www.citibank-0nline.duckdns.org Open in urlscan Pro
34.74.7.184 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.citibank-0nline.duckdns.org/
Effective URL:
https://www.citibank-0nline.duckdns.org/login1.php?k3SFodD4rZREGCCLkseZnJVYguhbyjVpkNU0EqjasBgdlOtPrxuEkb6i9TLxcSZMzETzDjOtTmyEikikWZrkZ...
Submission: On September 09 via automatic, source openphish (September 9th 2021, 1:27:56 am UTC) — Scanned from DE

Summary HTTP 57 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 16 IPs in 2 countries across 12 domains to perform 57 HTTP transactions. The main IP is 34.74.7.184, located in North Charleston, United States and belongs to GOOGLE, US. The main domain is www.citibank-0nline.duckdns.org.
TLS certificate: Issued by cPanel, Inc. Certification Authority on September 8th 2021. Valid for: 3 months.

This is the only time www.citibank-0nline.duckdns.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citibank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
10	34.74.7.184 34.74.7.184	15169 (GOOGLE) (GOOGLE)
4	45.63.85.138 45.63.85.138	20473 (AS-CHOOPA) (AS-CHOOPA)
1	142.250.180.14 142.250.180.14	15169 (GOOGLE) (GOOGLE)
1	54.69.159.212 54.69.159.212	16509 (AMAZON-02) (AMAZON-02)
7	142.250.200.36 142.250.200.36	15169 (GOOGLE) (GOOGLE)
3	151.101.114.133 151.101.114.133	54113 (FASTLY) (FASTLY)
2	216.58.212.226 216.58.212.226	15169 (GOOGLE) (GOOGLE)
16	184.24.6.17 184.24.6.17	16625 (AKAMAI-AS) (AKAMAI-AS)
1	23.45.237.66 23.45.237.66	16625 (AKAMAI-AS) (AKAMAI-AS)
1	91.198.174.208 91.198.174.208	14907 (WIKIMEDIA) (WIKIMEDIA)
3	13.107.21.200 13.107.21.200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	35.190.60.146 35.190.60.146	15169 (GOOGLE) (GOOGLE)
1	184.30.16.79 184.30.16.79	16625 (AKAMAI-AS) (AKAMAI-AS)
1	151.101.113.175 151.101.113.175	54113 (FASTLY) (FASTLY)
1	35.241.45.82 35.241.45.82	15169 (GOOGLE) (GOOGLE)
57	16

10 34.74.7.184 (North Charleston, United States)

ASN15169 (GOOGLE, US)
PTR: 184.7.74.34.bc.googleusercontent.com

www.citibank-0nline.duckdns.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 45.63.85.138 (San Jose, United States)

ASN20473 (AS-CHOOPA, US)
PTR: 45.63.85.138.vultr.com

files.killbot.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
killbot.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.180.14 (United States)

ASN15169 (GOOGLE, US)
PTR: lhr25s32-in-f14.1e100.net

cse.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.69.159.212 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-69-159-212.us-west-2.compute.amazonaws.com

ci-mpsnare.iovation.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.250.200.36 (United States)

ASN15169 (GOOGLE, US)
PTR: lhr48s30-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.114.133 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

resources.digital-cloud-citi.medallia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.212.226 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: lhr25s28-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 184.24.6.17 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-24-6-17.deploy.static.akamaitechnologies.com

online.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.45.237.66 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-45-237-66.deploy.static.akamaitechnologies.com

www.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.198.174.208 (United States)

ASN14907 (WIKIMEDIA, US)
PTR: upload-lb.esams.wikimedia.org

upload.wikimedia.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.107.21.200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.60.146 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com

sr.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.30.16.79 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-16-79.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.113.175 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

nebula-cdn.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.82 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 82.45.241.35.bc.googleusercontent.com

udc-neb.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	citi.com online.citi.com www.citi.com	547 KB
10	duckdns.org www.citibank-0nline.duckdns.org	2 MB
8	google.com cse.google.com www.google.com	203 KB
4	killbot.org files.killbot.org killbot.org Failed	8 KB
3	bing.com bat.bing.com	496 B
3	medallia.com resources.digital-cloud-citi.medallia.com	90 KB
2	kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com	6 KB
2	doubleclick.net googleads.g.doubleclick.net	3 KB
1	bluekai.com stags.bluekai.com	338 B
1	rlcdn.com sr.rlcdn.com	66 B
1	wikimedia.org upload.wikimedia.org	15 KB
1	iovation.com ci-mpsnare.iovation.com	610 B
57	12

	Domain	Requested by
16	online.citi.com	www.citibank-0nline.duckdns.org
10	www.citibank-0nline.duckdns.org	www.citibank-0nline.duckdns.org
7	www.google.com	www.citibank-0nline.duckdns.org cse.google.com
3	bat.bing.com	www.citibank-0nline.duckdns.org
3	resources.digital-cloud-citi.medallia.com	www.citibank-0nline.duckdns.org resources.digital-cloud-citi.medallia.com
2	googleads.g.doubleclick.net	www.citibank-0nline.duckdns.org
2	killbot.org	files.killbot.org
2	files.killbot.org	www.citibank-0nline.duckdns.org
1	udc-neb.kampyle.com
1	nebula-cdn.kampyle.com	resources.digital-cloud-citi.medallia.com
1	stags.bluekai.com	www.citibank-0nline.duckdns.org
1	sr.rlcdn.com	www.citibank-0nline.duckdns.org
1	upload.wikimedia.org	www.citibank-0nline.duckdns.org
1	www.citi.com	www.citibank-0nline.duckdns.org
1	ci-mpsnare.iovation.com	www.citibank-0nline.duckdns.org
1	cse.google.com	www.citibank-0nline.duckdns.org
57	16

This site contains links to these domains. Also see Links.

Domain
online.citi.com

Subject Issuer	Validity	Valid
citibank-0nline.duckdns.org cPanel, Inc. Certification Authority	`2021-09-08` - `2021-12-07`	3 months	crt.sh
files.killbot.org R3	`2021-08-07` - `2021-11-05`	3 months	crt.sh
killbot.org R3	`2021-08-08` - `2021-11-06`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
ci-mpsnare.iovation.com DigiCert SHA2 Extended Validation Server CA	`2021-04-21` - `2022-05-10`	a year	crt.sh
www.google.com GTS CA 1C3	`2021-08-23` - `2021-11-15`	3 months	crt.sh
*.digital-cloud-citi.medallia.com SSL.com RSA SSL subCA	`2020-10-21` - `2021-11-21`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-08-16` - `2021-11-08`	3 months	crt.sh
online.citibank.com DigiCert SHA2 Extended Validation Server CA	`2020-03-13` - `2022-05-14`	2 years	crt.sh
www.citi.com DigiCert SHA2 Extended Validation Server CA	`2019-10-17` - `2022-01-01`	2 years	crt.sh
*.wikipedia.org DigiCert SHA2 High Assurance Server CA	`2020-11-09` - `2021-11-16`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2021-07-06` - `2022-01-06`	6 months	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
odc-pixel-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2021-04-25` - `2022-04-26`	a year	crt.sh
*.kampyle.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-03-22` - `2022-04-23`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://www.citibank-0nline.duckdns.org/login1.php?k3SFodD4rZREGCCLkseZnJVYguhbyjVpkNU0EqjasBgdlOtPrxuEkb6i9TLxcSZMzETzDjOtTmyEikikWZrkZigi2H940K2K0CF0EBhohk0JLxK9ge7VUO2EMZPNgGBzErDhqiwuLc7dmSI5nqTaZJ
Frame ID: 1E63326C18D9D9D7F9820C78D56FD030
Requests: 56 HTTP requests in this frame

Frame: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Frame ID: 1D8504F4FFFB86B0E3B57100B49C194B
Requests: 1 HTTP requests in this frame

Frame: https://stags.bluekai.com/site/63068?ret=html&phint=language%3D&phint=product%3D&phint=event&phint=category%3D&phint=page%3D&phint=section1%3D&phint=section2%3D&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DCitibank%20Online&phint=__bk_k%3D&phint=__bk_l%3Dhttps%3A%2F%2Fwww.citi.com%2F&phint=__bk_v%3D3.1.7&limit=10&r=60521226
Frame ID: F8D89DA1D48543D055F9B143F63B35AE
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.citibank-0nline.duckdns.org/ Page URL
https://www.citibank-0nline.duckdns.org/login1.php?k3SFodD4rZREGCCLkseZnJVYguhbyjVpkNU0EqjasBgdlOtPrxuEkb6i9TLxcSZMz... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

57
Requests

93 %
HTTPS

0 %
IPv6

12
Domains

16
Subdomains

16
IPs

2
Countries

2429 kB
Transfer

3288 kB
Size

8
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://online.citi.com/US/ag/security-center
Title: Security Center

