smaato.net/c/
Redirect Chain

https://um.simpli.fi/smaato
https://s.ad.smaato.net/c/?dspInit=1001136&dspCookie=03FB0DEB38E043B88B7FF11F3E0E55D3

0
236 B

77ms
30ms

Image
text/plain

2600:9000:2362:7400:1b:5138:8a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ad.smaato.net/c/?dspInit=1001136&dspCookie=03FB0DEB38E043B88B7FF11F3E0E55D3
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Server: 2600:9000:2362:7400:1b:5138:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: CloudFront /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
cache-control: no-cache, must-revalidate
via: 1.1 3c40a0775e2798dc9f20a237d0225e44.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: 2lIqcOgolT6MAkupe4Wtgpna3H29ZD0XELVQqUBkPsru6-pFYJV8sw==
x-cache: Miss from cloudfront

Redirect headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://s.ad.smaato.net/c/?dspInit=1001136&dspCookie=03FB0DEB38E043B88B7FF11F3E0E55D3
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Mon, 04 Dec 2023 18:48:11 GMT

GET
H2

200

RX-8df60451-5f48-4b9b-8e62-ccf96a11c8aa-003
sync.targeting.unrulymedia.com/csync/
Redirect Chain

https://um.simpli.fi/nexxen
https://sync.1rx.io/usersync/simplifi/03FB0DEB38E043B88B7FF11F3E0E55D3
https://sync.1rx.io/usersync/simplifi/03FB0DEB38E043B88B7FF11F3E0E55D3?zcc=1&cb=1701802091444
https://sync.targeting.unrulymedia.com/csync/RX-8df60451-5f48-4b9b-8e62-ccf96a11c8aa-003

43 B
378 B

41ms
15ms

Image
image/gif

46.228.174.117
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.targeting.unrulymedia.com/csync/RX-8df60451-5f48-4b9b-8e62-ccf96a11c8aa-003
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Server: 46.228.174.117 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
content-length: 43
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"

Redirect headers

location: https://sync.targeting.unrulymedia.com/csync/RX-8df60451-5f48-4b9b-8e62-ccf96a11c8aa-003
pragma: no-cache
date: Tue, 05 Dec 2023 18:48:11 GMT
cache-control: no-store, no-cache, must-revalidate
expires: 0
content-type: text/html

GET
H2

200

xuid
eb2.3lift.com/
Redirect Chain

https://um.simpli.fi/triplelift
https://eb2.3lift.com/xuid?mid=7969&xuid=03FB0DEB38E043B88B7FF11F3E0E55D3&dongle=yf3

37 B
140 B

27ms
8ms

Image
image/gif

76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=7969&xuid=03FB0DEB38E043B88B7FF11F3E0E55D3&dongle=yf3
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

Redirect headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://eb2.3lift.com/xuid?mid=7969&xuid=03FB0DEB38E043B88B7FF11F3E0E55D3&dongle=yf3
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Mon, 04 Dec 2023 18:48:11 GMT

GET
H2

200

sync
simplifi.partners.tremorhub.com/
Redirect Chain

https://um.simpli.fi/telaria_p
https://simplifi.partners.tremorhub.com/sync?UISF=03FB0DEB38E043B88B7FF11F3E0E55D3

43 B
175 B

372ms
117ms

Image
image/gif

2600:1f18:612b:4280:bda1:9df6:36cc:93
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simplifi.partners.tremorhub.com/sync?UISF=03FB0DEB38E043B88B7FF11F3E0E55D3
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Server: 2600:1f18:612b:4280:bda1:9df6:36cc:93 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
date: Tue, 05 Dec 2023 18:48:11 GMT
server: nginx
content-type: image/gif

Redirect headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://simplifi.partners.tremorhub.com/sync?UISF=03FB0DEB38E043B88B7FF11F3E0E55D3
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Mon, 04 Dec 2023 18:48:11 GMT

GET
H2

200

check
pixel.tapad.com/idsync/ex/receive/
Redirect Chain

https://um.simpli.fi/tapad
https://pixel.tapad.com/idsync/ex/receive?partner_id=2305&partner_device_id=03FB0DEB38E043B88B7FF11F3E0E55D3
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=03FB0DEB38E043B88B7FF11F3E0E55D3

95 B
427 B

20ms
19ms

Image
image/png

34.111.113.62
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=03FB0DEB38E043B88B7FF11F3E0E55D3

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Server

34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

62.113.111.34.bc.googleusercontent.com

Software

Jetty(11.0.13) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: Jetty(11.0.13)
content-type: image/png
access-control-allow-origin: *
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95

Redirect headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: Jetty(11.0.13)
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
access-control-allow-origin: *
location: https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=03FB0DEB38E043B88B7FF11F3E0E55D3
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

200

empty.gif
um.simpli.fi/
Redirect Chain

https://um.simpli.fi/ad_advisor
https://aa.agkn.com/adscores/g.pixel?sid=9201915418&sifi_uid=03FB0DEB38E043B88B7FF11F3E0E55D3
https://d.agkn.com/pixel/10751/?che=1701802091521&ip=138.199.38.133&l1=https%3A%2F%2Fum.simpli.fi%2Faa_px%3Fsk%3D219563204721004128953
https://um.simpli.fi/aa_px?sk=219563204721004128953
https://um.simpli.fi/empty.gif

43 B
361 B

15ms
14ms

Image
image/gif

35.204.158.49
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/empty.gif

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Server

35.204.158.49 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

49.158.204.35.bc.googleusercontent.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43

Redirect headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: /empty.gif
access-control-allow-origin: *
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142

GET
H2

403

ProfilesEngineServlet
sync.intentiq.com/profiles_engine/
Redirect Chain

https://um.simpli.fi/intentiq
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=03FB0DEB38E043B88B7FF11F3E0E55D3

0
0

57ms
12ms

Image
text/html

65.9.95.58
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=03FB0DEB38E043B88B7FF11F3E0E55D3
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Server: 65.9.95.58 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-95-58.prg50.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Redirect headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=03FB0DEB38E043B88B7FF11F3E0E55D3
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Mon, 04 Dec 2023 18:48:11 GMT

GET
H2 200 pubmatic
um.simpli.fi/ 43 B
409 B 21ms
20ms Image
image/gif 35.204.158.49
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.204.158.49 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

49.158.204.35.bc.googleusercontent.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Mon, 04 Dec 2023 18:48:11 GMT

GET
H2 200 freewheel
um.simpli.fi/ 43 B
409 B 22ms
21ms Image
image/gif 35.204.158.49
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/freewheel

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.204.158.49 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

49.158.204.35.bc.googleusercontent.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Mon, 04 Dec 2023 18:48:11 GMT

GET
H2

200

engine
pbid.pro-market.net/
Redirect Chain

https://um.simpli.fi/dtnx
https://fei.pro-market.net/engine?du=24;csync=03FB0DEB38E043B88B7FF11F3E0E55D3;mimetype=img;
https://fei.pro-market.net/engine?du=24;csync=03FB0DEB38E043B88B7FF11F3E0E55D3;mimetype=img;sr
https://cm.g.doubleclick.net/pixel?google_nid=datonics-ddp&google_cm&google_hm=NjgyODc1NjI3NDI3MTk2NDE1NA==
https://pbid.pro-market.net/engine?du=53&mimetype=img&google_gid=CAESEOvDFsO6rdIrKEOjCGsU9lM&google_cver=1

43 B
383 B

16ms
15ms

Image
image/gif

2600:1901:0:8eee::
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pbid.pro-market.net/engine?du=53&mimetype=img&google_gid=CAESEOvDFsO6rdIrKEOjCGsU9lM&google_cver=1
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Server: 2600:1901:0:8eee:: Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 3331a0486cb3e8a75c8c2fdf02bf80fd8fe2b811dfe5c7b4aa892d38bfcf604a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 18:48:10 GMT
via: 1.1 google
server: Apache-Coyote/1.1
anserver: gapp-eu-5.c.datonics-gcp-01.internal
p3p: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
access-control-allow-origin: *
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 43
expires: Mon, 1 Jan 1990 0:0:0 GMT

Redirect headers

pragma: no-cache
date: Tue, 05 Dec 2023 18:48:11 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://pbid.pro-market.net/engine?du=53&mimetype=img&google_gid=CAESEOvDFsO6rdIrKEOjCGsU9lM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 315
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

204

/
loadm.exelator.com/load/
Redirect Chain

https://um.simpli.fi/exelatem
https://loadm.exelator.com/load/?p=204&g=2191&simid=03FB0DEB38E043B88B7FF11F3E0E55D3&j=0
https://loadm.exelator.com/load/?p=204&g=2191&simid=03FB0DEB38E043B88B7FF11F3E0E55D3&j=0&xl8blockcheck=1

0
771 B

11ms
11ms

Image
text/plain

18.198.126.47
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://loadm.exelator.com/load/?p=204&g=2191&simid=03FB0DEB38E043B88B7FF11F3E0E55D3&j=0&xl8blockcheck=1
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Server: 18.198.126.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-198-126-47.eu-central-1.compute.amazonaws.com
Software: nginx / Undertow/1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA

Redirect headers

date: Tue, 05 Dec 2023 18:48:11 GMT
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
location: https://loadm.exelator.com/load/?p=204&g=2191&simid=03FB0DEB38E043B88B7FF11F3E0E55D3&j=0&xl8blockcheck=1
content-type: image/gif
cache-control: no-cache
access-control-allow-credentials: true
content-length: 0

GET
H2 200 yahoo
um.simpli.fi/ 43 B
409 B 30ms
29ms Image
image/gif 35.204.158.49
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/yahoo

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.204.158.49 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

49.158.204.35.bc.googleusercontent.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Mon, 04 Dec 2023 18:48:11 GMT

GET
H/1.1

204

sync
sync.bfmio.com/
Redirect Chain

https://um.simpli.fi/beachfront
https://sync.bfmio.com/sync?pid=141&uid=03FB0DEB38E043B88B7FF11F3E0E55D3

0
421 B

400ms
91ms

Image
text/plain

52.3.119.146
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.bfmio.com/sync?pid=141&uid=03FB0DEB38E043B88B7FF11F3E0E55D3
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: HTTP/1.1
Server: 52.3.119.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-3-119-146.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Connection: keep-alive
Date: Tue, 05 Dec 2023 18:48:10 GMT

Redirect headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://sync.bfmio.com/sync?pid=141&uid=03FB0DEB38E043B88B7FF11F3E0E55D3
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Mon, 04 Dec 2023 18:48:11 GMT

GET
H2

200

29931
stags.bluekai.com/site/
Redirect Chain

https://um.simpli.fi/bluekai
https://stags.bluekai.com/site/29931?id=03FB0DEB38E043B88B7FF11F3E0E55D3

62 B
445 B

191ms
154ms

Image
image/gif

2.19.244.177
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://stags.bluekai.com/site/29931?id=03FB0DEB38E043B88B7FF11F3E0E55D3
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Server: 2.19.244.177 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-19-244-177.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
date: Tue, 05 Dec 2023 18:48:11 GMT
content-length: 62
content-type: image/gif

