hidrotherms.com Open in urlscan Pro
108.179.252.62 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://hidrotherms.com/cts/city.com/
Submission: On March 30 via automatic, source openphish (March 30th 2022, 1:09:19 am UTC) — Scanned from DE

Summary HTTP 226 Redirects Links 34 Behaviour Indicators

Summary

This website contacted 31 IPs in 4 countries across 24 domains to perform 226 HTTP transactions. The main IP is 108.179.252.62, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is hidrotherms.com.
TLS certificate: Issued by R3 on January 4th 2022. Valid for: 3 months.

This is the only time hidrotherms.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citibank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
3 77	108.179.252.62 108.179.252.62	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
1 4	34.242.106.163 34.242.106.163	16509 (AMAZON-02) (AMAZON-02)
10	18.195.42.228 18.195.42.228	16509 (AMAZON-02) (AMAZON-02)
1	15.188.95.229 15.188.95.229	16509 (AMAZON-02) (AMAZON-02)
1 1	52.51.88.158 52.51.88.158	16509 (AMAZON-02) (AMAZON-02)
16	2a00:1450:400... 2a00:1450:4001:811::2004	15169 (GOOGLE) (GOOGLE)
1	104.92.75.138 104.92.75.138	16625 (AKAMAI-AS) (AKAMAI-AS)
1	52.215.111.225 52.215.111.225	16509 (AMAZON-02) (AMAZON-02)
8	2a00:1450:400... 2a00:1450:4001:808::2008	15169 (GOOGLE) (GOOGLE)
1	2600:9000:215... 2600:9000:2156:be00:1:76cf:fe80:93a1	16509 (AMAZON-02) (AMAZON-02)
1	193.0.160.129 193.0.160.129	54312 (ROCKETFUEL) (ROCKETFUEL)
4	18.235.170.13 18.235.170.13	14618 (AMAZON-AES) (AMAZON-AES)
1	52.141.218.213 52.141.218.213	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 3	52.142.114.2 52.142.114.2	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 8	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	151.101.130.133 151.101.130.133	54113 (FASTLY) (FASTLY)
1	143.204.98.10 143.204.98.10	16509 (AMAZON-02) (AMAZON-02)
1	96.16.135.39 96.16.135.39	16625 (AKAMAI-AS) (AKAMAI-AS)
1	35.190.60.146 35.190.60.146	15169 (GOOGLE) (GOOGLE)
1	2600:9000:215... 2600:9000:2156:2600:1d:bf0a:0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	3.120.51.47 3.120.51.47	16509 (AMAZON-02) (AMAZON-02)
39	91.235.133.67 91.235.133.67	30286 (THM) (THM)
1	192.193.200.243 192.193.200.243	32287 (SOLANA-CI...) (SOLANA-CITIPLEX)
1	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
1	151.101.65.175 151.101.65.175	54113 (FASTLY) (FASTLY)
1	104.111.215.191 104.111.215.191	16625 (AKAMAI-AS) (AKAMAI-AS)
6	91.235.132.130 91.235.132.130	30286 (THM) (THM)
3	91.235.134.131 91.235.134.131	30286 (THM) (THM)
1	35.241.45.82 35.241.45.82	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
226	31

77 108.179.252.62 (United States) 3 redirects

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: br522-ip03.hostgator.com.br

hidrotherms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.hidrotherms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.242.106.163 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-242-106-163.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 18.195.42.228 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com

nexus.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.188.95.229 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-188-95-229.eu-west-3.compute.amazonaws.com

metrics1.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.51.88.158 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-51-88-158.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:811::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.92.75.138 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-92-75-138.deploy.static.akamaitechnologies.com

online.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.215.111.225 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-111-225.eu-west-1.compute.amazonaws.com

citi.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:be00:1:76cf:fe80:93a1 (United States)

ASN16509 (AMAZON-02, US)

c1.rfihub.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.129 (United States)

ASN54312 (ROCKETFUEL, US)

20766699p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.235.170.13 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-235-170-13.compute-1.amazonaws.com

p.tvpixel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.141.218.213 (Des Moines, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

contents3.00110.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.142.114.2 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.130.133 (United States)

ASN54113 (FASTLY, US)

resources.digital-cloud-citi.medallia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.10 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-10.fra50.r.cloudfront.net

cdn.pbbl.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 96.16.135.39 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a96-16-135-39.deploy.static.akamaitechnologies.com

tags.bkrtx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.60.146 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com

sr.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:2600:1d:bf0a:0:93a1 (United States)

ASN16509 (AMAZON-02, US)

c.tvpixel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.120.51.47 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-120-51-47.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

39 91.235.133.67 (United States)

ASN30286 (THM, US)

content22.online.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.193.200.243 (United States)

ASN32287 (SOLANA-CITIPLEX, US)

prod.report.nacustomerexperience.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.65.175 (United States)

ASN54113 (FASTLY, US)

nebula-cdn.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.215.191 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-191.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 91.235.132.130 (United States)

ASN30286 (THM, US)
PTR: h.online-metrix.net

h.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 91.235.134.131 (United States)

ASN30286 (THM, US)

89oebq5ke4nv7d4lu5o7uz5ykg5teccehmspyww56b89f78c1aa12a6cam1.e.aa.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
89oebq5ka4b25zymnoyrkbsdklbqrknifamjhly35527618d41f91b6aam1.e.aa.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
89oebq5kczg3ghvfhl4btlj7hqcgbmpe5jomxzqk31f079b47db06ff4am1.e.aa.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.82 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 82.45.241.35.bc.googleusercontent.com

udc-neb.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
77	hidrotherms.com 3 redirects hidrotherms.com www.hidrotherms.com	3 MB
43	citi.com www.citi.com Failed metrics1.citi.com — Cisco Umbrella Rank: 30932 online.citi.com — Cisco Umbrella Rank: 29360 contents3.00110.citi.com — Cisco Umbrella Rank: 46118 content22.online.citi.com — Cisco Umbrella Rank: 53572 prod.report.nacustomerexperience.citi.com — Cisco Umbrella Rank: 24054	495 KB
16	google.com www.google.com — Cisco Umbrella Rank: 20	2 KB
10	ensighten.com nexus.ensighten.com — Cisco Umbrella Rank: 3383	85 KB
9	online-metrix.net h.online-metrix.net — Cisco Umbrella Rank: 4249 89oebq5ke4nv7d4lu5o7uz5ykg5teccehmspyww56b89f78c1aa12a6cam1.e.aa.online-metrix.net 89oebq5ka4b25zymnoyrkbsdklbqrknifamjhly35527618d41f91b6aam1.e.aa.online-metrix.net 89oebq5kczg3ghvfhl4btlj7hqcgbmpe5jomxzqk31f079b47db06ff4am1.e.aa.online-metrix.net	46 KB
8	google.de www.google.de — Cisco Umbrella Rank: 3714	1 KB
8	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 61	10 KB
8	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 366 bat.bing.com — Cisco Umbrella Rank: 584	13 KB
8	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 132	297 KB
5	tvpixel.com p.tvpixel.com — Cisco Umbrella Rank: 1826 c.tvpixel.com — Cisco Umbrella Rank: 8741	32 KB
5	demdex.net 1 redirects dpm.demdex.net — Cisco Umbrella Rank: 272 citi.demdex.net — Cisco Umbrella Rank: 59831	7 KB
3	clarity.ms 1 redirects c.clarity.ms — Cisco Umbrella Rank: 876	917 B
2	kampyle.com nebula-cdn.kampyle.com — Cisco Umbrella Rank: 4479 udc-neb.kampyle.com — Cisco Umbrella Rank: 3472	6 KB
2	medallia.com resources.digital-cloud-citi.medallia.com — Cisco Umbrella Rank: 38881	89 KB
1	bluekai.com stags.bluekai.com — Cisco Umbrella Rank: 707	363 B
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 110	15 KB
1	agkn.com d.agkn.com — Cisco Umbrella Rank: 765	595 B
1	rlcdn.com sr.rlcdn.com — Cisco Umbrella Rank: 15993	98 B
1	bkrtx.com tags.bkrtx.com — Cisco Umbrella Rank: 3949	16 KB
1	pbbl.co cdn.pbbl.co — Cisco Umbrella Rank: 11813
1	rfihub.com 20766699p.rfihub.com — Cisco Umbrella Rank: 57915	705 B
1	rfihub.net c1.rfihub.net — Cisco Umbrella Rank: 6948	6 KB
1	everesttech.net 1 redirects cm.everesttech.net — Cisco Umbrella Rank: 1306	517 B
0	Failed function sub() { [native code] }. Failed
226	24

	Domain	Requested by
74	hidrotherms.com	3 redirects hidrotherms.com
39	content22.online.citi.com	hidrotherms.com content22.online.citi.com
16	www.google.com	hidrotherms.com
10	nexus.ensighten.com	hidrotherms.com
8	www.google.de
8	googleads.g.doubleclick.net	www.googleadservices.com
8	www.googletagmanager.com	hidrotherms.com
7	bat.bing.com	hidrotherms.com bat.bing.com
6	h.online-metrix.net	content22.online.citi.com
4	p.tvpixel.com	hidrotherms.com
4	dpm.demdex.net	1 redirects hidrotherms.com
3	c.clarity.ms	1 redirects hidrotherms.com bat.bing.com
3	www.hidrotherms.com	hidrotherms.com
2	resources.digital-cloud-citi.medallia.com	nexus.ensighten.com hidrotherms.com
1	udc-neb.kampyle.com
1	89oebq5kczg3ghvfhl4btlj7hqcgbmpe5jomxzqk31f079b47db06ff4am1.e.aa.online-metrix.net
1	89oebq5ka4b25zymnoyrkbsdklbqrknifamjhly35527618d41f91b6aam1.e.aa.online-metrix.net
1	89oebq5ke4nv7d4lu5o7uz5ykg5teccehmspyww56b89f78c1aa12a6cam1.e.aa.online-metrix.net
1	stags.bluekai.com	tags.bkrtx.com
1	nebula-cdn.kampyle.com	resources.digital-cloud-citi.medallia.com
1	www.googleadservices.com	hidrotherms.com
1	prod.report.nacustomerexperience.citi.com	hidrotherms.com
1	d.agkn.com
1	c.tvpixel.com	hidrotherms.com
1	sr.rlcdn.com	nexus.ensighten.com
1	tags.bkrtx.com	nexus.ensighten.com
1	cdn.pbbl.co	nexus.ensighten.com
1	c.bing.com	1 redirects
1	contents3.00110.citi.com	hidrotherms.com
1	20766699p.rfihub.com	hidrotherms.com
1	c1.rfihub.net	nexus.ensighten.com
1	citi.demdex.net	hidrotherms.com
1	online.citi.com	hidrotherms.com
1	cm.everesttech.net	1 redirects
1	metrics1.citi.com	hidrotherms.com
0	ghbmnnjooekpmoecnnnilnnbdlolhkhi Failed	content22.online.citi.com
0	www.citi.com Failed	hidrotherms.com
226	37

This site contains links to these domains. Also see Links.

Domain
www.citi.com
online.citi.com
www.citigroup.com
citieasydeals.com
www.citiprivatepass.com
www.privatebank.citibank.com
play.google.com
itunes.apple.com
www.jdpower.com
www.facebook.com
twitter.com
www.youtube.com

Subject Issuer	Validity	Valid
*.hidrotherms.com R3	`2022-01-04` - `2022-04-04`	3 months	crt.sh
nexus.ensighten.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-14` - `2022-10-12`	a year	crt.sh
metrics1.citi.com DigiCert SHA2 Extended Validation Server CA	`2020-07-02` - `2022-08-30`	2 years	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2021-10-19` - `2022-11-19`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
online.citibank.com DigiCert SHA2 Extended Validation Server CA	`2020-03-13` - `2022-05-14`	2 years	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.rfihub.net Amazon	`2021-12-29` - `2023-01-27`	a year	crt.sh
*.rfihub.com Sectigo RSA Domain Validation Secure Server CA	`2020-06-18` - `2022-06-18`	2 years	crt.sh
*.tvpixel.com Amazon	`2021-12-15` - `2023-01-12`	a year	crt.sh
contents1.00110.citi.com DigiCert SHA2 Extended Validation Server CA	`2020-08-10` - `2022-08-10`	2 years	crt.sh
*.digital-cloud-citi.medallia.com SSL.com RSA SSL subCA	`2021-11-15` - `2022-10-20`	a year	crt.sh
*.pbbl.co Amazon	`2021-11-04` - `2022-12-02`	a year	crt.sh
*.bkrtx.com DigiCert SHA2 Secure Server CA	`2022-02-07` - `2023-02-06`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 01	`2022-03-16` - `2022-09-16`	6 months	crt.sh
*.agkn.com RapidSSL RSA CA 2018	`2020-07-25` - `2022-09-18`	2 years	crt.sh
content22.online.citi.com DigiCert SHA2 Extended Validation Server CA	`2020-07-14` - `2022-08-06`	2 years	crt.sh
prod.report.nacustomerexperience.citi.com DigiCert SHA2 Extended Validation Server CA	`2020-05-05` - `2022-07-04`	2 years	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.kampyle.com GlobalSign Atlas R3 DV TLS CA 2022 Q1	`2022-02-22` - `2023-03-26`	a year	crt.sh
odc-pixel-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2022-02-26` - `2023-03-01`	a year	crt.sh
h.online-metrix.net Trustwave Organization Validation SHA256 CA, Level 1	`2021-12-28` - `2023-01-23`	a year	crt.sh
*.e.aa.online-metrix.net Trustwave Organization Validation SHA256 CA, Level 1	`2021-07-30` - `2022-08-01`	a year	crt.sh
c.msn.com Microsoft Azure TLS Issuing CA 01	`2022-02-08` - `2023-02-03`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh

This page contains 17 frames:

Primary Page: https://hidrotherms.com/cts/city.com/
Frame ID: C7A66C34DB171456C33CD541691D8C8B
Requests: 166 HTTP requests in this frame

Frame: https://citi.demdex.net/dest5.html?d_nsid=0
Frame ID: 2AE15AA5E37670F2EB3C09767A5FADF8
Requests: 1 HTTP requests in this frame

Frame: https://20766699p.rfihub.com/ca.html?ver=9&ra=794&rb=648&ca=20766699&_o=17169175&_t=&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=https%3A%2F%2Fhidrotherms.com%2Fcts%2Fcity.com%2F&pf=&ra=06238038943945057
Frame ID: 4654E8D18FED6D8F674AA20D1CFBBE04
Requests: 1 HTTP requests in this frame

Frame: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Frame ID: 049986DD81843F3909550128F8EB4B23
Requests: 1 HTTP requests in this frame

Frame: https://content22.online.citi.com/fp/check.js;CIS3SID=69B4B09FD8A728BF2EE7FCB11A1B9673?org_id=89oebq5k&session_id=f13ab1edeab18f4de9bda9c87dd095aabcc70280541a117ddef5b26c845e156f&nonce=6b89f78c1aa12a6c&pageid=1&jb=3639242668736f753d4c6b6e7d7a266a73673f4c69667770246a73627d3d4368706d6f6726687b623d4368726f6d672532303b39
Frame ID: F4D9958C8834455FF029C373072585C3
Requests: 14 HTTP requests in this frame

Frame: https://content22.online.citi.com/fp/check.js;CIS3SID=46224D2C1EE73E9471744854588FFD2B?org_id=89oebq5k&session_id=9717568aca3ba00d5234104e6f4c362a19aaa5de751b91a371cfabbf6b804cec&nonce=5527618d41f91b6a&pageid=1&jb=3c3b26246a7167753f4c6b6c7578266a736d3f4c696e757824687360773f416872676d65266a73623f436870676d652730303b3b
Frame ID: 9D63630821FC0620DE185EA50B401684
Requests: 13 HTTP requests in this frame

Frame: https://content22.online.citi.com/fp/check.js;CIS3SID=69915BADAB241B2E060746F35B8AB099?org_id=89oebq5k&session_id=6a85cc0b2587fa37e50459cde015dc512324b28dd7dd15460c2d10e6ae17cd32&nonce=31f079b47db06ff4&pageid=1&jb=36392e2668716f773f4c616c77782468736f3d4c69667778266a7362753f4368706d6f6524687b623d4168726f6d652732323b39
Frame ID: CE18E6F944E6AB9A82E4FF9537E64152
Requests: 12 HTTP requests in this frame

Frame: https://stags.bluekai.com/site/63068?ret=html&phint=language&phint=product&phint=event&phint=category&phint=page&phint=section1&phint=section2&phint=section3&phint=section4&phint=bankappstatus&phint=productID&phint=__bk_t%3DSign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&phint=__bk_k%3D&phint=__bk_l%3Dhttps%3A%2F%2Fhidrotherms.com%2Fcts%2Fcity.com%2F&phint=__bk_v%3D3.1.10&limit=10&r=62378404
Frame ID: 6010C394C16E1D6822E87D197E1DCD6E
Requests: 1 HTTP requests in this frame

Frame: https://content22.online.citi.com/fp/ls_fp.html;CIS3SID=4BDAF204AE47F84E58F2A9EB31B18DA4?org_id=89oebq5k&session_id=f13ab1edeab18f4de9bda9c87dd095aabcc70280541a117ddef5b26c845e156f&nonce=6b89f78c1aa12a6c&pageid=1
Frame ID: 6597E2C8A67380E62483AB8E3BB8C8AF
Requests: 2 HTTP requests in this frame

Frame: https://h.online-metrix.net/fp/sid_fp.html;CIS3SID=4BDAF204AE47F84E58F2A9EB31B18DA4?org_id=89oebq5k&session_id=f13ab1edeab18f4de9bda9c87dd095aabcc70280541a117ddef5b26c845e156f&nonce=6b89f78c1aa12a6c&pageid=1
Frame ID: 983CA6F76EC656478E2E8438B5DA5130
Requests: 2 HTTP requests in this frame

Frame: https://content22.online.citi.com/fp/top_fp.html;CIS3SID=4BDAF204AE47F84E58F2A9EB31B18DA4?org_id=89oebq5k&session_id=f13ab1edeab18f4de9bda9c87dd095aabcc70280541a117ddef5b26c845e156f&nonce=6b89f78c1aa12a6c&pageid=1
Frame ID: 28B6EA6FFF8F6A2BD84484E675935E9E
Requests: 1 HTTP requests in this frame

Frame: https://content22.online.citi.com/fp/ls_fp.html;CIS3SID=EEC5809D506ABA3ACA9252E9E4FF7D8D?org_id=89oebq5k&session_id=9717568aca3ba00d5234104e6f4c362a19aaa5de751b91a371cfabbf6b804cec&nonce=5527618d41f91b6a&pageid=1
Frame ID: A8B61CF52D10990A3C24FBA39293DF85
Requests: 2 HTTP requests in this frame

Frame: https://h.online-metrix.net/fp/sid_fp.html;CIS3SID=EEC5809D506ABA3ACA9252E9E4FF7D8D?org_id=89oebq5k&session_id=9717568aca3ba00d5234104e6f4c362a19aaa5de751b91a371cfabbf6b804cec&nonce=5527618d41f91b6a&pageid=1
Frame ID: 4F489463E4DE58D9FB61CC70A6781806
Requests: 2 HTTP requests in this frame

Frame: https://content22.online.citi.com/fp/top_fp.html;CIS3SID=EEC5809D506ABA3ACA9252E9E4FF7D8D?org_id=89oebq5k&session_id=9717568aca3ba00d5234104e6f4c362a19aaa5de751b91a371cfabbf6b804cec&nonce=5527618d41f91b6a&pageid=1
Frame ID: E87FE5267BA82F18316CC1F6B272D805
Requests: 1 HTTP requests in this frame

Frame: https://content22.online.citi.com/fp/ls_fp.html;CIS3SID=D51858A55185BC283857C8C2387EDEC5?org_id=89oebq5k&session_id=6a85cc0b2587fa37e50459cde015dc512324b28dd7dd15460c2d10e6ae17cd32&nonce=31f079b47db06ff4&pageid=1
Frame ID: C39236B46DEBCCB8CAE107C5B6F3ECBD
Requests: 2 HTTP requests in this frame

Frame: https://h.online-metrix.net/fp/sid_fp.html;CIS3SID=D51858A55185BC283857C8C2387EDEC5?org_id=89oebq5k&session_id=6a85cc0b2587fa37e50459cde015dc512324b28dd7dd15460c2d10e6ae17cd32&nonce=31f079b47db06ff4&pageid=1
Frame ID: 55E32DF89974ECADDD4BAA2EDEF62D32
Requests: 2 HTTP requests in this frame

Frame: https://content22.online.citi.com/fp/top_fp.html;CIS3SID=D51858A55185BC283857C8C2387EDEC5?org_id=89oebq5k&session_id=6a85cc0b2587fa37e50459cde015dc512324b28dd7dd15460c2d10e6ae17cd32&nonce=31f079b47db06ff4&pageid=1
Frame ID: 6290AF144DBF2BD1538EA73D96302DE2
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign On to Your Citi Account - Citibank

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Ensighten (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

//nexus\.ensighten\.com/

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

226
Requests

88 %
HTTPS

23 %
IPv6

24
Domains

37
Subdomains

31
IPs

4
Countries

4553 kB
Transfer

11321 kB
Size

40
Cookies

34 Outgoing links

These are links going to different origins than the main page.