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.citibank-0nline.duckdns.org/ Page URL
https://www.citibank-0nline.duckdns.org/login1.php?k3SFodD4rZREGCCLkseZnJVYguhbyjVpkNU0EqjasBgdlOtPrxuEkb6i9TLxcSZMzETzDjOtTmyEikikWZrkZigi2H940K2K0CF0EBhohk0JLxK9ge7VUO2EMZPNgGBzErDhqiwuLc7dmSI5nqTaZJ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

57 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
www.citibank-0nline.duckdns.org/ 578 B
786 B 658ms
103ms Document
text/html 34.74.7.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.citibank-0nline.duckdns.org/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.74.7.184 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 184.7.74.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: 8ac99858223b96cbd0fb7abdec55f6dd868bc432952fa7875af75e9cbd701778

Request headers

Host: www.citibank-0nline.duckdns.org
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Date: Thu, 09 Sep 2021 01:27:48 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK killbot-security.js Show response
files.killbot.org/.cdn-cgi/ 2 KB
3 KB 686ms
159ms Script
application/javascript 45.63.85.138
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL

https://files.killbot.org/.cdn-cgi/killbot-security.js

Requested by

Host: www.citibank-0nline.duckdns.org
URL: https://www.citibank-0nline.duckdns.org/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

45.63.85.138 San Jose, United States, ASN20473 (AS-CHOOPA, US),

Reverse DNS

45.63.85.138.vultr.com

Software

nginx / Killbot, Inc.

Resource Hash

13f7de72970d9a3b94fcc44a294dc8159489be5195d477a95fa85a026b38242c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 09 Sep 2021 01:27:48 GMT
X-Content-Type-Options: nosniff
X-Powered-By: Killbot, Inc.
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 2400
X-XSS-Protection: 1; mode=block
Last-Modified: Sat, 07 Aug 2021 14:01:31 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "610e923b-960"
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000
Content-Security-Policy: default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'
Accept-Ranges: bytes
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET whois
killbot.org/api/v2/ 0
0

GET
H/1.1 200
OK Primary Request login1.php Show response
www.citibank-0nline.duckdns.org/ 343 KB
344 KB 104ms
104ms Document
text/html 34.74.7.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.citibank-0nline.duckdns.org/login1.php?k3SFodD4rZREGCCLkseZnJVYguhbyjVpkNU0EqjasBgdlOtPrxuEkb6i9TLxcSZMzETzDjOtTmyEikikWZrkZigi2H940K2K0CF0EBhohk0JLxK9ge7VUO2EMZPNgGBzErDhqiwuLc7dmSI5nqTaZJ
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.74.7.184 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 184.7.74.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: aa73aeb9562ce165c106efc277454411c5b3353eec11450ad5f9a2ec78e109f1

Request headers

Host: www.citibank-0nline.duckdns.org
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Referer: https://www.citibank-0nline.duckdns.org/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/

Response headers

Date: Thu, 09 Sep 2021 01:27:48 GMT
Server: Apache
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK killbot-security.js Show response
files.killbot.org/.cdn-cgi/ 2 KB
3 KB 158ms
158ms Script
application/javascript 45.63.85.138
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL

https://files.killbot.org/.cdn-cgi/killbot-security.js

Requested by

Host: www.citibank-0nline.duckdns.org
URL: https://www.citibank-0nline.duckdns.org/login1.php?k3SFodD4rZREGCCLkseZnJVYguhbyjVpkNU0EqjasBgdlOtPrxuEkb6i9TLxcSZMzETzDjOtTmyEikikWZrkZigi2H940K2K0CF0EBhohk0JLxK9ge7VUO2EMZPNgGBzErDhqiwuLc7dmSI5nqTaZJ

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

45.63.85.138 San Jose, United States, ASN20473 (AS-CHOOPA, US),

Reverse DNS

45.63.85.138.vultr.com

Software

nginx / Killbot, Inc.

Resource Hash

13f7de72970d9a3b94fcc44a294dc8159489be5195d477a95fa85a026b38242c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 09 Sep 2021 01:27:49 GMT
X-Content-Type-Options: nosniff
X-Powered-By: Killbot, Inc.
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Length: 2400
X-XSS-Protection: 1; mode=block
Last-Modified: Sat, 07 Aug 2021 14:01:31 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "610e923b-960"
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000
Content-Security-Policy: default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'
Accept-Ranges: bytes
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK styles.b03f48c37f713682a724.css
www.citibank-0nline.duckdns.org/css/ 1 MB
1 MB 325ms
108ms Stylesheet
text/css 34.74.7.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.citibank-0nline.duckdns.org/css/styles.b03f48c37f713682a724.css
Requested by: Host: www.citibank-0nline.duckdns.org
URL: https://www.citibank-0nline.duckdns.org/login1.php?k3SFodD4rZREGCCLkseZnJVYguhbyjVpkNU0EqjasBgdlOtPrxuEkb6i9TLxcSZMzETzDjOtTmyEikikWZrkZigi2H940K2K0CF0EBhohk0JLxK9ge7VUO2EMZPNgGBzErDhqiwuLc7dmSI5nqTaZJ
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.74.7.184 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 184.7.74.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: 3090163d8d4f6f5e97eee6f3499d3e86442d897f89dfde6b8e8c4d8d5116108d

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.citibank-0nline.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://www.citibank-0nline.duckdns.org/login1.php?k3SFodD4rZREGCCLkseZnJVYguhbyjVpkNU0EqjasBgdlOtPrxuEkb6i9TLxcSZMzETzDjOtTmyEikikWZrkZigi2H940K2K0CF0EBhohk0JLxK9ge7VUO2EMZPNgGBzErDhqiwuLc7dmSI5nqTaZJ
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/login1.php?k3SFodD4rZREGCCLkseZnJVYguhbyjVpkNU0EqjasBgdlOtPrxuEkb6i9TLxcSZMzETzDjOtTmyEikikWZrkZigi2H940K2K0CF0EBhohk0JLxK9ge7VUO2EMZPNgGBzErDhqiwuLc7dmSI5nqTaZJ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 09 Sep 2021 01:27:49 GMT
Last-Modified: Sun, 21 Mar 2021 05:47:20 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1239121

GET
H/1.1 200
OK media.css
www.citibank-0nline.duckdns.org/ 932 B
1 KB 335ms
111ms Stylesheet
text/css 34.74.7.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.citibank-0nline.duckdns.org/media.css
Requested by: Host: www.citibank-0nline.duckdns.org
URL: https://www.citibank-0nline.duckdns.org/login1.php?k3SFodD4rZREGCCLkseZnJVYguhbyjVpkNU0EqjasBgdlOtPrxuEkb6i9TLxcSZMzETzDjOtTmyEikikWZrkZigi2H940K2K0CF0EBhohk0JLxK9ge7VUO2EMZPNgGBzErDhqiwuLc7dmSI5nqTaZJ
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.74.7.184 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 184.7.74.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: 58d2fd4d0e35c6f1971869b55dc6e7f5124d52a37e605845818d0caca6c4999d

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.citibank-0nline.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://www.citibank-0nline.duckdns.org/login1.php?k3SFodD4rZREGCCLkseZnJVYguhbyjVpkNU0EqjasBgdlOtPrxuEkb6i9TLxcSZMzETzDjOtTmyEikikWZrkZigi2H940K2K0CF0EBhohk0JLxK9ge7VUO2EMZPNgGBzErDhqiwuLc7dmSI5nqTaZJ
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/login1.php?k3SFodD4rZREGCCLkseZnJVYguhbyjVpkNU0EqjasBgdlOtPrxuEkb6i9TLxcSZMzETzDjOtTmyEikikWZrkZigi2H940K2K0CF0EBhohk0JLxK9ge7VUO2EMZPNgGBzErDhqiwuLc7dmSI5nqTaZJ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 09 Sep 2021 01:27:49 GMT
Last-Modified: Sun, 21 Mar 2021 06:13:50 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 932

GET
H/1.1 200
OK whois Show response
killbot.org/api/v2/ 266 B
1022 B 188ms
158ms Fetch
application/json 45.63.85.138
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: https://killbot.org/api/v2/whois?apikey=bMIU64-sFcycv4MRtmkaJVwXzSpoGeDnSGOU_4LpXC91t
Requested by: Host: files.killbot.org
URL: https://files.killbot.org/.cdn-cgi/killbot-security.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 45.63.85.138 San Jose, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: 45.63.85.138.vultr.com
Software: nginx /
Resource Hash: 1cc1f7665994c0acc93ab1b64abce5f5588ec2f818056720b55c91c1c47e0721

