012sec-help-veri-citizen.duckdns.org Open in urlscan Pro
137.184.65.244 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://012sec-help-veri-citizen.duckdns.org/e53b9dbe7c434cf3b412d665656f2e95/?token=8d515b62c4f1e78376c19c1918577dfc7b4291ccd640600b8df80240...
Effective URL:
http://012sec-help-veri-citizen.duckdns.org/d066db6e95f871f90a7ab8398aa8f570/?token=a6962186c40d89157b096d671d5a582773f62c30bb5e429f41d1d25d...
Submission: On August 27 via automatic, source openphish (August 27th 2022, 1:01:55 am UTC) — Scanned from DE

Summary HTTP 45 Redirects Behaviour Indicators

Summary

This website contacted 9 IPs in 3 countries across 6 domains to perform 45 HTTP transactions. The main IP is 137.184.65.244, located in North Bergen, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is 012sec-help-veri-citizen.duckdns.org.

This is the only time 012sec-help-veri-citizen.duckdns.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citizens Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
3 5	137.184.65.244 137.184.65.244	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
20	2a02:26f0:6c0... 2a02:26f0:6c00:29c::17c7	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	199.188.200.254 199.188.200.254	22612 (NAMECHEAP...) (NAMECHEAP-NET)
2	178.249.101.23 178.249.101.23	11054 (LIVEPERSON) (LIVEPERSON)
4	178.249.97.99 178.249.97.99	11054 (LIVEPERSON) (LIVEPERSON)
8	178.249.97.98 178.249.97.98	11054 (LIVEPERSON) (LIVEPERSON)
1	34.249.157.182 34.249.157.182	16509 (AMAZON-02) (AMAZON-02)
2	208.89.15.170 208.89.15.170	11054 (LIVEPERSON) (LIVEPERSON)
2	208.89.12.87 208.89.12.87	11054 (LIVEPERSON) (LIVEPERSON)
45	9

5 137.184.65.244 (North Bergen, United States) 3 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

012sec-help-veri-citizen.duckdns.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a02:26f0:6c00:29c::17c7 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

www3.citizensbankonline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 199.188.200.254 (United States)

ASN22612 (NAMECHEAP-NET, US)
PTR: server267-5.web-hosting.com

devilsms.live	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.249.101.23 (United States)

ASN11054 (LIVEPERSON, US)

lptag.liveperson.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 178.249.97.99 (United States)

ASN11054 (LIVEPERSON, US)
PTR: lo-accdn.lpsnmedia.net

accdn.lpsnmedia.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 178.249.97.98 (United States)

ASN11054 (LIVEPERSON, US)
PTR: lo-lpcdn.lpsnmedia.net

lpcdn.lpsnmedia.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.249.157.182 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-157-182.eu-west-1.compute.amazonaws.com

citizensbank.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 208.89.15.170 (United States)

ASN11054 (LIVEPERSON, US)
PTR: va.idp.liveperson.net

va.idp.liveperson.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 208.89.12.87 (United States)

ASN11054 (LIVEPERSON, US)
PTR: va.v.liveperson.net

va.v.liveperson.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	citizensbankonline.com www3.citizensbankonline.com — Cisco Umbrella Rank: 113240	181 KB
12	lpsnmedia.net accdn.lpsnmedia.net — Cisco Umbrella Rank: 2964 lpcdn.lpsnmedia.net — Cisco Umbrella Rank: 3411	429 KB
6	liveperson.net lptag.liveperson.net — Cisco Umbrella Rank: 3049 va.idp.liveperson.net — Cisco Umbrella Rank: 10514 va.v.liveperson.net — Cisco Umbrella Rank: 3427	119 KB
5	duckdns.org 3 redirects 012sec-help-veri-citizen.duckdns.org	47 KB
4	devilsms.live devilsms.live	2 KB
1	demdex.net citizensbank.demdex.net — Cisco Umbrella Rank: 22022	3 KB
45	6

	Domain	Requested by
20	www3.citizensbankonline.com	012sec-help-veri-citizen.duckdns.org www3.citizensbankonline.com
8	lpcdn.lpsnmedia.net	lptag.liveperson.net 012sec-help-veri-citizen.duckdns.org
5	012sec-help-veri-citizen.duckdns.org	3 redirects 012sec-help-veri-citizen.duckdns.org
4	accdn.lpsnmedia.net	lptag.liveperson.net lpcdn.lpsnmedia.net
4	devilsms.live	012sec-help-veri-citizen.duckdns.org devilsms.live
2	va.v.liveperson.net	lptag.liveperson.net
2	va.idp.liveperson.net	lptag.liveperson.net va.idp.liveperson.net
2	lptag.liveperson.net	012sec-help-veri-citizen.duckdns.org
1	citizensbank.demdex.net	012sec-help-veri-citizen.duckdns.org
45	9

This site contains no links.

Subject Issuer	Validity	Valid
citizensbankonline.com Entrust Certification Authority - L1M	`2022-04-13` - `2023-04-13`	a year	crt.sh
devilsms.live Sectigo RSA Domain Validation Secure Server CA	`2022-08-18` - `2023-09-16`	a year	crt.sh
*.liveperson.net Sectigo RSA Organization Validation Secure Server CA	`2022-04-26` - `2023-04-26`	a year	crt.sh
*.lpsnmedia.net Sectigo RSA Organization Validation Secure Server CA	`2022-02-07` - `2023-02-07`	a year	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2021-10-19` - `2022-11-19`	a year	crt.sh
*.idp.liveperson.net Sectigo RSA Organization Validation Secure Server CA	`2022-06-09` - `2023-06-09`	a year	crt.sh
*.v.liveperson.net Sectigo RSA Organization Validation Secure Server CA	`2022-03-22` - `2023-03-22`	a year	crt.sh

This page contains 5 frames:

Primary Page: http://012sec-help-veri-citizen.duckdns.org/d066db6e95f871f90a7ab8398aa8f570/?token=a6962186c40d89157b096d671d5a582773f62c30bb5e429f41d1d25d42f702780d3d7b237f4bad8b820955185b876bc9327e46a430723bd7a7ff385a21033f7b
Frame ID: CB841A68ACDE32952049BAC8B668CBCC
Requests: 38 HTTP requests in this frame

Frame: https://lpcdn.lpsnmedia.net/le_secure_storage/3.18.0.0-release_5078/storage.secure.min.html?loc=http%3A%2F%2F012sec-help-veri-citizen.duckdns.org&site=89632304&env=prod&isCrossDomain=true
Frame ID: 7E8A756BBEE7AF95C0D93BBB9D6C7A88
Requests: 2 HTTP requests in this frame

Frame: https://citizensbank.demdex.net/dest5.html?d_nsid=0
Frame ID: 3BC44B7824D92E2B5DC46DAAAD3D9AFD
Requests: 1 HTTP requests in this frame