URL: https://www.citi.com/
Title: Skip to Content

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/citibank-location-finder
Title: ATM / BRANCH

Search URL Search Domain Scan URL

URL: https://www.citi.com/login
Title: Continuar

Search URL Search Domain Scan URL

URL: http://www.citigroup.com/citi/
Title: Our Story

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=ServicesOverview
Title: Benefits and Services

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=Rewards
Title: Rewards

Search URL Search Domain Scan URL

URL: https://citieasydeals.com/
Title: Citi Easy DealsSM

Search URL Search Domain Scan URL

URL: http://www.citiprivatepass.com/
Title: Citi EntertainmentSM

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=SpecialOffers
Title: Special Offers

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/citigold-private-client
Title: Citigold® Private Client

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=CitigoldOverview
Title: Citigold®

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=CitiPriorityOverview
Title: Citi Priority

Search URL Search Domain Scan URL

URL: https://www.privatebank.citibank.com/
Title: Citi Private Bank

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/small-business-banking
Title: Small Business Accounts

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=CitiCommercialBanking
Title: Commercial Accounts

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/current-interest-rates/checking-saving-accounts
Title: Personal Banking

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare-credit-cards/citi.action?ID=view-all-credit-cards
Title: Credit Cards

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=todays_mortgage_rates&type=buy
Title: Mortgage

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=home_equity_rates
Title: Home Equity

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/current-interest-rates/personal-loans-and-lines-of-credit
Title: Lending

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/contactus
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/helptopic
Title: Help & FAQs

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/security-center
Title: Security Center

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.citi.citimobile
Title: Continue

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/app/citi-mobile-sm/id301724680?mt=8
Title: Continue

Search URL Search Domain Scan URL

URL: http://www.jdpower.com/awards
Title: Continue

Search URL Search Domain Scan URL

URL: https://www.facebook.com/citibank
Title: Continue

Search URL Search Domain Scan URL

URL: https://twitter.com/Citibank/
Title: Continue

Search URL Search Domain Scan URL

URL: https://www.youtube.com/citi
Title: Continue

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/termsdisclaimer/termsdisclaimerhome
Title: Terms & Conditions

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=Privacy
Title: Privacy

Search URL Search Domain Scan URL

URL: https://online.citi.com/JRS/portal/template.do?ID=Privacy#notice-at-collection
Title: Notice at Collection

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/dataprivacyhub
Title: CA Privacy Hub

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=Accessibility
Title: Accessibility

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12

https://hidrotherms.com/cts/city.com/img/bat.js HTTP 301
https://www.hidrotherms.com/cts/city.com/img/bat.js

Request Chain 45

https://hidrotherms.com/cts/city.com/img/logo.js HTTP 301
https://www.hidrotherms.com/cts/city.com/img/logo.js

Request Chain 73

https://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1648602550119 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1648602550119

Request Chain 77

https://cm.everesttech.net/cm/dd?d_uuid=55223268209585852293147944824630892340 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YkOttgAAAFc0CwQp

Request Chain 87

https://hidrotherms.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff HTTP 301
https://www.hidrotherms.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff

Request Chain 90

https://hidrotherms.com/cbol-pre-login-static-assets/assets/partner-login/qr/images/qrsignon-1.png HTTP 301
https://www.hidrotherms.com/cbol-pre-login-static-assets/assets/partner-login/qr/images/qrsignon-1.png

Request Chain 91

https://hidrotherms.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff HTTP 301
https://www.hidrotherms.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff

Request Chain 93

https://hidrotherms.com/cts/city.com/img/cds-assets/fonts/interstate/Interstate-Bold.woff HTTP 301
https://www.hidrotherms.com/cts/city.com/img/cds-assets/fonts/interstate/Interstate-Bold.woff

Request Chain 114

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?CtsSyncId=884A76A442AA44AE80F4EEB3DA285CB1&RedC=c.clarity.ms&MXFR=1ADE16BEC243671A1F0307C9C64369D4 HTTP 302
https://c.clarity.ms/c.gif?CtsSyncId=884A76A442AA44AE80F4EEB3DA285CB1&MUID=3961C8C003586E3606A1D9B702336F23

Request Chain 115

https://hidrotherms.com/cts/city.com/img/cds-assets/fonts/interstate/Interstate-Bold.ttf HTTP 301
https://www.hidrotherms.com/cts/city.com/img/cds-assets/fonts/interstate/Interstate-Bold.ttf

Request Chain 116

https://hidrotherms.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf HTTP 301
https://www.hidrotherms.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf

Request Chain 117

https://hidrotherms.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf HTTP 301
https://www.hidrotherms.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf

Request Chain 118

https://hidrotherms.com/cts/city.com/img/commonui-assets/fonts/interstate/Interstate-Bold.woff HTTP 301
https://www.hidrotherms.com/cts/city.com/img/commonui-assets/fonts/interstate/Interstate-Bold.woff

Request Chain 119

https://hidrotherms.com/cts/city.com/img/cds-assets/fonts/interstate/Interstate-Light.woff HTTP 301
https://www.hidrotherms.com/cts/city.com/img/cds-assets/fonts/interstate/Interstate-Light.woff

Request Chain 120

https://hidrotherms.com/cts/city.com/img/commonui-assets/fonts/interstate/Interstate-Bold.ttf HTTP 301
https://www.hidrotherms.com/cts/city.com/img/commonui-assets/fonts/interstate/Interstate-Bold.ttf

Request Chain 121

https://hidrotherms.com/cts/city.com/img/cds-assets/fonts/interstate/Interstate-Light.ttf HTTP 301
https://www.hidrotherms.com/cts/city.com/img/cds-assets/fonts/interstate/Interstate-Light.ttf

Request Chain 131

https://hidrotherms.com/cts/city.com/img/commonui-assets/fonts/interstate/Interstate-Light.woff HTTP 301
https://www.hidrotherms.com/cts/city.com/img/commonui-assets/fonts/interstate/Interstate-Light.woff

Request Chain 197

https://hidrotherms.com/cts/city.com/img/commonui-assets/fonts/interstate/Interstate-Light.ttf HTTP 301
https://www.hidrotherms.com/cts/city.com/img/commonui-assets/fonts/interstate/Interstate-Light.ttf

226 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
hidrotherms.com/cts/city.com/ 309 KB
79 KB 655ms
196ms Document
text/html 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 209db3111df8be4b0414ecda1956ec28c519bd0e0d5da80b300e322e082eeef1

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

vary: Accept-Encoding
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 30 Mar 2022 01:09:09 GMT
server: Apache

GET
H2 200 cool-2.1.15.min.js Show response
hidrotherms.com/cts/city.com/img/ 14 KB
6 KB 245ms
244ms Script
application/javascript 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/cool-2.1.15.min.js
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:09 GMT
content-encoding: gzip
last-modified: Sun, 13 Mar 2022 12:08:26 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 6187

GET
H2 200 clarity.js Show response
hidrotherms.com/cts/city.com/img/ 53 KB
23 KB 242ms
242ms Script
application/javascript 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/clarity.js
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 3701cadc5fc84e8ad639f83a87e20d82575e3cc28d479d73a0e66e5230e71c65

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:09 GMT
content-encoding: gzip
last-modified: Sun, 13 Mar 2022 12:08:26 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 f.txt Show response
hidrotherms.com/cts/city.com/img/ 39 KB
18 KB 139ms
139ms Script
text/plain 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/f.txt
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: cae0ae2d67aac89367108586ebd25e00afc5d0f8110e6eb71b8d274037f7a5d8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
content-encoding: gzip
last-modified: Sun, 13 Mar 2022 12:08:28 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 tc.min.js Show response
hidrotherms.com/cts/city.com/img/ 19 KB
8 KB 137ms
137ms Script
application/javascript 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/tc.min.js
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
content-encoding: gzip
last-modified: Sun, 13 Mar 2022 12:08:28 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 8064

GET
H2 200 js Show response
hidrotherms.com/cts/city.com/img/ 101 KB
101 KB 170ms
170ms Script
text/plain 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/js
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 7e035fe791d86c0346cacc50c10ab1cea6941f3dae04a87b7acc0e30ce6436d9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
last-modified: Sun, 13 Mar 2022 12:08:26 GMT
server: Apache
accept-ranges: bytes
content-length: 103051

GET
H2 200 js(1) Show response
hidrotherms.com/cts/city.com/img/ 101 KB
101 KB 133ms
132ms Script
text/plain 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/js(1)
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 008aaa0eebea326ea356339b06467c2eb5f98d4b76759ae45f6eb1f953db28ee

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
last-modified: Sun, 13 Mar 2022 12:08:26 GMT
server: Apache
accept-ranges: bytes
content-length: 103051

GET
H2 200 js(2) Show response
hidrotherms.com/cts/city.com/img/ 101 KB
101 KB 169ms
169ms Script
text/plain 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/js(2)
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: b6f517c4279c052b89206db39d95274ef20699f4142aaa9e4339790d3228a64f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
last-modified: Sun, 13 Mar 2022 12:08:28 GMT
server: Apache
accept-ranges: bytes
content-length: 103187

GET
H2 200 js(3) Show response
hidrotherms.com/cts/city.com/img/ 101 KB
101 KB 218ms
208ms Script
text/plain 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/js(3)
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 0e8665d56063213d42b3650b1325534735f0fefe09ee48a7f734f83b5e4bfdfe

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
last-modified: Sun, 13 Mar 2022 12:08:28 GMT
server: Apache
accept-ranges: bytes
content-length: 103051

GET
H2 200 js(4) Show response
hidrotherms.com/cts/city.com/img/ 101 KB
101 KB 151ms
141ms Script
text/plain 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/js(4)
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 677cec65f2895fca126756615b8f96c2801078d2b59a98bab4aab3ee8a89d645

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
last-modified: Sun, 13 Mar 2022 12:08:26 GMT
server: Apache
accept-ranges: bytes
content-length: 103187

GET
H2 200 js(5) Show response
hidrotherms.com/cts/city.com/img/ 101 KB
101 KB 218ms
207ms Script
text/plain 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/js(5)
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: e76caa473d34a77670863ffd51ee0e59b44c4bdc6367aa0e8e698bf6b264919f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
last-modified: Sun, 13 Mar 2022 12:08:28 GMT
server: Apache
accept-ranges: bytes
content-length: 103281

GET
H2 200 js(6) Show response
hidrotherms.com/cts/city.com/img/ 101 KB
101 KB 217ms
207ms Script
text/plain 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/js(6)
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: ac3211cc5864f812b2e7fe668137258fe2e2405cc42642d4fbcd07199f3c4028

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
last-modified: Sun, 13 Mar 2022 12:08:28 GMT
server: Apache
accept-ranges: bytes
content-length: 103187

GET
H2 200 js(7) Show response
hidrotherms.com/cts/city.com/img/ 101 KB
101 KB 218ms
208ms Script
text/plain 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/js(7)
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 4027f452062da70c1206681e4d1e3ad20d633d217bcd0f954f98e4ea7743c842

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
last-modified: Sun, 13 Mar 2022 12:08:26 GMT
server: Apache
accept-ranges: bytes
content-length: 103187

GET
H2

404

bat.js
www.hidrotherms.com/cts/city.com/img/
Redirect Chain

https://hidrotherms.com/cts/city.com/img/bat.js
https://www.hidrotherms.com/cts/city.com/img/bat.js

0
0

268ms
268ms

Script
text/html

108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.hidrotherms.com/cts/city.com/img/bat.js
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Redirect headers

date: Wed, 30 Mar 2022 01:09:10 GMT
server: Apache
x-redirect-by: WordPress
content-type: text/html; charset=UTF-8
location: https://www.hidrotherms.com/cts/city.com/img/bat.js
cache-control: no-cache, must-revalidate, max-age=0
content-length: 0
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 dpm_pixel_min.js Show response
hidrotherms.com/cts/city.com/img/ 103 KB
39 KB 252ms
241ms Script
application/javascript 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/dpm_pixel_min.js
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 61d8137d275f12306e177bc726c2b3e072f9efa4743a0ace6ecbcf7a0932fd07

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
content-encoding: gzip
last-modified: Sun, 13 Mar 2022 12:08:28 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 js(8) Show response
hidrotherms.com/cts/city.com/img/ 101 KB
101 KB 151ms
141ms Script
text/plain 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/js(8)
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: efcb0e09a533713a54d617f43991909e46d6430c9c1531787ea15492a15b9e86

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
last-modified: Sun, 13 Mar 2022 12:08:28 GMT
server: Apache
accept-ranges: bytes
content-length: 103165

GET
H2 200 js(9) Show response
hidrotherms.com/cts/city.com/img/ 91 KB
91 KB 151ms
140ms Script
text/plain 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/js(9)
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: c9c84a02bd7802730402506e08933a2bf019ce78600f266189b86a2d53c0bdd6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
last-modified: Sun, 13 Mar 2022 12:08:28 GMT
server: Apache
accept-ranges: bytes
content-length: 92863

GET
H2 200 js(10) Show response
hidrotherms.com/cts/city.com/img/ 91 KB
91 KB 150ms
140ms Script
text/plain 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/js(10)
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: e83c9c5a686b6460be3df5f34ddbe456588d4f575083e74045a00c4ff2be7db0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
last-modified: Sun, 13 Mar 2022 12:08:28 GMT
server: Apache
accept-ranges: bytes
content-length: 92863

GET
H2 200 js(11) Show response
hidrotherms.com/cts/city.com/img/ 91 KB
91 KB 151ms
140ms Script
text/plain 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/js(11)
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 0264c5423e565a05bcc16d1abdfec999c4e92fd5ea90146251a8549cb93773f6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
last-modified: Sun, 13 Mar 2022 12:08:26 GMT
server: Apache
accept-ranges: bytes
content-length: 92863

GET
H2 200 js(12) Show response
hidrotherms.com/cts/city.com/img/ 91 KB
91 KB 215ms
205ms Script
text/plain 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/js(12)
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 5a2aa8a1ce876434e8f0912c3be63026f79d0b0f24ea591e5379d9186fae451f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
last-modified: Sun, 13 Mar 2022 12:08:26 GMT
server: Apache
accept-ranges: bytes
content-length: 92863

GET
H2 200 js(13) Show response
hidrotherms.com/cts/city.com/img/ 91 KB
91 KB 216ms
206ms Script
text/plain 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/js(13)
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 8a13175818c1064520ce05abb77e35d1c88111dcf0cd991d5227a55ff196a7e3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
last-modified: Sun, 13 Mar 2022 12:08:26 GMT
server: Apache
accept-ranges: bytes
content-length: 92841

GET
H2 200 js(14) Show response
hidrotherms.com/cts/city.com/img/ 91 KB
91 KB 216ms
206ms Script
text/plain 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/js(14)
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 02e871a789bf3801140ce6b9d8a205d308ca81bce448e87fb6bdd60ee98cafc1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
last-modified: Sun, 13 Mar 2022 12:08:26 GMT
server: Apache
accept-ranges: bytes
content-length: 92841

GET
H2 200 3fac67bbed26d3e121bb84cefe395515.js Show response
hidrotherms.com/cts/city.com/img/ 4 KB
2 KB 216ms
206ms Script
application/javascript 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/3fac67bbed26d3e121bb84cefe395515.js
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 6a4572cbce614543d10ffc2276b91140ecb0b0b9e2de0b9a87d4bc4016051f17

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
content-encoding: gzip
last-modified: Sun, 13 Mar 2022 12:08:26 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 1742

GET
H2 200 8e31a20960f50a1c34f7ccb1cd9737ec.js Show response
hidrotherms.com/cts/city.com/img/ 340 B
281 B 216ms
207ms Script
application/javascript 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/8e31a20960f50a1c34f7ccb1cd9737ec.js
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 84129e02573a4f7ca911b6b37f7129a748efdae9decea2efe415ffeabf1a66bb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
content-encoding: gzip
last-modified: Sun, 13 Mar 2022 12:08:26 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 250

GET
H2 200 96e0eb995483e83e7b3f71968eedeed1.js Show response
hidrotherms.com/cts/city.com/img/ 396 KB
155 KB 216ms
207ms Script
application/javascript 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/96e0eb995483e83e7b3f71968eedeed1.js
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: d9181c42b463ba85677421a93ae1ba80ae774c9bf8af67200ed78a419bd067a0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
content-encoding: gzip
last-modified: Sun, 13 Mar 2022 12:08:28 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 d77cad342c2e126c752063748cd63d48.js Show response
hidrotherms.com/cts/city.com/img/ 30 KB
10 KB 216ms
206ms Script
application/javascript 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/d77cad342c2e126c752063748cd63d48.js
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 21201ecc3c1f81d2725b4f6b81c4dfa208edabe6a023711d6b48933b7acabf84

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
content-encoding: gzip
last-modified: Sun, 13 Mar 2022 12:08:28 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 10653

GET
H2 200 6c8ea0384518f24fa6367b97cbf3fd9d.js Show response
hidrotherms.com/cts/city.com/img/ 128 KB
48 KB 260ms
251ms Script
application/javascript 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/6c8ea0384518f24fa6367b97cbf3fd9d.js
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: dfb30742c209a6119b53853df43d609166ce3b72e09c0f6d7bafaac8a4f1bd00

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
content-encoding: gzip
last-modified: Sun, 13 Mar 2022 12:08:26 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 468b3e37a21c4198f4939c8aaca98066.js Show response
hidrotherms.com/cts/city.com/img/ 1 KB
685 B 341ms
332ms Script
application/javascript 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/468b3e37a21c4198f4939c8aaca98066.js
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 61e01b4da87624c5972c4f051d92695a76fa8491c2c1512342b714b9f5db2008

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
content-encoding: gzip
last-modified: Sun, 13 Mar 2022 12:08:26 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 653

GET
H2 200 51aba9f62787efbaa13e53a8d1ae3892.js Show response
hidrotherms.com/cts/city.com/img/ 1 KB
688 B 360ms
351ms Script
application/javascript 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/51aba9f62787efbaa13e53a8d1ae3892.js
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: bf8892a953595eb96b9ca68c5756849d404115dcf2ee9bf87e8b4e7b3cf8e650

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
content-encoding: gzip
last-modified: Sun, 13 Mar 2022 12:08:26 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 656

GET
H2 200 9d552101ccdbc20ef239307e0ace1356.js Show response
hidrotherms.com/cts/city.com/img/ 156 KB
51 KB 341ms
333ms Script
application/javascript 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/9d552101ccdbc20ef239307e0ace1356.js
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 53c561089a7987d29afa32543f9d7585b9a4f565b0b6c54b703e802f2f52d386

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
content-encoding: gzip
last-modified: Sun, 13 Mar 2022 12:08:26 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 d74f82b561a6aa5d9247eaf72394131a.js Show response
hidrotherms.com/cts/city.com/img/ 2 KB
694 B 258ms
249ms Script
application/javascript 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/d74f82b561a6aa5d9247eaf72394131a.js
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 1243ffed4530d6d237dd040101bf2933687f6e9272b10132060115058f914206

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
content-encoding: gzip
last-modified: Sun, 13 Mar 2022 12:08:26 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 662

GET
H2 200 557566dc60916e3de69e006bef252459.js Show response
hidrotherms.com/cts/city.com/img/ 2 KB
799 B 359ms
351ms Script
application/javascript 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/557566dc60916e3de69e006bef252459.js
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 31b00ff4929696dfca06885da68e58c3e09f6ecb4ae0fe1ae287e99a3fd1f716

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
content-encoding: gzip
last-modified: Sun, 13 Mar 2022 12:08:26 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 767

GET
H2 200 42d4d669434e7d621371bd59ca097dbf.js Show response
hidrotherms.com/cts/city.com/img/ 5 KB
2 KB 359ms
351ms Script
application/javascript 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/42d4d669434e7d621371bd59ca097dbf.js
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 76b3e3ecb44a3b1216be2633c4736dc6fbef5a83a7058b7919dcb1489b5b211b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
content-encoding: gzip
last-modified: Sun, 13 Mar 2022 12:08:28 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 2083

GET
H2 200 d90ce1a791ada193ee0ca4e9ce66632d.js Show response
hidrotherms.com/cts/city.com/img/ 5 KB
2 KB 259ms
251ms Script
application/javascript 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/d90ce1a791ada193ee0ca4e9ce66632d.js
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: c1b3f3803c42132039b21ce8921335c9cb785a58d513fdc04b0350434bec8e29

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
content-encoding: gzip
last-modified: Sun, 13 Mar 2022 12:08:26 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 1925

GET
H2 200 fdf45a7c15c1cee06bb71e10dac4e26e.js Show response
hidrotherms.com/cts/city.com/img/ 989 B
581 B 258ms
250ms Script
application/javascript 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/fdf45a7c15c1cee06bb71e10dac4e26e.js
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 7df13706eaab8ce9a3dcd2a501f60bc66987c83834d07dfaf07ae56ef814c110