Redirect headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://stags.bluekai.com/site/29931?id=03FB0DEB38E043B88B7FF11F3E0E55D3
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Mon, 04 Dec 2023 18:48:11 GMT

GET
H2

404

tpid=03FB0DEB38E043B88B7FF11F3E0E55D3
bcp.crwdcntrl.net/map/c=7625/tp=SIMP/
Redirect Chain

https://um.simpli.fi/crwdcntrl
https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=03FB0DEB38E043B88B7FF11F3E0E55D3

49 B
265 B

106ms
33ms

Image
image/gif

34.241.138.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=03FB0DEB38E043B88B7FF11F3E0E55D3
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Server: 34.241.138.233 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-241-138-233.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 18:48:11 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.4.36
content-length: 49
expires: 0

Redirect headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=03FB0DEB38E043B88B7FF11F3E0E55D3
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Mon, 04 Dec 2023 18:48:11 GMT

GET
H/1.1

204
No Content

merge
ce.lijit.com/
Redirect Chain

https://um.simpli.fi/lj_match
https://ce.lijit.com/merge?pid=2&3pid=03FB0DEB38E043B88B7FF11F3E0E55D3

0
311 B

70ms
22ms

Image
text/plain

216.52.2.86
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=2&3pid=03FB0DEB38E043B88B7FF11F3E0E55D3
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: HTTP/1.1
Server: 216.52.2.86 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Expires: Fri, 20 Mar 2009 00:00:00 GMT
Pragma: no-cache
Date: Tue, 05 Dec 2023 18:48:11 GMT
X-MERGE: GDPR Optout true
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap4ams1
P3P: CP="CUR ADM OUR NOR STA NID"

Redirect headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://ce.lijit.com/merge?pid=2&3pid=03FB0DEB38E043B88B7FF11F3E0E55D3
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Mon, 04 Dec 2023 18:48:11 GMT

GET
H2

451

419566.gif
idsync.rlcdn.com/
Redirect Chain

https://um.simpli.fi/liveramp_match
https://idsync.rlcdn.com/419566.gif?partner_uid=03FB0DEB38E043B88B7FF11F3E0E55D3

0
98 B

42ms
16ms

Image
text/plain

35.244.174.68
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/419566.gif?partner_uid=03FB0DEB38E043B88B7FF11F3E0E55D3
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Server: 35.244.174.68 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

Redirect headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://idsync.rlcdn.com/419566.gif?partner_uid=03FB0DEB38E043B88B7FF11F3E0E55D3
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Mon, 04 Dec 2023 18:48:11 GMT

GET
H2

200

/
www.google.de/pagead/1p-conversion/1026675585/
Redirect Chain

https://www.googleadservices.com/pagead/conversion/1026675585/?random=1701802091321&cv=7&fst=1701802091321&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1026675585/?random=1579668347&cv=7&fst=1701802091321&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&ocp_id=...
https://www.google.com/pagead/1p-conversion/1026675585/?random=1579668347&cv=7&fst=1701802091321&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&sscte=1&crd=&pscrd=IhMIi5yK6...
https://www.google.de/pagead/1p-conversion/1026675585/?random=1579668347&cv=7&fst=1701802091321&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&sscte=1&crd=&pscrd=IhMIi5yK6f...

42 B
154 B

23ms
22ms

Image
image/gif

2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/1026675585/?random=1579668347&cv=7&fst=1701802091321&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&sscte=1&crd=&pscrd=IhMIi5yK6fr4ggMV8w2iAx1idAe2&is_vtc=1&ocp_id=a3BvZcu6F_ObiM0P4uidsAs&cid=CAQSKQDICaaN30HnMh8Ko3Ikc1d6SA52eZQmalglnUI-QUp-mWFLFg75-fPs&random=1768908303&ipr=y

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 18:48:11 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 05 Dec 2023 18:48:11 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-conversion/1026675585/?random=1579668347&cv=7&fst=1701802091321&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&sscte=1&crd=&pscrd=IhMIi5yK6fr4ggMV8w2iAx1idAe2&is_vtc=1&ocp_id=a3BvZcu6F_ObiM0P4uidsAs&cid=CAQSKQDICaaN30HnMh8Ko3Ikc1d6SA52eZQmalglnUI-QUp-mWFLFg75-fPs&random=1768908303&ipr=y
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 spotx_match
um.simpli.fi/ 0
272 B 31ms
30ms Image
text/plain 35.204.158.49
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/spotx_match

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.204.158.49 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

49.158.204.35.bc.googleusercontent.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS

GET
H2

200

bounce
ib.adnxs.com/
Redirect Chain

https://um.simpli.fi/an
https://ib.adnxs.com/setuid?entity=66&code=03FB0DEB38E043B88B7FF11F3E0E55D3
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3D03FB0DEB38E043B88B7FF11F3E0E55D3

43 B
892 B

12ms
12ms

Image
image/gif

37.252.171.85
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3D03FB0DEB38E043B88B7FF11F3E0E55D3

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Server

37.252.171.85 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 18:48:11 GMT
an-x-request-uuid: 18e3af83-fd2d-4e5c-9376-03e55f467721
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 138.199.38.133; 138.199.38.133; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 05 Dec 2023 18:48:11 GMT
an-x-request-uuid: 986781fd-5a4a-4850-9d4d-df667dcf5197
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3D03FB0DEB38E043B88B7FF11F3E0E55D3
cache-control: no-store, no-cache, private
x-proxy-origin: 138.199.38.133; 138.199.38.133; 1006.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/
Redirect Chain

https://um.simpli.fi/rb_match
https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=03FB0DEB38E043B88B7FF11F3E0E55D3&expires=365

0
239 B

34ms
9ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=03FB0DEB38E043B88B7FF11F3E0E55D3&expires=365
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: HTTP/1.1
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 5b959e9b7aef6dd90a6fa539ca64ac62
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=03FB0DEB38E043B88B7FF11F3E0E55D3&expires=365
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Mon, 04 Dec 2023 18:48:11 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://um.simpli.fi/ox_match
https://us-u.openx.net/w/1.0/sd?id=537072966&val=03FB0DEB38E043B88B7FF11F3E0E55D3

43 B
264 B

40ms
23ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072966&val=03FB0DEB38E043B88B7FF11F3E0E55D3
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 18:48:11 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://us-u.openx.net/w/1.0/sd?id=537072966&val=03FB0DEB38E043B88B7FF11F3E0E55D3
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Mon, 04 Dec 2023 18:48:11 GMT

GET
H2

204

g_match
um.simpli.fi/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm&google_sc
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm=&google_sc=&google_tc=
https://um.simpli.fi/g_match?id=&google_gid=CAESEE_kY3aqGohNMaNUeihzw0o&google_cver=1
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=03FB0DEB38E043B88B7FF11F3E0E55D3
https://um.simpli.fi/g_match?id=

0
320 B

14ms
14ms

Image
text/plain

35.204.158.49
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/g_match?id=

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Server

35.204.158.49 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

49.158.204.35.bc.googleusercontent.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Mon, 04 Dec 2023 18:48:11 GMT

Redirect headers

pragma: no-cache
date: Tue, 05 Dec 2023 18:48:11 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://um.simpli.fi/g_match?id=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 229
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bf17e430-b891-0138-1e9f-06a60fe5fe77 Show response
tag.simpli.fi/sifitag/ 0
246 B 16ms
15ms Script
application/javascript 35.204.89.238
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.simpli.fi/sifitag/bf17e430-b891-0138-1e9f-06a60fe5fe77
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JSBQT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.204.89.238 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 238.89.204.35.bc.googleusercontent.com
Software: openresty /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 18:48:11 GMT
server: openresty
content-type: application/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
x-request-id: F54D_FMLXOxYd3hTH9mB
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 kernel.js Show response
kernel-serve.banno.com/ 6 KB
6 KB 366ms
253ms Script
application/javascript 52.189.67.130
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://kernel-serve.banno.com/kernel.js

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.189.67.130 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

7cae47a88d24c17da61cc71f1baf4614bee4655d81280c92fc2475747ce34230

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=15724800
etag: "13313E3976F35F88B2181A14ED86D18A"
content-length: 5713
content-type: application/javascript

GET
H2 200 d2164115
d21y75miwcfqoq.cloudfront.net/ 68 B
455 B 661ms
661ms Image
image/png 2600:9000:2127:f000:1b:ef38:3680:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d21y75miwcfqoq.cloudfront.net/d2164115
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2127:f000:1b:ef38:3680:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:12 GMT
x-amz-version-id: null
via: 1.1 168125097acf734cd7750e139a974b38.cloudfront.net (CloudFront)
last-modified: Wed, 17 Feb 2021 19:21:37 GMT
server: AmazonS3
x-amz-cf-pop: PRG50-C1
etag: "91e42db1c66c0b276abf6234dc50b2eb"
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 68
x-amz-cf-id: ZLPysg080BZXOTbRY8uFo1hgC4jIG6tuO-vciJbt5oAUIO2TnedZUQ==

GET
H2 200 082e7d60-b893-0138-1e9f-06a60fe5fe77 Show response
tag.simpli.fi/sifitag/ 3 KB
1 KB 15ms
15ms Script
application/javascript 35.204.89.238
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.simpli.fi/sifitag/082e7d60-b893-0138-1e9f-06a60fe5fe77
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JSBQT
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.204.89.238 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 238.89.204.35.bc.googleusercontent.com
Software: openresty /
Resource Hash: bdd3c7800965a7a57e7ff2e5b48ca51e532d6920d35c3ca03cd23962d84e3d0d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 18:48:11 GMT
content-encoding: gzip
server: openresty
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
x-request-id: F54D_FMZq9T1NHpTH9oB
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 2630065057249545 Show response
connect.facebook.net/signals/config/ 120 KB
31 KB 81ms
81ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/2630065057249545?v=2.9.138&r=stable&domain=www.civista.bank

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c9d23a52a58995ff5a110af912186b3c23e0efb95b9ac90daf726adcaf2effb0

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), otp-credentials=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 05 Dec 2023 18:48:11 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coep_report="https://www.facebook.com/browser_reporting/?minimize=0"
pragma: public
x-fb-debug: JVSEv9tEzbq03qQFIUhgugAom1/o8Q6qNi5cu4VUg2T7+PwDdcI/ETAjmHMFMUf0BwTx/AZ+5qAYcOkTSuBa+w==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 20ms
7ms Image
text/plain 2a03:2880:f177:185:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=152066585500691&ev=PageView&dl=https%3A%2F%2Fwww.civista.bank&rl=&if=false&ts=1701802091461&sw=1600&sh=1200&v=2.9.138&r=stable&ec=0&o=4124&fbp=fb.1.1701802091459.2138892889&pm=1&hrl=9fc523&ler=empty&it=1701802091305&coo=false&cs_cc=1&rqm=GET