Frame: https://lpcdn.lpsnmedia.net/le_secure_storage/3.13.0.0-release_5039/storage.secure.min.html?loc=https%3A%2F%2Fwww3.citizensbankonline.com&site=83789770&env=prod&isCrossDomain=true
Frame ID: E51AA645B0746192941CBDD931ADC2EA
Requests: 2 HTTP requests in this frame

Frame: https://va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1661562111145&loc=http%3A%2F%2F012sec-help-veri-citizen.duckdns.org
Frame ID: D6CE759034A88EE4BAA5259A01ADC1C0
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

O‎‏n‎‏l‎‏i‎‏n‎‏e‎‏ L‎‏o‎‏g‎‏i‎‏n‎‏ | C‎‏i‎‏t‎‏i‎‏z‎‏e‎‏n‎‏s‎‏ B‎‏a‎‏n‎‏k‎

Page URL History Show full URLs

http://012sec-help-veri-citizen.duckdns.org/e53b9dbe7c434cf3b412d665656f2e95/?token=8d515b62c4f1e78376c19c1918577dfc7b42... HTTP 302
http://012sec-help-veri-citizen.duckdns.org/index.php HTTP 302
http://012sec-help-veri-citizen.duckdns.org/d066db6e95f871f90a7ab8398aa8f570?token=a6962186c40d89157b096d671d5a582773f62... HTTP 301
http://012sec-help-veri-citizen.duckdns.org/d066db6e95f871f90a7ab8398aa8f570/?token=a6962186c40d89157b096d671d5a582773f6... Page URL

Page Statistics

45
Requests

96 %
HTTPS

11 %
IPv6

6
Domains

9
Subdomains

9
IPs

3
Countries

780 kB
Transfer

1938 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://012sec-help-veri-citizen.duckdns.org/e53b9dbe7c434cf3b412d665656f2e95/?token=8d515b62c4f1e78376c19c1918577dfc7b4291ccd640600b8df80240f18ceed7a46c00b1d72c620d3a9a4b13fb074f1d9fc08d1042dfff4c34b6dc53ebec934b HTTP 302
http://012sec-help-veri-citizen.duckdns.org/index.php HTTP 302
http://012sec-help-veri-citizen.duckdns.org/d066db6e95f871f90a7ab8398aa8f570?token=a6962186c40d89157b096d671d5a582773f62c30bb5e429f41d1d25d42f702780d3d7b237f4bad8b820955185b876bc9327e46a430723bd7a7ff385a21033f7b HTTP 301
http://012sec-help-veri-citizen.duckdns.org/d066db6e95f871f90a7ab8398aa8f570/?token=a6962186c40d89157b096d671d5a582773f62c30bb5e429f41d1d25d42f702780d3d7b237f4bad8b820955185b876bc9327e46a430723bd7a7ff385a21033f7b Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

45 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
012sec-help-veri-citizen.duckdns.org/d066db6e95f871f90a7ab8398aa8f570/
Redirect Chain

http://012sec-help-veri-citizen.duckdns.org/e53b9dbe7c434cf3b412d665656f2e95/?token=8d515b62c4f1e78376c19c1918577dfc7b4291ccd640600b8df80240f18ceed7a46c00b1d72c620d3a9a4b13fb074f1d9fc08d1042dfff4c3...
http://012sec-help-veri-citizen.duckdns.org/index.php
http://012sec-help-veri-citizen.duckdns.org/d066db6e95f871f90a7ab8398aa8f570?token=a6962186c40d89157b096d671d5a582773f62c30bb5e429f41d1d25d42f702780d3d7b237f4bad8b820955185b876bc9327e46a430723bd7a7...
http://012sec-help-veri-citizen.duckdns.org/d066db6e95f871f90a7ab8398aa8f570/?token=a6962186c40d89157b096d671d5a582773f62c30bb5e429f41d1d25d42f702780d3d7b237f4bad8b820955185b876bc9327e46a430723bd7a...

39 KB
39 KB

460ms
460ms

Document
text/html

137.184.65.244
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://012sec-help-veri-citizen.duckdns.org/d066db6e95f871f90a7ab8398aa8f570/?token=a6962186c40d89157b096d671d5a582773f62c30bb5e429f41d1d25d42f702780d3d7b237f4bad8b820955185b876bc9327e46a430723bd7a7ff385a21033f7b
Protocol: HTTP/1.1
Server: 137.184.65.244 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: cd970d0fc127b1426a127e2ec412d84b7dd626ea9ade3d6700b9778620bff0b6

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Sat, 27 Aug 2022 01:01:49 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive: timeout=5, max=97
Pragma: no-cache
Server: Apache
Transfer-Encoding: chunked

Redirect headers

Connection: Keep-Alive
Content-Length: 420
Content-Type: text/html; charset=iso-8859-1
Date: Sat, 27 Aug 2022 01:01:48 GMT
Keep-Alive: timeout=5, max=98
Location: http://012sec-help-veri-citizen.duckdns.org/d066db6e95f871f90a7ab8398aa8f570/?token=a6962186c40d89157b096d671d5a582773f62c30bb5e429f41d1d25d42f702780d3d7b237f4bad8b820955185b876bc9327e46a430723bd7a7ff385a21033f7b
Server: Apache

GET
H2 200 jquery-ui-1.10.3.custom.min.css
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ 19 KB
3 KB 155ms
23ms Stylesheet
text/css 2a02:26f0:6c00:29c::17c7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/jquery-ui-1.10.3.custom.min.css

Requested by

Host: 012sec-help-veri-citizen.duckdns.org
URL: http://012sec-help-veri-citizen.duckdns.org/d066db6e95f871f90a7ab8398aa8f570/?token=a6962186c40d89157b096d671d5a582773f62c30bb5e429f41d1d25d42f702780d3d7b237f4bad8b820955185b876bc9327e46a430723bd7a7ff385a21033f7b

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:29c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Resource Optimizer /

Resource Hash

7aaf6df215bb7018439342fe6bcd1058de3e7dfa2c7b4e1176c842b1a8e529ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:01:49 GMT
content-encoding: br
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 3118
x-olb-req-received: t=1661071350492777
last-modified: Sun, 21 Aug 2022 08:44:05 GMT
server: Akamai Resource Optimizer
x-frame-options: SAMEORIGIN
etag: "4a56-5e6a22eac403f"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: text/css
access-control-allow-origin: *
expires: Sat, 27 Aug 2022 21:12:19 GMT
cache-control: max-age=72630
accept-ranges: bytes
lb-action: None, None
x-olb-req-duration: D=700

GET
H2 200 normalize.css
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ 10 KB
3 KB 163ms
32ms Stylesheet
text/css 2a02:26f0:6c00:29c::17c7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/normalize.css