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
content-encoding: gzip
last-modified: Sun, 13 Mar 2022 12:08:28 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 549

GET
H2 200 serverComponent.php Show response
hidrotherms.com/cts/city.com/img/ 2 KB
788 B 241ms
239ms Script
text/html 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/serverComponent.php
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 1a6193c0936ec29f4350799172f83ad78a95112799ea30c662e80f25b418361c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:09 GMT
content-encoding: gzip
server: Apache
content-length: 758
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 6c8322c7341eac98645c10e3d1d3c7ae.js Show response
hidrotherms.com/cts/city.com/img/ 233 KB
133 KB 241ms
240ms Script
application/javascript 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/6c8322c7341eac98645c10e3d1d3c7ae.js
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 93a2bf9c16a92eea122a84d246579a50fb89c3b269c78c080588cee14129b2c7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:09 GMT
content-encoding: gzip
last-modified: Sun, 13 Mar 2022 12:08:28 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 tagging.min.js Show response
hidrotherms.com/cts/city.com/img/ 44 KB
14 KB 240ms
238ms Script
application/javascript 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/tagging.min.js
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 3f383b43ed678109c3a4006112945b4381899317658913dcf1d061a55b47cab5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:09 GMT
content-encoding: gzip
last-modified: Sun, 13 Mar 2022 12:08:26 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 14443

GET
H2 200 banner.min.js Show response
hidrotherms.com/cts/city.com/img/ 15 KB
6 KB 241ms
240ms Script
application/javascript 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/banner.min.js
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 66e0a4b3019f0e19c99a314095a7e13932cd8afcb82a236475abf3f8723ea69d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:09 GMT
content-encoding: gzip
last-modified: Sun, 13 Mar 2022 12:08:28 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 5944

GET
H2 200 Bootstrap.js Show response
hidrotherms.com/cts/city.com/img/ 229 KB
88 KB 241ms
239ms Script
application/javascript 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/Bootstrap.js
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: b4d7c52d0920ce3ce14dd5f198df3fb2e9bf39ff31e209a92cf146c86de4ce62

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:09 GMT
content-encoding: gzip
last-modified: Sun, 13 Mar 2022 12:08:26 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: application/javascript

GET Interstate-Light.woff
www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0

GET Interstate-Bold.woff
www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0

GET Interstate-Regular.woff
www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0

GET
H2 200 styles.a4a9307b7b034ca614a7.css
hidrotherms.com/cts/city.com/img/ 1 MB
265 KB 363ms
362ms Stylesheet
text/css 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/styles.a4a9307b7b034ca614a7.css
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: c49f7ec632ced66bfd8ac1ed0cc98a6c8e583f7b36e1faccf190a04955d39c01

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:09 GMT
content-encoding: gzip
last-modified: Sun, 13 Mar 2022 12:08:28 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/css

GET
H2 200 tags.js Show response
hidrotherms.com/cts/city.com/img/ 80 KB
12 KB 340ms
332ms Script
application/javascript 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/tags.js
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: a1012b65a2ec44d9f1a2e3a11f74e644e505cb6544e3717b4442cb9aa73452b0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
content-encoding: gzip
last-modified: Sun, 13 Mar 2022 12:08:26 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 12059

GET
H2 200 1-es2015.e6099f56b51f44414444.js Show response
hidrotherms.com/cts/city.com/img/ 746 KB
255 KB 362ms
362ms Script
application/javascript 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/1-es2015.e6099f56b51f44414444.js
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 6f56350d404b7363262ab1a2331f6ee082822c230c2dda9061439acb0ee2ea29

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:09 GMT
content-encoding: gzip
last-modified: Sun, 13 Mar 2022 12:08:28 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: application/javascript

GET
H2

404

logo.js
www.hidrotherms.com/cts/city.com/img/
Redirect Chain

https://hidrotherms.com/cts/city.com/img/logo.js
https://www.hidrotherms.com/cts/city.com/img/logo.js

0
0

702ms
277ms

Script
text/html

108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.hidrotherms.com/cts/city.com/img/logo.js
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Redirect headers

date: Wed, 30 Mar 2022 01:09:09 GMT
server: Apache
x-redirect-by: WordPress
content-type: text/html; charset=UTF-8
location: https://www.hidrotherms.com/cts/city.com/img/logo.js
cache-control: no-cache, must-revalidate, max-age=0
content-length: 0
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 tags.js(1).download Show response
hidrotherms.com/cts/city.com/img/ 80 KB
81 KB 257ms
249ms Script
text/plain 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/tags.js(1).download
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: ecddeb2adfa02b823671f9e56787dd23cadfe86fa9042940d5fea9e38054c174

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
last-modified: Sun, 13 Mar 2022 12:08:26 GMT
server: Apache
accept-ranges: bytes
content-length: 82417

GET
H2 200 cedric.js Show response
hidrotherms.com/cts/city.com/img/ 602 KB
206 KB 318ms
318ms Script
application/javascript 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/cedric.js
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 48451bef935eba4b7a149a7b6dc16cc7183e75cb2887d571a3382ae3f155686a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:09 GMT
content-encoding: gzip
last-modified: Sun, 13 Mar 2022 12:08:26 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 tags.js(2).download Show response
hidrotherms.com/cts/city.com/img/ 80 KB
81 KB 339ms
331ms Script
text/plain 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/tags.js(2).download
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 7c61e941b642ce421086c40e8edd357d643de75763ebe83073d329f2693f6786

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
last-modified: Sun, 13 Mar 2022 12:08:28 GMT
server: Apache
accept-ranges: bytes
content-length: 82417

GET
H2 200 embed.js Show response
hidrotherms.com/cts/city.com/img/ 2 KB
749 B 367ms
365ms Script
application/javascript 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/embed.js
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 7ce1ab6d7d544d02fdbfd070df6d6290a630944648f78629bccf6b7c426254ff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:09 GMT
content-encoding: gzip
last-modified: Sun, 13 Mar 2022 12:08:26 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 717

GET
H2 200 16003743.js Show response
hidrotherms.com/cts/city.com/img/ 0
28 B 257ms
249ms Script
application/javascript 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/16003743.js
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
last-modified: Sun, 13 Mar 2022 12:08:28 GMT
server: Apache
accept-ranges: bytes
content-length: 0
content-type: application/javascript

GET
H2 200 16001692.js Show response
hidrotherms.com/cts/city.com/img/ 685 B
467 B 257ms
249ms Script
application/javascript 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/16001692.js
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: fbfbcd5ac1839093e7f7fed9f57af9bdca51c799c591af25b624ebc421fdd052

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
content-encoding: gzip
last-modified: Sun, 13 Mar 2022 12:08:26 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 435

GET
H2 200 f(1).txt Show response
hidrotherms.com/cts/city.com/img/ 2 KB
1 KB 369ms
368ms Script
text/plain 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/f(1).txt
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 60efe6c61d482a9ad16c13a430e4f9b230d4a7667873a043327afadd372bef6d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:09 GMT
content-encoding: gzip
last-modified: Sun, 13 Mar 2022 12:08:26 GMT
server: Apache
vary: Accept-Encoding
content-type: text/plain
accept-ranges: bytes
content-length: 1037

GET
H2 200 f(2).txt Show response
hidrotherms.com/cts/city.com/img/ 2 KB
1 KB 372ms
371ms Script
text/plain 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/f(2).txt
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 0ed87b4fd56a4ea6f91e90ec9227281332adcb6d90c16871ddd93a8b0769fa24

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:09 GMT
content-encoding: gzip
last-modified: Sun, 13 Mar 2022 12:08:28 GMT
server: Apache
vary: Accept-Encoding
content-type: text/plain
accept-ranges: bytes
content-length: 1032

GET
H2 200 f(3).txt Show response
hidrotherms.com/cts/city.com/img/ 2 KB
1 KB 372ms
371ms Script
text/plain 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/f(3).txt
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 76fb126ee024dcf4a093ac4d3614448b9281355f1033a422fc929298e88fa877

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:09 GMT
content-encoding: gzip
last-modified: Sun, 13 Mar 2022 12:08:28 GMT
server: Apache
vary: Accept-Encoding
content-type: text/plain
accept-ranges: bytes
content-length: 1032

GET
H2 200 f(4).txt Show response
hidrotherms.com/cts/city.com/img/ 2 KB
1 KB 368ms
367ms Script
text/plain 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/f(4).txt
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 6bb0c1eaae6f6770f889c139ca441c1c21ab76ba7cd86cb28600955f3ee15302

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:09 GMT
content-encoding: gzip
last-modified: Sun, 13 Mar 2022 12:08:28 GMT
server: Apache
vary: Accept-Encoding
content-type: text/plain
accept-ranges: bytes
content-length: 1031

GET
H2 200 f(5).txt Show response
hidrotherms.com/cts/city.com/img/ 2 KB
1 KB 369ms
369ms Script
text/plain 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/f(5).txt
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 2c3e0f1421ec0c865caf07a6fee834c43eb456613a9d1aee3a3db0c463c9d340

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:09 GMT
content-encoding: gzip
last-modified: Sun, 13 Mar 2022 12:08:26 GMT
server: Apache
vary: Accept-Encoding
content-type: text/plain
accept-ranges: bytes
content-length: 1030

GET
H2 200 f(6).txt Show response
hidrotherms.com/cts/city.com/img/ 2 KB
1 KB 421ms
420ms Script
text/plain 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/f(6).txt
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 85272ec3d43640c29bdc41f4f2f7c2942b2f96d76254e8b2802006eab8bc44fa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:09 GMT
content-encoding: gzip
last-modified: Sun, 13 Mar 2022 12:08:28 GMT
server: Apache
vary: Accept-Encoding
content-type: text/plain
accept-ranges: bytes
content-length: 1031

GET
H2 200 f(7).txt Show response
hidrotherms.com/cts/city.com/img/ 2 KB
1 KB 367ms
367ms Script
text/plain 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/f(7).txt
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 441dbbcac58f504c76ab5ff91afa232a4f7734790a9fd2345cad297f00537aa0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:09 GMT
content-encoding: gzip
last-modified: Sun, 13 Mar 2022 12:08:26 GMT
server: Apache
vary: Accept-Encoding
content-type: text/plain
accept-ranges: bytes
content-length: 1042

GET
H2 200 f(8).txt Show response
hidrotherms.com/cts/city.com/img/ 2 KB
1 KB 366ms
366ms Script
text/plain 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/f(8).txt
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: ec92c710f2d67faf40a7c39947630493ffd75ca46a82cfadde25e8eb05e53bf3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:09 GMT
content-encoding: gzip
last-modified: Sun, 13 Mar 2022 12:08:26 GMT
server: Apache
vary: Accept-Encoding
content-type: text/plain
accept-ranges: bytes
content-length: 1032

GET
H2 200 citilogoredesign.png
hidrotherms.com/cts/city.com/img/ 2 KB
2 KB 258ms
250ms Image
image/png 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hidrotherms.com/cts/city.com/img/citilogoredesign.png
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
last-modified: Sun, 13 Mar 2022 12:08:28 GMT
server: Apache
accept-ranges: bytes
content-length: 1799
content-type: image/png

GET
H2 200 050-location@2x.svg
hidrotherms.com/cts/city.com/img/ 2 KB
2 KB 248ms
240ms Image
image/svg+xml 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hidrotherms.com/cts/city.com/img/050-location@2x.svg
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
last-modified: Sun, 13 Mar 2022 12:08:26 GMT
server: Apache
accept-ranges: bytes
content-length: 1752
content-type: image/svg+xml

GET
H2 200 icon_globe_med-grey@2x.svg
hidrotherms.com/cts/city.com/img/ 3 KB
3 KB 236ms
229ms Image
image/svg+xml 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hidrotherms.com/cts/city.com/img/icon_globe_med-grey@2x.svg
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
last-modified: Sun, 13 Mar 2022 12:08:26 GMT
server: Apache
accept-ranges: bytes
content-length: 3523
content-type: image/svg+xml

GET
H2 200 phone.png
hidrotherms.com/cts/city.com/img/ 10 KB
10 KB 256ms
249ms Image
image/png 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hidrotherms.com/cts/city.com/img/phone.png
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 5df469ee4da2bc124065cb8df0e24173c5cbc8b9e0c807960fc39c93ffb640c8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
last-modified: Sun, 13 Mar 2022 12:08:26 GMT
server: Apache
accept-ranges: bytes
content-length: 9873
content-type: image/png

GET
H2 200 qrsignon.png
hidrotherms.com/cts/city.com/img/ 741 B
779 B 255ms
248ms Image
image/png 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hidrotherms.com/cts/city.com/img/qrsignon.png
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: dc876f814074650acde84db7a7f34c583f043b83130e5de49de65f18d1ee2683

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
last-modified: Sun, 13 Mar 2022 12:08:26 GMT
server: Apache
accept-ranges: bytes
content-length: 741
content-type: image/png

GET
H2 200 laptop-and-phone-pairing.png
hidrotherms.com/cts/city.com/img/ 3 KB
3 KB 255ms
249ms Image
image/png 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hidrotherms.com/cts/city.com/img/laptop-and-phone-pairing.png
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: a9a43473908fb995ecdc6bd80d80fd42d3e43bf31687aff0978d7389de2573aa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
last-modified: Sun, 13 Mar 2022 12:08:28 GMT
server: Apache
accept-ranges: bytes
content-length: 3044
content-type: image/png

GET
H2 200 laptop-and-phone-success.png
hidrotherms.com/cts/city.com/img/ 2 KB
3 KB 256ms
250ms Image
image/png 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hidrotherms.com/cts/city.com/img/laptop-and-phone-success.png
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: e5c725c5a6510cd7323ff66fa032e69cfe7aec1dd042911cae0607d071670eec

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
last-modified: Sun, 13 Mar 2022 12:08:26 GMT
server: Apache
accept-ranges: bytes
content-length: 2544
content-type: image/png

GET
H2 200 EqualHousing.png
hidrotherms.com/cts/city.com/img/ 2 KB
2 KB 270ms
264ms Image
image/png 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hidrotherms.com/cts/city.com/img/EqualHousing.png
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: f23485e8b9c368f28f18a0bb110573df79c00ac3a2ca71d68017db100207639d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
last-modified: Sun, 13 Mar 2022 12:08:26 GMT
server: Apache
accept-ranges: bytes
content-length: 1606
content-type: image/png

GET
H2 200 googlePlay@3x.png
hidrotherms.com/cts/city.com/img/ 24 KB
25 KB 270ms
264ms Image
image/png 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hidrotherms.com/cts/city.com/img/googlePlay@3x.png
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: a079bb0d5590826bcc664715122004dff51e76c79608bc29f586c9388b623b77

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
last-modified: Sun, 13 Mar 2022 12:08:26 GMT
server: Apache
accept-ranges: bytes
content-length: 25077
content-type: image/png

GET
H2 200 appStore@3x.png
hidrotherms.com/cts/city.com/img/ 20 KB
20 KB 255ms
250ms Image
image/png 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hidrotherms.com/cts/city.com/img/appStore@3x.png
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 87c763c6b05015e55915d0a1e6647e4e5d0b996e78d79e1afe228dd33b68e65b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
last-modified: Sun, 13 Mar 2022 12:08:26 GMT
server: Apache
accept-ranges: bytes
content-length: 20047
content-type: image/png

GET
H2 200 social-media_facebook@3x.png
hidrotherms.com/cts/city.com/img/ 445 B
475 B 338ms
332ms Image
image/png 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hidrotherms.com/cts/city.com/img/social-media_facebook@3x.png
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
last-modified: Sun, 13 Mar 2022 12:08:26 GMT
server: Apache
accept-ranges: bytes
content-length: 445
content-type: image/png

GET
H2 200 social-media_twitter@3x.png
hidrotherms.com/cts/city.com/img/ 1 KB
1 KB 255ms
250ms Image
image/png 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hidrotherms.com/cts/city.com/img/social-media_twitter@3x.png
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: 5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
last-modified: Sun, 13 Mar 2022 12:08:26 GMT
server: Apache
accept-ranges: bytes
content-length: 1277
content-type: image/png

GET
H2 200 social-media_youtube@3x.png
hidrotherms.com/cts/city.com/img/ 1 KB
1 KB 337ms
332ms Image
image/png 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hidrotherms.com/cts/city.com/img/social-media_youtube@3x.png
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
last-modified: Sun, 13 Mar 2022 12:08:28 GMT
server: Apache
accept-ranges: bytes
content-length: 1175
content-type: image/png

GET
H/1.1

200
OK

rd Show response
dpm.demdex.net/id/
Redirect Chain

https://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1648602550119
https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1648602550119

363 B
1 KB

29ms
29ms

XHR
application/json

34.242.106.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1648602550119

Requested by

Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/

Protocol

HTTP/1.1

Server

34.242.106.163 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-242-106-163.eu-west-1.compute.amazonaws.com

Software

Resource Hash

b2f64ca38860d135b6d6b4b89f63d9e8842d32e05e92c6f337f68a57308156c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v030-0db82d4df.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: /5XppH4USvM=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://hidrotherms.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 305
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-2-v030-0065f0200.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: https://hidrotherms.com
X-TID: DeuRsASwTcs=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1648602550119
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 204 e.gif
nexus.ensighten.com/error/ 0
107 B 40ms
10ms Image
text/plain 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nexus.ensighten.com/error/e.gif?msg=_dl%20is%20not%20defined&lnn=-1&fn=&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
cache-control: no-cache, no-store
server: nginx
expires: Wed, 30 Mar 2022 01:09:09 GMT

GET
H2 200 serverComponent.php Show response
nexus.ensighten.com/citi/na_prod/ 1 KB
739 B 57ms
26ms Script
text/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Thu%20Feb%2017%2015:16:12%20GMT%202022&ClientID=1129&PageID=https%3A%2F%2Fhidrotherms.com%2Fcts%2Fcity.com%2F
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/img/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: fcf804ddfb639af57ed1b90ce4f502764c3f8cff93442841efeca2416ac847f3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
cache-control: no-cache, no-store
content-type: text/javascript
server: nginx
content-encoding: gzip
vary: Accept-Encoding
expires: Wed, 30 Mar 2022 01:09:09 GMT

GET
H2 200 id Show response
metrics1.citi.com/ 89 B
674 B 86ms
17ms XHR
application/x-javascript 15.188.95.229
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics1.citi.com/id?d_visid_ver=3.1.2&d_fieldgroup=A&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&mid=49721551571032125902453376690999357079&ts=1648602550263

Requested by

Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/img/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.188.95.229 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-95-229.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

8cce4b434becd61058f7f911f761996c8e3aab03b12bc2861142960a98bc08db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://hidrotherms.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-7f6b754cd4-ktdfq
vary: Origin
x-c: main-1629.I879dac.M0-556
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://hidrotherms.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript;charset=utf-8
content-length: 89
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=YkOttgAAAFc0CwQp
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=55223268209585852293147944824630892340
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YkOttgAAAFc0CwQp

42 B
945 B

29ms
29ms

Image
image/gif

34.242.106.163
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=YkOttgAAAFc0CwQp

Requested by

Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/

Protocol

HTTP/1.1

Server

34.242.106.163 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-242-106-163.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v030-025e0c782.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: rgATcNSHRH0=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=YkOttgAAAFc0CwQp
Date: Wed, 30 Mar 2022 01:09:10 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 363 B
1 KB 29ms
29ms XHR
application/json 34.242.106.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&d_mid=49721551571032125902453376690999357079&d_blob=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&d_cid_ic=AVID%013121D6DB6B17445F-60001B64D1CB8A74&ts=1648602550351

Requested by

Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/img/Bootstrap.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.242.106.163 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-242-106-163.eu-west-1.compute.amazonaws.com

Software

Resource Hash

c3e52e2768c6883e8d5d4df742e1f568d06c36d8dd1f849ccc763dec25785821

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://hidrotherms.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-2-v030-00570eae8.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: GNeZ5ckzSYA=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://hidrotherms.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 306
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 /
www.google.com/pagead/1p-user-list/916451471/ 42 B
108 B 145ms
53ms Image
image/gif 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/916451471/?random=1645199688127&cv=9&fst=1645196400000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=5&u_nmime=2&gtm=2oa2g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2Flogin&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1013547421&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Mar 2022 01:09:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/695231162/ 42 B
108 B 145ms
53ms Image
image/gif 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/695231162/?random=1645199688136&cv=9&fst=1645196400000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=5&u_nmime=2&gtm=2oa2g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2Flogin&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2490011135&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Mar 2022 01:09:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/644574043/ 42 B
108 B 145ms
54ms Image
image/gif 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/644574043/?random=1645199688142&cv=9&fst=1645196400000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=5&u_nmime=2&gtm=2oa2g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2Flogin&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3716761758&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Mar 2022 01:09:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/960621875/ 42 B
108 B 145ms
54ms Image
image/gif 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/960621875/?random=1645199688150&cv=9&fst=1645196400000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=5&u_nmime=2&gtm=2oa2g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2Flogin&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3640341865&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Mar 2022 01:09:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/830907969/ 42 B
108 B 145ms
54ms Image
image/gif 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/830907969/?random=1645199688154&cv=9&fst=1645196400000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=5&u_nmime=2&gtm=2oa2g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2Flogin&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3929776891&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Mar 2022 01:09:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/975701947/ 42 B
548 B 143ms
53ms Image
image/gif 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/975701947/?random=1645199688158&cv=9&fst=1645196400000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=5&u_nmime=2&gtm=2oa2g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2Flogin&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3742915801&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Mar 2022 01:09:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/819500023/ 42 B
108 B 56ms
55ms Image
image/gif 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/819500023/?random=1645199688162&cv=9&fst=1645196400000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=5&u_nmime=2&gtm=2oa2g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2Flogin&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=934572699&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Mar 2022 01:09:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/959299794/ 42 B
108 B 53ms
53ms Image
image/gif 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/959299794/?random=1645199688176&cv=9&fst=1645196400000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=5&u_nmime=2&gtm=2oa2g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.citi.com%2Flogin&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2969722864&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Mar 2022 01:09:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET