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 09 Sep 2021 01:27:49 GMT
Server: nginx
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: POST, GET
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Transfer-Encoding: chunked
Bug-Bounty: Report to live chat :)
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 cse.js Show response
cse.google.com/ 10 KB
4 KB 108ms
51ms Script
text/javascript 142.250.180.14
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/cse.js?cx=009695499870347544712:e3dyicpbrwu

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.180.14 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lhr25s32-in-f14.1e100.net

Software

gws /

Resource Hash

5b8e0dcbbbcf1921d73d3e8cda4b04c675105f601825b5a2ed00d67c957d962d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

bfcache-opt-in: unload
date: Thu, 09 Sep 2021 01:27:49 GMT
content-encoding: br
server: gws
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3496
x-xss-protection: 0

GET
H/1.1 401
Unauthorized blocker Show response
killbot.org/api/v2/ 146 B
911 B 159ms
158ms Fetch
application/json 45.63.85.138
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: https://killbot.org/api/v2/blocker?apikey=bMIU64-sFcycv4MRtmkaJVwXzSpoGeDnSGOU_4LpXC91t&ip=216.131.114.222&ua=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/92.0.4515.159%20Safari/537.36&url=?k3SFodD4rZREGCCLkseZnJVYguhbyjVpkNU0EqjasBgdlOtPrxuEkb6i9TLxcSZMzETzDjOtTmyEikikWZrkZigi2H940K2K0CF0EBhohk0JLxK9ge7VUO2EMZPNgGBzErDhqiwuLc7dmSI5nqTaZJ
Requested by: Host: files.killbot.org
URL: https://files.killbot.org/.cdn-cgi/killbot-security.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 45.63.85.138 San Jose, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: 45.63.85.138.vultr.com
Software: nginx /
Resource Hash: 9999f5dbf899307d8d9a37abda49b26efcfc6a7dd56cb09d2c172aa4093955f1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 09 Sep 2021 01:27:49 GMT
Server: nginx
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: POST, GET
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Transfer-Encoding: chunked
Bug-Bounty: Report to live chat :)
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.1 200
OK logo.js Show response
ci-mpsnare.iovation.com/script/ 96 B
610 B 756ms
170ms Script
text/javascript 54.69.159.212
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ci-mpsnare.iovation.com/script/logo.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.69.159.212 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-69-159-212.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

647f9abb8d970e2d671ee6ea23da2de7a405d3f411254bc36fff0b887b4c5a71

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 09 Sep 2021 01:27:50 GMT
Content-Encoding: gzip
Last-Modified: Tue, 06 May 2014 00:01:40 GMT
Server: nginx
Strict-Transport-Security: max-age=15552000; includeSubDomains
p3p: CP="NON DSP COR CURa"
Accept-CH: ua, ua-arch, ua-platform, ua-model, ua-mobile, ua-full-version, ua-platform-version
Cache-Control: private
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Expires: Fri, 09 Sep 2022 01:27:50 GMT

GET
H2 200 cse_element__en.js Show response
www.google.com/cse/static/element/921554e23151c152/ 264 KB
88 KB 85ms
35ms Script
text/javascript 142.250.200.36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/921554e23151c152/cse_element__en.js?usqp=CAI%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.200.36 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lhr48s30-in-f4.1e100.net

Software

sffe /

Resource Hash

9494e9aaa4363fcdd2994aabec2e1d4dee84d1ef1e25ddf14d80f364494671c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 07 Sep 2021 09:13:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 144875
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 89466
x-xss-protection: 0
last-modified: Thu, 19 Nov 2020 20:04:18 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 07 Sep 2022 09:13:14 GMT

GET
H2 200 default+en.css
www.google.com/cse/static/element/921554e23151c152/ 41 KB
9 KB 69ms
19ms Stylesheet
text/css 142.250.200.36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/921554e23151c152/default+en.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.200.36 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lhr48s30-in-f4.1e100.net

Software

sffe /

Resource Hash

051b18ffc03e4adc771ab9efa6549b8d28074acd494045ab628a324ebf00ce30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 08 Sep 2021 21:17:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14996
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9045
x-xss-protection: 0
last-modified: Thu, 19 Nov 2020 20:04:18 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 08 Sep 2022 21:17:53 GMT

GET
H2 200 default.css
www.google.com/cse/static/style/look/v4/ 4 KB
2 KB 68ms
18ms Stylesheet
text/css 142.250.200.36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/style/look/v4/default.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.200.36 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lhr48s30-in-f4.1e100.net

Software

sffe /

Resource Hash

dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 09 Sep 2021 01:24:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 185
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1345
x-xss-protection: 0
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Thu, 09 Sep 2021 02:14:44 GMT

GET
H2 200 embed.js Show response
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ 2 KB
940 B 822ms
637ms Script
application/javascript 151.101.114.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
Requested by: Host: www.citibank-0nline.duckdns.org
URL: https://www.citibank-0nline.duckdns.org/login1.php?k3SFodD4rZREGCCLkseZnJVYguhbyjVpkNU0EqjasBgdlOtPrxuEkb6i9TLxcSZMzETzDjOtTmyEikikWZrkZigi2H940K2K0CF0EBhohk0JLxK9ge7VUO2EMZPNgGBzErDhqiwuLc7dmSI5nqTaZJ
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f609f76bbb7f158c15f02c57dc1e1cd0115ee2ab7bbc417543aa0ebedccfaf71

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-version-id: 4Ny3y.goV2S3FUQ2llH85tCcpfnKySf8
content-encoding: gzip
etag: "5a5dbafff41cc92bc6aad29b1470bd29"
age: 0
via: 1.1 varnish
x-cache: HIT
content-length: 675
x-amz-id-2: t1seFksANITz9Nl10ejzF+ZRKLvI3LKp7za3W7ty2jKB2JkqP1to4V1Tsl4+biuCGewnxH/ORtw=
x-served-by: cache-hhn4049-HHN
last-modified: Thu, 02 Sep 2021 17:44:53 GMT
server: AmazonS3
x-timer: S1631150870.551785,VS0,VE631
date: Thu, 09 Sep 2021 01:27:50 GMT
vary: Accept-Encoding
x-amz-request-id: PFTCGNTZ0W6Z0F6W
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/ 2 KB
2 KB 80ms
28ms Script
text/javascript 216.58.212.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1608659919652&cv=9&fst=1608659919652&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=1&u_tz=360&u_java=false&u_nplug=3&u_nmime=4&gtm=2oabu0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&tiba=Citibank%20Online&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.226 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lhr25s28-in-f2.1e100.net

Software

cafe /

Resource Hash

9b1fc77dadf10cd3bc7ad3df3217a591e14d0ee24246a47fe2c29039510240c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 09 Sep 2021 01:27:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1000
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/ 2 KB
1 KB 80ms
29ms Script
text/javascript 216.58.212.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1608659919663&cv=9&fst=1608659919663&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=1&u_tz=360&u_java=false&u_nplug=3&u_nmime=4&gtm=2oabu0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&tiba=Citibank%20Online&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.226 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lhr25s28-in-f2.1e100.net

Software

cafe /

Resource Hash

89544017b0e371deb51be372422166f3f12d52317400f9babd5b1f92ad21d2ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 09 Sep 2021 01:27:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 997
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 citilogoredesign.png
online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 2 KB
3 KB 101ms
13ms Image
image/png 184.24.6.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/citilogoredesign.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.24.6.17 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-6-17.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-length: 1799
x-xss-protection: 1; mode=block
expires: Thu, 09 Sep 2021 07:27:49 GMT
last-modified: Mon, 23 Aug 2021 06:42:47 GMT
server: nginx
x-akamai-citisite: GTDC
x-frame-options: DENY
date: Thu, 09 Sep 2021 01:27:49 GMT
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
content-type: image/png
access-control-allow-origin
x-vcap-request-id: 954ad3ac-321b-4b45-62b2-06d3fb635603
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 050-location@2x.svg
online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 2 KB
2 KB 110ms
22ms Image
image/svg+xml 184.24.6.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/050-location@2x.svg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.24.6.17 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-6-17.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

sid: 3809c0b6-f044-4e2a-b9d8-84deb3e2ee14
content-encoding: gzip
x-content-type-options: nosniff
nonce: 2445477907957301
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
dclocation: GT1DMS
content-length: 758
x-xss-protection: 1; mode=block
uuid: aeee5878-23ca-4f1a-8a14-9f92928fc798
expires: Thu, 09 Sep 2021 07:27:49 GMT
last-modified: Mon, 23 Aug 2021 06:42:47 GMT
server: nginx
x-akamai-citisite: GTDC
x-frame-options: DENY
date: Thu, 09 Sep 2021 01:27:49 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
content-type: image/svg+xml
access-control-allow-origin
x-vcap-request-id: 023e1669-dcec-4445-4891-30557098627d
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
scope: VISITOR
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H/1.1 200
OK icon_globe_med-grey@2x.svg
www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 3 KB
3 KB 100ms
12ms Image
image/svg+xml 23.45.237.66
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/icon_globe_med-grey@2x.svg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.45.237.66 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-45-237-66.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Sid: c3fa267f-5a28-4ef6-87bc-bc59eee3ebb6
Content-Encoding: gzip
ETag: W/"dc3-17b71bf4a58"
Nonce: 5814600666706976
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Connection: keep-alive
Content-Length: 1419
X-Xss-Protection: 1; mode=block
Uuid: b456b678-83bf-49fc-96c6-66f099967bfc
Last-Modified: Mon, 23 Aug 2021 06:42:47 GMT
Server: nginx
Cache-Control: public, no-transform, max-age=21600
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Thu, 09 Sep 2021 01:27:49 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
Content-Type: image/svg+xml
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: b326fffb-89a2-4bc2-42a0-8fd9131c9234
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Scope: VISITOR
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
X-Content-Type-Options: nosniff
Dclocation: GT1DMS
Expires: Thu, 09 Sep 2021 07:27:49 GMT