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:29c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Resource Optimizer /

Resource Hash

91afb84bded857517d6a7e43932e3d4a43eaf42d1e4d0b77a8bc9c07973e21d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:01:49 GMT
content-encoding: br
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 2300
x-olb-req-received: t=1661071350302673
last-modified: Sun, 21 Aug 2022 10:17:36 GMT
server: Akamai Resource Optimizer
x-frame-options: SAMEORIGIN
etag: "26c2-5e6a22eacc26f"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: text/css
access-control-allow-origin: *
expires: Sat, 27 Aug 2022 23:18:50 GMT
cache-control: max-age=80221
accept-ranges: bytes
lb-action: None, None
x-olb-req-duration: D=536

GET
H2 200 main.css
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ 61 KB
11 KB 170ms
39ms Stylesheet
text/css 2a02:26f0:6c00:29c::17c7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:29c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Resource Optimizer /

Resource Hash

66a13cad6c244da4061da65fd2fbf027bf1bb49e21c42f5e7c943a9379f1e7c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:01:49 GMT
content-encoding: br
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 10382
x-olb-req-received: t=1661071350706232
last-modified: Sun, 21 Aug 2022 08:56:41 GMT
server: Akamai Resource Optimizer
x-frame-options: SAMEORIGIN
etag: "f405-5e6a22eacc26f"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: text/css
access-control-allow-origin: *
expires: Sat, 27 Aug 2022 20:29:32 GMT
cache-control: max-age=70063
accept-ranges: bytes
lb-action: None, None
x-olb-req-duration: D=2230

GET
H2 200 flows.css
devilsms.live/css/citizen01/ 8 KB
2 KB 470ms
151ms Stylesheet
text/css 199.188.200.254
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://devilsms.live/css/citizen01/flows.css
Requested by: Host: 012sec-help-veri-citizen.duckdns.org
URL: http://012sec-help-veri-citizen.duckdns.org/d066db6e95f871f90a7ab8398aa8f570/?token=a6962186c40d89157b096d671d5a582773f62c30bb5e429f41d1d25d42f702780d3d7b237f4bad8b820955185b876bc9327e46a430723bd7a7ff385a21033f7b
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 199.188.200.254 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: server267-5.web-hosting.com
Software: LiteSpeed /
Resource Hash: cf82e79b8bb096812095ae48ed7f1371108afc393eb3599df944bec83130200c

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:01:49 GMT
content-encoding: br
last-modified: Thu, 30 Sep 2021 15:22:32 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
content-length: 2162
expires: Sat, 03 Sep 2022 01:01:49 GMT

GET
H2 200 ad-containers.css
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ 7 KB
2 KB 184ms
54ms Stylesheet
text/css 2a02:26f0:6c00:29c::17c7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ad-containers.css

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:29c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Resource Optimizer /

Resource Hash

cad0f4b1f9bfa3f4ef94d78c20ae16464bda0fb3902fd7689e26a2904cea29d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:01:49 GMT
content-encoding: br
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 1227
x-olb-req-received: t=1661071349081271
last-modified: Sun, 21 Aug 2022 10:35:52 GMT
server: Akamai Resource Optimizer
x-frame-options: SAMEORIGIN
etag: "1dd4-5e6a22eacb2cf"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: text/css
access-control-allow-origin: *
expires: Sat, 27 Aug 2022 21:38:45 GMT
cache-control: max-age=74216
accept-ranges: bytes
lb-action: None, None
x-olb-req-duration: D=434

GET
H/1.1 200
OK citizensns.min.44438.css
012sec-help-veri-citizen.duckdns.org/d066db6e95f871f90a7ab8398aa8f570/css/ 6 KB
6 KB 191ms
98ms Stylesheet
text/css 137.184.65.244
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://012sec-help-veri-citizen.duckdns.org/d066db6e95f871f90a7ab8398aa8f570/css/citizensns.min.44438.css
Requested by: Host: 012sec-help-veri-citizen.duckdns.org
URL: http://012sec-help-veri-citizen.duckdns.org/d066db6e95f871f90a7ab8398aa8f570/?token=a6962186c40d89157b096d671d5a582773f62c30bb5e429f41d1d25d42f702780d3d7b237f4bad8b820955185b876bc9327e46a430723bd7a7ff385a21033f7b
Protocol: HTTP/1.1
Server: 137.184.65.244 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: ed651cffee659ef1f7a1bf87056664859a564cdbc82f50b12063482f66b1ad06

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/d066db6e95f871f90a7ab8398aa8f570/?token=a6962186c40d89157b096d671d5a582773f62c30bb5e429f41d1d25d42f702780d3d7b237f4bad8b820955185b876bc9327e46a430723bd7a7ff385a21033f7b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Sat, 27 Aug 2022 01:01:49 GMT
Last-Modified: Sat, 27 Aug 2022 01:01:48 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 6016

GET
H2 200 CTZ_Green-01.png
www3.citizensbankonline.com/efs/hhf/img/ 5 KB
5 KB 167ms
54ms Image
image/png 2a02:26f0:6c00:29c::17c7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/hhf/img/CTZ_Green-01.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:29c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

bf99a3203217c802888087df8a2c84b92e087829e7e24d38581a57cee763923b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:01:49 GMT
x-olb-req-received: t=1661071357064212
last-modified: Sat, 20 Aug 2022 04:12:25 GMT
etag: "149d-5e6a46c1308d1"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=113982
x-olb-req-duration: D=155
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 5277
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 28 Aug 2022 08:41:31 GMT

GET
H2 200 tag.js Show response
lptag.liveperson.net/tag/ 21 KB
8 KB 65ms
14ms Script
application/javascript 178.249.101.23
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://lptag.liveperson.net/tag/tag.js?site=89632304

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.101.23 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

Software

ws /

Resource Hash

145d14bb73e5b03cc73062c2a78c392125b891c62b1cc9d542e5adba762f04e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:01:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 03 Sep 2020 08:27:49 GMT
server: ws
etag: "5f50a905-1d8f"
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: public, max-age=630
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
content-length: 7567

GET
H2 200 equal-housing.gif
www3.citizensbankonline.com/efs/hhf/img/ 1 KB
1 KB 95ms
64ms Image
image/gif 2a02:26f0:6c00:29c::17c7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/hhf/img/equal-housing.gif

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:29c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

319d82f567037eafefea25abbc64ea902db9255c5e7231fe9ddd462e4f5b9149

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:01:49 GMT
x-olb-req-received: t=1661071381741411
last-modified: Sat, 20 Aug 2022 04:11:09 GMT
etag: "46e-5e6a467873669"
x-frame-options: SAMEORIGIN
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=113936
x-olb-req-duration: D=142
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 1134
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 28 Aug 2022 08:40:45 GMT