Interstate-Light.woff
www.hidrotherms.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/
Redirect Chain

https://hidrotherms.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff
https://www.hidrotherms.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff

0
0

GET
BLOB 200
OK d9fb8f82-e885-4420-93aa-644ad4476363
https://hidrotherms.com/ 161 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://hidrotherms.com/d9fb8f82-e885-4420-93aa-644ad4476363
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c8bc330a07fc8ba4ead1f924570b2eeb220dfb170e86ea6594f7a2daef2efc16

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Content-Length: 165178

GET
H2 200 LSO_4959.jpg
online.citi.com/nga-lite-signon/ 171 KB
172 KB 348ms
17ms Image
image/jpeg 104.92.75.138
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/nga-lite-signon/LSO_4959.jpg

Requested by

Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.92.75.138 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-92-75-138.deploy.static.akamaitechnologies.com

Software

Resource Hash

48e89b7e40e096b89d864a5c8ee340ce44ca60fe9675310ef2f3f40a53a7d593

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:11 GMT
last-modified: Mon, 11 Jan 2021 11:55:43 GMT
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 174933
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2

404

qrsignon-1.png
www.hidrotherms.com/cbol-pre-login-static-assets/assets/partner-login/qr/images/
Redirect Chain

https://hidrotherms.com/cbol-pre-login-static-assets/assets/partner-login/qr/images/qrsignon-1.png
https://www.hidrotherms.com/cbol-pre-login-static-assets/assets/partner-login/qr/images/qrsignon-1.png

0
0

317ms
316ms

Image
text/html

108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.hidrotherms.com/cbol-pre-login-static-assets/assets/partner-login/qr/images/qrsignon-1.png
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Redirect headers

date: Wed, 30 Mar 2022 01:09:10 GMT
server: Apache
x-redirect-by: WordPress
content-type: text/html; charset=UTF-8
location: https://www.hidrotherms.com/cbol-pre-login-static-assets/assets/partner-login/qr/images/qrsignon-1.png
cache-control: no-cache, must-revalidate, max-age=0
content-length: 0
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET

Interstate-Bold.woff
www.hidrotherms.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/
Redirect Chain

https://hidrotherms.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff
https://www.hidrotherms.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff

0
0

GET
H/1.1 200
OK dest5.html Show response
citi.demdex.net/ Frame 2AE1 7 KB
3 KB 135ms
28ms Document
text/html 52.215.111.225
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://citi.demdex.net/dest5.html?d_nsid=0

Requested by

Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/img/Bootstrap.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.215.111.225 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-215-111-225.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Wed, 30 Mar 2022 01:09:10 GMT
DCS: dcs-prod-irl1-2-v030-0b737a958.edge-irl1.demdex.com UNKNOWN
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Tue, 15 Mar 2022 12:36:35 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: e4Ec8KUEQyk=
transfer-encoding: chunked
Connection: keep-alive

GET

Interstate-Bold.woff
www.hidrotherms.com/cts/city.com/img/cds-assets/fonts/interstate/
Redirect Chain

https://hidrotherms.com/cts/city.com/img/cds-assets/fonts/interstate/Interstate-Bold.woff
https://www.hidrotherms.com/cts/city.com/img/cds-assets/fonts/interstate/Interstate-Bold.woff

0
0

GET
H2 200 fdf45a7c15c1cee06bb71e10dac4e26e.js Show response
nexus.ensighten.com/citi/na_prod/code/ 989 B
1 KB 8ms
7ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/img/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 7df13706eaab8ce9a3dcd2a501f60bc66987c83834d07dfaf07ae56ef814c110

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
last-modified: Tue, 14 May 2019 17:01:42 GMT
server: nginx
etag: "5cdaf476-3dd"
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 989

GET
H2 200 da6191c2b2959a15b37bb1f025a35ecd.js Show response
nexus.ensighten.com/citi/na_prod/code/ 5 KB
2 KB 8ms
8ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/da6191c2b2959a15b37bb1f025a35ecd.js?conditionId0=4897099
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/img/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 5cbb5852d6dd001b4defb3f6ace7f8beb88d0f19d20d00ebfd086a24c31988db

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
content-encoding: gzip
last-modified: Tue, 01 Mar 2022 18:19:28 GMT
server: nginx
etag: W/"621e63b0-12ea"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000

GET
H2 200 557566dc60916e3de69e006bef252459.js Show response
nexus.ensighten.com/citi/na_prod/code/ 2 KB
961 B 8ms
8ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/img/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 31b00ff4929696dfca06885da68e58c3e09f6ecb4ae0fe1ae287e99a3fd1f716

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
content-encoding: gzip
last-modified: Tue, 27 Aug 2019 16:59:12 GMT
server: nginx
etag: W/"5d656160-887"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000

GET
H2 200 a81e05b9f5c7e57b0d80e617030f8bd0.js Show response
nexus.ensighten.com/citi/na_prod/code/ 157 KB
34 KB 22ms
22ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/a81e05b9f5c7e57b0d80e617030f8bd0.js?conditionId0=421908
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/img/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 0bcb15216559cb490a994fc29303e9e66b109926890e7d3abfddbbfcef347c8e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
content-encoding: gzip
last-modified: Wed, 16 Mar 2022 21:07:32 GMT
server: nginx
etag: W/"62325194-275e6"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000

GET
H2 200 51aba9f62787efbaa13e53a8d1ae3892.js Show response
nexus.ensighten.com/citi/na_prod/code/ 1 KB
847 B 21ms
21ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/img/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: bf8892a953595eb96b9ca68c5756849d404115dcf2ee9bf87e8b4e7b3cf8e650

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
content-encoding: gzip
last-modified: Tue, 31 Aug 2021 17:19:01 GMT
server: nginx
etag: W/"612e6485-52a"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000

GET
H2 200 b2f0446660cb2dea0f6dc3924205e9e6.js Show response
nexus.ensighten.com/citi/na_prod/code/ 138 KB
37 KB 14ms
14ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/b2f0446660cb2dea0f6dc3924205e9e6.js?conditionId0=486757
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/img/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 24ef04068969210454f752e9d8a9155e1a09ec0f8b3141a4cdb61060e1d5633c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
content-encoding: gzip
last-modified: Tue, 29 Mar 2022 21:19:50 GMT
server: nginx
etag: W/"624377f6-226ce"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000

GET
H2 200 d9242bb4689714e792142b57fb108642.js Show response
nexus.ensighten.com/citi/na_prod/code/ 39 KB
8 KB 29ms
28ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/d9242bb4689714e792142b57fb108642.js?conditionId0=467299
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/img/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 7c538f8a3c3e0da60b45759f24187eb0b25dd0531a5a2609302ed0b6b88365b7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
content-encoding: gzip
last-modified: Tue, 29 Mar 2022 21:19:50 GMT
server: nginx
etag: W/"624377f6-9cac"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000

GET
H2 204 e.gif
nexus.ensighten.com/error/ 0
106 B 10ms
9ms Image
text/plain 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nexus.ensighten.com/error/e.gif?msg=citiData%20is%20not%20defined&lnn=-1&fn=&cid=1129&client=citi&publishPath=na_prod&rid=3183206&did=542251&errorName=ReferenceError
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
cache-control: no-cache, no-store
server: nginx
expires: Wed, 30 Mar 2022 01:09:09 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 92 KB
37 KB 136ms
52ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6268858

Requested by

Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/img/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

74e6d044e6e3cd891c155921c7486752c5f0461dbc8cb7e7b92a027d3da2941f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37349
x-xss-protection: 0
last-modified: Wed, 30 Mar 2022 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 30 Mar 2022 01:09:10 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 92 KB
37 KB 145ms
61ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6260004

Requested by

Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/img/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0f01978ff439dabef0d32ee01460f5d0d0563b53efa8bb7b2b0d257ce5c3dfbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:10 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37347
x-xss-protection: 0
last-modified: Wed, 30 Mar 2022 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 30 Mar 2022 01:09:10 GMT

GET
H2 200 tc.min.js Show response
c1.rfihub.net/js/ 19 KB
6 KB 59ms
9ms Script
application/x-javascript 2600:9000:2156:be00:1:76cf:fe80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.rfihub.net/js/tc.min.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/d9242bb4689714e792142b57fb108642.js?conditionId0=467299
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:be00:1:76cf:fe80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 00:59:06 GMT
content-encoding: gzip
last-modified: Wed, 30 Mar 2022 00:58:56 GMT
server: Jetty(9.3.29.v20201019)
age: 604
x-cache: Hit from cloudfront
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
via: 1.1 9eb0e845437929074828e0cf53f179ae.cloudfront.net (CloudFront)
cache-control: public, max-age=3600
x-amz-cf-pop: FRA50-C1
content-type: application/x-javascript
content-length: 6162
x-amz-cf-id: EvTJBBsE4PsoiBOW0vs4a9FZsHFWDaqEY8UkEobkLMjA_dE_iyIFDQ==
expires: Wed, 30 Mar 2022 01:59:06 GMT

GET
H/1.1 200
OK ca.html Show response
20766699p.rfihub.com/ Frame 4654 118 B
705 B 290ms
26ms Document
text/html 193.0.160.129
ROCKETFUEL

General

Check archive.org

Show headers Download Go to

Full URL: https://20766699p.rfihub.com/ca.html?ver=9&ra=794&rb=648&ca=20766699&_o=17169175&_t=&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=https%3A%2F%2Fhidrotherms.com%2Fcts%2Fcity.com%2F&pf=&ra=06238038943945057
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/img/tc.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.129 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: c437eb764a99e6cd5172d63c3fae564bbc51eda4981058d5edebd2bf0700eb76

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/

Response headers

Date: Wed, 30 Mar 2022 01:09:11 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Content-Type: text/html;charset=utf-8
Content-Length: 118
Server: Jetty(9.3.29.v20201019)

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 92 KB
37 KB 50ms
49ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6260004&l=dataLayer&cx=c

Requested by

Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/img/js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3b1b9d8e3c22e95ddf47154690af5ca4a67475fe23225999d0be41a51213902f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:11 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37347
x-xss-protection: 0
last-modified: Wed, 30 Mar 2022 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 30 Mar 2022 01:09:11 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 92 KB
37 KB 55ms
53ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6269322&l=dataLayer&cx=c

Requested by

Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/img/js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9d8bd151fa62285091c5ee38da71396bd5cfd92f91c833cd4c785de54c5ede9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:11 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37348
x-xss-protection: 0
last-modified: Wed, 30 Mar 2022 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 30 Mar 2022 01:09:11 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 92 KB
37 KB 76ms
76ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6256710&l=dataLayer&cx=c

Requested by

Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/img/js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1eb42101ce54fe62f817a560608ecdf28439729a75e7b0c3b48753161dece73e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:11 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37346
x-xss-protection: 0
last-modified: Wed, 30 Mar 2022 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 30 Mar 2022 01:09:11 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 92 KB
37 KB 57ms
57ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6415812&l=dataLayer&cx=c

Requested by

Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/img/js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

11b87923a399fe448c9e7a69ce55b551fd0fab3803854cf43609a626be26bed3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:11 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37347
x-xss-protection: 0
last-modified: Wed, 30 Mar 2022 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 30 Mar 2022 01:09:11 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 92 KB
37 KB 75ms
75ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6268858&l=dataLayer&cx=c

Requested by

Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/img/js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7e69abfd8a5aeeffd9a6f8e6ffa3aeb11c8a7b2923af4911a8deefd139368ca1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:11 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37349
x-xss-protection: 0
last-modified: Wed, 30 Mar 2022 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 30 Mar 2022 01:09:11 GMT

POST
H2 200 tp2 Show response
p.tvpixel.com/com.snowplowanalytics.snowplow/ 2 B
336 B 301ms
101ms XHR
text/plain 18.235.170.13
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://p.tvpixel.com/com.snowplowanalytics.snowplow/tp2
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/img/dpm_pixel_min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.235.170.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-235-170-13.compute-1.amazonaws.com
Software: akka-http/10.1.12 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://hidrotherms.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

access-control-allow-origin: https://hidrotherms.com
date: Wed, 30 Mar 2022 01:09:11 GMT
access-control-allow-credentials: true
server: akka-http/10.1.12
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
content-length: 2
content-type: text/plain; charset=UTF-8

OPTIONS
H2 200 tp2
p.tvpixel.com/com.snowplowanalytics.snowplow/ Frame 0
0 308ms
99ms Preflight 18.235.170.13
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://p.tvpixel.com/com.snowplowanalytics.snowplow/tp2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.235.170.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-235-170-13.compute-1.amazonaws.com
Software: akka-http/10.1.12 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://hidrotherms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 30 Mar 2022 01:09:11 GMT
content-length: 0
access-control-allow-origin: https://hidrotherms.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, SP-Anonymous
access-control-max-age: 5
server: akka-http/10.1.12

GET
H/1.1 200
OK cr.png Show response
contents3.00110.citi.com/api/v1/ 4 B
344 B 442ms
126ms XHR
application/json 52.141.218.213
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://contents3.00110.citi.com/api/v1/cr.png?cid=cedric&snum=1648602551149-sjn0000296-1d51e05a-975e-49fc-b5b2-59ee9bbce5c2&muid=1648602550705-1BE67A8A-9617-4A76-B75A-4864761A91CF
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/img/96e0eb995483e83e7b3f71968eedeed1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.141.218.213 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
Date: Wed, 30 Mar 2022 01:09:11 GMT
Server: nginx
tail-id: 0e35ab49-6cec-45b3-af14-522ec8526ce8
Content-Type: application/json
access-control-allow-origin: https://hidrotherms.com
cache-control: no-cache, no-store
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 4

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?CtsSyncId=884A76A442AA44AE80F4EEB3DA285CB1&RedC=c.clarity.ms&MXFR=1ADE16BEC243671A1F0307C9C64369D4
https://c.clarity.ms/c.gif?CtsSyncId=884A76A442AA44AE80F4EEB3DA285CB1&MUID=3961C8C003586E3606A1D9B702336F23

42 B
391 B

26ms
26ms

Image
image/gif

52.142.114.2
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?CtsSyncId=884A76A442AA44AE80F4EEB3DA285CB1&MUID=3961C8C003586E3606A1D9B702336F23
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/
Protocol: H2
Server: 52.142.114.2 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Mar 2022 01:09:11 GMT
last-modified: Fri, 18 Mar 2022 19:39:54 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "8120eaf0ff3ad81:0"
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

Redirect headers

pragma: no-cache
date: Wed, 30 Mar 2022 01:09:11 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 14B2364FC8B34E5BBCCBE52273E7DFCB Ref B: FRAEDGE1511 Ref C: 2022-03-30T01:09:11Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?CtsSyncId=884A76A442AA44AE80F4EEB3DA285CB1&MUID=3961C8C003586E3606A1D9B702336F23
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET

Interstate-Bold.ttf
www.hidrotherms.com/cts/city.com/img/cds-assets/fonts/interstate/
Redirect Chain

https://hidrotherms.com/cts/city.com/img/cds-assets/fonts/interstate/Interstate-Bold.ttf
https://www.hidrotherms.com/cts/city.com/img/cds-assets/fonts/interstate/Interstate-Bold.ttf

0
0

GET

Interstate-Bold.ttf
www.hidrotherms.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/
Redirect Chain

https://hidrotherms.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf
https://www.hidrotherms.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf

0
0

GET

Interstate-Light.ttf
www.hidrotherms.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/
Redirect Chain

https://hidrotherms.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf
https://www.hidrotherms.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf

0
0

GET

Interstate-Bold.woff
www.hidrotherms.com/cts/city.com/img/commonui-assets/fonts/interstate/
Redirect Chain

https://hidrotherms.com/cts/city.com/img/commonui-assets/fonts/interstate/Interstate-Bold.woff
https://www.hidrotherms.com/cts/city.com/img/commonui-assets/fonts/interstate/Interstate-Bold.woff

0
0

GET

Interstate-Light.woff
www.hidrotherms.com/cts/city.com/img/cds-assets/fonts/interstate/
Redirect Chain

https://hidrotherms.com/cts/city.com/img/cds-assets/fonts/interstate/Interstate-Light.woff
https://www.hidrotherms.com/cts/city.com/img/cds-assets/fonts/interstate/Interstate-Light.woff

0
0

GET

Interstate-Bold.ttf
www.hidrotherms.com/cts/city.com/img/commonui-assets/fonts/interstate/
Redirect Chain

https://hidrotherms.com/cts/city.com/img/commonui-assets/fonts/interstate/Interstate-Bold.ttf
https://www.hidrotherms.com/cts/city.com/img/commonui-assets/fonts/interstate/Interstate-Bold.ttf

0
0

GET

Interstate-Light.ttf
www.hidrotherms.com/cts/city.com/img/cds-assets/fonts/interstate/
Redirect Chain

https://hidrotherms.com/cts/city.com/img/cds-assets/fonts/interstate/Interstate-Light.ttf
https://www.hidrotherms.com/cts/city.com/img/cds-assets/fonts/interstate/Interstate-Light.ttf

0
0

GET
H2 200 embed.js Show response
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ 2 KB
1 KB 86ms
7ms Script
application/javascript 151.101.130.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b5d1c26722742c44e62a4fbb4b67117d2587aa320f61784a27fea9d66d9f62b4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

x-amz-version-id: 7ZFGbm5gfkxV.pQuBY8LWu5zWeTQ0IFs
content-encoding: gzip
etag: "a698e80bc62ebcae5d8ef95ef0d2804d"
age: 694627
via: 1.1 varnish
x-cache: HIT
content-length: 675
x-amz-id-2: u1tZNaC/5T/pnBxInHESXg2tp+0XOzw+i+e+nLGUvcg0/fF1c1+TVdFHYPFKqoR+63eRSZLZFSI=
x-served-by: cache-hhn4026-HHN
last-modified: Fri, 25 Feb 2022 18:17:26 GMT
server: AmazonS3
x-timer: S1648602554.084191,VS0,VE1
date: Wed, 30 Mar 2022 01:09:14 GMT
vary: Accept-Encoding
x-amz-request-id: 1R98NRXW2SWENTVP
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1

GET
H2 403 1560.js
cdn.pbbl.co/r/ 0
0 80ms
8ms Script
text/html 143.204.98.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pbbl.co/r/1560.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/da6191c2b2959a15b37bb1f025a35ecd.js?conditionId0=4897099
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-10.fra50.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 102 KB
40 KB 52ms
52ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-916451471

Requested by

Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/img/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

385f037070022c1a4ad9683a1b54a4953120436bfc9ce66df4a6599b2488d596

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:14 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41271
x-xss-protection: 0
last-modified: Wed, 30 Mar 2022 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 30 Mar 2022 01:09:14 GMT

GET
H/1.1 200
OK bk-coretag.js Show response
tags.bkrtx.com/js/ 51 KB
16 KB 79ms
9ms Script
application/javascript 96.16.135.39
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://tags.bkrtx.com/js/bk-coretag.js

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/da6191c2b2959a15b37bb1f025a35ecd.js?conditionId0=4897099

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

96.16.135.39 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a96-16-135-39.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

88cd43c3f5453f7b4db2cbe884b47db3c8317860a2ce6e9b2bc934ff4b8e32eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15724800; includeSubDomains
Content-Encoding: gzip
Last-Modified: Fri, 21 May 2021 19:14:21 GMT
Server: nginx/1.15.8
ETag: W/"60a8068d-cbc2"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=604800
Date: Wed, 30 Mar 2022 01:09:14 GMT
Connection: keep-alive
Content-Length: 16078
Expires: Wed, 06 Apr 2022 01:09:14 GMT

GET
H2 451 425466.html Show response
sr.rlcdn.com/ Frame 0499 0
98 B 189ms
115ms Document
text/plain 35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/d9242bb4689714e792142b57fb108642.js?conditionId0=467299
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/