GET
H2 200 1200px-Hamburger_icon.svg.png
upload.wikimedia.org/wikipedia/commons/thumb/b/b2/Hamburger_icon.svg/ 14 KB
15 KB 200ms
23ms Image
image/png 91.198.174.208
WIKIMEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://upload.wikimedia.org/wikipedia/commons/thumb/b/b2/Hamburger_icon.svg/1200px-Hamburger_icon.svg.png

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

91.198.174.208 , United States, ASN14907 (WIKIMEDIA, US),

Reverse DNS

upload-lb.esams.wikimedia.org

Software

ATS/8.0.8 /

Resource Hash

e910e4210656ac060466b5b37c7a45e707fa0fdfc73250851d2cc5c82ccb8939

Security Headers

Name	Value
Strict-Transport-Security	max-age=106384710; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 08 Sep 2021 09:30:23 GMT
nel: { "report_to": "wm_nel", "max_age": 86400, "failure_fraction": 0.05, "success_fraction": 0.0}
age: 57446
x-cache-status: hit-front
x-cache: cp3061 hit, cp3059 hit/36
content-disposition: inline;filename*=UTF-8''Hamburger_icon.svg.png
server-timing: cache;desc="hit-front", host;desc="cp3059"
content-length: 14199
x-client-ip: 216.131.114.222
x-object-meta-sha1base36: cahm2nlb65f2xcizmgouz9b2duv16ya
last-modified: Fri, 31 Mar 2017 13:01:56 GMT
server: ATS/8.0.8
etag: 79b18a5d205cdebc264fc06817b73584
strict-transport-security: max-age=106384710; includeSubDomains; preload
report-to: { "group": "wm_nel", "max_age": 86400, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
content-type: image/png
access-control-allow-origin: *
x-timestamp: 1490965315.36449
permissions-policy: interest-cohort=()
accept-ranges: bytes
timing-allow-origin: *
access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache

GET
H2 200 HP8764_H2.jpg
online.citi.com/JRS/banners/hero_background/ 196 KB
197 KB 117ms
30ms Image
image/jpeg 184.24.6.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/hero_background/HP8764_H2.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.24.6.17 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-6-17.deploy.static.akamaitechnologies.com

Software

Resource Hash

6f76589585a8e6aa963b9d8383c6369dee410c68ef8fbef5df7abef4b6ce5fa1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 09 Sep 2021 01:27:49 GMT
last-modified: Thu, 08 Oct 2020 21:56:16 GMT
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 200475
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 7717_HYCA_ME_m1m73up.jpg
online.citi.com/JRS/banners/modules/ 49 KB
50 KB 129ms
41ms Image
image/jpeg 184.24.6.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/7717_HYCA_ME_m1m73up.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.24.6.17 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-6-17.deploy.static.akamaitechnologies.com

Software

Resource Hash

cf8c82bd56c521ac3910c3910afd8e51ba3fd7cb1f9ec15e9b6ca73c2b44c65d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 09 Sep 2021 01:27:49 GMT
last-modified: Fri, 16 Jul 2021 16:05:20 GMT
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 50262
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 HP418_M.jpg
online.citi.com/JRS/banners/modules/ 52 KB
53 KB 130ms
43ms Image
image/jpeg 184.24.6.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/HP418_M.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.24.6.17 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-6-17.deploy.static.akamaitechnologies.com

Software

Resource Hash

a3416b46058d11b22ed1862dbdc23227620ab579248b3fc9ead8dfdc0a5beb2f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 09 Sep 2021 01:27:49 GMT
last-modified: Fri, 16 Jul 2021 16:04:44 GMT
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 53475
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 M1-M7_DoubleCash.jpg
online.citi.com/JRS/banners/modules/ 21 KB
21 KB 134ms
47ms Image
image/jpeg 184.24.6.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/M1-M7_DoubleCash.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.24.6.17 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-6-17.deploy.static.akamaitechnologies.com

Software

Resource Hash

e8083753fb5c831319d97aea7f3e2fbafb4e30c01e86f41ca32489fa00b9d0b2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 09 Sep 2021 01:27:49 GMT
last-modified: Fri, 16 Jul 2021 16:04:56 GMT
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 21180
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 HP7643_M.jpg
online.citi.com/JRS/banners/modules/ 52 KB
53 KB 48ms
47ms Image
image/jpeg 184.24.6.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/HP7643_M.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.24.6.17 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-6-17.deploy.static.akamaitechnologies.com

Software

Resource Hash

217c90f4a8d721022603bb5594aeb922b3a855a0a22a967c2531f94b89914d91

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 09 Sep 2021 01:27:49 GMT
last-modified: Fri, 16 Jul 2021 16:04:54 GMT
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 53152
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 528-Citibank_Illustrations_Article_01.jpg
online.citi.com/JRS/banners/modules/ 14 KB
14 KB 57ms
55ms Image
image/jpeg 184.24.6.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/528-Citibank_Illustrations_Article_01.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.24.6.17 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-6-17.deploy.static.akamaitechnologies.com

Software

Resource Hash

716687b3c43deb80210c8a8992a264dd53e7b4e71d81f6406d9e90ba0e6c9107

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 09 Sep 2021 01:27:49 GMT
last-modified: Fri, 16 Jul 2021 16:04:34 GMT
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 14137
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 HP8564_M.jpg
online.citi.com/JRS/banners/modules/ 71 KB
72 KB 65ms
63ms Image
image/jpeg 184.24.6.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/HP8564_M.jpg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.24.6.17 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-6-17.deploy.static.akamaitechnologies.com

Software

Resource Hash

c193d1d0ed44d73f08a6e23c949d9ee2126b1d487ef9c0aa5c4e9cf47c3a1a84

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 09 Sep 2021 01:27:49 GMT
last-modified: Fri, 16 Jul 2021 16:04:54 GMT
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 72898
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 googlePlay@3x.png
online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 24 KB
25 KB 71ms
70ms Image
image/png 184.24.6.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/googlePlay@3x.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.24.6.17 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-6-17.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

a079bb0d5590826bcc664715122004dff51e76c79608bc29f586c9388b623b77

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-length: 25077
x-xss-protection: 1; mode=block
expires: Thu, 09 Sep 2021 07:27:49 GMT
last-modified: Mon, 23 Aug 2021 06:42:47 GMT
server: nginx
x-akamai-citisite: GTDC
x-frame-options: DENY
date: Thu, 09 Sep 2021 01:27:49 GMT
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
content-type: image/png
access-control-allow-origin
x-vcap-request-id: 7d344f27-fc90-4a97-4c87-e5e91973dd03
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 appStore@3x.png
online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 20 KB
21 KB 77ms
76ms Image
image/png 184.24.6.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/appStore@3x.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.24.6.17 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-6-17.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