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 05 Dec 2023 18:48:11 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 visitor-app.85b5c859.min.js Show response
libs.salemove.com/ 686 KB
198 KB 13ms
13ms Script
application/javascript 2600:9000:2127:4a00:0:99b9:cd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://libs.salemove.com/visitor-app.85b5c859.min.js

Requested by

Host: libs.salemove.com
URL: https://libs.salemove.com/visitor/bootstrapper-fb051d12e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2127:4a00:0:99b9:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

06379a5856668548f0a4ef088a085f11529ca908e85ed70d6bafac01f09efe68

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 08:35:52 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
via: 1.1 7df0d6b4ce8f8b155434dd5d830b76be.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 36740
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 05 Dec 2023 08:08:18 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:3ed039ff6ec68e63c937cbef7ffab5f5
etag: W/"3ed039ff6ec68e63c937cbef7ffab5f5"
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method,Origin
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: 0UvHaf6CNFYHT1ZMdVfTs8QWpiJci_FDoTZju0lggMnJy_LvYzsPDQ==

GET
H2 200 visitor-app.85b5c859.default.css
libs.salemove.com/ 206 KB
30 KB 25ms
25ms Stylesheet
text/css 2600:9000:2127:4a00:0:99b9:cd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://libs.salemove.com/visitor-app.85b5c859.default.css

Requested by

Host: libs.salemove.com
URL: https://libs.salemove.com/visitor/bootstrapper-fb051d12e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2127:4a00:0:99b9:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

54a36ace3d2d860fd3e4f5e0d59f43b6653c4c2ba6fd87ce73e2d3fc22b61a52

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 08:35:52 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
via: 1.1 7df0d6b4ce8f8b155434dd5d830b76be.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 36740
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 05 Dec 2023 08:08:18 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:593e94f08cd3472f4bd4420fc198b2a7
etag: W/"593e94f08cd3472f4bd4420fc198b2a7"
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method,Origin
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: xBByWTZtq34Mbo2TzkpIEOkca8UHri9ixjIXDcYC7z5fs5oz73B42Q==

GET
H2 200 515a094e70ede9 Show response
api.salemove.com/visitor_app/85b5c859/sites/e7b986f0-08c0-465d-87ee-8fe6d30c005b/custom_locales/civista-custom/ 14 KB
14 KB 93ms
29ms XHR
application/json 2600:9000:2190:5000:17:4c3f:1b80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.salemove.com/visitor_app/85b5c859/sites/e7b986f0-08c0-465d-87ee-8fe6d30c005b/custom_locales/civista-custom/515a094e70ede9

Requested by

Host: cds-sdkcfg.onlineaccess1.com
URL: https://cds-sdkcfg.onlineaccess1.com/common.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2190:5000:17:4c3f:1b80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a101e8ebc59e3c586a31ac2e44a6318936dc3cda8853178aad2c5438d8ce85a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 09:07:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
via: 1.1 a4f3f56409fe4e0b42683dc15dd52ef8.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
age: 34852
x-cache: Hit from cloudfront
content-length: 13839
access-control-max-age: 7200
access-control-allow-methods: GET, POST, PUT, PATCH, OPTIONS, HEAD, DELETE
content-type: application/json
access-control-allow-origin: https://www.civista.bank
access-control-expose-headers
cache-control: public, max-age=31536000
vary: Origin
access-control-allow-headers: Content-Type, Accept, Authorization
x-amz-cf-id: _K43kjZ5Oj_5IEdXi9O0y656SZoG2iyvySpO5Ex1eniWYqtdM1ffZA==

GET
H2 200 gva-custom-chat-renderer.9ee1ee1.js Show response
libs.salemove.com/ 23 KB
8 KB 24ms
24ms Script
application/javascript 2600:9000:2127:4a00:0:99b9:cd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://libs.salemove.com/gva-custom-chat-renderer.9ee1ee1.js

Requested by

Host: libs.salemove.com
URL: https://libs.salemove.com/visitor/bootstrapper-fb051d12e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2127:4a00:0:99b9:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

a19e35c238665b103fff54c0a89023a450c1d40f5cd58e01a7f5e5616d9aace7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 25 Oct 2023 07:42:24 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
via: 1.1 7df0d6b4ce8f8b155434dd5d830b76be.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 3582348
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Wed, 25 Oct 2023 07:25:06 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:0f7fb6803bd6390810b1bd3849ed1eca
etag: W/"0f7fb6803bd6390810b1bd3849ed1eca"
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method,Origin
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-id: nJAhWoQ6fr9vRP5iqMrbVXhsz0Od34R8Y_nHQDDUgF8fLdoHXpOYXA==

GET
H2 200 gva-custom-chat-renderer.9ee1ee1.css
libs.salemove.com/ 8 KB
2 KB 24ms
24ms Stylesheet
text/css 2600:9000:2127:4a00:0:99b9:cd80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://libs.salemove.com/gva-custom-chat-renderer.9ee1ee1.css

Requested by

Host: libs.salemove.com
URL: https://libs.salemove.com/visitor/bootstrapper-fb051d12e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2127:4a00:0:99b9:cd80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

d7e3733c4cb4fbd606eb5ce52c0ff6dbc8e175e2fb2b8199ea0387339f425186

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 25 Oct 2023 07:42:24 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
content-encoding: gzip
via: 1.1 7df0d6b4ce8f8b155434dd5d830b76be.cloudfront.net (CloudFront)
x-amz-cf-pop: PRG50-C1
age: 3582348
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Wed, 25 Oct 2023 07:25:06 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:4c01dddd167e508399fb3f31894d95f0
etag: W/"4c01dddd167e508399fb3f31894d95f0"
vary: Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method,Origin
content-type: text/css
cache-control: max-age=31536000
x-amz-cf-id: 4Xc6b18B6ouvFf9n66O0rUMGk815g6GPgSmHTn1zoSgCrirW5Nd_8w==

GET
H2 200 disclaimer Show response
www.civista.bank/_/api/ 1 KB
1 KB 129ms
128ms XHR
application/json 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.civista.bank/_/api/disclaimer

Requested by

Host: cds-sdkcfg.onlineaccess1.com
URL: https://cds-sdkcfg.onlineaccess1.com/common.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

6142858266eb1e6ca87ffb0c951ac2877f342bbc4f03552adf8193c7ccbb79ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://www.civista.bank/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=16070400
via: varnish
x-b3-traceid: f5b5611e3e2411d5
age: 0
x-varnish-ttl: 0.000
x-varnish-hitmiss: MISS
x-envoy-upstream-service-time: 5
content-length: 598
x-xss-protection: 1; mode=block
x-request-id: 56134753-b8da-9e43-8ec7-de0c6b1cc666
x-varnish-count: 0
server: nginx
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
x-varnish: 599298115
cache-control: public, max-age=0
accept-ranges: bytes
expires: Tue, 05 Dec 2023 18:48:11 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 7ms
7ms Image
text/plain 2a03:2880:f177:185:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=2630065057249545&ev=PageView&dl=https%3A%2F%2Fwww.civista.bank&rl=&if=false&ts=1701802091594&sw=1600&sh=1200&v=2.9.138&r=stable&ec=0&o=4124&fbp=fb.1.1701802091459.2138892889&pm=1&hrl=2973f7&ler=empty&it=1701802091305&coo=false&cs_cc=1&cas=5696318427105191%2C4014554915333592&rqm=GET

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 05 Dec 2023 18:48:11 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 facebook.svg
www.civista.bank/assets/img/ 420 B
851 B 123ms
123ms Image
image/svg+xml 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/img/facebook.svg

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/assets/css/main.min.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

58510900dc15eb6d4bc049131d6ed32f65889177e6feed5c6ddc219a8161aeb0

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/assets/css/main.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
content-encoding: gzip
x-b3-traceid: f162a1cf4846ec0b
age: 1263
via: varnish
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="facebook.svg"
content-length: 292
x-xss-protection: 1; mode=block
x-request-id: 16315cc3-c753-9339-9109-ee5465ec09f1
x-varnish-count: 45
last-modified: Mon, 28 Aug 2023 13:33:29 GMT
server: nginx
etag: "19e68ea7440cb99e2ad43295467f882c"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
x-varnish: 597418229 597933507
cache-control: public, max-age=0
accept-ranges: bytes
expires: Tue, 05 Dec 2023 18:27:08 GMT

GET
H2 200 apple-icon.svg
www.civista.bank/assets/img/ 485 B
870 B 125ms
125ms Image
image/svg+xml 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/img/apple-icon.svg

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/assets/css/main.min.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

86f21077af6a18a17c863919c55f3a30e9339b6b37179219b1fef19f41f7a1a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/assets/css/main.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=16070400
via: varnish
x-b3-traceid: 1b8589ad90201015
age: 1454
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="apple-icon.svg"
content-length: 310
x-xss-protection: 1; mode=block
x-request-id: ebcdb1b4-cc19-9ce1-a5f5-68a6f65bce35
x-varnish-count: 58
last-modified: Mon, 28 Aug 2023 13:33:28 GMT
server: nginx
etag: "e7431a65df9ec7f076f72d302ec5e751"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
x-varnish: 512356213 436852689
cache-control: public, max-age=0
accept-ranges: bytes
expires: Tue, 05 Dec 2023 18:23:57 GMT

GET
H2 200 google-play-icon.svg
www.civista.bank/assets/img/ 764 B
995 B 124ms
124ms Image
image/svg+xml 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.civista.bank/assets/img/google-play-icon.svg

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/assets/css/main.min.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

3d0123a14cf02aebfdad7a564809ce0fc8cd3f4436b273fdcb4cc346d8f19284

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/assets/css/main.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=16070400
via: varnish
x-b3-traceid: 5cc8b45df831e901
age: 1444
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="google-play-icon.svg"
content-length: 430
x-xss-protection: 1; mode=block
x-request-id: cec77586-9d2d-961e-8fb4-94ce97b3065a
x-varnish-count: 52
last-modified: Mon, 28 Aug 2023 13:33:29 GMT
server: nginx
etag: "41b489bf0483ccc25ec610902255fe6e"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
x-varnish: 598909248 597932409
cache-control: public, max-age=0
accept-ranges: bytes
expires: Tue, 05 Dec 2023 18:24:07 GMT

GET
DATA 200
OK truncated
/ 89 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 50e6072d26098d48004a30addeecabd5b22b91e5ccdf9dd86f96459783e3ac23

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

asyncPixelSync Show response
pixel.sitescout.com/dmp/ Frame 19AE
Redirect Chain

https://pixel.sitescout.com/dmp/asyncPixelSync
https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1

1 KB
2 KB

17ms
17ms

Document
text/html

98.98.134.241
ZEN-ECN

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 98.98.134.241 , United States, ASN21859 (ZEN-ECN, US),
Reverse DNS
Software: A /
Resource Hash: 6421d343b097400aa3538e7f88e99ac382b1a298b51ddbd0ee8dd7c0c9492524