Response headers

date: Wed, 30 Mar 2022 01:09:14 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 dpm_pixel_min.js Show response
c.tvpixel.com/js/current/ 103 KB
31 KB 81ms
10ms Script
application/javascript 2600:9000:2156:2600:1d:bf0a:0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.tvpixel.com/js/current/dpm_pixel_min.js?aid=citi-d4f85824-1351-4554-91ff-fdb56f962c5c&comscore=true
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/img/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:2600:1d:bf0a:0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 61d8137d275f12306e177bc726c2b3e072f9efa4743a0ace6ecbcf7a0932fd07

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

x-amz-version-id: oMk5SFqHXboEDRm2.vDWImtx_4ARYxEl
content-encoding: gzip
last-modified: Thu, 16 Sep 2021 18:14:59 GMT
server: AmazonS3
age: 51742
etag: W/"08e770c8a17bf087d50cec01af0892c2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 ef13dd533b8dc9dcfdc35449cf88f808.cloudfront.net (CloudFront)
date: Tue, 29 Mar 2022 10:46:52 GMT
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: -pMRzGaQLH92sWK9WD3PJv6qDx3NrxNjpcIndPnov6A8cCmIjbnp7g==

GET
H2 200 bat.js Show response
bat.bing.com/ 38 KB
11 KB 59ms
30ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/img/Bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

8540c5e2d2e85cc6c5d46b1b06b7f6642dce39e0314299a08976cfe6053c7c52

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Wed, 09 Feb 2022 23:54:49 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 757FC415546C44128C1A1E5CFD560132 Ref B: FRAEDGE1511 Ref C: 2022-03-30T01:09:14Z
etag: "806a236c101ed81:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
date: Wed, 30 Mar 2022 01:09:13 GMT
accept-ranges: bytes
content-length: 11333

GET
H/1.1 200
OK /
d.agkn.com/pixel/9340/ 43 B
595 B 82ms
10ms Image
image/gif 3.120.51.47
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.agkn.com/pixel/9340/?che=4216426917.0291567&abid=undefined
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.120.51.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-120-51-47.eu-central-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Mar 2022 01:09:13 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 generic1642556755234.js Show response
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ 529 KB
88 KB 75ms
7ms Script
application/javascript 151.101.130.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1642556755234.js
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/img/embed.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4b1b13a9bf37b3f15910d0b01bdfd90420f20445ac1cd4dcf296831d5df43c04

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

x-amz-version-id: rSjn3UrYpUyqzJwJI83SrWd_Yi2yQGv5
content-encoding: gzip
etag: "23e4d609fe08b7a8c3e4f1da77c7f96c"
age: 42950
via: 1.1 varnish
x-cache: HIT
content-length: 89391
x-amz-id-2: cw9TMvNbP/VgPIOlwNjLzFdaHym/Wo933RkGrnQrB4d6EoP+pFUnSvDjmeEN9suAeZle5LGQWkA=
x-served-by: cache-hhn4026-HHN
last-modified: Wed, 19 Jan 2022 01:45:56 GMT
server: AmazonS3
x-timer: S1648602554.084274,VS0,VE1
date: Wed, 30 Mar 2022 01:09:14 GMT
vary: Accept-Encoding
x-amz-request-id: 1XRHWFGDGAYF9HYP
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1

GET

Interstate-Light.woff
www.hidrotherms.com/cts/city.com/img/commonui-assets/fonts/interstate/
Redirect Chain

https://hidrotherms.com/cts/city.com/img/commonui-assets/fonts/interstate/Interstate-Light.woff
https://www.hidrotherms.com/cts/city.com/img/commonui-assets/fonts/interstate/Interstate-Light.woff

0
0

GET
H/1.1 200
OK check.js;CIS3SID=69B4B09FD8A728BF2EE7FCB11A1B9673 Show response
content22.online.citi.com/fp/ Frame F4D9 432 KB
76 KB 98ms
23ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/check.js;CIS3SID=69B4B09FD8A728BF2EE7FCB11A1B9673?org_id=89oebq5k&session_id=f13ab1edeab18f4de9bda9c87dd095aabcc70280541a117ddef5b26c845e156f&nonce=6b89f78c1aa12a6c&pageid=1&jb=3639242668736f753d4c6b6e7d7a266a73673f4c69667770246a73627d3d4368706d6f6726687b623d4368726f6d672532303b39

Requested by

Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/img/tags.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

53074df5733dc65a1de490d124a00fc25a7a7ff514b607be744a05c50faca4b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Wed, 30 Mar 2022 01:09:14 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
P3P: CP=IVAa PSAa
tmx-nonce: 6b89f78c1aa12a6c
Connection: Keep-Alive, Keep-Alive
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=2, max=100
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK clear.png
content22.online.citi.com/fp/ Frame F4D9 81 B
475 B 88ms
13ms Image
image/png 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=f13ab1edeab18f4de9bda9c87dd095aabcc70280541a117ddef5b26c845e156f&nonce=6b89f78c1aa12a6c&pageid=1&ck=0&m=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Mar 2022 01:09:14 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK clear.png
content22.online.citi.com/fp/ Frame F4D9 81 B
475 B 91ms
17ms Image
image/png 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=f13ab1edeab18f4de9bda9c87dd095aabcc70280541a117ddef5b26c845e156f&nonce=6b89f78c1aa12a6c&pageid=1&ck=0&m=2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Mar 2022 01:09:14 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK check.js;CIS3SID=46224D2C1EE73E9471744854588FFD2B Show response
content22.online.citi.com/fp/ Frame 9D63 432 KB
76 KB 60ms
25ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/check.js;CIS3SID=46224D2C1EE73E9471744854588FFD2B?org_id=89oebq5k&session_id=9717568aca3ba00d5234104e6f4c362a19aaa5de751b91a371cfabbf6b804cec&nonce=5527618d41f91b6a&pageid=1&jb=3c3b26246a7167753f4c6b6c7578266a736d3f4c696e757824687360773f416872676d65266a73623f436870676d652730303b3b

Requested by

Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/img/tags.js(1).download

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

094f2e28ded6db6a7a8a5115d832c324d6009d84bb2b550a89810cf1802e0bb9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Wed, 30 Mar 2022 01:09:14 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
P3P: CP=IVAa PSAa
tmx-nonce: 5527618d41f91b6a
Connection: Keep-Alive, Keep-Alive
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=2, max=100
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK clear.png
content22.online.citi.com/fp/ Frame 9D63 81 B
474 B 40ms
13ms Image
image/png 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=9717568aca3ba00d5234104e6f4c362a19aaa5de751b91a371cfabbf6b804cec&nonce=5527618d41f91b6a&pageid=1&ck=0&m=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Mar 2022 01:09:14 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=99
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK clear.png
content22.online.citi.com/fp/ Frame 9D63 81 B
475 B 44ms
12ms Image
image/png 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=9717568aca3ba00d5234104e6f4c362a19aaa5de751b91a371cfabbf6b804cec&nonce=5527618d41f91b6a&pageid=1&ck=0&m=2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Mar 2022 01:09:14 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK cls_report Show response
prod.report.nacustomerexperience.citi.com/glassbox/reporting/ 39 KB
5 KB 730ms
128ms XHR
application/json 192.193.200.243
SOLANA-CITIPLEX

General

Check archive.org

Show headers Download Go to

Full URL

https://prod.report.nacustomerexperience.citi.com/glassbox/reporting/cls_report?_cls_s=fab725d6-f0fa-4c3e-bc69-e3350f84a0b3%3A0&_cls_v=fac264e5-f0e7-44d6-bdfa-5b373006042c&pv=2&f_cls_s=true

Requested by

Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/img/96e0eb995483e83e7b3f71968eedeed1.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.193.200.243 , United States, ASN32287 (SOLANA-CITIPLEX, US),

Reverse DNS

Software

GlassBox Cligate /

Resource Hash

a38709093d18eab6976c76c38e9776c1f64e8e2b20a697b260330aa2a4e41877

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Wed, 30 Mar 2022 01:09:14 GMT
content-encoding: gzip
vary: origin
Server: GlassBox Cligate
X-Akamai-CITISITE: SWDC
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: application/json
access-control-allow-origin: https://hidrotherms.com
access-control-allow-credentials: true
Connection: close
content-length: 4473

GET
H2 200 96e0eb995483e83e7b3f71968eedeed1.js Show response
hidrotherms.com/cts/city.com/img/ Frame F4D9 396 KB
155 KB 162ms
161ms Script
application/javascript 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/96e0eb995483e83e7b3f71968eedeed1.js
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/img/96e0eb995483e83e7b3f71968eedeed1.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: d9181c42b463ba85677421a93ae1ba80ae774c9bf8af67200ed78a419bd067a0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:14 GMT
content-encoding: gzip
last-modified: Sun, 13 Mar 2022 12:08:28 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 96e0eb995483e83e7b3f71968eedeed1.js Show response
hidrotherms.com/cts/city.com/img/ Frame 9D63 396 KB
155 KB 171ms
171ms Script
application/javascript 108.179.252.62
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://hidrotherms.com/cts/city.com/img/96e0eb995483e83e7b3f71968eedeed1.js
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/img/96e0eb995483e83e7b3f71968eedeed1.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 108.179.252.62 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: br522-ip03.hostgator.com.br
Software: Apache /
Resource Hash: d9181c42b463ba85677421a93ae1ba80ae774c9bf8af67200ed78a419bd067a0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/cts/city.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:14 GMT
content-encoding: gzip
last-modified: Sun, 13 Mar 2022 12:08:28 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: application/javascript

GET
H/1.1 200
OK check.js;CIS3SID=69915BADAB241B2E060746F35B8AB099 Show response
content22.online.citi.com/fp/ Frame CE18 432 KB
76 KB 26ms
22ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/check.js;CIS3SID=69915BADAB241B2E060746F35B8AB099?org_id=89oebq5k&session_id=6a85cc0b2587fa37e50459cde015dc512324b28dd7dd15460c2d10e6ae17cd32&nonce=31f079b47db06ff4&pageid=1&jb=36392e2668716f773f4c616c77782468736f3d4c69667778266a7362753f4368706d6f6524687b623d4168726f6d652732323b39

Requested by

Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/img/tags.js(2).download

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

0c568bfe19dfcb7530599f06725ccad6c7c80d8e29b2d21acf3fbb10a7d6f15a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Wed, 30 Mar 2022 01:09:14 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
P3P: CP=IVAa PSAa
tmx-nonce: 31f079b47db06ff4
Connection: Keep-Alive, Keep-Alive
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=2, max=100
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK clear.png
content22.online.citi.com/fp/ Frame CE18 81 B
474 B 16ms
16ms Image
image/png 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=6a85cc0b2587fa37e50459cde015dc512324b28dd7dd15460c2d10e6ae17cd32&nonce=31f079b47db06ff4&pageid=1&ck=0&m=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Mar 2022 01:09:14 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=99
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK clear.png
content22.online.citi.com/fp/ Frame CE18 81 B
474 B 13ms
12ms Image
image/png 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=6a85cc0b2587fa37e50459cde015dc512324b28dd7dd15460c2d10e6ae17cd32&nonce=31f079b47db06ff4&pageid=1&ck=0&m=2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Mar 2022 01:09:14 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=98
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 16001692.js Show response
bat.bing.com/p/action/ 843 B
837 B 139ms
134ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/16001692.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

967a765de5c8723590db8b187db737a6779d0fd6e6c21bab393d93d0996439f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2A082C8472A54461BA2FE142A8F6F7C0 Ref B: FRAEDGE1511 Ref C: 2022-03-30T01:09:14Z
date: Wed, 30 Mar 2022 01:09:14 GMT
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-store,no-cache
content-length: 662

GET
H2 204 0
bat.bing.com/action/ 0
162 B 32ms
31ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=16001692&Ver=2&mid=a40a3c93-a360-4f99-9bce-a7425337fd8b&sid=039f0df0afc611eca7bb5ffa7686f3ed&vid=03a13c70afc611ec8d9f61e3745fdd29&vids=1&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&p=https%3A%2F%2Fhidrotherms.com%2Fcts%2Fcity.com%2F&r=&lt=5239&evt=pageLoad&msclkid=N&sv=1&rn=990819

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EBB99383A8F84666802F1C6D168575C8 Ref B: FRAEDGE1511 Ref C: 2022-03-30T01:09:14Z
date: Wed, 30 Mar 2022 01:09:13 GMT
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 0
bat.bing.com/action/ 0
120 B 37ms
36ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 48B0E7A9594E466B9E16E4C1069BC0DB Ref B: FRAEDGE1511 Ref C: 2022-03-30T01:09:14Z
date: Wed, 30 Mar 2022 01:09:14 GMT
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 16003743.js Show response
bat.bing.com/p/action/ 0
117 B 161ms
160ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/16003743.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 07C60040AFED46D3A162180D6C4F9866 Ref B: FRAEDGE1511 Ref C: 2022-03-30T01:09:14Z
date: Wed, 30 Mar 2022 01:09:14 GMT
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
120 B 59ms
59ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=16003743&Ver=2&mid=196f448b-7638-4d6f-bef0-85b648fd07da&sid=039f0df0afc611eca7bb5ffa7686f3ed&vid=03a13c70afc611ec8d9f61e3745fdd29&vids=0&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&p=https%3A%2F%2Fhidrotherms.com%2Fcts%2Fcity.com%2F&r=&lt=5239&evt=pageLoad&msclkid=N&sv=1&rn=218427

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B0BB87CB07F04DDBB293BF8462A6B929 Ref B: FRAEDGE1511 Ref C: 2022-03-30T01:09:14Z
date: Wed, 30 Mar 2022 01:09:14 GMT
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 0
bat.bing.com/action/ 0
120 B 58ms
58ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 07C75F3EF9324714893BC135EE217F2C Ref B: FRAEDGE1511 Ref C: 2022-03-30T01:09:14Z
date: Wed, 30 Mar 2022 01:09:14 GMT
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 39 KB
15 KB 135ms
50ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/img/js(7)

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

9616865a4344d7bd7631fb93925d422d89ea1db93bc52f9d217354841c2bdf3a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 01:09:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14883
x-xss-protection: 0
server: cafe
etag: 14534967036905587165
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 30 Mar 2022 01:09:14 GMT

OPTIONS
H2 200 tp2
p.tvpixel.com/com.snowplowanalytics.snowplow/ Frame 0
0 100ms
100ms Preflight 18.235.170.13
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://p.tvpixel.com/com.snowplowanalytics.snowplow/tp2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.235.170.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-235-170-13.compute-1.amazonaws.com
Software: akka-http/10.1.12 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://hidrotherms.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 30 Mar 2022 01:09:14 GMT
content-length: 0
access-control-allow-origin: https://hidrotherms.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, SP-Anonymous
access-control-max-age: 5
server: akka-http/10.1.12

POST
H2 200 tp2 Show response
p.tvpixel.com/com.snowplowanalytics.snowplow/ 2 B
335 B 101ms
99ms XHR
text/plain 18.235.170.13
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://p.tvpixel.com/com.snowplowanalytics.snowplow/tp2
Requested by: Host: hidrotherms.com
URL: https://hidrotherms.com/cts/city.com/img/96e0eb995483e83e7b3f71968eedeed1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.235.170.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-235-170-13.compute-1.amazonaws.com
Software: akka-http/10.1.12 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://hidrotherms.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

access-control-allow-origin: https://hidrotherms.com
date: Wed, 30 Mar 2022 01:09:14 GMT
access-control-allow-credentials: true
server: akka-http/10.1.12
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
content-length: 2
content-type: text/plain; charset=UTF-8

GET
H2 200 cool-2.1.15.min.js Show response
nebula-cdn.kampyle.com/resources/onsite/js/ 14 KB
5 KB 36ms
6ms Script
application/javascript 151.101.65.175
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
Requested by: Host: resources.digital-cloud-citi.medallia.com
URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1642556755234.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.175 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

x-amz-version-id: 9HCXbKZTbCJZkS8s9IuB.pE0JEvI0TGW
content-encoding: gzip
etag: "80dd5e3be5152c5c72d552c6a26ef6ff"
age: 1042937
via: 1.1 varnish
x-cache: HIT
content-length: 5197
x-amz-id-2: cv5VPIGCLLcXtswk37oaFl4fBbweUeVQHYrMuBMn+c9sgiGiJKp9+J3PzqI9Db3Up4e5W4lD9Ko=
x-served-by: cache-hhn4050-HHN
last-modified: Sun, 24 Jan 2021 11:03:10 GMT
server: AmazonS3
x-timer: S1648602554.236076,VS0,VE0
date: Wed, 30 Mar 2022 01:09:14 GMT
vary: Accept-Encoding
x-amz-request-id: TJ8QGVFCE6QYVTNF
access-control-allow-origin: *
cache-control: max-age=31622400
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 5207

GET
H/1.1 200
OK 63068 Show response
stags.bluekai.com/site/ Frame 6010 71 B
363 B 200ms
160ms Document
text/html 104.111.215.191
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://stags.bluekai.com/site/63068?ret=html&phint=language&phint=product&phint=event&phint=category&phint=page&phint=section1&phint=section2&phint=section3&phint=section4&phint=bankappstatus&phint=productID&phint=__bk_t%3DSign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&phint=__bk_k%3D&phint=__bk_l%3Dhttps%3A%2F%2Fhidrotherms.com%2Fcts%2Fcity.com%2F&phint=__bk_v%3D3.1.10&limit=10&r=62378404
Requested by: Host: tags.bkrtx.com
URL: https://tags.bkrtx.com/js/bk-coretag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.215.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-215-191.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 53350525edba0b889e87ea52a16ed843a928a2557e9f8d6747acd7ff991c95c3

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/

Response headers

Content-Type: text/html
Content-Length: 71
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
BK-Server: c2cc
X-Akamai-Origin-Object-Size: 71
Date: Wed, 30 Mar 2022 01:09:14 GMT
Connection: keep-alive

GET
H/1.1 200
OK clear.png Show response
content22.online.citi.com/fp/ Frame F4D9 81 B
531 B 44ms
13ms XHR
image/png 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/clear.png

Requested by

Host: content22.online.citi.com
URL: https://content22.online.citi.com/fp/check.js;CIS3SID=69B4B09FD8A728BF2EE7FCB11A1B9673?org_id=89oebq5k&session_id=f13ab1edeab18f4de9bda9c87dd095aabcc70280541a117ddef5b26c845e156f&nonce=6b89f78c1aa12a6c&pageid=1&jb=3639242668736f753d4c6b6e7d7a266a73673f4c69667770246a73627d3d4368706d6f6726687b623d4368726f6d672532303b39

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*, 89oebq5k/6b89f78c1aa12a6cf13ab1edeab18f4de9bda9c87dd095aabcc70280541a117ddef5b26c845e156f
Referer: https://hidrotherms.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Wed, 30 Mar 2022 01:09:14 GMT
Last-Modified: Wed, 30 Mar 2022 01:09:14 GMT
Server: Apache
Etag: ec36aa3c0f3c439ca988e0345a12e9f4
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Access-Control-Allow-Origin: https://hidrotherms.com
Cache-Control: private, must-revalidate, max-age=0
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
Expires: Mon, 29 Mar 2027 01:09:14 GMT

GET
H/1.1 200
OK ls_fp.html;CIS3SID=4BDAF204AE47F84E58F2A9EB31B18DA4 Show response
content22.online.citi.com/fp/ Frame 6597 84 KB
13 KB 16ms
16ms Document
text/html 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/ls_fp.html;CIS3SID=4BDAF204AE47F84E58F2A9EB31B18DA4?org_id=89oebq5k&session_id=f13ab1edeab18f4de9bda9c87dd095aabcc70280541a117ddef5b26c845e156f&nonce=6b89f78c1aa12a6c&pageid=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

b49bc154974730d2954aee4c055dacd8d71e7cb2e2eec1d42f0688a8ba8a6826

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/

Response headers

Date: Wed, 30 Mar 2022 01:09:14 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=99
Transfer-Encoding: chunked

GET
H/1.1 204
No Content clear.png Show response
content22.online.citi.com/fp/ Frame F4D9 0
387 B 17ms
17ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Mar 2022 01:09:14 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=99
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK sid_fp.html;CIS3SID=4BDAF204AE47F84E58F2A9EB31B18DA4 Show response
h.online-metrix.net/fp/ Frame 983C 98 KB
15 KB 73ms
22ms Document
text/html 91.235.132.130
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/fp/sid_fp.html;CIS3SID=4BDAF204AE47F84E58F2A9EB31B18DA4?org_id=89oebq5k&session_id=f13ab1edeab18f4de9bda9c87dd095aabcc70280541a117ddef5b26c845e156f&nonce=6b89f78c1aa12a6c&pageid=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.132.130 , United States, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

44c36e682418ebd44513d8891d39751e69b6f4cb66c33caec68b8c99784c08eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/

Response headers

Date: Wed, 30 Mar 2022 01:09:14 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=100
Transfer-Encoding: chunked

GET
H/1.1 204
No Content clear.png Show response
content22.online.citi.com/fp/ Frame F4D9 0
387 B 13ms
12ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=f13ab1edeab18f4de9bda9c87dd095aabcc70280541a117ddef5b26c845e156f&nonce=6b89f78c1aa12a6c&pageid=1&jd=3738242668666e3d3338246a6e6a3d34643e31633030323b616537363133396264606161663b306265353131373334266a66766e3f3238333d393a3338