GET
H2 200 footer-follow-facebook.png
www3.citizensbankonline.com/efs/hhf/img/ 395 B
708 B 52ms
52ms Image
image/png 2a02:26f0:6c00:29c::17c7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/hhf/img/footer-follow-facebook.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:29c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

eb175662762ef5f2c9011cc1c4f9d09361c50a366fad8a544bda1c439b99d3a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:01:49 GMT
x-olb-req-received: t=1661071487892408
last-modified: Sat, 20 Aug 2022 04:13:01 GMT
etag: "18b-5e6a46e30bd95"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=114178
x-olb-req-duration: D=140
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 395
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 28 Aug 2022 08:44:47 GMT

GET
H2 200 footer-follow-twitter.png
www3.citizensbankonline.com/efs/hhf/img/ 3 KB
4 KB 62ms
62ms Image
image/png 2a02:26f0:6c00:29c::17c7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/hhf/img/footer-follow-twitter.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:29c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

9b4ffac9ea755d2aaff724fa471d90fd63ae5648e18f60a67db0a5c3bffd84e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:01:49 GMT
x-olb-req-received: t=1661071377602205
last-modified: Sat, 20 Aug 2022 04:12:25 GMT
etag: "cdf-5e6a46c130cb9"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=114114
x-olb-req-duration: D=146
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 3295
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 28 Aug 2022 08:43:43 GMT

GET
H2 200 footer-follow-linkedin.png
www3.citizensbankonline.com/efs/hhf/img/ 3 KB
3 KB 73ms
72ms Image
image/png 2a02:26f0:6c00:29c::17c7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/hhf/img/footer-follow-linkedin.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:29c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

fe3ddc37707c93f338a1f6359dfa03019e096df14454808aaccbb7538aa3c67b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:01:49 GMT
x-olb-req-received: t=1661071381856119
last-modified: Sat, 20 Aug 2022 04:12:25 GMT
etag: "ca7-5e6a46c130cb9"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=114004
x-olb-req-duration: D=162
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 3239
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 28 Aug 2022 08:41:53 GMT

GET
H2 200 footer-follow-youtube.png
www3.citizensbankonline.com/efs/hhf/img/ 3 KB
4 KB 84ms
83ms Image
image/png 2a02:26f0:6c00:29c::17c7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/hhf/img/footer-follow-youtube.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:29c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

9af5181113e5d0eacfc3d9c0b3ad627dc3ad50708755fbe45ab18e0cad4f3b36

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:01:49 GMT
x-olb-req-received: t=1661071382342881
last-modified: Sat, 20 Aug 2022 04:12:25 GMT
etag: "cce-5e6a46c130cb9"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=114082
x-olb-req-duration: D=134
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 3278
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 28 Aug 2022 08:43:11 GMT

GET
H2 200 elh.gif
www3.citizensbankonline.com/efs/hhf/img/ 1 KB
2 KB 94ms
93ms Image
image/gif 2a02:26f0:6c00:29c::17c7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/hhf/img/elh.gif

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:29c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

56c43c6f5c8209acd47f355810bca2f9b0fc86c4bbdf1361d60fb2d2e2e66f8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:01:49 GMT
x-olb-req-received: t=1661071382419373
last-modified: Sat, 20 Aug 2022 04:12:25 GMT
etag: "599-5e6a46c130cb9"
x-frame-options: SAMEORIGIN
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=114073
x-olb-req-duration: D=125
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 1433
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 28 Aug 2022 08:43:02 GMT

GET
H2 200 fdicFooter.gif
www3.citizensbankonline.com/efs/hhf/img/ 2 KB
2 KB 104ms
103ms Image
image/gif 2a02:26f0:6c00:29c::17c7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/hhf/img/fdicFooter.gif

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:29c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

dddb031e5144ce20d909dbf4829d637738efa477bf5ab4eab67b1990ef0efb2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:01:49 GMT
x-olb-req-received: t=1661071382196715
last-modified: Sat, 20 Aug 2022 04:12:25 GMT
etag: "8c5-5e6a46c130cb9"
x-frame-options: SAMEORIGIN
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=114004
x-olb-req-duration: D=150
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 2245
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 28 Aug 2022 08:41:53 GMT

GET
H2 200 sec-3-5.css
www3.citizensbankonline.com/_sec/cp_challenge/ 2 KB
890 B 43ms
43ms Stylesheet
text/css 2a02:26f0:6c00:29c::17c7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/_sec/cp_challenge/sec-3-5.css

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:29c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e98c61d19f0e628139216fc2f3103faedad7910a4653db598c120b8fa7537ac8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:01:49 GMT
content-encoding: gzip
last-modified: Wed, 26 May 2021 19:49:11 GMT
etag: "27bb141668102f3d4738786258a494f701a2eb8a6a77afc6eddc061bed30c3b2"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=20152
server-timing: cdn-cache; desc=HIT, edge; dur=1
strict-transport-security: max-age=15768000
content-length: 610
lb-action: None
expires: Sat, 27 Aug 2022 06:37:41 GMT

GET
H2 200 .jsonp Show response
lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/ 286 KB
102 KB 20ms
20ms Script
application/x-javascript 178.249.101.23
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.101.23 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

Software

ws /

Resource Hash

d932cb44a1af92ea39476554eee54f18931ba0ac34e400ee2bafaa43c51445d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:01:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ws
x-cache-status: EXPIRED
access-control-allow-methods: GET, POST, PATCH
content-type: application/x-javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: public, max-age=630
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

GET
H2 200 / Show response
accdn.lpsnmedia.net/api/account/89632304/configuration/setting/accountproperties/ 7 KB
2 KB 110ms
21ms Script
application/javascript 178.249.97.99
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://accdn.lpsnmedia.net/api/account/89632304/configuration/setting/accountproperties/?cb=accountSettingsCB

Requested by

Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.97.99 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

lo-accdn.lpsnmedia.net

Software

ws /

Resource Hash

8a1cceddce9450beca0ca70232dc3568845ee0a3f688225f76450aa8f4a83205

Security Headers

Name	Value
Strict-Transport-Security	max-age=99999999999; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:01:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ws
x-cache-status: HIT
vary: Accept
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
x-envoy-upstream-service-time: 1
strict-transport-security: max-age=99999999999; includeSubDomains
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
expires: Sat, 27 Aug 2022 01:02:09 GMT

GET
H2 200 ui-framework.js Show response
lpcdn.lpsnmedia.net/le_unified_window/10.20.0.17-release_5509/ 39 KB
15 KB 220ms
22ms Script
application/javascript 178.249.97.98
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://lpcdn.lpsnmedia.net/le_unified_window/10.20.0.17-release_5509/ui-framework.js?version=10.20.0.17-release_5509