Request headers

Referer: https://www.civista.bank/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=0,no-cache,no-store
content-length: 1174
content-type: text/html;charset=UTF-8
date: Tue, 05 Dec 2023 18:48:11 GMT
expires: Tue, 11 Oct 1977 12:34:56 GMT
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
server: A

Redirect headers

content-length: 0
date: Tue, 05 Dec 2023 18:48:11 GMT
location: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1
server: A

GET
H2

200

36982fd7215fac8e
pixel.sitescout.com/up/
Redirect Chain

https://pixel.sitescout.com/up/36982fd7215fac8e?cntr_url=https%3A%2F%2Fwww.civista.bank%2F
https://pixel.sitescout.com/up/36982fd7215fac8e?cookieQ=1&cntr_url=https%3A%2F%2Fwww.civista.bank%2F

43 B
417 B

19ms
18ms

Image
image/gif

98.98.134.241
ZEN-ECN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.sitescout.com/up/36982fd7215fac8e?cookieQ=1&cntr_url=https%3A%2F%2Fwww.civista.bank%2F
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Server: 98.98.134.241 , United States, ASN21859 (ZEN-ECN, US),
Reverse DNS
Software: AC1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 18:48:11 GMT
server: AC1.1
content-type: image/gif
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
cache-control: max-age=0,no-cache,no-store
content-length: 43
expires: Tue, 11 Oct 1977 12:34:56 GMT

Redirect headers

location: https://pixel.sitescout.com/up/36982fd7215fac8e?cookieQ=1&cntr_url=https%3A%2F%2Fwww.civista.bank%2F
date: Tue, 05 Dec 2023 18:48:11 GMT
server: AC1.1
content-length: 0

GET
H2

200

asyncPixelSync Show response
pixel.sitescout.com/dmp/ Frame 24A2
Redirect Chain

https://pixel.sitescout.com/dmp/asyncPixelSync
https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1

1 KB
2 KB

14ms
14ms

Document
text/html

98.98.134.241
ZEN-ECN

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 98.98.134.241 , United States, ASN21859 (ZEN-ECN, US),
Reverse DNS
Software: A /
Resource Hash: 6421d343b097400aa3538e7f88e99ac382b1a298b51ddbd0ee8dd7c0c9492524

Request headers

Referer: https://www.civista.bank/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=0,no-cache,no-store
content-length: 1174
content-type: text/html;charset=UTF-8
date: Tue, 05 Dec 2023 18:48:11 GMT
expires: Tue, 11 Oct 1977 12:34:56 GMT
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
server: A

Redirect headers

content-length: 0
date: Tue, 05 Dec 2023 18:48:11 GMT
location: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1
server: A

GET
H2

200

b9b3db3266ee4d75
pixel.sitescout.com/up/
Redirect Chain

https://pixel.sitescout.com/up/b9b3db3266ee4d75?cntr_url=https%3A%2F%2Fwww.civista.bank%2F
https://pixel.sitescout.com/up/b9b3db3266ee4d75?cookieQ=1&cntr_url=https%3A%2F%2Fwww.civista.bank%2F

43 B
417 B

18ms
17ms

Image
image/gif

98.98.134.241
ZEN-ECN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.sitescout.com/up/b9b3db3266ee4d75?cookieQ=1&cntr_url=https%3A%2F%2Fwww.civista.bank%2F
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Server: 98.98.134.241 , United States, ASN21859 (ZEN-ECN, US),
Reverse DNS
Software: AC1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 18:48:11 GMT
server: AC1.1
content-type: image/gif
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
cache-control: max-age=0,no-cache,no-store
content-length: 43
expires: Tue, 11 Oct 1977 12:34:56 GMT

Redirect headers

location: https://pixel.sitescout.com/up/b9b3db3266ee4d75?cookieQ=1&cntr_url=https%3A%2F%2Fwww.civista.bank%2F
date: Tue, 05 Dec 2023 18:48:11 GMT
server: AC1.1
content-length: 0

GET
H2

200

asyncPixelSync Show response
pixel.sitescout.com/dmp/ Frame 5043
Redirect Chain

https://pixel.sitescout.com/dmp/asyncPixelSync
https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1

1 KB
2 KB

16ms
16ms

Document
text/html

98.98.134.241
ZEN-ECN

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 98.98.134.241 , United States, ASN21859 (ZEN-ECN, US),
Reverse DNS
Software: A /
Resource Hash: 6421d343b097400aa3538e7f88e99ac382b1a298b51ddbd0ee8dd7c0c9492524

Request headers

Referer: https://www.civista.bank/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=0,no-cache,no-store
content-length: 1174
content-type: text/html;charset=UTF-8
date: Tue, 05 Dec 2023 18:48:11 GMT
expires: Tue, 11 Oct 1977 12:34:56 GMT
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
server: A

Redirect headers

content-length: 0
date: Tue, 05 Dec 2023 18:48:11 GMT
location: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1
server: A

GET
H2

200

eb55ff7c1f7ae19f
pixel.sitescout.com/up/
Redirect Chain

https://pixel.sitescout.com/up/eb55ff7c1f7ae19f?cntr_url=https%3A%2F%2Fwww.civista.bank%2F
https://pixel.sitescout.com/up/eb55ff7c1f7ae19f?cookieQ=1&cntr_url=https%3A%2F%2Fwww.civista.bank%2F

43 B
417 B

20ms
20ms

Image
image/gif

98.98.134.241
ZEN-ECN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.sitescout.com/up/eb55ff7c1f7ae19f?cookieQ=1&cntr_url=https%3A%2F%2Fwww.civista.bank%2F
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Server: 98.98.134.241 , United States, ASN21859 (ZEN-ECN, US),
Reverse DNS
Software: AC1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 18:48:11 GMT
server: AC1.1
content-type: image/gif
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
cache-control: max-age=0,no-cache,no-store
content-length: 43
expires: Tue, 11 Oct 1977 12:34:56 GMT

Redirect headers

location: https://pixel.sitescout.com/up/eb55ff7c1f7ae19f?cookieQ=1&cntr_url=https%3A%2F%2Fwww.civista.bank%2F
date: Tue, 05 Dec 2023 18:48:11 GMT
server: AC1.1
content-length: 0

GET
H2

200

asyncPixelSync Show response
pixel.sitescout.com/dmp/ Frame C743
Redirect Chain

https://pixel.sitescout.com/dmp/asyncPixelSync
https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1

1 KB
2 KB

14ms
14ms

Document
text/html

98.98.134.241
ZEN-ECN

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 98.98.134.241 , United States, ASN21859 (ZEN-ECN, US),
Reverse DNS
Software: A /
Resource Hash: 6421d343b097400aa3538e7f88e99ac382b1a298b51ddbd0ee8dd7c0c9492524

Request headers

Referer: https://www.civista.bank/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=0,no-cache,no-store
content-length: 1174
content-type: text/html;charset=UTF-8
date: Tue, 05 Dec 2023 18:48:11 GMT
expires: Tue, 11 Oct 1977 12:34:56 GMT
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
server: A

Redirect headers

content-length: 0
date: Tue, 05 Dec 2023 18:48:11 GMT
location: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1
server: A

GET
H2

200

aedb6fde05d12965
pixel.sitescout.com/up/
Redirect Chain

https://pixel.sitescout.com/up/aedb6fde05d12965?cntr_url=https%3A%2F%2Fwww.civista.bank%2F
https://pixel.sitescout.com/up/aedb6fde05d12965?cookieQ=1&cntr_url=https%3A%2F%2Fwww.civista.bank%2F

43 B
417 B

21ms
21ms

Image
image/gif

98.98.134.241
ZEN-ECN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.sitescout.com/up/aedb6fde05d12965?cookieQ=1&cntr_url=https%3A%2F%2Fwww.civista.bank%2F
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Server: 98.98.134.241 , United States, ASN21859 (ZEN-ECN, US),
Reverse DNS
Software: AC1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 18:48:11 GMT
server: AC1.1
content-type: image/gif
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
cache-control: max-age=0,no-cache,no-store
content-length: 43
expires: Tue, 11 Oct 1977 12:34:56 GMT

Redirect headers

location: https://pixel.sitescout.com/up/aedb6fde05d12965?cookieQ=1&cntr_url=https%3A%2F%2Fwww.civista.bank%2F
date: Tue, 05 Dec 2023 18:48:11 GMT
server: AC1.1
content-length: 0

GET
H2 200 asyncPixelSync Show response
pixel.sitescout.com/dmp/ Frame 150B 1 KB
2 KB 15ms
15ms Document
text/html 98.98.134.241
ZEN-ECN

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.sitescout.com/dmp/asyncPixelSync
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 98.98.134.241 , United States, ASN21859 (ZEN-ECN, US),
Reverse DNS
Software: A /
Resource Hash: 6421d343b097400aa3538e7f88e99ac382b1a298b51ddbd0ee8dd7c0c9492524

Request headers

Referer: https://www.civista.bank/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=0,no-cache,no-store
content-length: 1174
content-type: text/html;charset=UTF-8
date: Tue, 05 Dec 2023 18:48:11 GMT
expires: Tue, 11 Oct 1977 12:34:56 GMT
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
server: A

GET
H2 200 e53a95db421da9c8
pixel.sitescout.com/up/ 43 B
417 B 19ms
19ms Image
image/gif 98.98.134.241
ZEN-ECN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.sitescout.com/up/e53a95db421da9c8?cntr_url=https%3A%2F%2Fwww.civista.bank%2F
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 98.98.134.241 , United States, ASN21859 (ZEN-ECN, US),
Reverse DNS
Software: AC1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 18:48:11 GMT
server: AC1.1
content-type: image/gif
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
cache-control: max-age=0,no-cache,no-store
content-length: 43
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2

200

demconf.jpg
dpm.demdex.net/ Frame 24A2
Redirect Chain

https://dpm.demdex.net/ibs:dpid=82530&dpuuid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent=
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent=

42 B
717 B

34ms
33ms

Image
image/gif

54.75.61.252
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent=

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Server

54.75.61.252 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-75-61-252.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

dcs: dcs-prod-irl1-1-v054-04590bf15.edge-irl1.demdex.com 2 ms
pragma: no-cache
date: Tue, 05 Dec 2023 18:48:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: rvOlZwaVTeo=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

dcs: dcs-prod-irl1-1-v054-0603339eb.edge-irl1.demdex.com 0 ms
pragma: no-cache
date: Tue, 05 Dec 2023 18:48:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-tid: hwLD4/kOQzM=
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent=
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H3 200 receive
pixel.tapad.com/idsync/ex/ Frame 24A2 95 B
124 B 26ms
25ms Image
image/png 34.111.113.62
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive?partner_id=2499&partner_device_id=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Security

QUIC, , AES_128_GCM

Server

34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

62.113.111.34.bc.googleusercontent.com

Software

Jetty(11.0.13) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: Jetty(11.0.13)
content-type: image/png
access-control-allow-origin: *
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95