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Mar 2022 01:09:14 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=98
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET page_embed_script.js
ghbmnnjooekpmoecnnnilnnbdlolhkhi/ Frame F4D9 0
0

GET
H/1.1 200
OK top_fp.html;CIS3SID=4BDAF204AE47F84E58F2A9EB31B18DA4 Show response
content22.online.citi.com/fp/ Frame 28B6 84 KB
12 KB 19ms
19ms Document
text/html 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/top_fp.html;CIS3SID=4BDAF204AE47F84E58F2A9EB31B18DA4?org_id=89oebq5k&session_id=f13ab1edeab18f4de9bda9c87dd095aabcc70280541a117ddef5b26c845e156f&nonce=6b89f78c1aa12a6c&pageid=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

3c61d14457bf067d5dbda8c559a3b9d40b71ec02816f8e3dc5cc9e7838e06a4a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/

Response headers

Date: Wed, 30 Mar 2022 01:09:14 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=98
Transfer-Encoding: chunked

GET
H/1.1 204
204 clear.png Show response
content22.online.citi.com/fp/ Frame F4D9 0
218 B 14ms
14ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=f13ab1edeab18f4de9bda9c87dd095aabcc70280541a117ddef5b26c845e156f&nonce=6b89f78c1aa12a6c&pageid=1&ja=33383b302426633d3026783d3824663d313e3230783930383226616635313630327a333030322e7378793d307830246470723f312e333432382c313230302e333430322c333230302c313430382e313230382e31363832243332303024302c30246f763f613a30326162636463373564646666663b67633a3c313134373034603b613561246d6e3d342671636c3f323426646a3d687c7678712533412d32462530446a6b647067746865726d732e616f6d253046617671273a46636974792c616d6d2732442664723d26726c3531267068353538663a3a69633662636e62653133316035333a3f616530643362646032643424686a3f673a3a646235333430323a36336566623965353632393d373339616c3563653a2462716f3d4c616e7578246871603d4160726f6d652532303b39266a716f773f4e6b667578266a7360773f436a726d6d65266e68613d3c246e646d353a2674726635477463253a46556e696c6d756e2465617468723d3430323364316132606761323a653663633534323238306166313535343033666c36353838393631643e6769633234646b39346164606635323139333139366126703f706c7565696c5d646e6973685e66616e716721726c7767696e5f776b6e6c6d77735f65676469695d786e6179657a5e66616e716723706e7d67696e5f61646f60655f6161726d6063765666616c736523726e7565696c5f717569636974616f655e66696e73652972647767696e5773686f6169756376675666616c736521706e7567696c5f7067636e786c617965725c64636c716523706c7567696c5f7e6e635f70646379657a5c6e636c736529706c75656b6c5d64677e616c76725e66616e736521726c77656b6c577376675f766b677565705e64616c736521726c7d65696e5f626376615664696e7365266f6c5f633f756760676e5f6562474c253230332e302530302a4d726766474c2532304751273232322c30253230436a72676f69756d215565624f4e2d3030474c5b4c2532324751273232392e30253230284f72656e474e25303247512d3230474c534e2730304753273230312e302732384168726f656b756d21556d604b69745f65624b6b76273030556d62474c414e474c475f696e7174636c61676c5f617272617b712733402530304558545f606c6d6c645f6d616c6d6170273b402532304d58545f616d6e6d725d6a75666665725f68636c665f646c6d6376273b42253230455a565d666e6f63745f626c656c642d314225323847585457647a63675f646d7074682731402732324d58545f7368616467725f74677876777067576c6f642533402730304758565f7465787477726d5d636f6d787065737b6b676c5f62707c63253340273032455a5c5f746578747572675f636f6f7070677171616f6e5f726776612733402530304558545f766570767572655764696c7c677a5d616e697b6f74726d726b6125314a2532305745424b4b545f455a545d76677a7c7572655f666b6e7665705f636e69736f74706f786b6325334a2732304d5a5c5d7352474a2533422730324d455157656c656d656e745d696e6467785d776b6c7c2533422532324d47535d66606f5f72656e66657a5d6d6970656370253b402d30304f455b5f7374636c6663726657646572697661746b7665732733402730324745535f74657a767772675f646c6f61742531422d30304f455b5d746570767d70655f66646f61745d6e6b6c65637a2533422532304f47535f746778767770675768616c665f646e6d61762531422532304f475357766578747d70655f606364645f666c6761745f6e6b6c6761702d33422532304f45515f76657074677a5d637a7261795f6f60686763762531422532305747424f4e5f636f646d725f6a776e6465725f6e6c6f6176273140253038574542474c5f636d6d707267737167665d7c6578747572675d6373766327334225323055454a454c5f63676f70726d717b67645f746d78747570675d6774612d3342253230574540474c5f616f6f7270677b7365645f74677a767570655d657463312531422d303057454a454c5f6b6d65727265737b65645f76677a7675706d5f73337463253340253230554540494b5657574542474c5d616d6d727267737365645f76657076757265577133746b273b402532305f4542474e5d616d6d727a65737365645f746778747570655d7131766b5f73726762273140253030554542474c5f66656a77675f726d6c64657a677a5d696e66672533422730325545404f4c5f64657074685d7465787675706727314a253230574540494b545d574742474c5f6467707c6a5f7465707675726d273b402532305f4542474e5d66706175576275666665727327334225303055474045445f6c6f73655d616d6e76657a742533422530305f47424b495c5d57454a45445d6c6f736d5f636f6c76677a74273b42253230574542454c5f6d776c766b5d667a6177313626656e5d683f333b303036306537653d373333663f6461666a373863346165383531346464343038633c333161632677676e763d496c74676e273038496e632e2675656e723f496c74656c253232497a6b732532384d7065664544273230456667696e67246161643f3c&jb=333531266e713d4d6f7a6b6c64632532463d2c30253a322055696e646777732530324c5625303831302e30253342273230576b6e343627314a2532307836362b2732324172706c655765604b61762532463d31372e3b342d3030284b40544d4c27304127323264696b652532304767636b6f2b253032416a7a6f6d652532443b3b2e322e363834342e3836253a32536166697069253a443d31372e333e

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Wed, 30 Mar 2022 01:09:14 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=97
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript;charset=UTF-8

GET
H/1.1 200
OK clear.png
89oebq5ke4nv7d4lu5o7uz5ykg5teccehmspyww56b89f78c1aa12a6cam1.e.aa.online-metrix.net/fp/ Frame F4D9 81 B
438 B 63ms
13ms Image
image/png 91.235.134.131
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://89oebq5ke4nv7d4lu5o7uz5ykg5teccehmspyww56b89f78c1aa12a6cam1.e.aa.online-metrix.net/fp/clear.png?org_id=89oebq5k&session_id=f13ab1edeab18f4de9bda9c87dd095aabcc70280541a117ddef5b26c845e156f&nonce=6b89f78c1aa12a6c&pageid=1&di=yes

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.134.131 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Mar 2022 01:09:14 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: close
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK clear.png Show response
content22.online.citi.com/fp/ Frame 9D63 81 B
530 B 13ms
13ms XHR
image/png 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/clear.png

Requested by

Host: content22.online.citi.com
URL: https://content22.online.citi.com/fp/check.js;CIS3SID=46224D2C1EE73E9471744854588FFD2B?org_id=89oebq5k&session_id=9717568aca3ba00d5234104e6f4c362a19aaa5de751b91a371cfabbf6b804cec&nonce=5527618d41f91b6a&pageid=1&jb=3c3b26246a7167753f4c6b6c7578266a736d3f4c696e757824687360773f416872676d65266a73623f436870676d652730303b3b

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*, 89oebq5k/5527618d41f91b6a9717568aca3ba00d5234104e6f4c362a19aaa5de751b91a371cfabbf6b804cec
Referer: https://hidrotherms.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Wed, 30 Mar 2022 01:09:14 GMT
Last-Modified: Wed, 30 Mar 2022 01:09:14 GMT
Server: Apache
Etag: 2ce818c395624c1aacca61b7c425951e
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Access-Control-Allow-Origin: https://hidrotherms.com
Cache-Control: private, must-revalidate, max-age=0
Connection: Keep-Alive
Keep-Alive: timeout=2, max=99
Content-Length: 81
Expires: Mon, 29 Mar 2027 01:09:14 GMT

GET
H/1.1 200
OK ls_fp.html;CIS3SID=EEC5809D506ABA3ACA9252E9E4FF7D8D Show response
content22.online.citi.com/fp/ Frame A8B6 84 KB
13 KB 17ms
15ms Document
text/html 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/ls_fp.html;CIS3SID=EEC5809D506ABA3ACA9252E9E4FF7D8D?org_id=89oebq5k&session_id=9717568aca3ba00d5234104e6f4c362a19aaa5de751b91a371cfabbf6b804cec&nonce=5527618d41f91b6a&pageid=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

33a5a6ffd12f5076076ee49e95ce48f69c5ab39c391be9385e9210d2fbfe618d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/

Response headers

Date: Wed, 30 Mar 2022 01:09:14 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=96
Transfer-Encoding: chunked

GET
H/1.1 204
No Content clear.png Show response
content22.online.citi.com/fp/ Frame 9D63 0
387 B 18ms
16ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Mar 2022 01:09:14 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=97
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK sid_fp.html;CIS3SID=EEC5809D506ABA3ACA9252E9E4FF7D8D Show response
h.online-metrix.net/fp/ Frame 4F48 98 KB
14 KB 23ms
22ms Document
text/html 91.235.132.130
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/fp/sid_fp.html;CIS3SID=EEC5809D506ABA3ACA9252E9E4FF7D8D?org_id=89oebq5k&session_id=9717568aca3ba00d5234104e6f4c362a19aaa5de751b91a371cfabbf6b804cec&nonce=5527618d41f91b6a&pageid=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.132.130 , United States, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

96826fb02b92df09140aad9b47ce6c0988b65d638a941f5a63fb2a33a1a6833e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/

Response headers

Date: Wed, 30 Mar 2022 01:09:14 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=99
Transfer-Encoding: chunked

GET
H/1.1 204
No Content clear.png Show response
content22.online.citi.com/fp/ Frame 9D63 0
387 B 13ms
13ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=9717568aca3ba00d5234104e6f4c362a19aaa5de751b91a371cfabbf6b804cec&nonce=5527618d41f91b6a&pageid=1&jd=3d3426246a64663d3138246866683d346434316330383033616737343b313b62666a636366393862673531333f3336246866766c3d323837383130

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Mar 2022 01:09:14 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=99
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET page_embed_script.js
ghbmnnjooekpmoecnnnilnnbdlolhkhi/ Frame 9D63 0
0

GET
H/1.1 200
OK top_fp.html;CIS3SID=EEC5809D506ABA3ACA9252E9E4FF7D8D Show response
content22.online.citi.com/fp/ Frame E87F 84 KB
13 KB 15ms
15ms Document
text/html 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/top_fp.html;CIS3SID=EEC5809D506ABA3ACA9252E9E4FF7D8D?org_id=89oebq5k&session_id=9717568aca3ba00d5234104e6f4c362a19aaa5de751b91a371cfabbf6b804cec&nonce=5527618d41f91b6a&pageid=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

ccfb5db43003cacddbd0448e046ce4566e75aed58c16373cb087c89b2a0be0b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/

Response headers

Date: Wed, 30 Mar 2022 01:09:14 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=97
Transfer-Encoding: chunked

GET
H/1.1 204
204 clear.png Show response
content22.online.citi.com/fp/ Frame 9D63 0
218 B 17ms
17ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=9717568aca3ba00d5234104e6f4c362a19aaa5de751b91a371cfabbf6b804cec&nonce=5527618d41f91b6a&pageid=1&ja=393a393226246b3d3226783f3026663d3134323078313230322461643f33343030703132303026737a793d327030266672723f332c333432322e393230322c333e32302e313038302e313432302c313230322e313630302c333030322e322e302665743d61383832636263666b373766666666643967633a363339343732366031633763266f663d36267161643d3234266e6a3d687474707127334327304425324e686964726f746a65726f7b2e636d6f2530446376712730446b69747b2e61676f253046246c723f26726e3d332670683f3538663238616334626164606731313b623733383761673064316a6462306634246a683f343066336c66663036663037633263606e613463616130653534636137393432266a716d3d4e6b6c7778266273623d4368726d6d65273a30393b246a716d753f4e6b6c7770266a716277354168706f6f6d266c68613f34266e646d3f3a26747a643d477663273044576e6b666f776e266d617668723f3c303031663161306267613230673e6363373632383a326364333d353630336464343538383336316436656163303466613b3661666a643732333133333936632e703d726e75656b6e5d646e6371605e66636c716d23706e7565616e5d776b6c646f77735f6f676469615f706e637967705c64616c7b6521706c75676b6e5f636c6f62675d6161706f6063765c64696c736721726477676b6e5d79756b636976696d655e66636e736521706c7765696c5d716a6f6363776176655e66636c736729706c7765696c5d7267636e726e697965705e64696e73672172647565696c5d766c635f706e637965725e66636e736723726e7567616e5f646576616e76725c6e616c716721726e75656b6c5d717e675f7469677f67725c666364736721726e7567696e5f686376615e66616e716524656e5d633d7f6562676c576560474c273a30312c32253032284d72676c454425323245512d3030302e322d3232436a706f6d69756d2b556562474c253032474e514e2732304d53253230312e32253232204f70676c474e2732324751273038474c514c273a324551253038312c302730304368726f6f6b756d295765604969765567604b697c253230576562454c414c4f4c455d6b6e7176616c6167665d6972726379712d31422732324d58565f606e656e645f6d6b6c6d6178253340273232475a565f63676c6f725f6275646665705768616e645f646e6f63762731402d323047585657646c6d617657626e656c662533422532324758545f667263655f6667727668253b422532304558565f736a696465705d74677a747770675d6e6764253142273a32455a545d7c657a747770655f636f6d7270657373696f6c5d627276612733422d32304558545f766578767d72655d616f6f72726771716b6d665f726574612d31422732324d58565f766778747572655d64696c7465725d636e6b716d76726f78696325334225303057474a4b49565d455a565f76677a76777a655f64696e7c67725d616c61736d74706d7069632533402732304558545d71524540273142253a304f45535f656e656d6766745f6b6c64677a5f776b6c76273b422530304d4d515f64626d5772676e6667725f6d69706f63702533422530324f47515d71746166646172645f64677269746974697467732731422730324d475b5f746778767d70655d666e6761762531402532304f45515d746578747570675f646e6d63745f64696e6561722531422530384f45515d74677a747770675d6a696c665d666e6763742733402d32324f47515f746578747770655f68616c645d666e6d63765f6c616e6561722533402532324745535d74657076657a5d63707069795f6d62686d61742733402d3232574740474c5f636f6e6d725f6275666467725d646e6d61742d3342253230574742474e57636f6f727267717367665d766770747570655d6971746125314a253030554742474c5f636d6f707265737367665f76677a7675726d5f6574632533402532325f4542454e5f616d6d72706771716d645f76657a7c7772675f677c6333253140253230574540454c5f636f6d727065717167665f746d78747572655f713374612d3342273030554742494b565d554d42474e5f61676f707065717b65665f766778747572655d71337463253340273232554740474c57636f6d707265717365665774657a767570675f713176615d7b72676025314a27323257474a474e5f66676275675f72676c64657265725d6b6e646d273142253a30574542474c5d6465727c685f76677876777267273140273a305747424941565f5545404f4c5d64677274685f74657a76757265253340273232554740474c57647261775f62776666677a73253140253032574740454e5d646f73675f61676c746778762d33402530325745424b49565d574542474c5d6e6f71675d616f6e7c657874253342273230554d42474e5d6d776e746b5d6670637f313624676e576a3d3139323836326537673535333366356461666235306336616732373334666e363238613433336163247f676c743f496c76656e2730324b66632e24776564703d4b6e766d6c2732324b7269732532324d70656e474c273030476c656b6e652e6363643d31&jb=393733246c73354d6d7a6b6e6c61253246372c3025323028556b6e666d75712532384e5425323031322e30273b42253032576b6c3636273140273a307834342b2d303043707264655565604969742532463731372e333625303228494a564f4c253a432532306c696965253038476561696f2b273232416a706d65652530463b312c302c343a3c342c38362732305361666370692532463531352e3134

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Wed, 30 Mar 2022 01:09:14 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=98
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript;charset=UTF-8

GET
H/1.1 200
OK clear.png
89oebq5ka4b25zymnoyrkbsdklbqrknifamjhly35527618d41f91b6aam1.e.aa.online-metrix.net/fp/ Frame 9D63 81 B
438 B 57ms
13ms Image
image/png 91.235.134.131
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://89oebq5ka4b25zymnoyrkbsdklbqrknifamjhly35527618d41f91b6aam1.e.aa.online-metrix.net/fp/clear.png?org_id=89oebq5k&session_id=9717568aca3ba00d5234104e6f4c362a19aaa5de751b91a371cfabbf6b804cec&nonce=5527618d41f91b6a&pageid=1&di=yes

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.134.131 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Mar 2022 01:09:14 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: close
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK clear.png Show response
content22.online.citi.com/fp/ Frame CE18 81 B
530 B 13ms
12ms XHR
image/png 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/clear.png

Requested by

Host: content22.online.citi.com
URL: https://content22.online.citi.com/fp/check.js;CIS3SID=69915BADAB241B2E060746F35B8AB099?org_id=89oebq5k&session_id=6a85cc0b2587fa37e50459cde015dc512324b28dd7dd15460c2d10e6ae17cd32&nonce=31f079b47db06ff4&pageid=1&jb=36392e2668716f773f4c616c77782468736f3d4c69667778266a7362753f4368706d6f6524687b623d4168726f6d652732323b39

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*, 89oebq5k/31f079b47db06ff46a85cc0b2587fa37e50459cde015dc512324b28dd7dd15460c2d10e6ae17cd32
Referer: https://hidrotherms.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Wed, 30 Mar 2022 01:09:14 GMT
Last-Modified: Wed, 30 Mar 2022 01:09:14 GMT
Server: Apache
Etag: 52efd7b435554ecdbe955ea0f2f9b8ef
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Access-Control-Allow-Origin: https://hidrotherms.com
Cache-Control: private, must-revalidate, max-age=0
Connection: Keep-Alive
Keep-Alive: timeout=2, max=98
Content-Length: 81
Expires: Mon, 29 Mar 2027 01:09:14 GMT

GET
H/1.1 200
OK ls_fp.html;CIS3SID=D51858A55185BC283857C8C2387EDEC5 Show response
content22.online.citi.com/fp/ Frame C392 84 KB
13 KB 22ms
20ms Document
text/html 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/ls_fp.html;CIS3SID=D51858A55185BC283857C8C2387EDEC5?org_id=89oebq5k&session_id=6a85cc0b2587fa37e50459cde015dc512324b28dd7dd15460c2d10e6ae17cd32&nonce=31f079b47db06ff4&pageid=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

d8c9104153ad82c0844b013d458a55c4787915e7da1ea8e521a6aceeed596ecf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/

Response headers

Date: Wed, 30 Mar 2022 01:09:14 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=97
Transfer-Encoding: chunked

GET
H/1.1 204
No Content clear.png Show response
content22.online.citi.com/fp/ Frame CE18 0
387 B 15ms
13ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Mar 2022 01:09:14 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=96
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK sid_fp.html;CIS3SID=D51858A55185BC283857C8C2387EDEC5 Show response
h.online-metrix.net/fp/ Frame 55E3 98 KB
15 KB 24ms
24ms Document
text/html 91.235.132.130
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/fp/sid_fp.html;CIS3SID=D51858A55185BC283857C8C2387EDEC5?org_id=89oebq5k&session_id=6a85cc0b2587fa37e50459cde015dc512324b28dd7dd15460c2d10e6ae17cd32&nonce=31f079b47db06ff4&pageid=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.132.130 , United States, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

4f9fd9895e83793d5ad6d3eda4c4d86b306c917b93a8e4a5944a6ad9515f7f1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/

Response headers

Date: Wed, 30 Mar 2022 01:09:14 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=98
Transfer-Encoding: chunked

GET
H/1.1 204
No Content clear.png Show response
content22.online.citi.com/fp/ Frame CE18 0
387 B 15ms
14ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=6a85cc0b2587fa37e50459cde015dc512324b28dd7dd15460c2d10e6ae17cd32&nonce=31f079b47db06ff4&pageid=1&jd=37362e2668646e3f31382e6864683f366436336330303233636537363931396264606163643b306265373131373336246a64766e3d303a343a3338

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Mar 2022 01:09:14 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=95
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET page_embed_script.js
ghbmnnjooekpmoecnnnilnnbdlolhkhi/ Frame CE18 0
0