Requested by

Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.97.98 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

lo-lpcdn.lpsnmedia.net

Software

ws /

Resource Hash

fdd05b738b34277c9b69bd1d1cb198820f593b68e43cdbd54fe6d16659004f73

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:01:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 08 Aug 2022 03:08:02 GMT
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control: max-age=31536000
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires: Sun, 27 Aug 2023 01:01:49 GMT

GET
H2 200 UMSClientAPI.min.js Show response
lpcdn.lpsnmedia.net/le_unified_window/10.20.0.17-release_5509/ 88 KB
30 KB 239ms
42ms Script
application/javascript 178.249.97.98
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://lpcdn.lpsnmedia.net/le_unified_window/10.20.0.17-release_5509/UMSClientAPI.min.js?version=10.20.0.17-release_5509

Requested by

Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.97.98 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

lo-lpcdn.lpsnmedia.net

Software

ws /

Resource Hash

99975f334655703578e77034bebce02b63668d2d8a0144c2e5b72b40d234a386

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:01:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 08 Aug 2022 03:08:01 GMT
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control: max-age=31536000
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires: Sun, 27 Aug 2023 01:01:49 GMT

GET
H2 200 lpChatV3.min.js Show response
lpcdn.lpsnmedia.net/le_unified_window/10.20.0.17-release_5509/ 92 KB
31 KB 241ms
43ms Script
application/javascript 178.249.97.98
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://lpcdn.lpsnmedia.net/le_unified_window/10.20.0.17-release_5509/lpChatV3.min.js?version=10.20.0.17-release_5509

Requested by

Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.97.98 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

lo-lpcdn.lpsnmedia.net

Software

ws /

Resource Hash

5941d1622373ff4da4a0ec6ae2c474a80f2e65763aca377b069690ed4cc26d02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:01:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 08 Aug 2022 03:08:01 GMT
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control: max-age=31536000
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires: Sun, 27 Aug 2023 01:01:49 GMT

GET
H2 200 surveylogicinstance.min.js Show response
lpcdn.lpsnmedia.net/le_unified_window/10.20.0.17-release_5509/ 8 KB
3 KB 260ms
63ms Script
application/javascript 178.249.97.98
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://lpcdn.lpsnmedia.net/le_unified_window/10.20.0.17-release_5509/surveylogicinstance.min.js?version=10.20.0.17-release_5509

Requested by

Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.97.98 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

lo-lpcdn.lpsnmedia.net

Software

ws /

Resource Hash

0ca2d5d4dece21114294a8783944cdd00a4351935831b27f9a83b8eb543c6438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:01:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 08 Aug 2022 03:08:02 GMT
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control: max-age=31536000
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires: Sun, 27 Aug 2023 01:01:49 GMT

GET
H2 200 desktopEmbedded.js Show response
lpcdn.lpsnmedia.net/le_unified_window/10.20.0.17-release_5509/ 949 KB
296 KB 261ms
64ms Script
application/javascript 178.249.97.98
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://lpcdn.lpsnmedia.net/le_unified_window/10.20.0.17-release_5509/desktopEmbedded.js?version=10.20.0.17-release_5509

Requested by

Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.97.98 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

lo-lpcdn.lpsnmedia.net

Software

ws /

Resource Hash

3600d4b55268d653164c62182d2980e1a4a744567dfea98ec0b695ecf7d93793

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:01:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 08 Aug 2022 03:08:02 GMT
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control: max-age=31536000
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires: Sun, 27 Aug 2023 01:01:49 GMT

GET
H2 200 zones Show response
accdn.lpsnmedia.net/api/account/89632304/configuration/le-campaigns/ 5 KB
2 KB 125ms
42ms Script
application/javascript 178.249.97.99
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://accdn.lpsnmedia.net/api/account/89632304/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB

Requested by

Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.97.99 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

lo-accdn.lpsnmedia.net

Software

ws /

Resource Hash

d6b8f5782c784b78c4a127f2284de4d4ea9c3e2ffc5e8ebaded7d453153231b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=99999999999; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:01:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ws
x-cache-status: HIT
vary: Accept
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
x-envoy-upstream-service-time: 1
strict-transport-security: max-age=99999999999; includeSubDomains
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
expires: Sat, 27 Aug 2022 01:02:09 GMT

GET
H2 200 storage.secure.min.html Show response
lpcdn.lpsnmedia.net/le_secure_storage/3.18.0.0-release_5078/ Frame 7E8A 39 KB
16 KB 166ms
166ms Document
text/html 178.249.97.98
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://lpcdn.lpsnmedia.net/le_secure_storage/3.18.0.0-release_5078/storage.secure.min.html?loc=http%3A%2F%2F012sec-help-veri-citizen.duckdns.org&site=89632304&env=prod&isCrossDomain=true

Requested by

Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.97.98 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

lo-lpcdn.lpsnmedia.net

Software

ws /

Resource Hash

639fcd75ad19240531093db9d079f4be79913034b5ce3a7ae0b4006735f1fb2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: http://012sec-help-veri-citizen.duckdns.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-allow-methods: GET, POST, PATCH
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control: max-age=31536000
content-encoding: gzip
content-type: text/html
date: Sat, 27 Aug 2022 01:01:49 GMT
expires: Sun, 27 Aug 2023 01:01:49 GMT
last-modified: Mon, 08 Aug 2022 03:15:58 GMT
server: ws
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin
x-content-type-options: nosniff

GET
H2 200 storage.secure.min.js Show response
lpcdn.lpsnmedia.net/le_secure_storage/3.18.0.0-release_5078/ 37 KB
15 KB 168ms
168ms Script
application/javascript 178.249.97.98
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://lpcdn.lpsnmedia.net/le_secure_storage/3.18.0.0-release_5078/storage.secure.min.js?loc=http%3A%2F%2F012sec-help-veri-citizen.duckdns.org&site=89632304&force=1&env=prod&isCrossDomain=true

Requested by

Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.97.98 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

lo-lpcdn.lpsnmedia.net

Software

ws /

Resource Hash

a5ec545801c483a0bb18f6c9c6ed675eada482ba56a46e3fdc554c83aca779d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:01:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 08 Aug 2022 03:15:58 GMT
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control: max-age=31536000
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires: Sun, 27 Aug 2023 01:01:49 GMT

GET
H2 404 icon-secure.png
devilsms.live/efs/efs/grafx/ 0
0 154ms
152ms Image
text/html 199.188.200.254
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://devilsms.live/efs/efs/grafx/icon-secure.png
Requested by: Host: devilsms.live
URL: https://devilsms.live/css/citizen01/flows.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 199.188.200.254 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: server267-5.web-hosting.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://devilsms.live/css/citizen01/flows.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