GET
H2 204 /
loadm.exelator.com/load/ Frame 24A2 0
620 B 10ms
8ms Image
text/plain 18.198.126.47
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://loadm.exelator.com/load/?p=204&g=700&j=0&buid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent=
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.198.126.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-198-126-47.eu-central-1.compute.amazonaws.com
Software: nginx / Undertow/1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA

GET
H2 451 384136.gif
idsync.rlcdn.com/ Frame 24A2 0
42 B 23ms
21ms Image
text/plain 35.244.174.68
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/384136.gif?partner_uid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent=
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 404 qmap
sync.crwdcntrl.net/ Frame 24A2 49 B
264 B 132ms
53ms Image
image/gif 54.170.64.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent=
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.170.64.73 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-170-64-73.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 18:48:12 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.3.143
content-length: 49
expires: 0

GET
H2

200

demconf.jpg
dpm.demdex.net/ Frame C743
Redirect Chain

https://dpm.demdex.net/ibs:dpid=82530&dpuuid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent=
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent=

42 B
717 B

36ms
34ms

Image
image/gif

54.75.61.252
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent=

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Server

54.75.61.252 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-75-61-252.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

dcs: dcs-prod-irl1-2-v054-074d8d8ae.edge-irl1.demdex.com 2 ms
pragma: no-cache
date: Tue, 05 Dec 2023 18:48:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: Q8QdcBMQQD0=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

dcs: dcs-prod-irl1-2-v054-034c53ac2.edge-irl1.demdex.com 0 ms
pragma: no-cache
date: Tue, 05 Dec 2023 18:48:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-tid: +2+pame6ThE=
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent=
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H3 200 receive
pixel.tapad.com/idsync/ex/ Frame C743 95 B
124 B 21ms
20ms Image
image/png 34.111.113.62
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive?partner_id=2499&partner_device_id=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858

Requested by

Host: pixel.sitescout.com
URL: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1

Protocol

Security

QUIC, , AES_128_GCM

Server

34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

62.113.111.34.bc.googleusercontent.com

Software

Jetty(11.0.13) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: Jetty(11.0.13)
content-type: image/png
access-control-allow-origin: *
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95

GET
H2 204 /
loadm.exelator.com/load/ Frame C743 0
620 B 10ms
8ms Image
text/plain 18.198.126.47
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://loadm.exelator.com/load/?p=204&g=700&j=0&buid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent=
Requested by: Host: pixel.sitescout.com
URL: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.198.126.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-198-126-47.eu-central-1.compute.amazonaws.com
Software: nginx / Undertow/1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA

GET
H2 451 384136.gif
idsync.rlcdn.com/ Frame C743 0
42 B 20ms
18ms Image
text/plain 35.244.174.68
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/384136.gif?partner_uid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent=
Requested by: Host: pixel.sitescout.com
URL: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 404 qmap
sync.crwdcntrl.net/ Frame C743 49 B
265 B 107ms
28ms Image
image/gif 54.170.64.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent=
Requested by: Host: pixel.sitescout.com
URL: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.170.64.73 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-170-64-73.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 18:48:12 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.29.27
content-length: 49
expires: 0

GET
H2

200

demconf.jpg
dpm.demdex.net/ Frame 5043
Redirect Chain

https://dpm.demdex.net/ibs:dpid=82530&dpuuid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent=
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent=

42 B
717 B

33ms
32ms

Image
image/gif

54.75.61.252
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent=

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Server

54.75.61.252 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-75-61-252.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

dcs: dcs-prod-irl1-1-v054-074995c50.edge-irl1.demdex.com 2 ms
pragma: no-cache
date: Tue, 05 Dec 2023 18:48:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: KhbldC8ESQE=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

dcs: dcs-prod-irl1-1-v054-097c24447.edge-irl1.demdex.com 0 ms
pragma: no-cache
date: Tue, 05 Dec 2023 18:48:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-tid: IiARpVckTq8=
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent=
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H3 200 receive
pixel.tapad.com/idsync/ex/ Frame 5043 95 B
124 B 26ms
25ms Image
image/png 34.111.113.62
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive?partner_id=2499&partner_device_id=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858

Requested by

Host: pixel.sitescout.com
URL: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1

Protocol

Security

QUIC, , AES_128_GCM

Server

34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

62.113.111.34.bc.googleusercontent.com

Software

Jetty(11.0.13) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: Jetty(11.0.13)
content-type: image/png
access-control-allow-origin: *
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95

GET
H2 204 /
loadm.exelator.com/load/ Frame 5043 0
620 B 10ms
9ms Image
text/plain 18.198.126.47
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://loadm.exelator.com/load/?p=204&g=700&j=0&buid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent=
Requested by: Host: pixel.sitescout.com
URL: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.198.126.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-198-126-47.eu-central-1.compute.amazonaws.com
Software: nginx / Undertow/1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA

GET
H2 451 384136.gif
idsync.rlcdn.com/ Frame 5043 0
42 B 22ms
21ms Image
text/plain 35.244.174.68
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/384136.gif?partner_uid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent=
Requested by: Host: pixel.sitescout.com
URL: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 404 qmap
sync.crwdcntrl.net/ Frame 5043 49 B
264 B 108ms
30ms Image
image/gif 54.170.64.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent=
Requested by: Host: pixel.sitescout.com
URL: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.170.64.73 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-170-64-73.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 18:48:12 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.7.171
content-length: 49
expires: 0

GET
H2

200

demconf.jpg
dpm.demdex.net/ Frame 19AE
Redirect Chain

https://dpm.demdex.net/ibs:dpid=82530&dpuuid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent=
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent=

42 B
717 B

33ms
31ms

Image
image/gif

54.75.61.252
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent=

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Server

54.75.61.252 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-75-61-252.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

dcs: dcs-prod-irl1-1-v054-026f8435a.edge-irl1.demdex.com 2 ms
pragma: no-cache
date: Tue, 05 Dec 2023 18:48:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: sAqI4hDATn0=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

dcs: dcs-prod-irl1-2-v054-077de999d.edge-irl1.demdex.com 0 ms
pragma: no-cache
date: Tue, 05 Dec 2023 18:48:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-tid: VNa6TyZhTVE=
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent=
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H3 200 receive
pixel.tapad.com/idsync/ex/ Frame 19AE 95 B
124 B 27ms
27ms Image
image/png 34.111.113.62
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive?partner_id=2499&partner_device_id=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858

Requested by

Host: pixel.sitescout.com
URL: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1

Protocol

Security

QUIC, , AES_128_GCM

Server

34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

62.113.111.34.bc.googleusercontent.com

Software

Jetty(11.0.13) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: Jetty(11.0.13)
content-type: image/png
access-control-allow-origin: *
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95

GET
H2 204 /
loadm.exelator.com/load/ Frame 19AE 0
620 B 9ms
8ms Image
text/plain 18.198.126.47
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://loadm.exelator.com/load/?p=204&g=700&j=0&buid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent=
Requested by: Host: pixel.sitescout.com
URL: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.198.126.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-198-126-47.eu-central-1.compute.amazonaws.com
Software: nginx / Undertow/1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA

GET
H2 451 384136.gif
idsync.rlcdn.com/ Frame 19AE 0
42 B 22ms
21ms Image
text/plain 35.244.174.68
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/384136.gif?partner_uid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent=
Requested by: Host: pixel.sitescout.com
URL: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 404 qmap
sync.crwdcntrl.net/ Frame 19AE 49 B
264 B 106ms
29ms Image
image/gif 54.170.64.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent=
Requested by: Host: pixel.sitescout.com
URL: https://pixel.sitescout.com/dmp/asyncPixelSync?cookieQ=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.170.64.73 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-170-64-73.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 18:48:12 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.4.36
content-length: 49
expires: 0

GET
H2

200

demconf.jpg
dpm.demdex.net/ Frame 150B
Redirect Chain

https://dpm.demdex.net/ibs:dpid=82530&dpuuid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent=
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent=

42 B
717 B

35ms
34ms

Image
image/gif

54.75.61.252
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent=

Requested by

Host: www.civista.bank
URL: https://www.civista.bank/

Protocol

Server

54.75.61.252 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-75-61-252.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

dcs: dcs-prod-irl1-2-v054-038fdd4b2.edge-irl1.demdex.com 2 ms
pragma: no-cache
date: Tue, 05 Dec 2023 18:48:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: EdDqfFYBT1M=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

dcs: dcs-prod-irl1-2-v054-09a33b2f9.edge-irl1.demdex.com 0 ms
pragma: no-cache
date: Tue, 05 Dec 2023 18:48:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-tid: Uc6lFtZ+S0s=
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent=
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H3 200 receive
pixel.tapad.com/idsync/ex/ Frame 150B 95 B
124 B 26ms
25ms Image
image/png 34.111.113.62
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive?partner_id=2499&partner_device_id=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858

Requested by

Host: pixel.sitescout.com
URL: https://pixel.sitescout.com/dmp/asyncPixelSync

Protocol

Security

QUIC, , AES_128_GCM

Server

34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

62.113.111.34.bc.googleusercontent.com

Software

Jetty(11.0.13) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: Jetty(11.0.13)
content-type: image/png
access-control-allow-origin: *
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95

GET
H2 204 /
loadm.exelator.com/load/ Frame 150B 0
620 B 9ms
8ms Image
text/plain 18.198.126.47
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://loadm.exelator.com/load/?p=204&g=700&j=0&buid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent=
Requested by: Host: pixel.sitescout.com
URL: https://pixel.sitescout.com/dmp/asyncPixelSync
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.198.126.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-198-126-47.eu-central-1.compute.amazonaws.com
Software: nginx / Undertow/1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA

GET
H2 451 384136.gif
idsync.rlcdn.com/ Frame 150B 0
42 B 22ms
22ms Image
text/plain 35.244.174.68
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/384136.gif?partner_uid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent=
Requested by: Host: pixel.sitescout.com
URL: https://pixel.sitescout.com/dmp/asyncPixelSync
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 404 qmap
sync.crwdcntrl.net/ Frame 150B 49 B
264 B 107ms
30ms Image
image/gif 54.170.64.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent=
Requested by: Host: pixel.sitescout.com
URL: https://pixel.sitescout.com/dmp/asyncPixelSync
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.170.64.73 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-170-64-73.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pixel.sitescout.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 05 Dec 2023 18:48:12 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.2.178
content-length: 49
expires: 0

GET
BLOB 200
OK 01ad52b0-8dcf-400d-bf2f-3e76654a3278
https://www.civista.bank/ 2 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.civista.bank/01ad52b0-8dcf-400d-bf2f-3e76654a3278
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1eec5d0bc72fba33ce753f6009a277e07041fb92d221ae5839bbc5e8fff1d0bb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Length: 2479
Content-Type: text/javascript