GET
H/1.1 200
OK top_fp.html;CIS3SID=D51858A55185BC283857C8C2387EDEC5 Show response
content22.online.citi.com/fp/ Frame 6290 84 KB
13 KB 22ms
19ms Document
text/html 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/top_fp.html;CIS3SID=D51858A55185BC283857C8C2387EDEC5?org_id=89oebq5k&session_id=6a85cc0b2587fa37e50459cde015dc512324b28dd7dd15460c2d10e6ae17cd32&nonce=31f079b47db06ff4&pageid=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

c53e30430accdb4f8dac0b1a6e3773351faade4937d323fdc8782278aa6c87dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/

Response headers

Date: Wed, 30 Mar 2022 01:09:14 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=94
Transfer-Encoding: chunked

GET
H/1.1 204
204 clear.png Show response
content22.online.citi.com/fp/ Frame CE18 0
218 B 17ms
15ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=6a85cc0b2587fa37e50459cde015dc512324b28dd7dd15460c2d10e6ae17cd32&nonce=31f079b47db06ff4&pageid=1&ja=333831302424633f3226723f3226643f3136303078393030302661663d333630327a333232322e73787b3d307830266670703f312c313632302c313032302e333430382c333030322e313e32322c333030302c313638322c313230302c322c30246f763d633a30326160636463373766646466663965613a34313136353034603b613f61246f6e3f36267b61663d3036266c683d687c7670732533412530462530446a69667067746867726d732e636d6d273046637473273246636b76792c616d6d2d32442464703f26786e3f332472683d3738663a3a61613662636660653133316037313a3f61653264336264623064362468683d66616230383233313b30616138643a6663676632386332363a3239643465633c246a736f3d4c696c7578246871623f4160726f6f65253230393b2668716f753d4c6b6e757824687360773f4360726d6f65246c686b3f36266c666d3d38267472663d457463253244556e696c6d776c246561746a723d343030316433613262656332326536616135343232383a6166333537363039646634373a38313431643e676161323464633b34616460663730313933313b366126703d726c7765696e5f666e6173685c64616e716721786c7765696c5d77616c666f75715f6d656469695d706c617965725c66616e716721726e7d67696c5f61646f62675f6361726f6261765e66616e716523726e756f696c5d71776b6363766b6d675c66616c736529726c7567696e5f71686f6169756174675666616e736521706c77676b6c5f7265616e706c617b67725c64636c7b6523726c776569665d746c615d706c6179657a5c66616c736521726c75656b6c5f66677e616c74725e66616c716523726c7567696c5f7376655d766b6775657a5e64636c716721786e77676b6c5f6a6176615664616c736526676e5f633f756762656e5f6562454c253230312c30273030284f70676e474c2730304751273238322c322530324360706d6d6b776d295765624f4e253230474c534e2532324751253032392e30273230284f70676e454e2532304551253230454e534e2730304d53273030332c302d3032436a706f6d69756d215565624b69745767624b6b76273232556d62474e414e474c455d696c7174616e6367645f617070617b7127334a253032455a565f6a6e676e665d6d696e6d6170273342253230455a545f616d6e6f705d6a75666465725f68616e665d646c6f6174273342253032455a565d66646f63765f606e65666627334027323045585457647261675f64657274682731402530324d58545d7368616465705f766778747572675f6c6f662733402730304d58565d74677a747d70675f616d6d707265737b6b6f6e5f62707461253340273030475a5c5f746778747572655d636d6f7072657371696f6e5d7067766127334a253032455a565f7c677a747770655f66696c7c67725f616e69736d74726d726b6327314a2532325745424b49565f475a545f74657a747572675d666b6e76657a5f636c69716d747a6d7269612733422532304d5a545f735247422733422730324f475157656c676d656e745f6b6e6667785f75696c742533402732324d47535766606d5f70676e6c67705f6f6b706d6170253b402532304f45535d7374636c666170665764657069766174697465712733422532324f45535d76657a7677726d5f646e6f6376253b402732324d45535f746570767572655f666c6d61745d6e6b6e67637a2533402532304f45515f766778747572675f68616e645f646e6d617c2531402530324f4d515d74677a747572655f60636c665f666c6f63745f6e6b6c6563702d33422732304f45535d7667707465785f637272617b5d6f606867637c253140253032574d40454c5d616f6c6f725f6a77666665725f666e6f6176273142273038574540474c5f636f6f707067737365645d746578767772675d63737c632731422730305f4740474e5d636f6d70726d717365645f74657a747570675d6576612d3342273230574542454c5d616f6d707267737365665d74677a76757a655d67746133253b40273232554542474c5f6b6d6d707265737367645f76677a7477706d5f733174632533422732325545424b49565f574540454c5d616d6d787267717367665f7c677a747770655f7333746b273342253230574742474e5d616f6f727a65737165645f74657a747770655f733376635f73706562273140253a30554742454e5f6c676075655d72656e64657a67725f696e666f2733422730325747404f4c5f66657074685f76657a76757265253142253232554540494b5457574740474e5d646d7276685d7665787475726d273342253230574742474e5d667263755762756466657273253142273030574542454c5f6c6d71655d616d6e7c657a76253140253a325545404949545f57454a454c5f6c6f73655d636f6c76677876273b42253030574542474e5f6f776c74695f66726177333426656e5d6835333b32303432653d673735313166376661666a37306134616530373134646434323a633c333163632677676c743d4b6c74656c253030496e612c2675656e7235496c76656e2732384b7069712732304f706566454c253230456e65696e67246163663f39&jb=33353b266e733d4f6d7a616e6e61273046352e30253a322857696e646f75732530324c5427303831302c30253342253030556b6e36342531422532327a36362b2732384172726c6755656a496b742730463533372e3b34253230284b48564d4c27304125303264696b672532304765616b6d2b253230436a726f6d672732443b3b2e382e363a34362c383c273030516366617269253a443533372e3336

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Wed, 30 Mar 2022 01:09:14 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=95
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript;charset=UTF-8

GET
H/1.1 200
OK clear.png
89oebq5kczg3ghvfhl4btlj7hqcgbmpe5jomxzqk31f079b47db06ff4am1.e.aa.online-metrix.net/fp/ Frame CE18 81 B
438 B 68ms
16ms Image
image/png 91.235.134.131
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://89oebq5kczg3ghvfhl4btlj7hqcgbmpe5jomxzqk31f079b47db06ff4am1.e.aa.online-metrix.net/fp/clear.png?org_id=89oebq5k&session_id=6a85cc0b2587fa37e50459cde015dc512324b28dd7dd15460c2d10e6ae17cd32&nonce=31f079b47db06ff4&pageid=1&di=yes

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.134.131 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Mar 2022 01:09:14 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: close
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 c.gif
c.clarity.ms/ 42 B
104 B 27ms
26ms Image
image/gif 52.142.114.2
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/p/action/16001692.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.142.114.2 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Mar 2022 01:09:14 GMT
last-modified: Fri, 18 Mar 2022 19:39:54 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "8120eaf0ff3ad81:0"
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
318 B 142ms
102ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzk5LjAuNDg0NC44NCBTYWZhcmkvNTM3LjM2Iiwic2Vzc2lvbl9wbGF0Zm9ybSI6ICJMaW51eCB4ODZfNjQiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjEuMTUiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTY0ODYwMjU1NTA1NCIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTdmZDg1ZWEyYWNiYjYtMDg0MzllNTdjMDlmZC05NzcxYTM5LTFkNGMwMC0xN2ZkODVlYTJhZDk3ZSIsImVudmlyb21lbnQiOiAiZGlnaXRhbC1jbG91ZC11cy1jaXRpIiwiYWNjb3VudElkIjogNDksInVybCI6ICJodHRwczovL2hpZHJvdGhlcm1zLmNvbS9jdHMvY2l0eS5jb20vIiwid2Vic2l0ZUlkIjogNTAsImZvcm1JZCI6IG51bGwsImZvcm1UcmlnZ2VyVHlwZSI6IG51bGwsImthbXB5bGVfZGF0YSI6IHsiTEFTVF9JTlZJVEFUSU9OX1ZJRVciOiAiIiwiREVDTElORURfREFURSI6ICIiLCJrYW1weWxlSW52aXRlUHJlc2VudGVkIjogIiIsImthbXB5bGVfdXNlcmlkIjogImIzMDAtMmFlZS02NDgwLTRkYTktNDc2My1mZGE4LWRkNzktYTU4ZCIsImthbXB5bGVVc2VyU2Vzc2lvbiI6ICIxNjQ4NjAyNTU0MjA3Iiwia2FtcHlsZVVzZXJQZXJjZW50aWxlIjogIiIsIlNVQk1JVFRFRF9EQVRFIjogIiJ9LCJjb29raWVfc2l6ZSI6IDEyMzQsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQyLjEiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQyLjEiLCJoaXN0b3J5X2xlbmd0aCI6IDIsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NDg2MDI1NTQyMTAsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

x-me: prod-instance-gatewayservice-green-mbzq
date: Wed, 30 Mar 2022 01:09:15 GMT
via: 1.1 google
server: Jetty(9.2.11.v20150529)
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-application-context: application:9090

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/ 2 KB
2 KB 151ms
55ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1648602555060&cv=9&fst=1648602555060&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa2g0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fhidrotherms.com%2Fcts%2Fcity.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ddec14acc0874ecb8f1d72e0675c6cb4ee23bc42ecafac7164f3bf40d847b172

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Mar 2022 01:09:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1051
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/ 2 KB
1 KB 147ms
55ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1648602555064&cv=9&fst=1648602555064&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa2g0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fhidrotherms.com%2Fcts%2Fcity.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d9cfab9e3d253c199d21b744b2db5eaa8ebe01910fd7205091cc85d75a417794

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Mar 2022 01:09:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1052
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/ 2 KB
1 KB 146ms
55ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1648602555066&cv=9&fst=1648602555066&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa2g0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fhidrotherms.com%2Fcts%2Fcity.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c8b3e1e2d569a9e4ef19e0b1e615750b5be5b210ee012f49dd9646fe1660b4c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Mar 2022 01:09:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1052
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/ 2 KB
1 KB 147ms
56ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1648602555067&cv=9&fst=1648602555067&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa2g0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fhidrotherms.com%2Fcts%2Fcity.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

97264268a9c8d556199c774b82eae64f91a1b3979e53e13e4bdceedf16679773

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Mar 2022 01:09:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1051
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/ 2 KB
1 KB 145ms
56ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1648602555069&cv=9&fst=1648602555069&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa2g0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fhidrotherms.com%2Fcts%2Fcity.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f1e94a544cd45f9c17e65de0d984263659f451a9d0be5821d469abcf76fa0c0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Mar 2022 01:09:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1050
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/ 2 KB
1 KB 145ms
58ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1648602555070&cv=9&fst=1648602555070&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa2g0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fhidrotherms.com%2Fcts%2Fcity.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e94feefca82a350262c842dac1fe5aee4ae851efced05a80bee55f6b2eb3b7b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Mar 2022 01:09:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1052
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/ 2 KB
1 KB 55ms
54ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1648602555071&cv=9&fst=1648602555071&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa2g0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fhidrotherms.com%2Fcts%2Fcity.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

62dc9854208b9e1d672975fb472853c405df8f691915ca94dc27b6c7d8ddf77d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Mar 2022 01:09:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1051
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/ 2 KB
1 KB 55ms
55ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1648602555072&cv=9&fst=1648602555072&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa2g0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fhidrotherms.com%2Fcts%2Fcity.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2d9c56f0fb260cee2ef3fe2b0e94a008cdc359630b35696d79967d7564cfc4fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Mar 2022 01:09:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1052
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 204
No Content clear.png Show response
content22.online.citi.com/fp/ Frame 6597 0
387 B 13ms
13ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: content22.online.citi.com
URL: https://content22.online.citi.com/fp/ls_fp.html;CIS3SID=4BDAF204AE47F84E58F2A9EB31B18DA4?org_id=89oebq5k&session_id=f13ab1edeab18f4de9bda9c87dd095aabcc70280541a117ddef5b26c845e156f&nonce=6b89f78c1aa12a6c&pageid=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://content22.online.citi.com/fp/ls_fp.html;CIS3SID=4BDAF204AE47F84E58F2A9EB31B18DA4?org_id=89oebq5k&session_id=f13ab1edeab18f4de9bda9c87dd095aabcc70280541a117ddef5b26c845e156f&nonce=6b89f78c1aa12a6c&pageid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Mar 2022 01:09:15 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=93
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
No Content clear.png Show response
content22.online.citi.com/fp/ Frame A8B6 0
387 B 13ms
13ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: content22.online.citi.com
URL: https://content22.online.citi.com/fp/ls_fp.html;CIS3SID=EEC5809D506ABA3ACA9252E9E4FF7D8D?org_id=89oebq5k&session_id=9717568aca3ba00d5234104e6f4c362a19aaa5de751b91a371cfabbf6b804cec&nonce=5527618d41f91b6a&pageid=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://content22.online.citi.com/fp/ls_fp.html;CIS3SID=EEC5809D506ABA3ACA9252E9E4FF7D8D?org_id=89oebq5k&session_id=9717568aca3ba00d5234104e6f4c362a19aaa5de751b91a371cfabbf6b804cec&nonce=5527618d41f91b6a&pageid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Mar 2022 01:09:15 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=92
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
No Content clear.png Show response
content22.online.citi.com/fp/ Frame F4D9 0
387 B 14ms
14ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=f13ab1edeab18f4de9bda9c87dd095aabcc70280541a117ddef5b26c845e156f&nonce=6b89f78c1aa12a6c&pageid=1&jac=1&je=3336312624706d3d796571266a637473743579226c6d746d6e223a312630302c2071766374777b223a226368617265696e67207d24637766603d636137623b6734653438336363616336643269356331393a3b33363b363e60356333393739366036663a64663c3836303033386667346630316661663a363d39266578333f60353132346031323933383b643c353633336b6134353e3330346533326e65633660643b3631356d

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Mar 2022 01:09:15 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=94
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
No Content clear.png Show response
content22.online.citi.com/fp/ Frame C392 0
387 B 13ms
13ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: content22.online.citi.com
URL: https://content22.online.citi.com/fp/ls_fp.html;CIS3SID=D51858A55185BC283857C8C2387EDEC5?org_id=89oebq5k&session_id=6a85cc0b2587fa37e50459cde015dc512324b28dd7dd15460c2d10e6ae17cd32&nonce=31f079b47db06ff4&pageid=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://content22.online.citi.com/fp/ls_fp.html;CIS3SID=D51858A55185BC283857C8C2387EDEC5?org_id=89oebq5k&session_id=6a85cc0b2587fa37e50459cde015dc512324b28dd7dd15460c2d10e6ae17cd32&nonce=31f079b47db06ff4&pageid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Mar 2022 01:09:15 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=93
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
No Content clear.png Show response
content22.online.citi.com/fp/ Frame 9D63 0
387 B 13ms
13ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=9717568aca3ba00d5234104e6f4c362a19aaa5de751b91a371cfabbf6b804cec&nonce=5527618d41f91b6a&pageid=1&jac=1&je=393433242672653d7b65712462617473743f79226c6576656e203a332c32322c227b7461747573223822636a6972676b6c67207f266377666a3f6b61376039673e67363a31616b61613664306137633139303b33363334366037633133353b36623c64386464343834303031306665366430316463663a36373b2e6578313d603f33303662333a3931383b663437363333616134353631383467333064676136626e3934313765

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Mar 2022 01:09:15 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=91
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET

Interstate-Light.ttf
www.hidrotherms.com/cts/city.com/img/commonui-assets/fonts/interstate/
Redirect Chain

https://hidrotherms.com/cts/city.com/img/commonui-assets/fonts/interstate/Interstate-Light.ttf
https://www.hidrotherms.com/cts/city.com/img/commonui-assets/fonts/interstate/Interstate-Light.ttf

0
0

GET
H/1.1 204
No Content clear.png Show response
content22.online.citi.com/fp/ Frame CE18 0
387 B 13ms
13ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=6a85cc0b2587fa37e50459cde015dc512324b28dd7dd15460c2d10e6ae17cd32&nonce=31f079b47db06ff4&pageid=1&jac=1&je=33363b2624726d3f7b657b2460617671743d7b226c6d74656c223a312e32302c2071766176777b223a2063686172676b6e65207d26617566683d636335623b6734653e383361636361366e306337613339323933363b363662356333313539366036663866663c3836323033386665366632316663643836353926677a333f60353138346033323b313831663637343133636334353e3338366533326667633660643b3433356d

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Mar 2022 01:09:15 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=90
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
204 clear1.png;CIS3SID=EEC5809D506ABA3ACA9252E9E4FF7D8D
content22.online.citi.com/fp/ Frame 9D63 0
400 B 30ms
30ms Image
image/png 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content22.online.citi.com/fp/clear1.png;CIS3SID=EEC5809D506ABA3ACA9252E9E4FF7D8D?org_id=89oebq5k&session_id=9717568aca3ba00d5234104e6f4c362a19aaa5de751b91a371cfabbf6b804cec&nonce=5527618d41f91b6a&pageid=1&jf=3c333424736b6c5f706e663f7464725f79517130393778644d5a33485471344d267b69645f646174673d31343c3836323035373726716b665d767170653f77676a386561647169267169665d6b65793d33323739333031333234303530633a36343063653364303232313034383832633a36363a6367316632313831303530313c30303230366d6336363a333930366137323536636562343b3566303a3560663230376436323233363065616a32613463646766613b313b35323033643064323b31633a62323930663932663636306439666133663030343231613233363232343d353033396166366564613d64383b353931363067673063376a6461326233393a3734343a2e736b645d7169673d3330363630323230316661373a3b3466653839356436653238676631666a666134666132333937353135356e63323a66303d32386464616a353739676462303339343b63666164333030303034646463663631373865383030313263673a63383535613a64306760333a646a62353566306b67643235353a386438673237393538313037336332336637353124716b64723d38

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Mar 2022 01:09:15 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Keep-Alive: timeout=2, max=89
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
204 clear1.png;CIS3SID=3955C741F21FD2597639FDED0887CD33
h.online-metrix.net/fp/ Frame 983C 0
400 B 34ms
34ms Image
image/png 91.235.132.130
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://h.online-metrix.net/fp/clear1.png;CIS3SID=3955C741F21FD2597639FDED0887CD33?org_id=89oebq5k&session_id=f13ab1edeab18f4de9bda9c87dd095aabcc70280541a117ddef5b26c845e156f&nonce=6b89f78c1aa12a6c&pageid=1&jf=363134267169645f726e663d7c66725f4345634c616c495f5a4f4242304e786724716b665f666974653d3136343834303235373524716b6657747970653d7567603a6763667361267369665f6367793d333837393338333b323630373a613836363a616733663832303130363038306138363638616731663833303130373231363232303234343831373a356966643937393762356c636c61383066313837656630646330356b616265303633373266633534303a6132313d66636139613535333632393035643561363b3869673432343e3662303f6038643633373861366236606163623a3f33333864633131333231653a36663466353f3165653365673b666335626435267369645d7361653d33303c3730323a3239323866393f6162336760316063303830613566343637303633353436613b673b3b393032363237333264316235316532393131346c313064346b3064363c643830323130383839393b37663032606938663164373230606262376138603160646b313637333461333433323337616265613160653034623662396133653c646c363637623b26736964703f33

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.132.130 , United States, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://h.online-metrix.net/fp/sid_fp.html;CIS3SID=4BDAF204AE47F84E58F2A9EB31B18DA4?org_id=89oebq5k&session_id=f13ab1edeab18f4de9bda9c87dd095aabcc70280541a117ddef5b26c845e156f&nonce=6b89f78c1aa12a6c&pageid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Mar 2022 01:09:15 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Keep-Alive: timeout=2, max=97
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
204 clear1.png;CIS3SID=D51858A55185BC283857C8C2387EDEC5
content22.online.citi.com/fp/ Frame CE18 0
400 B 25ms
24ms Image
image/png 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content22.online.citi.com/fp/clear1.png;CIS3SID=D51858A55185BC283857C8C2387EDEC5?org_id=89oebq5k&session_id=6a85cc0b2587fa37e50459cde015dc512324b28dd7dd15460c2d10e6ae17cd32&nonce=31f079b47db06ff4&pageid=1&jf=36313026716b645d706e6c3f7664705d4d6142787149367a44306c676a66456524716b645d666974653f31363438363232373735267369665f747972673d7567603a6d636671612471696c5d69657b3f33303539333833333036303732633836363a616531663832303330363038326338343638636533663033303332373231363238303236616330303d6133653b32386435396239663437323035656732613a3a343036676b66316162373738356435666762376133613137376136653a353133316231373132326339323062606039316363373f63393663356665646434613a3b31333a6c3561613163613837353534616262346366646630643136366133303c39643726716b6457716b673f3130343630323a33303063633633676136336431333a346d6432333734343835646535613064343434616432606661676735313d316631666734383161376436673634343830693264653032323132306135346136663b3936663762373139306666343b6230303461653034316636343335643c3030333464636638616166616330393634313e32373039373733633526716b64723f32