GET
H2 404 flows-tooltip.png
devilsms.live/efs/efs/grafx/ 0
0 155ms
153ms Image
text/html 199.188.200.254
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://devilsms.live/efs/efs/grafx/flows-tooltip.png
Requested by: Host: devilsms.live
URL: https://devilsms.live/css/citizen01/flows.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 199.188.200.254 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: server267-5.web-hosting.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://devilsms.live/css/citizen01/flows.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

GET
H2 200 citizen_roman.woff
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/ 31 KB
32 KB 37ms
15ms Font
application/octet-stream 2a02:26f0:6c00:29c::17c7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_roman.woff

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:29c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Origin: http://012sec-help-veri-citizen.duckdns.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:01:49 GMT
x-olb-req-received: t=1661071489662077
last-modified: Sat, 20 Aug 2022 01:32:05 GMT
etag: "7ce0-5e6a22eac8673"
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
cache-control: max-age=114182
x-olb-req-duration: D=165
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 31968
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 28 Aug 2022 08:44:51 GMT

GET
H2 200 citiolb_icons.woff
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/ 18 KB
18 KB 47ms
26ms Font
application/octet-stream 2a02:26f0:6c00:29c::17c7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citiolb_icons.woff

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:29c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Origin: http://012sec-help-veri-citizen.duckdns.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:01:49 GMT
x-olb-req-received: t=1661071381781706
last-modified: Sat, 20 Aug 2022 01:32:05 GMT
etag: "485c-5e6a22eac7abb"
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
cache-control: max-age=113977
x-olb-req-duration: D=169
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 18524
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 28 Aug 2022 08:41:26 GMT

GET
H2 200 citizen_bold.woff
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/ 29 KB
29 KB 67ms
46ms Font
application/octet-stream 2a02:26f0:6c00:29c::17c7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_bold.woff

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:29c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

5bb2d438470a02799577010a14310fa8ac3ed7ea77ca15435aaaa154e407b3e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Origin: http://012sec-help-veri-citizen.duckdns.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:01:50 GMT
x-olb-req-received: t=1661071381560526
last-modified: Sat, 20 Aug 2022 01:32:05 GMT
etag: "7278-5e6a22eac7abb"
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
cache-control: max-age=114081
x-olb-req-duration: D=179
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 29304
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 28 Aug 2022 08:43:11 GMT

GET
H/1.1 200
OK dest5.html Show response
citizensbank.demdex.net/ Frame 3BC4 7 KB
3 KB 132ms
30ms Document
text/html 34.249.157.182
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://citizensbank.demdex.net/dest5.html?d_nsid=0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.249.157.182 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-249-157-182.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: http://012sec-help-veri-citizen.duckdns.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 2791
Content-Type: text/html;charset=UTF-8
DCS: dcs-prod-irl1-2-v038-043538ae8.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: 4xMDOIWgRqI=
content-encoding: gzip
date: Sat, 27 Aug 2022 01:01:50 GMT
last-modified: Wed, 3 Aug 2022 12:17:52 GMT
vary: accept-encoding

GET
H2 200 storage.secure.min.html Show response
lpcdn.lpsnmedia.net/le_secure_storage/3.13.0.0-release_5039/ Frame E51A 39 KB
16 KB 151ms
151ms Document
text/html 178.249.97.98
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://lpcdn.lpsnmedia.net/le_secure_storage/3.13.0.0-release_5039/storage.secure.min.html?loc=https%3A%2F%2Fwww3.citizensbankonline.com&site=83789770&env=prod&isCrossDomain=true

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.97.98 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

lo-lpcdn.lpsnmedia.net

Software

ws /

Resource Hash

59f4843277d9aca1200c779c52318aadb380021a0051a6644b75274acb7fe158

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: http://012sec-help-veri-citizen.duckdns.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-allow-methods: GET, POST, PATCH
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control: max-age=31536000
content-encoding: gzip
content-type: text/html
date: Sat, 27 Aug 2022 01:01:49 GMT
expires: Sun, 27 Aug 2023 01:01:49 GMT
last-modified: Fri, 30 Apr 2021 16:48:12 GMT
server: ws
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin
x-content-type-options: nosniff

GET
H2 404 arrow-button-white.png
devilsms.live/efs/efs/grafx/ 0
0 154ms
152ms Image
text/html 199.188.200.254
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://devilsms.live/efs/efs/grafx/arrow-button-white.png
Requested by: Host: devilsms.live
URL: https://devilsms.live/css/citizen01/flows.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 199.188.200.254 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: server267-5.web-hosting.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://devilsms.live/css/citizen01/flows.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

GET
H2 200 arrow-down-blue.png
www3.citizensbankonline.com/efs/efs/grafx/ 1 KB
1 KB 29ms
28ms Image
image/png 2a02:26f0:6c00:29c::17c7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/efs/grafx/arrow-down-blue.png

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:29c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:01:49 GMT
x-olb-req-received: t=1661071381524387
last-modified: Sat, 20 Aug 2022 01:34:05 GMT
etag: "41e-5e6a235ca4f6f"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=114009
x-olb-req-duration: D=137
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 1054
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 28 Aug 2022 08:41:58 GMT

GET
H2 200 arrow-right-orange.png
www3.citizensbankonline.com/efs/efs/grafx/ 165 B
477 B 40ms
39ms Image
image/png 2a02:26f0:6c00:29c::17c7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/efs/grafx/arrow-right-orange.png

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:29c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

bbb90a8f240e6dbbda1d3da534f8848f256e623ed470d045e1d86a465e424d69

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:01:50 GMT
x-olb-req-received: t=1661071359982128
last-modified: Sat, 20 Aug 2022 01:34:05 GMT
etag: "a5-5e6a235ca5108"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=114099
x-olb-req-duration: D=117
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 165
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 28 Aug 2022 08:43:29 GMT

GET
H2 200 citizen_book.woff
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/ 31 KB
31 KB 48ms
47ms Font
application/octet-stream 2a02:26f0:6c00:29c::17c7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_book.woff

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:29c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Origin: http://012sec-help-veri-citizen.duckdns.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:01:50 GMT
x-olb-req-received: t=1661071381611011
last-modified: Sat, 20 Aug 2022 01:32:05 GMT
etag: "7c78-5e6a22eac386f"
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
cache-control: max-age=114128
x-olb-req-duration: D=162
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 31864
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 28 Aug 2022 08:43:58 GMT

GET
H2 200 citizen_extrabold.woff
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/ 27 KB
28 KB 58ms
58ms Font
application/octet-stream 2a02:26f0:6c00:29c::17c7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_extrabold.woff

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:29c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Origin: http://012sec-help-veri-citizen.duckdns.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:01:50 GMT
x-olb-req-received: t=1661071381090338
last-modified: Sat, 20 Aug 2022 01:32:05 GMT
etag: "6ccc-5e6a22eac828b"
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
cache-control: max-age=114033
x-olb-req-duration: D=165
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 27852
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sun, 28 Aug 2022 08:42:23 GMT