GET
H2 200 visit Show response
kernel-serve.banno.com/institutions/bd22c266-ec46-4d92-b47b-118400006986/profiles/d6519250-939e-11ee-9728-02426efeab2b/ 0
120 B 143ms
143ms Script
application/javascript 52.189.67.130
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://kernel-serve.banno.com/institutions/bd22c266-ec46-4d92-b47b-118400006986/profiles/d6519250-939e-11ee-9728-02426efeab2b/visit?keywords=Civista%20Bank,%20community%20bank,%20checking%20account,%20business%20account,%20loans,%20mortgage,%20commercial%20lending&url=https%3A%2F%2Fwww.civista.bank%2F

Requested by

Host: kernel-serve.banno.com
URL: https://kernel-serve.banno.com/kernel.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

52.189.67.130 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:12 GMT
cache-control: no-cache, no-store, max-age=0
strict-transport-security: max-age=15724800
content-length: 0
content-type: application/javascript

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
195 B 196ms
195ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: cds-sdkcfg.onlineaccess1.com
URL: https://cds-sdkcfg.onlineaccess1.com/common.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://www.civista.bank/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 05 Dec 2023 18:48:11 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 68898AF82007498BAAE8C401BBFB88E9 Ref B: FRAEDGE1807 Ref C: 2023-12-05T18:48:12Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
access-control-allow-origin: https://www.civista.bank
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYLx60vceyGCpkdODVgcw==

GET
H2 200 fonts.css Show response
www.civista.bank/assets/css/ 9 KB
2 KB 281ms
280ms XHR
text/css 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.civista.bank/assets/css/fonts.css?v=11242014

Requested by

Host: cds-sdkcfg.onlineaccess1.com
URL: https://cds-sdkcfg.onlineaccess1.com/common.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

8b169f3e534832ea2579d17af0e87c9b4a1beada4b7cae2ff04ec0475a293b76

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=16070400
via: varnish
x-b3-traceid: f71e7e5f920dbd72
age: 249
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 157
content-disposition: filename="fonts.css"
content-length: 1229
x-xss-protection: 1; mode=block
x-request-id: 9ec423d6-59a1-9d40-a843-62205604c212
x-varnish-count: 3
last-modified: Mon, 28 Aug 2023 13:33:28 GMT
server: nginx
etag: "63e8626f859ae3f3f53081028102163c"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
x-varnish: 597940395 597026561
cache-control: public, max-age=0
accept-ranges: bytes
expires: Tue, 05 Dec 2023 18:44:02 GMT

GET
H2 200 launcher.js Show response
widget.ellieservices.com/latest/ 150 KB
45 KB 694ms
570ms Script
application/javascript 52.222.139.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.ellieservices.com/latest/launcher.js?_=1701802091442
Requested by: Host: www.civista.bank
URL: https://www.civista.bank/assets/js/jquery.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.139.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-139-116.ams50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 059ce4240dfd40169375a005acc0a111c3a8cfe0fdf84b7575d971a04a1db6ae

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.civista.bank/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-amz-version-id: S9isk_SnBQPjNtaxNWy8IvmCETQvmLv.
content-encoding: gzip
via: 1.1 ab1d15e056bdcedbea349504173a4eca.cloudfront.net (CloudFront)
date: Tue, 05 Dec 2023 18:48:13 GMT
last-modified: Sun, 16 Oct 2022 04:43:15 GMT
server: AmazonS3
x-amz-cf-pop: AMS50-C1
x-amz-server-side-encryption: AES256
etag: W/"f579d437cfea72ee71a6ba6e1075d883"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
cache-control: max-age=0, no-cache
x-amz-cf-id: 9pdVEwpWzmJrFHaMJhI31r1R9d_avax0NHo8Rc7LvqSFyBkK_6CT_A==

GET
H2 200 opensans-regular-webfont.woff2
www.civista.bank/assets/font/ 19 KB
19 KB 125ms
125ms Font
application/octet-stream 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.civista.bank/assets/font/opensans-regular-webfont.woff2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

9b5ed0b80f1e8863ca53c388c08ed83f6c344759958d94114b48dc1ed8ff04a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.civista.bank/
Origin: https://www.civista.bank
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:12 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: bd59af528c1a28d4
age: 1367
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="opensans-regular-webfont.woff2"
content-length: 19004
x-xss-protection: 1; mode=block
x-request-id: edc7ecb3-a33e-91e3-aabb-16a8c3a945a5
x-varnish-count: 59
last-modified: Mon, 28 Aug 2023 13:33:29 GMT
server: nginx
etag: "89aa8f518c8d474c45236076313a3ebf"
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
x-varnish: 513237449 512935277
cache-control: public, max-age=0
accept-ranges: bytes
expires: Tue, 05 Dec 2023 18:25:25 GMT

GET
H2 200 opensans-semibold-webfont.woff2
www.civista.bank/assets/font/ 18 KB
19 KB 124ms
124ms Font
application/octet-stream 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.civista.bank/assets/font/opensans-semibold-webfont.woff2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

de29febadc11297da12225f1573bc8085cf502d83b6c3f299e5116a7d8b37923

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.civista.bank/
Origin: https://www.civista.bank
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:12 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: cdbb4988e1db96ad
age: 1455
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="opensans-semibold-webfont.woff2"
content-length: 18932
x-xss-protection: 1; mode=block
x-request-id: b1b719b3-fb15-9d19-886d-d5db6d7e7fe8
x-varnish-count: 71
last-modified: Mon, 28 Aug 2023 13:33:29 GMT
server: nginx
etag: "1b3ca172cfd099356ca0d363c30e471f"
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
x-varnish: 596899223 594862760
cache-control: public, max-age=0
accept-ranges: bytes
expires: Tue, 05 Dec 2023 18:23:57 GMT

GET
H2 200 35C04F_0_0.woff2
www.civista.bank/assets/font/ 18 KB
19 KB 126ms
126ms Font
application/octet-stream 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.civista.bank/assets/font/35C04F_0_0.woff2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

180f75ca3c0aa05e9a774b4da426906d94482dfacd303ffda30764b5aa88ee69

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.civista.bank/
Origin: https://www.civista.bank
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:12 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: 3237f74bbfbc1aaf
age: 1385
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="35C04F_0_0.woff2"
content-length: 18787
x-xss-protection: 1; mode=block
x-request-id: b52b644b-efe0-9b93-897f-d63683d2e6bd
x-varnish-count: 66
last-modified: Mon, 28 Aug 2023 13:33:29 GMT
server: nginx
etag: "3508806e183e28ba1849427c3500a212"
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
x-varnish: 514984758 514033687
cache-control: public, max-age=0
accept-ranges: bytes
expires: Tue, 05 Dec 2023 18:25:06 GMT

GET
H2 200 35C04F_2_0.woff2
www.civista.bank/assets/font/ 29 KB
30 KB 126ms
126ms Font
application/octet-stream 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.civista.bank/assets/font/35C04F_2_0.woff2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

915ab15e9b29ce608d8662463d299af37af61c9e43315d84da930e4b7edd8235

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.civista.bank/
Origin: https://www.civista.bank
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:12 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: 9b93fc28f437097a
age: 1394
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="35C04F_2_0.woff2"
content-length: 29753
x-xss-protection: 1; mode=block
x-request-id: 82e10c3c-8945-9026-abf2-c937fc2454df
x-varnish-count: 65
last-modified: Mon, 28 Aug 2023 13:33:29 GMT
server: nginx
etag: "f9a55dbcc892ea915d51a46e46ed6bd9"
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
x-varnish: 514596678 511536387
cache-control: public, max-age=0
accept-ranges: bytes
expires: Tue, 05 Dec 2023 18:24:57 GMT

GET
H2 200 35C04F_1_0.woff2
www.civista.bank/assets/font/ 20 KB
21 KB 127ms
127ms Font
application/octet-stream 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.civista.bank/assets/font/35C04F_1_0.woff2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

4cb5d9360d204bbfdb346c1d2c8c0ddffc8bbea569c267b4754710df62477018

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.civista.bank/
Origin: https://www.civista.bank
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:12 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: 2c9a8dd5812fe183
age: 1264
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="35C04F_1_0.woff2"
content-length: 20805
x-xss-protection: 1; mode=block
x-request-id: a498f86c-b3d1-9885-aad0-b0b6bdc847e3
x-varnish-count: 39
last-modified: Mon, 28 Aug 2023 13:33:29 GMT
server: nginx
etag: "6a149c71b2799c43a653a7e8bf1bc549"
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
x-varnish: 329038665 328553736
cache-control: public, max-age=0
accept-ranges: bytes
expires: Tue, 05 Dec 2023 18:27:07 GMT

GET
H2 200 opensans-italic-webfont.woff2
www.civista.bank/assets/font/ 20 KB
21 KB 126ms
125ms Font
application/octet-stream 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.civista.bank/assets/font/opensans-italic-webfont.woff2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

4de18cf416fbb483a6c1b38200f53fca68c55fadd39a169956aaecdc79d8121d

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.civista.bank/
Origin: https://www.civista.bank
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:12 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: e372b3398e8617ab
age: 1009
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="opensans-italic-webfont.woff2"
content-length: 20804
x-xss-protection: 1; mode=block
x-request-id: 6c0ff7e7-53ef-9997-aed4-72b4d89f5133
x-varnish-count: 36
last-modified: Mon, 28 Aug 2023 13:33:29 GMT
server: nginx
etag: "09963ae993cd857d757e269dbaad71dc"
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
x-varnish: 328398151 328779724
cache-control: public, max-age=0
accept-ranges: bytes
expires: Tue, 05 Dec 2023 18:31:23 GMT

GET
H2 200 opensans-bold-webfont.woff2
www.civista.bank/assets/font/ 19 KB
20 KB 124ms
124ms Font
application/octet-stream 20.118.17.184
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.civista.bank/assets/font/opensans-bold-webfont.woff2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

20.118.17.184 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

nginx /

Resource Hash

4928f1ccc81d958e1cd88865ac953eceefc06b1f090336f48b3ff95c1e25cc63

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.civista.bank/
Origin: https://www.civista.bank
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:48:12 GMT
strict-transport-security: max-age=16070400
x-content-type-options: nosniff
via: varnish
x-b3-traceid: 02226275ff83064d
age: 1394
x-varnish-ttl: 259200.000
x-varnish-hitmiss: HIT
x-envoy-upstream-service-time: 0
content-disposition: filename="opensans-bold-webfont.woff2"
content-length: 19700
x-xss-protection: 1; mode=block
x-request-id: 23ffa914-2b85-93d7-9966-2c53af2fd93b
x-varnish-count: 69
last-modified: Mon, 28 Aug 2023 13:33:29 GMT
server: nginx
etag: "61db671b3a4f01e9f79f93497c2aa136"
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
x-varnish: 596899224 598611520
cache-control: public, max-age=0
accept-ranges: bytes
expires: Tue, 05 Dec 2023 18:24:57 GMT