87c763c6b05015e55915d0a1e6647e4e5d0b996e78d79e1afe228dd33b68e65b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-length: 20047
x-xss-protection: 1; mode=block
expires: Thu, 09 Sep 2021 07:27:49 GMT
last-modified: Mon, 23 Aug 2021 06:42:47 GMT
server: nginx
x-akamai-citisite: GTDC
x-frame-options: DENY
date: Thu, 09 Sep 2021 01:27:49 GMT
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
content-type: image/png
access-control-allow-origin
x-vcap-request-id: ef2c3067-5816-4a1c-6264-0873454210a4
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 social-media_facebook@3x.png
online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 445 B
1 KB 83ms
82ms Image
image/png 184.24.6.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/social-media_facebook@3x.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.24.6.17 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-6-17.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-length: 445
x-xss-protection: 1; mode=block
expires: Thu, 09 Sep 2021 07:27:49 GMT
last-modified: Mon, 23 Aug 2021 06:42:47 GMT
server: nginx
x-akamai-citisite: GTDC
x-frame-options: DENY
date: Thu, 09 Sep 2021 01:27:49 GMT
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
content-type: image/png
access-control-allow-origin
x-vcap-request-id: 43874af0-6915-4e6f-4676-0f93e8aaf4a9
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 social-media_twitter@3x.png
online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 1 KB
2 KB 89ms
88ms Image
image/png 184.24.6.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/social-media_twitter@3x.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.24.6.17 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-6-17.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-length: 1277
x-xss-protection: 1; mode=block
expires: Thu, 09 Sep 2021 07:27:49 GMT
last-modified: Mon, 23 Aug 2021 06:42:47 GMT
server: nginx
x-akamai-citisite: GTDC
x-frame-options: DENY
date: Thu, 09 Sep 2021 01:27:49 GMT
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
content-type: image/png
access-control-allow-origin
x-vcap-request-id: 577f8512-7f1f-47c3-61c6-e358c4944403
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 social-media_youtube@3x.png
online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 1 KB
2 KB 95ms
94ms Image
image/png 184.24.6.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/social-media_youtube@3x.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.24.6.17 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-6-17.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-length: 1175
x-xss-protection: 1; mode=block
expires: Thu, 09 Sep 2021 07:27:49 GMT
last-modified: Mon, 23 Aug 2021 04:18:59 GMT
server: nginx
x-akamai-citisite: SWDC
x-frame-options: DENY
date: Thu, 09 Sep 2021 01:27:49 GMT
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
content-type: image/png
access-control-allow-origin
x-vcap-request-id: a70ee00e-0b54-4ed5-4d11-e51eea5d25b3
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H/1.1 404
Not Found 320_Citi-PLT@3x.png
www.citibank-0nline.duckdns.org/cbol-pre-login-static-assets/citi-branding-assets/images/ 315 B
315 B 102ms
102ms Image
text/html 34.74.7.184
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.citibank-0nline.duckdns.org/cbol-pre-login-static-assets/citi-branding-assets/images/320_Citi-PLT@3x.png
Requested by: Host: www.citibank-0nline.duckdns.org
URL: https://www.citibank-0nline.duckdns.org/login1.php?k3SFodD4rZREGCCLkseZnJVYguhbyjVpkNU0EqjasBgdlOtPrxuEkb6i9TLxcSZMzETzDjOtTmyEikikWZrkZigi2H940K2K0CF0EBhohk0JLxK9ge7VUO2EMZPNgGBzErDhqiwuLc7dmSI5nqTaZJ
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.74.7.184 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 184.7.74.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.citibank-0nline.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.citibank-0nline.duckdns.org/login1.php?k3SFodD4rZREGCCLkseZnJVYguhbyjVpkNU0EqjasBgdlOtPrxuEkb6i9TLxcSZMzETzDjOtTmyEikikWZrkZigi2H940K2K0CF0EBhohk0JLxK9ge7VUO2EMZPNgGBzErDhqiwuLc7dmSI5nqTaZJ
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/login1.php?k3SFodD4rZREGCCLkseZnJVYguhbyjVpkNU0EqjasBgdlOtPrxuEkb6i9TLxcSZMzETzDjOtTmyEikikWZrkZigi2H940K2K0CF0EBhohk0JLxK9ge7VUO2EMZPNgGBzErDhqiwuLc7dmSI5nqTaZJ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 09 Sep 2021 01:27:49 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 1440_Citi-PLT@3x.png
online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 27 KB
28 KB 100ms
99ms Image
image/png 184.24.6.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/1440_Citi-PLT@3x.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

184.24.6.17 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-6-17.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-length: 28149
x-xss-protection: 1; mode=block
expires: Thu, 09 Sep 2021 07:27:49 GMT
last-modified: Mon, 23 Aug 2021 06:42:47 GMT
server: nginx
x-akamai-citisite: GTDC
x-frame-options: DENY
date: Thu, 09 Sep 2021 01:27:49 GMT
access-control-max-age: 2147483647
access-control-allow-methods: GET,PUT,POST,DELETE,HEAD
content-type: image/png
access-control-allow-origin
x-vcap-request-id: 0e05bbbe-2ca1-46c2-55b6-98e8b0cc9547
access-control-expose-headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
cache-control: public, no-transform, max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
access-control-allow-headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 204 0
bat.bing.com/action/ 0
305 B 87ms
47ms Image
text/plain 13.107.21.200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=16003743&Ver=2&mid=34ee05cc-a481-4210-bcbb-3b2a22295c09&sid=290dd2e043b711eb882a591d5e6a23c3&vid=8e858e4036e611eb9397f9ea92600a60&vids=0&pi=1200101525&lg=en-US&sw=1920&sh=1080&sc=24&tl=Citibank%20Online&p=https%3A%2F%2Fwww.citi.com%2F&r=&lt=7127&evt=pageLoad&msclkid=N&sv=1&rn=271722
Requested by: Host: www.citibank-0nline.duckdns.org
URL: https://www.citibank-0nline.duckdns.org/login1.php?k3SFodD4rZREGCCLkseZnJVYguhbyjVpkNU0EqjasBgdlOtPrxuEkb6i9TLxcSZMzETzDjOtTmyEikikWZrkZigi2H940K2K0CF0EBhohk0JLxK9ge7VUO2EMZPNgGBzErDhqiwuLc7dmSI5nqTaZJ
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.21.200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Thu, 09 Sep 2021 01:27:48 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 37F83B76ECDE4E4EB0AE8EB1C138EC7C Ref B: PRG01EDGE0807 Ref C: 2021-09-09T01:27:49Z
x-cache: CONFIG_NOCACHE
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 0
bat.bing.com/action/ 0
95 B 46ms
45ms Image
text/plain 13.107.21.200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=16003743&Ver=2&mid=34ee05cc-a481-4210-bcbb-3b2a22295c09&sid=290dd2e043b711eb882a591d5e6a23c3&vid=8e858e4036e611eb9397f9ea92600a60&vids=0&ea=Application&evt=custom&msclkid=N&rn=480075
Requested by: Host: www.citibank-0nline.duckdns.org
URL: https://www.citibank-0nline.duckdns.org/login1.php?k3SFodD4rZREGCCLkseZnJVYguhbyjVpkNU0EqjasBgdlOtPrxuEkb6i9TLxcSZMzETzDjOtTmyEikikWZrkZigi2H940K2K0CF0EBhohk0JLxK9ge7VUO2EMZPNgGBzErDhqiwuLc7dmSI5nqTaZJ
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.21.200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Thu, 09 Sep 2021 01:27:48 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 61899494362042C6BDDC5D8F55183C8D Ref B: PRG01EDGE0807 Ref C: 2021-09-09T01:27:49Z
x-cache: CONFIG_NOCACHE
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 0
bat.bing.com/action/ 0
96 B 47ms
45ms Image
text/plain 13.107.21.200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=16001692&Ver=2&mid=8936f9d9-a058-48c7-b3bb-647f9b931c9f&sid=290dd2e043b711eb882a591d5e6a23c3&vid=8e858e4036e611eb9397f9ea92600a60&vids=0&pi=1200101525&lg=en-US&sw=1920&sh=1080&sc=24&tl=Citibank%20Online&p=https%3A%2F%2Fwww.citi.com%2F&r=&lt=7127&evt=pageLoad&msclkid=N&sv=1&rn=429226
Requested by: Host: www.citibank-0nline.duckdns.org
URL: https://www.citibank-0nline.duckdns.org/login1.php?k3SFodD4rZREGCCLkseZnJVYguhbyjVpkNU0EqjasBgdlOtPrxuEkb6i9TLxcSZMzETzDjOtTmyEikikWZrkZigi2H940K2K0CF0EBhohk0JLxK9ge7VUO2EMZPNgGBzErDhqiwuLc7dmSI5nqTaZJ
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.21.200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Thu, 09 Sep 2021 01:27:48 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 2BB5E91D53274D8BAB64932F60D2BBAD Ref B: PRG01EDGE0807 Ref C: 2021-09-09T01:27:49Z
x-cache: CONFIG_NOCACHE
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 1592741950571_CTA_Feedback(final).png
resources.digital-cloud-citi.medallia.com/wdcusciti/50/resources/image/ 2 KB
3 KB 97ms
6ms Image
image/png 151.101.114.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/resources/image/1592741950571_CTA_Feedback(final).png
Requested by: Host: www.citibank-0nline.duckdns.org
URL: https://www.citibank-0nline.duckdns.org/login1.php?k3SFodD4rZREGCCLkseZnJVYguhbyjVpkNU0EqjasBgdlOtPrxuEkb6i9TLxcSZMzETzDjOtTmyEikikWZrkZigi2H940K2K0CF0EBhohk0JLxK9ge7VUO2EMZPNgGBzErDhqiwuLc7dmSI5nqTaZJ
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 25f4eeb23f67fe1d74534ed37230ecd54ab4f57524276970dcbeaaf3b0fc64f9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-version-id: Yu5KFpG13jOL6lsHUOzbaMYLsyQXTr7u
content-encoding: gzip
etag: "e6ed675f115fb1568bb1aabc00aa3f30"
age: 37
via: 1.1 varnish
x-cache: HIT
content-length: 2219
x-amz-id-2: 9+AeQwjvtJmUOghC3OZ9t3hdG5Yo7SkaUPSdzeDiCRjjMuGmAlyGTN8Toj6XkW0Nolk8F3CraWM=
x-served-by: cache-hhn4049-HHN
last-modified: Sun, 21 Jun 2020 12:19:35 GMT
server: AmazonS3
x-timer: S1631150870.551841,VS0,VE0
date: Thu, 09 Sep 2021 01:27:49 GMT
vary: Accept-Encoding
x-amz-request-id: KDA73GE1V2CBV3WQ
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: image/png
x-cache-hits: 1