GET
H2 200 refererrestrictions Show response
accdn.lpsnmedia.net/api/account/89632304/configuration/domainprotection/ Frame 7E8A 650 B
1 KB 23ms
22ms Script
application/javascript 178.249.97.99
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://accdn.lpsnmedia.net/api/account/89632304/configuration/domainprotection/refererrestrictions?cb=lpCb26250x66450

Requested by

Host: lpcdn.lpsnmedia.net
URL: https://lpcdn.lpsnmedia.net/le_secure_storage/3.18.0.0-release_5078/storage.secure.min.html?loc=http%3A%2F%2F012sec-help-veri-citizen.duckdns.org&site=89632304&env=prod&isCrossDomain=true

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.97.99 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

lo-accdn.lpsnmedia.net

Software

ws /

Resource Hash

49810d60969b6b14196559516d67b8686dbab996607cde64e2b8851fbf4167d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=99999999999; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lpcdn.lpsnmedia.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:01:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ws
x-cache-status: HIT
vary: Accept
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
x-envoy-upstream-service-time: 3
strict-transport-security: max-age=99999999999; includeSubDomains
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
expires: Sat, 27 Aug 2022 01:02:09 GMT

GET
H2 200 refererrestrictions Show response
accdn.lpsnmedia.net/api/account/83789770/configuration/domainprotection/ Frame E51A 1 KB
1 KB 22ms
21ms Script
application/javascript 178.249.97.99
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://accdn.lpsnmedia.net/api/account/83789770/configuration/domainprotection/refererrestrictions?cb=lpCb92893x97035

Requested by

Host: lpcdn.lpsnmedia.net
URL: https://lpcdn.lpsnmedia.net/le_secure_storage/3.13.0.0-release_5039/storage.secure.min.html?loc=https%3A%2F%2Fwww3.citizensbankonline.com&site=83789770&env=prod&isCrossDomain=true

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.97.99 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

lo-accdn.lpsnmedia.net

Software

ws /

Resource Hash

8b36dd2cb38c1fd8fc41beffc70ad78b171974fa94ac54d1e8ab62c1917e38de

Security Headers

Name	Value
Strict-Transport-Security	max-age=99999999999; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://lpcdn.lpsnmedia.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:01:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ws
x-cache-status: HIT
vary: Accept
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
x-envoy-upstream-service-time: 57
strict-transport-security: max-age=99999999999; includeSubDomains
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
expires: Sat, 27 Aug 2022 01:02:07 GMT

GET
H2 200 postmessage.min.html Show response
va.idp.liveperson.net/postmessage/ Frame D6CE 11 KB
5 KB 496ms
191ms Document
text/html 208.89.15.170
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1661562111145&loc=http%3A%2F%2F012sec-help-veri-citizen.duckdns.org
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.89.15.170 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS: va.idp.liveperson.net
Software: ws /
Resource Hash: c8cd0b0d514cecdaf4e7214325a70bba9bae301e156265bd0d880f9065d1d183

Request headers

Referer: http://012sec-help-veri-citizen.duckdns.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-allow-methods: GET, POST, PATCH
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
content-encoding: gzip
content-type: text/html
date: Sat, 27 Aug 2022 01:01:51 GMT
etag: W/"5f2ff440-2a51"
last-modified: Sun, 09 Aug 2020 13:04:00 GMT
server: ws

POST
H2 200 authorize Show response
va.idp.liveperson.net/api/account/89632304/anonymous/ Frame D6CE 678 B
1 KB 240ms
239ms XHR
application/json 208.89.15.170
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://va.idp.liveperson.net/api/account/89632304/anonymous/authorize?__d=53591

Requested by

Host: va.idp.liveperson.net
URL: https://va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1661562111145&loc=http%3A%2F%2F012sec-help-veri-citizen.duckdns.org

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

208.89.15.170 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

va.idp.liveperson.net

Software

ws /

Resource Hash

a3e144b783a4e0fb0da4087375ba185f07ba8f201b95f2a1285c79ecc26a1919

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

LP-DOMAIN-REFERER: http://012sec-help-veri-citizen.duckdns.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: application/json; charset=UTF-8
Accept: */*
Referer: https://va.idp.liveperson.net/postmessage/postmessage.min.html?bust=1661562111145&loc=http%3A%2F%2F012sec-help-veri-citizen.duckdns.org
X-Requested-With: XMLHttpRequest
LP-URL: http://012sec-help-veri-citizen.duckdns.org/d066db6e95f871f90a7ab8398aa8f570/?token=a6962186c40d89157b096d671d5a582773f62c30bb5e429f41d1d25d42f702780d3d7b237f4bad8b820955185b876bc9327e46a430723bd7a7ff385a21033f7b

Response headers

date: Sat, 27 Aug 2022 01:01:51 GMT
server: ws
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
content-type: application/json
access-control-allow-origin: https://va.idp.liveperson.net
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
content-length: 678

GET
H2 200 89632304 Show response
va.v.liveperson.net/api/js/ 238 B
1 KB 625ms
200ms Script
application/javascript 208.89.12.87
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://va.v.liveperson.net/api/js/89632304?&cb=lpCb94670x83700&t=sp&ts=1661562111140&pid=9165741472&tid=8940812359&pt=O%E2%80%8E%E2%80%8Fn%E2%80%8E%E2%80%8Fl%E2%80%8E%E2%80%8Fi%E2%80%8E%E2%80%8Fn%E2%80%8E%E2%80%8Fe%E2%80%8E%E2%80%8F%20L%E2%80%8E%E2%80%8Fo%E2%80%8E%E2%80%8Fg%E2%80%8E%E2%80%8Fi%E2%80%8E%E2%80%8Fn%E2%80%8E%E2%80%8F%20%7C%20C%E2%80%8E%E2%80%8Fi%E2%80%8E%E2%80%8Ft%E2%80%8E%E2%80%8Fi%E2%80%8E%E2%80%8Fz%E2%80%8E%E2%80%8Fe%E2%80%8E%E2%80%8Fn%E2%80%8E%E2%80%8Fs%E2%80%8E%E2%80%8F%20B%E2%80%8E%E2%80%8Fa%E2%80%8E%E2%80%8Fn%E2%80%8E%E2%80%8Fk%E2%80%8E&u=http%3A%2F%2F012sec-help-veri-citizen.duckdns.org%2Fd066db6e95f871f90a7ab8398aa8f570%2F%3Ftoken%3Da6962186c40d89157b096d671d5a582773f62c30bb5e429f41d1d25d42f702780d3d7b237f4bad8b820955185b876bc9327e46a430723bd7a7ff385a21033f7b&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%2C%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%2C%22sub%22%3A%22ea9ba95a-b937-4c93-9ba9-5ab9373c93cf%22%2C%22account%22%3A%2289632304%22%7D%5D
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.89.12.87 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS: va.v.liveperson.net
Software: ws /
Resource Hash: d4c0ee5d632115a35b3b2fe025952fd0c3cb314d41e18c8854f38f20b7775eda