POST
H/1.1 204
No Content /
client-logger.salemove.com/ 0
0 307ms
103ms Fetch 52.7.4.58
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://client-logger.salemove.com/

Requested by

Host: cds-sdkcfg.onlineaccess1.com
URL: https://cds-sdkcfg.onlineaccess1.com/common.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

52.7.4.58 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-7-4-58.compute-1.amazonaws.com

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.civista.bank/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=31536000
date: Tue, 05 Dec 2023 18:48:14 GMT
server: envoy
vary: Origin
access-control-max-age: 7200
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-expose-headers
x-envoy-upstream-service-time: 1

Verdicts & Comments Add Verdict or Comment

67 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

41 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.civista.bank/	1970-01-20 16:43:54	Name: PLAY_SESSION Value: 61c522b509deb39b11b286c8afcb935f26615d4a-v=1
.www.civista.bank/	1970-01-21 02:19:22	Name: __bkp Value: d6519250-939e-11ee-9728-02426efeab2b
.onlineaccess1.com/	1969-12-31 23:59:59	Name: __cfruid Value: 5ca8c6f07d6ad5bf0eadfd1b5bcfbea79f5e73fc-1701802090
.civista.bank/	1970-01-21 02:19:22	Name: _ga_6ZSG1S7BHC Value: GS1.1.1701802091.1.0.1701802091.60.0.0
.civista.bank/	1970-01-21 02:19:22	Name: _ga Value: GA1.1.2033370224.1701802091
.civista.bank/	1970-01-20 18:52:58	Name: _gcl_au Value: 1.1.333092004.1701802091
api.glia.com/	1970-01-21 01:28:58	Name: visitor_session Value: eyJhbGciOiJFUzI1NiJ9.eyJpYXQiOjE3MDE4MDIwOTEsInZpc2l0b3JfaWQiOiIyYzg2MjI4Yy1mMTQwLTRhODgtYjEzYi00N2NkOGZjYjA2ODYiLCJpc3MiOiJHbGlhIFNpdGUgVmlzaXRvciBDb25maWciLCJraWQiOiI4OWVhNjI0OS1mZDdhLTQ5MDMtODZjNi0xYmJiYTg1ZDc5ZWIifQ.PjpHZUxDW3k2VT4UJZ1vduoxuWO4CfsxKrOt32SEfvsEk_6i3h9zwGCUmatV9go7oVrXES5FUx18upfTPhwZuw
api.glia.com/	1970-01-20 16:43:22	Name: partitioned_visitor_session Value: eyJhbGciOiJFUzI1NiJ9.eyJpYXQiOjE3MDE4MDIwOTEsInZpc2l0b3JfaWQiOiIyYzg2MjI4Yy1mMTQwLTRhODgtYjEzYi00N2NkOGZjYjA2ODYiLCJpc3MiOiJHbGlhIFNpdGUgVmlzaXRvciBDb25maWciLCJraWQiOiI4OWVhNjI0OS1mZDdhLTQ5MDMtODZjNi0xYmJiYTg1ZDc5ZWIifQ.PjpHZUxDW3k2VT4UJZ1vduoxuWO4CfsxKrOt32SEfvsEk_6i3h9zwGCUmatV9go7oVrXES5FUx18upfTPhwZuw
.simpli.fi/	1970-01-21 01:30:24	Name: suid Value: 03FB0DEB38E043B88B7FF11F3E0E55D3
.simpli.fi/	1970-01-20 16:53:26	Name: uid_syncd_secure Value: true
.linkedin.com/	1970-01-20 16:44:48	Name: lidc Value: "b=OGST00:s=O:r=O:a=O:p=O:g=3154:u=1:x=1:i=1701802091:t=1701888491:v=2:sig=AQGwRZudAsiXvZ_SkVr1pQJTfCvOcnUI"
.1rx.io/	1970-01-21 01:28:58	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-8df60451-5f48-4b9b-8e62-ccf96a11c8aa-003%22%7D
.tapad.com/	1970-01-20 18:09:46	Name: TapAd_TS Value: 1701802091444
.tapad.com/	1970-01-20 18:09:46	Name: TapAd_DID Value: 81d8a42d-cec4-4393-9b46-f6b7c08fde46
.adnxs.com/	1970-01-20 18:52:58	Name: uuid2 Value: 6366790584387218871
.civista.bank/	1970-01-20 18:52:58	Name: _fbp Value: fb.1.1701802091459.2138892889
.pro-market.net/	1970-01-20 17:26:34	Name: anHistory Value: "1fvqo2keve5tm+2+!#7%.%l#bj>"
.adnxs.com/	1970-01-20 18:52:58	Name: anj Value: dTM7k!M4.FE:2jUF']wIg2E?jn=yKH!]tbPl1N!7On*M$=BWIwh/rhCjbLMajaO/Yfmpu>lx.-oi->7scy%wfeI?)pOB#BA/X%W#.wL4W1Qw2K/t/ZH
.doubleclick.net/	1970-01-21 02:04:58	Name: IDE Value: AHWqTUkUqmj7zSaK3vRTU_7_7xuDChpspJ_u0s4VL7uq2MC4mKXk7zngpMl9kjPj
.tapad.com/	1970-01-20 18:09:46	Name: TapAd_3WAY_SYNCS Value:
.pro-market.net/	1970-01-20 21:02:34	Name: anProfile Value: "1fvqo2keve5tm+1+1f=1+1g=1+1j=41+rs=s+rt=2A026EA0C71B00001012283466145E0E+s2=(s57iwb)+vm=24-03FB0DEB38E043B88B7FF11F3E0E55D3:53-CAESEOvDFsO6rdIrKEOjCGsU9lM"
.exelator.com/	1970-01-20 19:36:10	Name: EE Value: "e0ce14c73922372de7720b50b22161f2"
.targeting.unrulymedia.com/	1970-01-21 01:28:58	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-8df60451-5f48-4b9b-8e62-ccf96a11c8aa-003%22%7D
.exelator.com/	1970-01-20 19:36:10	Name: ud Value: "eJxrXxzq6XKLQSHVIDnV0CTZ3NjSyMjY3Cgl1dzcyCDJ1CDJyMjQzDDNaHFZatGCpaXFqSlJh5ZU5JTkNK0uiw91jHdz9PX0iVzmnFGUn5u6AiwU5hq02NDQckl%252BUWb6IhfXxUUpaQyLSopPBR%252BTXQEAbskpgQ%253D%253D"
.agkn.com/	1970-01-21 01:28:58	Name: ab Value: 0001%3A4wD%2F5FLGqBty5ZiKBZAnnxPPo%2BM8W0Zr
.linkedin.com/	1970-01-20 18:52:58	Name: li_sugr Value: e2af2535-c956-4e3c-9d6d-b3673dd41291
.linkedin.com/	1970-01-20 17:26:34	Name: UserMatchHistory Value: AQK6DnOrB0YwvwAAAYw7TyQM7O0A0PMJg97XJnEI3eXRNE8fhvuXyNoR6LpmeQbYKjlqCK3G8zay8Q
.linkedin.com/	1970-01-20 17:26:34	Name: AnalyticsSyncHistory Value: AQLRISYmpGjQMwAAAYw7TyQMQ7ifbsFo-7pxZaB1R9zGgAFxMr4jX7m7JTA059st_vyKA0lPsK31pfoC9sLHLg
.linkedin.com/	1970-01-21 01:28:58	Name: bcookie Value: "v=2&a10653fb-ffbc-4c09-825a-436f75cf4a12"
.agkn.com/	1970-01-21 01:28:58	Name: u Value: C\|0AAAAAAAALQIs6wAAAAAA
.bluekai.com/	1970-01-20 21:06:53	Name: bku Value: blx99s+yqtV5eAx4
.bluekai.com/	1970-01-20 21:06:53	Name: bkpa Value: KJy9nyexd02pSUHknp/8mE1hwtkAwE9pHA/yHWPY1pCa1expxMQTxM5sHMWhHMBa1WDNBDxp9y9339rd
.www.linkedin.com/	1970-01-21 01:28:58	Name: bscookie Value: "v=1&20231205184811e52e6fc7-c40c-4761-8737-706086137b7cAQG_3pNPiHxnbRyn6WLEt5KeRsAAK4fn"
.linkedin.com/	1970-01-20 21:02:34	Name: li_gc Value: MTswOzE3MDE4MDIwOTE7MjswMjHkE0ScDdVPRMR3YDvIbeGsWxUUUJzCIngBP3PhSRDV1A==
.bfmio.com/	1970-01-21 01:28:58	Name: __141_cid Value: 03FB0DEB38E043B88B7FF11F3E0E55D3
.bfmio.com/	1970-01-21 01:28:58	Name: __io_cid Value: 619d73adf543d03cc9fee4e5b82711404426c130
.sitescout.com/	1970-01-21 01:28:58	Name: ssi Value: c5822b5d-ceff-4e79-9ba4-2f6acea360ac#1701802091878
.sitescout.com/	1970-01-20 17:26:34	Name: _ssuma Value: eyIyIjoxNzAxODAyMDkxODkzLCI0IjoxNzAxODAyMDkxODkzLCIzOSI6MTcwMTgwMjA5MTg5MywiNyI6MTcwMTgwMjA5MTg5MywiOCI6MTcwMTgwMjA5MTg5M30
.civista.bank/	1970-01-21 02:19:22	Name: __bkp Value: d6519250-939e-11ee-9728-02426efeab2b
.demdex.net/	1970-01-20 21:02:34	Name: demdex Value: 40332822115447144032893634974320245383
.dpm.demdex.net/	1970-01-20 21:02:34	Name: dpm Value: 40332822115447144032893634974320245383