GET
H2 200 cse_element__de.js Show response
www.google.com/cse/static/element/b54a745638da8bbb/ 280 KB
92 KB 21ms
20ms Script
text/javascript 142.250.200.36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/b54a745638da8bbb/cse_element__de.js?usqp=CAI%3D

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=009695499870347544712:e3dyicpbrwu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.200.36 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lhr48s30-in-f4.1e100.net

Software

sffe /

Resource Hash

37c3ee1cf5ea40bba6290222162d2519c2c037f90538cb7d4327fcff734ced86

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 13:05:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 303757
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 94157
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 17:07:08 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 05 Sep 2022 13:05:13 GMT

GET
H2 200 default+de.css
www.google.com/cse/static/element/b54a745638da8bbb/ 41 KB
9 KB 20ms
19ms Stylesheet
text/css 142.250.200.36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/b54a745638da8bbb/default+de.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=009695499870347544712:e3dyicpbrwu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.200.36 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lhr48s30-in-f4.1e100.net

Software

sffe /

Resource Hash

4c1355d27b14881a055e00a4a2afa4608b452c9780ac5c61e1b8f9fd55fa3e1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sun, 05 Sep 2021 17:22:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 288339
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9032
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 17:07:08 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 05 Sep 2022 17:22:11 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/644574043/ 42 B
64 B 32ms
31ms Image
image/gif 142.250.200.36
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/644574043/?random=1608659919652&cv=9&fst=1608656400000&num=1&bg=ffffff&guid=ON&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=1&u_tz=360&u_java=false&u_nplug=3&u_nmime=4&gtm=2oabu0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=2786911000&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.200.36 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lhr48s30-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 09 Sep 2021 01:27:50 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/644574043/ 42 B
64 B 37ms
37ms Image
image/gif 142.250.200.36
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/644574043/?random=1608659919663&cv=9&fst=1608656400000&num=1&bg=ffffff&guid=ON&u_h=1080&u_w=1920&u_ah=1040&u_aw=1920&u_cd=24&u_his=1&u_tz=360&u_java=false&u_nplug=3&u_nmime=4&gtm=2oabu0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fwww.citi.com%2F&tiba=Citibank%20Online&async=1&fmt=3&is_vtc=1&random=747660396&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.200.36 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lhr48s30-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 09 Sep 2021 01:27:50 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 451 425466.html Show response
sr.rlcdn.com/ Frame 1D85 0
66 B 199ms
122ms Document
text/plain 35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Requested by: Host: www.citibank-0nline.duckdns.org
URL: https://www.citibank-0nline.duckdns.org/login1.php?k3SFodD4rZREGCCLkseZnJVYguhbyjVpkNU0EqjasBgdlOtPrxuEkb6i9TLxcSZMzETzDjOtTmyEikikWZrkZigi2H940K2K0CF0EBhohk0JLxK9ge7VUO2EMZPNgGBzErDhqiwuLc7dmSI5nqTaZJ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: sr.rlcdn.com
:scheme: https
:path: /425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.citibank-0nline.duckdns.org/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/

Response headers

date: Thu, 09 Sep 2021 01:27:50 GMT
content-length: 0
via: 1.1 google
alt-svc: clear

GET
H2 404 search.svg
online.citi.com/citi-branding-assets/images/ 0
0 542ms
542ms Image
text/html 184.24.6.17
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://online.citi.com/citi-branding-assets/images/search.svg
Requested by: Host: www.citibank-0nline.duckdns.org
URL: https://www.citibank-0nline.duckdns.org/login1.php?k3SFodD4rZREGCCLkseZnJVYguhbyjVpkNU0EqjasBgdlOtPrxuEkb6i9TLxcSZMzETzDjOtTmyEikikWZrkZigi2H940K2K0CF0EBhohk0JLxK9ge7VUO2EMZPNgGBzErDhqiwuLc7dmSI5nqTaZJ
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.24.6.17 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-24-6-17.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 918 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e90fb0eba512ed6473f6fb8acf4cd09b38732f150f43c396246c12bb2aacbb67

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=US-ASCII

GET
H/1.1 404
Not Found Citi-Branding-Sprite.png
www.citibank-0nline.duckdns.org/assets/branding/ 315 B
315 B 115ms
114ms Image
text/html 34.74.7.184
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.citibank-0nline.duckdns.org/assets/branding/Citi-Branding-Sprite.png
Requested by: Host: www.citibank-0nline.duckdns.org
URL: https://www.citibank-0nline.duckdns.org/login1.php?k3SFodD4rZREGCCLkseZnJVYguhbyjVpkNU0EqjasBgdlOtPrxuEkb6i9TLxcSZMzETzDjOtTmyEikikWZrkZigi2H940K2K0CF0EBhohk0JLxK9ge7VUO2EMZPNgGBzErDhqiwuLc7dmSI5nqTaZJ
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.74.7.184 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 184.7.74.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: www.citibank-0nline.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://www.citibank-0nline.duckdns.org/login1.php?k3SFodD4rZREGCCLkseZnJVYguhbyjVpkNU0EqjasBgdlOtPrxuEkb6i9TLxcSZMzETzDjOtTmyEikikWZrkZigi2H940K2K0CF0EBhohk0JLxK9ge7VUO2EMZPNgGBzErDhqiwuLc7dmSI5nqTaZJ
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/login1.php?k3SFodD4rZREGCCLkseZnJVYguhbyjVpkNU0EqjasBgdlOtPrxuEkb6i9TLxcSZMzETzDjOtTmyEikikWZrkZigi2H940K2K0CF0EBhohk0JLxK9ge7VUO2EMZPNgGBzErDhqiwuLc7dmSI5nqTaZJ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 09 Sep 2021 01:27:50 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET Interstate-Light.woff
online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0

GET
H/1.1 404
Not Found Interstate-Bold.woff
www.citibank-0nline.duckdns.org/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0 111ms
110ms Font
text/html 34.74.7.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.citibank-0nline.duckdns.org/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff
Requested by: Host: www.citibank-0nline.duckdns.org
URL: https://www.citibank-0nline.duckdns.org/css/styles.b03f48c37f713682a724.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.74.7.184 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 184.7.74.34.bc.googleusercontent.com
Software: Apache /
Resource Hash

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://www.citibank-0nline.duckdns.org
Accept-Encoding: gzip, deflate, br
Host: www.citibank-0nline.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://www.citibank-0nline.duckdns.org/css/styles.b03f48c37f713682a724.css
Connection: keep-alive
Referer: https://www.citibank-0nline.duckdns.org/css/styles.b03f48c37f713682a724.css
Origin: https://www.citibank-0nline.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 09 Sep 2021 01:27:50 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=97
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK 63068 Show response
stags.bluekai.com/site/ Frame F8D8 71 B
338 B 377ms
149ms Document
text/html 184.30.16.79
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://stags.bluekai.com/site/63068?ret=html&phint=language%3D&phint=product%3D&phint=event&phint=category%3D&phint=page%3D&phint=section1%3D&phint=section2%3D&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DCitibank%20Online&phint=__bk_k%3D&phint=__bk_l%3Dhttps%3A%2F%2Fwww.citi.com%2F&phint=__bk_v%3D3.1.7&limit=10&r=60521226
Requested by: Host: www.citibank-0nline.duckdns.org
URL: https://www.citibank-0nline.duckdns.org/login1.php?k3SFodD4rZREGCCLkseZnJVYguhbyjVpkNU0EqjasBgdlOtPrxuEkb6i9TLxcSZMzETzDjOtTmyEikikWZrkZigi2H940K2K0CF0EBhohk0JLxK9ge7VUO2EMZPNgGBzErDhqiwuLc7dmSI5nqTaZJ
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.16.79 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-79.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 53350525edba0b889e87ea52a16ed843a928a2557e9f8d6747acd7ff991c95c3