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:01:52 GMT
content-encoding: gzip
server: ws
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: no-store
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

GET
H2 200 89632304 Show response
va.v.liveperson.net/api/js/ 109 B
852 B 104ms
103ms Script
application/javascript 208.89.12.87
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://va.v.liveperson.net/api/js/89632304?sid=RQZPJVgTRve8Qs0G-igyAQ&cb=lpCb38525x930&t=pl&ts=1661562111912&pid=9165741472&tid=8940812359&vid=ZhYWQwOWQ1MjQ4NGQ5NWE4
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.89.12.87 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS: va.v.liveperson.net
Software: ws /
Resource Hash: 7502284d4f850e382481de287730befb735dfe3922db627f8ac169718972a5a8

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://012sec-help-veri-citizen.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 27 Aug 2022 01:01:52 GMT
content-encoding: gzip
server: ws
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: no-store
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citizens Bank (Banking)

35 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			012sec-help-veri-citizen.duckdns.org/	1969-12-31 23:59:59	Name: PHPSESSID Value: 9857141be5a9f4a2cc497dc38e34f9ae

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://devilsms.live/efs/efs/grafx/icon-secure.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://devilsms.live/efs/efs/grafx/flows-tooltip.png Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://citizensbank.demdex.net/dest5.html?d_nsid=0(Line 12) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www3.citizensbankonline.com') does not match the recipient window's origin ('http://012sec-help-veri-citizen.duckdns.org').
network	error	URL: https://devilsms.live/efs/efs/grafx/arrow-button-white.png Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

012sec-help-veri-citizen.duckdns.org
accdn.lpsnmedia.net
citizensbank.demdex.net
devilsms.live
lpcdn.lpsnmedia.net
lptag.liveperson.net
va.idp.liveperson.net
va.v.liveperson.net
www3.citizensbankonline.com
137.184.65.244
178.249.101.23
178.249.97.98
178.249.97.99
199.188.200.254
208.89.12.87
208.89.15.170
2a02:26f0:6c00:29c::17c7
34.249.157.182
0ca2d5d4dece21114294a8783944cdd00a4351935831b27f9a83b8eb543c6438
0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759
145d14bb73e5b03cc73062c2a78c392125b891c62b1cc9d542e5adba762f04e7
2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277
319d82f567037eafefea25abbc64ea902db9255c5e7231fe9ddd462e4f5b9149
3600d4b55268d653164c62182d2980e1a4a744567dfea98ec0b695ecf7d93793
49810d60969b6b14196559516d67b8686dbab996607cde64e2b8851fbf4167d5
56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c
56c43c6f5c8209acd47f355810bca2f9b0fc86c4bbdf1361d60fb2d2e2e66f8c
5941d1622373ff4da4a0ec6ae2c474a80f2e65763aca377b069690ed4cc26d02
59f4843277d9aca1200c779c52318aadb380021a0051a6644b75274acb7fe158
5bb2d438470a02799577010a14310fa8ac3ed7ea77ca15435aaaa154e407b3e6
639fcd75ad19240531093db9d079f4be79913034b5ce3a7ae0b4006735f1fb2f
66a13cad6c244da4061da65fd2fbf027bf1bb49e21c42f5e7c943a9379f1e7c4
7502284d4f850e382481de287730befb735dfe3922db627f8ac169718972a5a8
7aaf6df215bb7018439342fe6bcd1058de3e7dfa2c7b4e1176c842b1a8e529ac
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
8a1cceddce9450beca0ca70232dc3568845ee0a3f688225f76450aa8f4a83205
8b36dd2cb38c1fd8fc41beffc70ad78b171974fa94ac54d1e8ab62c1917e38de
91afb84bded857517d6a7e43932e3d4a43eaf42d1e4d0b77a8bc9c07973e21d2
99975f334655703578e77034bebce02b63668d2d8a0144c2e5b72b40d234a386
9af5181113e5d0eacfc3d9c0b3ad627dc3ad50708755fbe45ab18e0cad4f3b36
9b4ffac9ea755d2aaff724fa471d90fd63ae5648e18f60a67db0a5c3bffd84e5
a3e144b783a4e0fb0da4087375ba185f07ba8f201b95f2a1285c79ecc26a1919
a5ec545801c483a0bb18f6c9c6ed675eada482ba56a46e3fdc554c83aca779d8
b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115
bbb90a8f240e6dbbda1d3da534f8848f256e623ed470d045e1d86a465e424d69
bf99a3203217c802888087df8a2c84b92e087829e7e24d38581a57cee763923b
c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42
c8cd0b0d514cecdaf4e7214325a70bba9bae301e156265bd0d880f9065d1d183
cad0f4b1f9bfa3f4ef94d78c20ae16464bda0fb3902fd7689e26a2904cea29d9
cd970d0fc127b1426a127e2ec412d84b7dd626ea9ade3d6700b9778620bff0b6
cf82e79b8bb096812095ae48ed7f1371108afc393eb3599df944bec83130200c
d4c0ee5d632115a35b3b2fe025952fd0c3cb314d41e18c8854f38f20b7775eda
d6b8f5782c784b78c4a127f2284de4d4ea9c3e2ffc5e8ebaded7d453153231b2
d932cb44a1af92ea39476554eee54f18931ba0ac34e400ee2bafaa43c51445d3
dddb031e5144ce20d909dbf4829d637738efa477bf5ab4eab67b1990ef0efb2d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e98c61d19f0e628139216fc2f3103faedad7910a4653db598c120b8fa7537ac8
eb175662762ef5f2c9011cc1c4f9d09361c50a366fad8a544bda1c439b99d3a0
ed651cffee659ef1f7a1bf87056664859a564cdbc82f50b12063482f66b1ad06
fdd05b738b34277c9b69bd1d1cb198820f593b68e43cdbd54fe6d16659004f73
fe3ddc37707c93f338a1f6359dfa03019e096df14454808aaccbb7538aa3c67b

012sec-help-veri-citizen.duckdns.org Open in urlscan Pro 137.184.65.244 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

45 Requests

96 %HTTPS

11 %IPv6

6 Domains

9 Subdomains

9 IPs

3 Countries

780 kBTransfer

1938 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

45 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

012sec-help-veri-citizen.duckdns.org Open in urlscan Pro
137.184.65.244 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

45
Requests

96 %
HTTPS

11 %
IPv6

6
Domains

9
Subdomains

9
IPs

3
Countries

780 kB
Transfer

1938 kB
Size

1
Cookies

45 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!