16 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=03FB0DEB38E043B88B7FF11F3E0E55D3 Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://idsync.rlcdn.com/419566.gif?partner_uid=03FB0DEB38E043B88B7FF11F3E0E55D3 Message: Failed to load resource: the server responded with a status of 451 ()
network	error	URL: https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=03FB0DEB38E043B88B7FF11F3E0E55D3 Message: Failed to load resource: the server responded with a status of 404 ()
rendering	warning	URL: https://cds-sdkcfg.onlineaccess1.com/common.js Message: Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
rendering	warning	URL: https://cds-sdkcfg.onlineaccess1.com/common.js Message: Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
network	error	URL: https://idsync.rlcdn.com/384136.gif?partner_uid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent= Message: Failed to load resource: the server responded with a status of 451 ()
network	error	URL: https://idsync.rlcdn.com/384136.gif?partner_uid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent= Message: Failed to load resource: the server responded with a status of 451 ()
network	error	URL: https://idsync.rlcdn.com/384136.gif?partner_uid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent= Message: Failed to load resource: the server responded with a status of 451 ()
network	error	URL: https://idsync.rlcdn.com/384136.gif?partner_uid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent= Message: Failed to load resource: the server responded with a status of 451 ()
network	error	URL: https://idsync.rlcdn.com/384136.gif?partner_uid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent= Message: Failed to load resource: the server responded with a status of 451 ()
rendering	warning	URL: https://cds-sdkcfg.onlineaccess1.com/common.js Message: Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
network	error	URL: https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent= Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent= Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent= Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent= Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=c5822b5d-ceff-4e79-9ba4-2f6acea360ac-656f706b-5858&gdpr=0&gdpr_consent= Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=16070400
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aa.agkn.com
api.glia.com
api.salemove.com
banno.com
bcp.crwdcntrl.net
cds-sdkcfg.onlineaccess1.com
ce.lijit.com
citizensbankco.com
client-logger.salemove.com
cm.g.doubleclick.net
connect.facebook.net
d.agkn.com
d21y75miwcfqoq.cloudfront.net
dpm.demdex.net
eb2.3lift.com
fei.pro-market.net
googleads.g.doubleclick.net
i.simpli.fi
ib.adnxs.com
idsync.rlcdn.com
kernel-serve.banno.com
libs.salemove.com
loadm.exelator.com
pbid.pro-market.net
pixel.rubiconproject.com
pixel.sitescout.com
pixel.tapad.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
s.ad.smaato.net
simplifi.partners.tremorhub.com
snap.licdn.com
stags.bluekai.com
stats.g.doubleclick.net
sync.1rx.io
sync.bfmio.com
sync.crwdcntrl.net
sync.intentiq.com
sync.targeting.unrulymedia.com
tag.simpli.fi
um.simpli.fi
up.pixel.ad
us-u.openx.net
widget.ellieservices.com
www.civista.bank
www.facebook.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
13.107.43.14
142.250.185.162
142.250.185.226
18.198.126.47
192.0.63.252
2.19.244.177
20.118.17.184
2001:4860:4802:32::36
216.52.2.86
2600:1901:0:8eee::
2600:1f18:612b:4280:bda1:9df6:36cc:93
2600:9000:2127:4a00:0:99b9:cd80:93a1
2600:9000:2127:f000:1b:ef38:3680:21
2600:9000:2190:5000:17:4c3f:1b80:93a1
2600:9000:2362:7400:1b:5138:8a40:93a1
2620:1ec:21::14
2a00:1450:4001:803::2003
2a00:1450:4001:80f::2008
2a00:1450:4001:813::2004
2a00:1450:4001:82a::2002
2a00:1450:400c:c00::9d
2a02:26f0:3500:16::215:148d
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f177:185:face:b00c:0:25de
34.111.113.62
34.241.138.233
34.98.64.218
35.157.159.187
35.204.158.49
35.204.89.238
35.244.174.68
37.252.171.85
41.63.96.2
46.228.174.117
52.189.67.130
52.222.139.116
52.3.119.146
52.7.4.58
54.170.64.73
54.75.61.252
63.34.248.140
65.9.95.58
69.173.144.139
74.200.39.23
76.223.111.18
98.98.134.241
059ce4240dfd40169375a005acc0a111c3a8cfe0fdf84b7575d971a04a1db6ae
06379a5856668548f0a4ef088a085f11529ca908e85ed70d6bafac01f09efe68
085fa63bd5ca5ec9e2fb93e761032cbb85a9f11c5f984842bb63230b539bbeab
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
11176922b89043f15f577e74217026353b8110969c3e6375afc31d9248c6ec5c
15838004d5e196b563a00a0ba16ce432fed6deb3dd4fab7122601f2c4f41560a
180d581f3cec69f0245e5c81e7cf068681f9b8e821c9f2ee601bb85803c04200
180f75ca3c0aa05e9a774b4da426906d94482dfacd303ffda30764b5aa88ee69
1eec5d0bc72fba33ce753f6009a277e07041fb92d221ae5839bbc5e8fff1d0bb
25b33a7a853f39e447b14be3e6662ccbb0fbce73620bf7778d194cb3fef1d3ab
2b5157404dd236d1dbe9702a7380ec86f9c1bc95c966974d2446a308c6a0f98f
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
3331a0486cb3e8a75c8c2fdf02bf80fd8fe2b811dfe5c7b4aa892d38bfcf604a
3d0123a14cf02aebfdad7a564809ce0fc8cd3f4436b273fdcb4cc346d8f19284
3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
478b2c65ea4510e8e85def80e88756125a6e3d765b273e50edd6b128a98d6795
4928f1ccc81d958e1cd88865ac953eceefc06b1f090336f48b3ff95c1e25cc63
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4cb5d9360d204bbfdb346c1d2c8c0ddffc8bbea569c267b4754710df62477018
4de18cf416fbb483a6c1b38200f53fca68c55fadd39a169956aaecdc79d8121d
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
50e6072d26098d48004a30addeecabd5b22b91e5ccdf9dd86f96459783e3ac23
51ea59b3afccd2310d1520a22ad1f2ad5e3d4835faea3371b682fad727174a55
54a36ace3d2d860fd3e4f5e0d59f43b6653c4c2ba6fd87ce73e2d3fc22b61a52
54a5e355f3a119807712d6f5b7c61e7bd48c5a2019d14d4dc589acfff48b8536
56504ecadb3da960ca8bd8d9c2c1c998be10c8e55013a5523d3a3d768ef64054
58510900dc15eb6d4bc049131d6ed32f65889177e6feed5c6ddc219a8161aeb0
6142858266eb1e6ca87ffb0c951ac2877f342bbc4f03552adf8193c7ccbb79ce
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
640f788e740207fea509698cb157f42a3126f70211439f7847629f927ebfb1e8
6421d343b097400aa3538e7f88e99ac382b1a298b51ddbd0ee8dd7c0c9492524
648adf118cca42f02168916370feed7b85fd3539b5c75f4b7af4b70a09203bf2
67ac4b2652a4b1479731dbd28536a6995de913a4e14f48630a4d766544b151a7
67f0be929f6383bed47c6d52cc8a33409a1c9d7f8224ba4c12554f03081d787a
69b83ab1af39a754922825e1f6759725a5f86cb9d572ad69b38668e1e2c3de1d
74902c573003ed131ea7b67903e64abb31767177e4a3db2e3b7b6b03e2b382ef
764658eba5c1dd7af6cded2ca8fac7551ee59053ae7c7b1307bc1cf5600e824c
794a9f4e50e2d7bdc08c8667306093df59340c34d9da9c90faf82bf466d4089a
7cae47a88d24c17da61cc71f1baf4614bee4655d81280c92fc2475747ce34230
82f2c050a779d693c08f80a84d8966bc940f5e4d58f61ccd3586660e5507c1af
832dbd199f70ade357e88a3f5d32920c8c63e69258dc173d3b261686320895db
86f21077af6a18a17c863919c55f3a30e9339b6b37179219b1fef19f41f7a1a8
8b169f3e534832ea2579d17af0e87c9b4a1beada4b7cae2ff04ec0475a293b76
8ecb9dd92f240ddac622fb56fcaae3ec8ae803a3d83d6e6fa6a463b621891193
915ab15e9b29ce608d8662463d299af37af61c9e43315d84da930e4b7edd8235
928e0bed1caa547044604f8ef199cba485e65e79e47e50f1b83b2909416a456a
930037884f6d2069832b954a1ae8e89e09b8d3f07c88651312b2041d75409a11
96271179d44086ad6cfba78c4788e3ac34dac8c8bfd18d2c2226d12d5abd0063
97ee72b14f50d479618bb24513476073444442e617a89f3bcec806211cb031cc
998da1e65a145fb491f05db115a5da5442c31e14c25dbb63de9718c9b10245c2
9b5ed0b80f1e8863ca53c388c08ed83f6c344759958d94114b48dc1ed8ff04a9
9f3736528278e5b8675b41d2eede4bbff5e2f4bc93cf623d62d79de819a26f66
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a101e8ebc59e3c586a31ac2e44a6318936dc3cda8853178aad2c5438d8ce85a0
a19e35c238665b103fff54c0a89023a450c1d40f5cd58e01a7f5e5616d9aace7
a4b2fa9e5e40c017a235e0390db70a21cd690ce21d96b77cd45a538325e686c4
a5a52b76a2554d4f48b7935039f1985ce9e48dfae1de1add27541eae6c2b1e3d
a683f14820a79e88d7e4794ac05b75186ffebfa246c43ece72d5cd8c106ebe7c
a7509aeead0b6cd1afc43f9ec34d02aa869279dc97ca29f650ad95fcc0bd0d43
a7bd843a5785809b0eb4e100b4d3c9e7fab2369724dee4b860a8149f91b84517
b7f41e48325490ed45989eeabd75a7f6846d0961b55ddefb41c508e614b36323
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb26bd7da4f067c4040e6080cf3dcdd9b61f96f9a28e3e47a83e36b677d815d7
bbe57ca1655cecfcbbde5df09da30ba90bfe6ba753564731457aed8d46c8067d
bdd3c7800965a7a57e7ff2e5b48ca51e532d6920d35c3ca03cd23962d84e3d0d
c9d23a52a58995ff5a110af912186b3c23e0efb95b9ac90daf726adcaf2effb0
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d264def9723170f4d0200d77ee68db07c977645443ba1d6edcdfae101ab82c3b
d7e3733c4cb4fbd606eb5ce52c0ff6dbc8e175e2fb2b8199ea0387339f425186
dacae89080a67aeece2f8a738d8012ae3968c4991c08a843e865fd2fe504e3c8
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de29febadc11297da12225f1573bc8085cf502d83b6c3f299e5116a7d8b37923
e09104e2d44f1a94518d3115e39e60dec46fd3486d07db5a0c815c434a7899f6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e62bdb1248c7e4d856eb804738ef310e28d3d8b4a9ef40bccb0a5059a61313d7
e6d2b8c65da84c33609e81de8970a76017537a50433cf4e43f61b2fe1a2126ca
e841091b9cc472fae2b280436664f8dcfc2610537e08408e3a526d449baa77e9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0d3c514978da4ae042567cb511f332d42c39f6b9ee448ffc1b96566599871a4
f10e9c0a33a080645f78215348a1bbdfc1edcda847c728ba55bace9fe2a8320b
f8e9bdeb7d15c402a8b58ef1ad9fb370a5399110b1c54d9b0bde53bb4a4736a9

www.civista.bank Open in urlscan Pro 20.118.17.184 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

142 Requests

78 %HTTPS

35 %IPv6

39 Domains

52 Subdomains

40 IPs

6 Countries

2755 kBTransfer

5303 kBSize

41 Cookies

19 Outgoing links

Page URL History

Redirected requests

142 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.civista.bank Open in urlscan Pro
20.118.17.184 Public Scan

Screenshot
Live screenshot

Full Image

142
Requests

78 %
HTTPS

35 %
IPv6

39
Domains

52
Subdomains

40
IPs

6
Countries

2755 kB
Transfer

5303 kB
Size

41
Cookies

142 HTTP transactions
1 data transactions