Request headers

Host: stags.bluekai.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.citibank-0nline.duckdns.org/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/

Response headers

Content-Type: text/html
Content-Length: 71
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
BK-Server: b4e3
Date: Thu, 09 Sep 2021 01:27:50 GMT
Connection: keep-alive
X-N: S

GET Interstate-Light.ttf
online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0

GET
H/1.1 404
Not Found Interstate-Light.woff
www.citibank-0nline.duckdns.org/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0 114ms
114ms Font
text/html 34.74.7.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.citibank-0nline.duckdns.org/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff
Requested by: Host: www.citibank-0nline.duckdns.org
URL: https://www.citibank-0nline.duckdns.org/css/styles.b03f48c37f713682a724.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.74.7.184 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 184.7.74.34.bc.googleusercontent.com
Software: Apache /
Resource Hash

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://www.citibank-0nline.duckdns.org
Accept-Encoding: gzip, deflate, br
Host: www.citibank-0nline.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://www.citibank-0nline.duckdns.org/css/styles.b03f48c37f713682a724.css
Connection: keep-alive
Referer: https://www.citibank-0nline.duckdns.org/css/styles.b03f48c37f713682a724.css
Origin: https://www.citibank-0nline.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 09 Sep 2021 01:27:50 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET Interstate-Bold.ttf
online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0

GET
H/1.1 404
Not Found Interstate-Bold.ttf
www.citibank-0nline.duckdns.org/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0 111ms
111ms Font
text/html 34.74.7.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.citibank-0nline.duckdns.org/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf
Requested by: Host: www.citibank-0nline.duckdns.org
URL: https://www.citibank-0nline.duckdns.org/css/styles.b03f48c37f713682a724.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.74.7.184 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 184.7.74.34.bc.googleusercontent.com
Software: Apache /
Resource Hash

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://www.citibank-0nline.duckdns.org
Accept-Encoding: gzip, deflate, br
Host: www.citibank-0nline.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://www.citibank-0nline.duckdns.org/css/styles.b03f48c37f713682a724.css
Connection: keep-alive
Referer: https://www.citibank-0nline.duckdns.org/css/styles.b03f48c37f713682a724.css
Origin: https://www.citibank-0nline.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 09 Sep 2021 01:27:50 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found Interstate-Light.ttf
www.citibank-0nline.duckdns.org/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0 112ms
112ms Font
text/html 34.74.7.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.citibank-0nline.duckdns.org/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf
Requested by: Host: www.citibank-0nline.duckdns.org
URL: https://www.citibank-0nline.duckdns.org/css/styles.b03f48c37f713682a724.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.74.7.184 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 184.7.74.34.bc.googleusercontent.com
Software: Apache /
Resource Hash

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://www.citibank-0nline.duckdns.org
Accept-Encoding: gzip, deflate, br
Host: www.citibank-0nline.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://www.citibank-0nline.duckdns.org/css/styles.b03f48c37f713682a724.css
Connection: keep-alive
Referer: https://www.citibank-0nline.duckdns.org/css/styles.b03f48c37f713682a724.css
Origin: https://www.citibank-0nline.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Thu, 09 Sep 2021 01:27:50 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 generic1630604691864.js Show response
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ 517 KB
87 KB 664ms
664ms Script
application/javascript 151.101.114.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1630604691864.js
Requested by: Host: resources.digital-cloud-citi.medallia.com
URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 94463a708f7d1a66e3f33e9791a2b7d7f81b749c539ed20b2c258a9257b26f90

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-version-id: JWxQ00v912_Y9ovWKQ3zlIUb_b00bi3g
content-encoding: gzip
etag: "b94bad29d1d95542a92fdac5ae3a42d3"
age: 0
via: 1.1 varnish
x-cache: HIT
content-length: 88347
x-amz-id-2: m5br7QrL7NzrMHeuPyiIA5djAp1WS0LwnOo4JbTnzANEhsf4vp0mJNhPergneVdzrKdcUAYeCqc=
x-served-by: cache-hhn4049-HHN
last-modified: Thu, 02 Sep 2021 17:44:53 GMT
server: AmazonS3
x-timer: S1631150871.756801,VS0,VE657
date: Thu, 09 Sep 2021 01:27:51 GMT
vary: Accept-Encoding
x-amz-request-id: JBRH3HGYK7TPPMFF
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1

GET
H2 200 cool-2.1.15.min.js Show response
nebula-cdn.kampyle.com/resources/onsite/js/ 14 KB
5 KB 28ms
6ms Script
application/javascript 151.101.113.175
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
Requested by: Host: resources.digital-cloud-citi.medallia.com
URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1630604691864.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.175 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-amz-version-id: 9HCXbKZTbCJZkS8s9IuB.pE0JEvI0TGW
content-encoding: gzip
etag: "80dd5e3be5152c5c72d552c6a26ef6ff"
age: 0
via: 1.1 varnish
x-cache: HIT
x-amz-request-id: 1NTPR5P812N8TBK6
x-amz-id-2: ODe+HQDPiPlFg9AiynN110ovS/5YL6CbP3+TVlZQti8hBqeBjQXs4sDvFrABq1eAgSgOkQKO9js=
x-served-by: cache-hhn4062-HHN
accept-ranges: bytes
last-modified: Sun, 24 Jan 2021 11:03:10 GMT
server: AmazonS3
x-timer: S1631150871.470207,VS0,VE0
date: Thu, 09 Sep 2021 01:27:51 GMT
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
content-length: 5197
x-cache-hits: 254986

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
318 B 149ms
108ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzkyLjAuNDUxNS4xNTkgU2FmYXJpLzUzNy4zNiIsInNlc3Npb25fcGxhdGZvcm0iOiAiTGludXggeDg2XzY0IiwicmVmZXJyaW5nX3VybCI6ICJodHRwczovL3d3dy5jaXRpYmFuay0wbmxpbmUuZHVja2Rucy5vcmcvIiwicmVmZXJyaW5nX2RvbWFpbiI6ICJ3d3cuY2l0aWJhbmstMG5saW5lLmR1Y2tkbnMub3JnIiwidHJhY2tlcl90eXBlIjogImphdmFzY3JpcHQiLCJ0cmFja2VyX3ZlcnNpb24iOiAiMi4xLjE1IiwiZXZlbnRfbmFtZSI6ICJuZWJ1bGFfcGFnZV92aWV3IiwiZXZlbnRfdGltZXN0YW1wX2Vwb2NoIjogIjE2MzExNTA4NzE0ODEiLCJldmVudF90aW1lem9uZV9vZmZzZXQiOiAwLCJ1c2VyX2lkIjogIjE3YmM4MmIxM2I3NjRjLTA1Yzk0OWNlOWVhNjU5LWMzNDMzNjUtMWQ0YzAwLTE3YmM4MmIxM2I4MWM2IiwiZW52aXJvbWVudCI6ICJkaWdpdGFsLWNsb3VkLXVzLWNpdGkiLCJhY2NvdW50SWQiOiA0OSwidXJsIjogImh0dHBzOi8vd3d3LmNpdGliYW5rLTBubGluZS5kdWNrZG5zLm9yZy9sb2dpbjEucGhwP2szU0ZvZEQ0clpSRUdDQ0xrc2VabkpWWWd1aGJ5alZwa05VMEVxamFzQmdkbE90UHJ4dUVrYjZpOVRMeGNTWk16RVR6RGpPdFRteUVpa2lrV1pya1ppZ2kySDk0MEsySzBDRjBFQmhvaGswSkx4SzlnZTdWVU8yRU1aUE5nR0J6RXJEaHFpd3VMYzdkbVNJNW5xVGFaSiIsIndlYnNpdGVJZCI6IDUwLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICJmZjI1LWM3NmQtZmU2MC0xMzAxLTkyZWYtNGQwZC1hMTlkLTg5ZmMiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTYzMTE1MDg3MTQ1MiIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiAyMDQsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQwLjAiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQwLjAiLCJoaXN0b3J5X2xlbmd0aCI6IDIsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2MzExNTA4NzE0NTUsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.citibank-0nline.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-me: prod-instance-gatewayservice-green-n3mh
date: Thu, 09 Sep 2021 01:27:51 GMT
via: 1.1 google
server: Jetty(9.2.11.v20150529)
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-application-context: application:9090

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: killbot.org
URL: https://killbot.org/api/v2/whois?apikey=bMIU64-sFcycv4MRtmkaJVwXzSpoGeDnSGOU_4LpXC91t

Domain: online.citi.com
URL: https://online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff

Domain: online.citi.com
URL: https://online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf

Domain: online.citi.com
URL: https://online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citibank (Banking)

43 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-19 21:05:51	Name: test_cookie Value: CheckForPermission
.bing.com/	1970-01-20 06:27:26	Name: MUID Value: 11304295C85F625F2C4D5238C91D63E4
www.citibank-0nline.duckdns.org/	1970-01-20 05:51:26	Name: mdLogger Value: false
www.citibank-0nline.duckdns.org/	1970-01-20 05:51:26	Name: kampyle_userid Value: ff25-c76d-fe60-1301-92ef-4d0d-a19d-89fc
www.citibank-0nline.duckdns.org/	1970-01-20 05:51:26	Name: kampyleUserSession Value: 1631150871452
www.citibank-0nline.duckdns.org/	1970-01-20 05:51:26	Name: kampyleUserSessionsCount Value: 1
www.citibank-0nline.duckdns.org/	1970-01-20 05:51:26	Name: kampyleSessionPageCounter Value: 1
.citibank-0nline.duckdns.org/	1970-01-20 05:51:26	Name: cd_user_id Value: 17bc82b13b764c-05c949ce9ea659-c343365-1d4c00-17bc82b13b81c6

15 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.citibank-0nline.duckdns.org/cbol-pre-login-static-assets/citi-branding-assets/images/320_Citi-PLT@3x.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://killbot.org/api/v2/blocker?apikey=bMIU64-sFcycv4MRtmkaJVwXzSpoGeDnSGOU_4LpXC91t&ip=216.131.114.222&ua=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/92.0.4515.159%20Safari/537.36&url=?k3SFodD4rZREGCCLkseZnJVYguhbyjVpkNU0EqjasBgdlOtPrxuEkb6i9TLxcSZMzETzDjOtTmyEikikWZrkZigi2H940K2K0CF0EBhohk0JLxK9ge7VUO2EMZPNgGBzErDhqiwuLc7dmSI5nqTaZJ Message: Failed to load resource: the server responded with a status of 401 (Unauthorized)
javascript	error	URL: https://www.citibank-0nline.duckdns.org/login1.php?k3SFodD4rZREGCCLkseZnJVYguhbyjVpkNU0EqjasBgdlOtPrxuEkb6i9TLxcSZMzETzDjOtTmyEikikWZrkZigi2H940K2K0CF0EBhohk0JLxK9ge7VUO2EMZPNgGBzErDhqiwuLc7dmSI5nqTaZJ Message: Access to font at 'https://online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff' from origin 'https://www.citibank-0nline.duckdns.org' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'http://citionline-securev9.duckdns.org' that is not equal to the supplied origin.
network	error	URL: https://online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.citibank-0nline.duckdns.org/login1.php?k3SFodD4rZREGCCLkseZnJVYguhbyjVpkNU0EqjasBgdlOtPrxuEkb6i9TLxcSZMzETzDjOtTmyEikikWZrkZigi2H940K2K0CF0EBhohk0JLxK9ge7VUO2EMZPNgGBzErDhqiwuLc7dmSI5nqTaZJ Message: Access to font at 'https://online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf' from origin 'https://www.citibank-0nline.duckdns.org' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://citibank-0nline.duckdns.org' that is not equal to the supplied origin.
network	error	URL: https://online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://www.citibank-0nline.duckdns.org/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://www.citibank-0nline.duckdns.org/assets/branding/Citi-Branding-Sprite.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)
javascript	error	URL: https://www.citibank-0nline.duckdns.org/login1.php?k3SFodD4rZREGCCLkseZnJVYguhbyjVpkNU0EqjasBgdlOtPrxuEkb6i9TLxcSZMzETzDjOtTmyEikikWZrkZigi2H940K2K0CF0EBhohk0JLxK9ge7VUO2EMZPNgGBzErDhqiwuLc7dmSI5nqTaZJ Message: Access to font at 'https://online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf' from origin 'https://www.citibank-0nline.duckdns.org' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://secure-updateciti8m.viewdns.net' that is not equal to the supplied origin.
network	error	URL: https://online.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://www.citibank-0nline.duckdns.org/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://www.citibank-0nline.duckdns.org/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709 Message: Failed to load resource: the server responded with a status of 451 ()
network	error	URL: https://www.citibank-0nline.duckdns.org/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://online.citi.com/citi-branding-assets/images/search.svg Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bat.bing.com
ci-mpsnare.iovation.com
cse.google.com
files.killbot.org
googleads.g.doubleclick.net
killbot.org
nebula-cdn.kampyle.com
online.citi.com
resources.digital-cloud-citi.medallia.com
sr.rlcdn.com
stags.bluekai.com
udc-neb.kampyle.com
upload.wikimedia.org
www.citi.com
www.citibank-0nline.duckdns.org
www.google.com
killbot.org
online.citi.com
13.107.21.200
142.250.180.14
142.250.200.36
151.101.113.175
151.101.114.133
184.24.6.17
184.30.16.79
216.58.212.226
23.45.237.66
34.74.7.184
35.190.60.146
35.241.45.82
45.63.85.138
54.69.159.212
91.198.174.208
051b18ffc03e4adc771ab9efa6549b8d28074acd494045ab628a324ebf00ce30
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed
13f7de72970d9a3b94fcc44a294dc8159489be5195d477a95fa85a026b38242c
1cc1f7665994c0acc93ab1b64abce5f5588ec2f818056720b55c91c1c47e0721
217c90f4a8d721022603bb5594aeb922b3a855a0a22a967c2531f94b89914d91
25f4eeb23f67fe1d74534ed37230ecd54ab4f57524276970dcbeaaf3b0fc64f9
3090163d8d4f6f5e97eee6f3499d3e86442d897f89dfde6b8e8c4d8d5116108d
37c3ee1cf5ea40bba6290222162d2519c2c037f90538cb7d4327fcff734ced86
3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1
4c1355d27b14881a055e00a4a2afa4608b452c9780ac5c61e1b8f9fd55fa3e1e
53350525edba0b889e87ea52a16ed843a928a2557e9f8d6747acd7ff991c95c3
5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837
58d2fd4d0e35c6f1971869b55dc6e7f5124d52a37e605845818d0caca6c4999d
5b8e0dcbbbcf1921d73d3e8cda4b04c675105f601825b5a2ed00d67c957d962d
6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b
647f9abb8d970e2d671ee6ea23da2de7a405d3f411254bc36fff0b887b4c5a71
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452
6f76589585a8e6aa963b9d8383c6369dee410c68ef8fbef5df7abef4b6ce5fa1
716687b3c43deb80210c8a8992a264dd53e7b4e71d81f6406d9e90ba0e6c9107
87c763c6b05015e55915d0a1e6647e4e5d0b996e78d79e1afe228dd33b68e65b
89544017b0e371deb51be372422166f3f12d52317400f9babd5b1f92ad21d2ea
8ac99858223b96cbd0fb7abdec55f6dd868bc432952fa7875af75e9cbd701778
94463a708f7d1a66e3f33e9791a2b7d7f81b749c539ed20b2c258a9257b26f90
9494e9aaa4363fcdd2994aabec2e1d4dee84d1ef1e25ddf14d80f364494671c1
9999f5dbf899307d8d9a37abda49b26efcfc6a7dd56cb09d2c172aa4093955f1
9b1fc77dadf10cd3bc7ad3df3217a591e14d0ee24246a47fe2c29039510240c0
a079bb0d5590826bcc664715122004dff51e76c79608bc29f586c9388b623b77
a3416b46058d11b22ed1862dbdc23227620ab579248b3fc9ead8dfdc0a5beb2f
a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f
aa73aeb9562ce165c106efc277454411c5b3353eec11450ad5f9a2ec78e109f1
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8
c193d1d0ed44d73f08a6e23c949d9ee2126b1d487ef9c0aa5c4e9cf47c3a1a84
cf8c82bd56c521ac3910c3910afd8e51ba3fd7cb1f9ec15e9b6ca73c2b44c65d
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8083753fb5c831319d97aea7f3e2fbafb4e30c01e86f41ca32489fa00b9d0b2
e90fb0eba512ed6473f6fb8acf4cd09b38732f150f43c396246c12bb2aacbb67
e910e4210656ac060466b5b37c7a45e707fa0fdfc73250851d2cc5c82ccb8939
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f609f76bbb7f158c15f02c57dc1e1cd0115ee2ab7bbc417543aa0ebedccfaf71

www.citibank-0nline.duckdns.org Open in urlscan Pro 34.74.7.184 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

57 Requests

93 %HTTPS

0 %IPv6

12 Domains

16 Subdomains

16 IPs

2 Countries

2429 kBTransfer

3288 kBSize

8 Cookies

1 Outgoing links

Page URL History

Redirected requests

57 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.citibank-0nline.duckdns.org Open in urlscan Pro
34.74.7.184 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

57
Requests

93 %
HTTPS

0 %
IPv6

12
Domains

16
Subdomains

16
IPs

2
Countries

2429 kB
Transfer

3288 kB
Size

8
Cookies

57 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!