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Mar 2022 01:09:15 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Keep-Alive: timeout=2, max=92
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
204 clear1.png;CIS3SID=CE7C01DFDCD07164FB15B739B83D774F
h.online-metrix.net/fp/ Frame 4F48 0
400 B 50ms
33ms Image
image/png 91.235.132.130
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://h.online-metrix.net/fp/clear1.png;CIS3SID=CE7C01DFDCD07164FB15B739B83D774F?org_id=89oebq5k&session_id=9717568aca3ba00d5234104e6f4c362a19aaa5de751b91a371cfabbf6b804cec&nonce=5527618d41f91b6a&pageid=1&jf=3c333424736b6c5f706e663f7464725f484a323838736c37335659317858337a267b69645f646174673d31343c3836323035373726716b665d767170653f77676a386561647169267169665d6b65793d33323739333031333234303530633a36343063653364303232313034383832633a36363a6367316632313831303530313c30303230363831376461636137316261326439323562346167326363663762383136333832343163373231393537313234333a626660353b3a3f34363562363833313065343963663635326266316262333631613362653333663237366437383e646435386530636130316c37376731373661643b35333a373b30386664333e30666664662e736b645d7169673d33303636303232303235676667633032633731333563383139643730343f6564303462316766643333676030656230643b3b66613b636731623031346735303333366661373338353030303037333b6739326b31383865353234643531313436643a3635663463633430616b313735363a6b356136396730373538666439613235343032663730336234643424716b64723d39

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.132.130 , United States, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://h.online-metrix.net/fp/sid_fp.html;CIS3SID=EEC5809D506ABA3ACA9252E9E4FF7D8D?org_id=89oebq5k&session_id=9717568aca3ba00d5234104e6f4c362a19aaa5de751b91a371cfabbf6b804cec&nonce=5527618d41f91b6a&pageid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Mar 2022 01:09:15 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Keep-Alive: timeout=2, max=96
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
204 clear1.png;CIS3SID=4BDAF204AE47F84E58F2A9EB31B18DA4
content22.online.citi.com/fp/ Frame F4D9 0
400 B 26ms
25ms Image
image/png 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content22.online.citi.com/fp/clear1.png;CIS3SID=4BDAF204AE47F84E58F2A9EB31B18DA4?org_id=89oebq5k&session_id=f13ab1edeab18f4de9bda9c87dd095aabcc70280541a117ddef5b26c845e156f&nonce=6b89f78c1aa12a6c&pageid=1&jf=363134267169645f726e663d7c66725f47424e507970504e443549503f72515824716b665f666974653d3136343834303235373524716b6657747970653d7567603a6763667361267369665f6367793d333837393338333b323630373a613836363a6167336638323031303630383061383636386167316638333031303732313632323032343932623667383b3b3262336d6162336a3038303137376c3030383b37643166313a31313334616165303035633a383a3463326938316335666734646566336662336538333a616a666233363a3061313d353a666661353e3866663461616462633e34333265373661633636393134363063633861323236383a3a343632616435267369645d7361653d33303c3730323a3338326337333f3639656067356135303b663564363230643b3632613432343433663b633965363037616766343933666331323067363b31383730303363353d326d363032323833653934353b6363633a643339653665353332353533626731613b6d633139373132353b33313736313631643363666a3a6439313e3161356c6339633339333026736964703f32

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Mar 2022 01:09:15 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Keep-Alive: timeout=2, max=96
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
204 clear1.png;CIS3SID=BB2028701B99BB6E8FAE1EA404069DE5
h.online-metrix.net/fp/ Frame 55E3 0
401 B 40ms
16ms Image
image/png 91.235.132.130
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://h.online-metrix.net/fp/clear1.png;CIS3SID=BB2028701B99BB6E8FAE1EA404069DE5?org_id=89oebq5k&session_id=6a85cc0b2587fa37e50459cde015dc512324b28dd7dd15460c2d10e6ae17cd32&nonce=31f079b47db06ff4&pageid=1&jf=36313e26716b645d706e6c3f7664705d3546766c546573464a305333504c753924716b645d666974653f31363438363232373735267369665f747972673d7567603a6d636671612471696c5d69657b3f33303539333833333036303732633836363a616531663832303330363038326338343638636533663033303332373231363238303236386635643b6636666437356235663639636239373765336031373761333463616c356563623130363432313732393530363535366437606136643b313e35313663606736383766366136653337303531336634393137316139373761343561356931396031346264396035633b61343264326462353b636237303b6569633b6626716b6457716b673f3130343530323a33303064663337356166323b34383b376a64306763386565663535373a34303165323334653b323534333a3338313b61356434373c636364603065396566616b3766653032323030343934673130353b6b3039306636376433316567376166383637373363613662613767383b373764663b333930616739636335353530383d3630636437616424736964703f31

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.132.130 , United States, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://h.online-metrix.net/fp/sid_fp.html;CIS3SID=D51858A55185BC283857C8C2387EDEC5?org_id=89oebq5k&session_id=6a85cc0b2587fa37e50459cde015dc512324b28dd7dd15460c2d10e6ae17cd32&nonce=31f079b47db06ff4&pageid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Mar 2022 01:09:15 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Keep-Alive: timeout=2, max=100
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/830907969/ 42 B
64 B 110ms
53ms Image
image/gif 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/830907969/?random=1648602555060&cv=9&fst=1648602000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa2g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fhidrotherms.com%2Fcts%2Fcity.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2702849690&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Mar 2022 01:09:15 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/830907969/ 42 B
548 B 159ms
49ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/830907969/?random=1648602555060&cv=9&fst=1648602000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa2g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fhidrotherms.com%2Fcts%2Fcity.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=2702849690&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Mar 2022 01:09:15 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/960621875/ 42 B
64 B 104ms
53ms Image
image/gif 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/960621875/?random=1648602555066&cv=9&fst=1648602000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa2g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fhidrotherms.com%2Fcts%2Fcity.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3214376400&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Mar 2022 01:09:15 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/960621875/ 42 B
108 B 155ms
50ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/960621875/?random=1648602555066&cv=9&fst=1648602000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa2g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fhidrotherms.com%2Fcts%2Fcity.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3214376400&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Mar 2022 01:09:15 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/644574043/ 42 B
64 B 101ms
54ms Image
image/gif 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/644574043/?random=1648602555064&cv=9&fst=1648602000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa2g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fhidrotherms.com%2Fcts%2Fcity.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3894402163&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Mar 2022 01:09:15 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/644574043/ 42 B
108 B 152ms
51ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/644574043/?random=1648602555064&cv=9&fst=1648602000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa2g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fhidrotherms.com%2Fcts%2Fcity.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3894402163&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Mar 2022 01:09:15 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/959299794/ 42 B
64 B 99ms
53ms Image
image/gif 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/959299794/?random=1648602555067&cv=9&fst=1648602000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa2g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fhidrotherms.com%2Fcts%2Fcity.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3699919241&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Mar 2022 01:09:15 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/959299794/ 42 B
108 B 150ms
50ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/959299794/?random=1648602555067&cv=9&fst=1648602000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa2g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fhidrotherms.com%2Fcts%2Fcity.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3699919241&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Mar 2022 01:09:15 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/695231162/ 42 B
64 B 105ms
59ms Image
image/gif 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/695231162/?random=1648602555069&cv=9&fst=1648602000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa2g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fhidrotherms.com%2Fcts%2Fcity.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1957886239&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Mar 2022 01:09:15 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/695231162/ 42 B
108 B 150ms
50ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/695231162/?random=1648602555069&cv=9&fst=1648602000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa2g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fhidrotherms.com%2Fcts%2Fcity.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1957886239&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Mar 2022 01:09:15 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/916451471/ 42 B
64 B 97ms
52ms Image
image/gif 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/916451471/?random=1648602555071&cv=9&fst=1648602000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa2g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fhidrotherms.com%2Fcts%2Fcity.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3756154389&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Mar 2022 01:09:15 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/916451471/ 42 B
108 B 152ms
52ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/916451471/?random=1648602555071&cv=9&fst=1648602000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa2g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fhidrotherms.com%2Fcts%2Fcity.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3756154389&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Mar 2022 01:09:15 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/819500023/ 42 B
64 B 95ms
51ms Image
image/gif 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/819500023/?random=1648602555072&cv=9&fst=1648602000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa2g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fhidrotherms.com%2Fcts%2Fcity.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3045379314&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Mar 2022 01:09:15 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/819500023/ 42 B
108 B 74ms
71ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/819500023/?random=1648602555072&cv=9&fst=1648602000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa2g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fhidrotherms.com%2Fcts%2Fcity.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3045379314&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Mar 2022 01:09:15 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/975701947/ 42 B
64 B 95ms
53ms Image
image/gif 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/975701947/?random=1648602555070&cv=9&fst=1648602000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa2g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fhidrotherms.com%2Fcts%2Fcity.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=4221667381&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Mar 2022 01:09:15 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/975701947/ 42 B
108 B 55ms
52ms Image
image/gif 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/975701947/?random=1648602555070&cv=9&fst=1648602000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa2g0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fhidrotherms.com%2Fcts%2Fcity.com%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=4221667381&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 30 Mar 2022 01:09:15 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 204
No Content clear.png Show response
content22.online.citi.com/fp/ Frame F4D9 0
387 B 16ms
16ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Mar 2022 01:09:15 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=95
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
No Content clear.png Show response
content22.online.citi.com/fp/ Frame 9D63 0
387 B 16ms
16ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Mar 2022 01:09:15 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=94
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
No Content clear.png Show response
content22.online.citi.com/fp/ Frame CE18 0
387 B 18ms
17ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hidrotherms.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 30 Mar 2022 01:09:15 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=93
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET clear3.png;CIS3SID=4BDAF204AE47F84E58F2A9EB31B18DA4
content22.online.citi.com/fp/ Frame F4D9 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.citi.com
URL: https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff

Domain: www.citi.com
URL: https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff

Domain: www.citi.com
URL: https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Regular.woff

Domain: www.hidrotherms.com
URL: https://www.hidrotherms.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff

Domain: www.hidrotherms.com
URL: https://www.hidrotherms.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff

Domain: www.hidrotherms.com
URL: https://www.hidrotherms.com/cts/city.com/img/cds-assets/fonts/interstate/Interstate-Bold.woff

Domain: www.hidrotherms.com
URL: https://www.hidrotherms.com/cts/city.com/img/cds-assets/fonts/interstate/Interstate-Bold.ttf

Domain: www.hidrotherms.com
URL: https://www.hidrotherms.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf

Domain: www.hidrotherms.com
URL: https://www.hidrotherms.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf

Domain: www.hidrotherms.com
URL: https://www.hidrotherms.com/cts/city.com/img/commonui-assets/fonts/interstate/Interstate-Bold.woff

Domain: www.hidrotherms.com
URL: https://www.hidrotherms.com/cts/city.com/img/cds-assets/fonts/interstate/Interstate-Light.woff

Domain: www.hidrotherms.com
URL: https://www.hidrotherms.com/cts/city.com/img/commonui-assets/fonts/interstate/Interstate-Bold.ttf

Domain: www.hidrotherms.com
URL: https://www.hidrotherms.com/cts/city.com/img/cds-assets/fonts/interstate/Interstate-Light.ttf

Domain: www.hidrotherms.com
URL: https://www.hidrotherms.com/cts/city.com/img/commonui-assets/fonts/interstate/Interstate-Light.woff

Domain: ghbmnnjooekpmoecnnnilnnbdlolhkhi
URL: chrome-extension://ghbmnnjooekpmoecnnnilnnbdlolhkhi/page_embed_script.js

Domain: ghbmnnjooekpmoecnnnilnnbdlolhkhi
URL: chrome-extension://ghbmnnjooekpmoecnnnilnnbdlolhkhi/page_embed_script.js

Domain: ghbmnnjooekpmoecnnnilnnbdlolhkhi
URL: chrome-extension://ghbmnnjooekpmoecnnnilnnbdlolhkhi/page_embed_script.js

Domain: www.hidrotherms.com
URL: https://www.hidrotherms.com/cts/city.com/img/commonui-assets/fonts/interstate/Interstate-Light.ttf

Domain: content22.online.citi.com
URL: https://content22.online.citi.com/fp/clear3.png;CIS3SID=4BDAF204AE47F84E58F2A9EB31B18DA4?org_id=89oebq5k&session_id=f13ab1edeab18f4de9bda9c87dd095aabcc70280541a117ddef5b26c845e156f&nonce=6b89f78c1aa12a6c&pageid=1&jac=1&je=3a3424267267653d253740253a307665722d3032253b433b273243253a32756e6667646b6e676c30304f5054494f4c3025323025314327374a66616c73652730412530324d5054494f4e27323a273243342d3744253f46

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citibank (Banking)

166 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

40 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
prod.report.nacustomerexperience.citi.com/glassbox/reporting	1969-12-31 23:59:59	Name: _cls_s Value: fab725d6-f0fa-4c3e-bc69-e3350f84a0b3:0
prod.report.nacustomerexperience.citi.com/glassbox/reporting	1969-12-31 23:59:59	Name: _cls_cfgver Value: e4984797
prod.report.nacustomerexperience.citi.com/glassbox/reporting	1969-12-31 23:59:59	Name: _cls_v Value: fac264e5-f0e7-44d6-bdfa-5b373006042c
.demdex.net/	1970-01-20 06:15:54	Name: demdex Value: 55223268209585852293147944824630892340
hidrotherms.com/	1969-12-31 23:59:59	Name: AMCVS_61834D9B5228A7430A490D45%40AdobeOrg Value: 1
.citi.com/	1970-01-20 19:27:54	Name: s_vi Value: [CS]v1\|3121D6DB6B17445F-60001B64D1CB8A74[CE]
.citi.com/	1970-01-20 19:27:54	Name: s_ecid Value: MCMID%7C49721551571032125902453376690999357079
.hidrotherms.com/	1969-12-31 23:59:59	Name: cdContextId Value: 1
.hidrotherms.com/	1970-01-20 10:42:18	Name: bmuid Value: 1648602550705-1BE67A8A-9617-4A76-B75A-4864761A91CF
.everesttech.net/	1970-01-20 10:42:18	Name: everest_g_v2 Value: g_surferid~YkOttgAAAFc0CwQp
.dpm.demdex.net/	1970-01-20 06:15:54	Name: dpm Value: 55223268209585852293147944824630892340
hidrotherms.com/	1970-01-20 01:56:44	Name: 7830 Value: error
hidrotherms.com/	1970-01-20 01:56:44	Name: 7018 Value:
hidrotherms.com/	1970-01-20 04:06:18	Name: 64072 Value:
hidrotherms.com/	1970-01-20 19:29:20	Name: AMCV_61834D9B5228A7430A490D45%40AdobeOrg Value: -330454231%7CMCIDTS%7C19082%7CMCMID%7C49721551571032125902453376690999357079%7CMCAAMLH-1649207350%7C6%7CMCAAMB-1649207350%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1648609750s%7CNONE%7CMCAID%7C3121D6DB6B17445F-60001B64D1CB8A74%7CMCSYNCSOP%7C411-19089%7CvVersion%7C3.1.2
.hidrotherms.com/	1970-01-20 04:06:18	Name: _gcl_au Value: 1.1.1015222089.1648602551
.hidrotherms.com/	1970-01-20 01:56:44	Name: _dpm_ses.4b00 Value: *
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAAAOMSNjU0NjExNTUxMjA3sbAwNjYxMxfiM9RNzzctrcrNNrIs980FAPMavSMlAAAA
.rfihub.com/	1970-01-20 11:18:18	Name: rud Value: H4sIAAAAAAAAAOMSNjU0NjExNTUxMjA3sbAwNjYxMxfiM9RNzzctrcrNNrIs982V4jU0M7EwMzAyNTU0NDUCAM23Lz40AAAA
.hidrotherms.com/	1970-01-20 10:42:18	Name: cdSNum Value: 1648602551149-sjn0000296-1d51e05a-975e-49fc-b5b2-59ee9bbce5c2
.hidrotherms.com/	1970-01-21 21:44:42	Name: _cls_v Value: fac264e5-f0e7-44d6-bdfa-5b373006042c
.hidrotherms.com/	1969-12-31 23:59:59	Name: _cls_s Value: fab725d6-f0fa-4c3e-bc69-e3350f84a0b3:0
.c.bing.com/	1970-01-20 11:18:18	Name: SRM_B Value: 3961C8C003586E3606A1D9B702336F23
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 11:18:18	Name: MUID Value: 3961C8C003586E3606A1D9B702336F23
.c.clarity.ms/	1970-01-20 01:56:43	Name: ANONCHK Value: 0
.tvpixel.com/	1970-01-20 10:42:18	Name: sp Value: 5b2a275c-8b99-49fa-a76c-acaefecac4d6
.bing.com/	1970-01-20 11:18:18	Name: MUID Value: 1E801D2225786A0414B70C5524136B1A
.agkn.com/	1970-01-20 10:42:18	Name: ab Value: 0001%3AxhQD543j8aDHjTbQpOF930FnR6LQJK%2FS
.agkn.com/	1970-01-20 10:42:18	Name: u Value: C\|0CAAp1mo6KdZqOgAAAAAAATPZAAAAAA
.hidrotherms.com/	1970-01-20 01:58:08	Name: _uetsid Value: 039f0df0afc611eca7bb5ffa7686f3ed
.hidrotherms.com/	1970-01-20 11:18:18	Name: _uetvid Value: 03a13c70afc611ec8d9f61e3745fdd29
.hidrotherms.com/	1970-01-20 10:42:18	Name: _dpm_id.4b00 Value: 7fb80a61-51d9-4875-b4df-4ac0bdf119e8.1648602551.1.1648602554.1648602551.1e8b91c5-e9b6-415f-8740-cada705b3b74
hidrotherms.com/	1970-01-20 10:42:18	Name: mdLogger Value: false
hidrotherms.com/	1970-01-20 10:42:18	Name: kampyle_userid Value: b300-2aee-6480-4da9-4763-fda8-dd79-a58d
hidrotherms.com/	1970-01-20 10:42:18	Name: kampyleUserSession Value: 1648602554207
hidrotherms.com/	1970-01-20 10:42:18	Name: kampyleUserSessionsCount Value: 1
hidrotherms.com/	1970-01-20 10:42:18	Name: kampyleSessionPageCounter Value: 1
.hidrotherms.com/	1970-01-20 10:42:18	Name: cd_user_id Value: 17fd85ea2acbb6-08439e57c09fd-9771a39-1d4c00-17fd85ea2ad97e
.doubleclick.net/	1970-01-20 01:56:43	Name: test_cookie Value: CheckForPermission

44 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://hidrotherms.com/cts/city.com/ Message: Access to font at 'https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff' from origin 'https://hidrotherms.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://citimobile.citibankonline.com' that is not equal to the supplied origin.
network	error	URL: https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://hidrotherms.com/cts/city.com/ Message: Access to font at 'https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff' from origin 'https://hidrotherms.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://citimobile.citibankonline.com' that is not equal to the supplied origin.
network	error	URL: https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://hidrotherms.com/cts/city.com/ Message: Access to font at 'https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Regular.woff' from origin 'https://hidrotherms.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://citimobile.citibankonline.com' that is not equal to the supplied origin.
network	error	URL: https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Regular.woff Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://www.hidrotherms.com/cts/city.com/img/logo.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.hidrotherms.com/cts/city.com/img/bat.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.hidrotherms.com/cbol-pre-login-static-assets/assets/partner-login/qr/images/qrsignon-1.png Message: Failed to load resource: the server responded with a status of 404 ()
javascript	error	URL: https://hidrotherms.com/cts/city.com/ Message: Access to font at 'https://www.hidrotherms.com/cts/city.com/img/cds-assets/fonts/interstate/Interstate-Bold.woff' (redirected from 'https://hidrotherms.com/cts/city.com/img/cds-assets/fonts/interstate/Interstate-Bold.woff') from origin 'https://hidrotherms.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.hidrotherms.com/cts/city.com/img/cds-assets/fonts/interstate/Interstate-Bold.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://hidrotherms.com/cts/city.com/ Message: Access to font at 'https://www.hidrotherms.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff' (redirected from 'https://hidrotherms.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff') from origin 'https://hidrotherms.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.hidrotherms.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://hidrotherms.com/cts/city.com/ Message: Access to font at 'https://www.hidrotherms.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff' (redirected from 'https://hidrotherms.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff') from origin 'https://hidrotherms.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.hidrotherms.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://hidrotherms.com/cts/city.com/ Message: Access to font at 'https://www.hidrotherms.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf' (redirected from 'https://hidrotherms.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf') from origin 'https://hidrotherms.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.hidrotherms.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://hidrotherms.com/cts/city.com/ Message: Access to font at 'https://www.hidrotherms.com/cts/city.com/img/cds-assets/fonts/interstate/Interstate-Bold.ttf' (redirected from 'https://hidrotherms.com/cts/city.com/img/cds-assets/fonts/interstate/Interstate-Bold.ttf') from origin 'https://hidrotherms.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.hidrotherms.com/cts/city.com/img/cds-assets/fonts/interstate/Interstate-Bold.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://hidrotherms.com/cts/city.com/ Message: Access to font at 'https://www.hidrotherms.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf' (redirected from 'https://hidrotherms.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf') from origin 'https://hidrotherms.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.hidrotherms.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://hidrotherms.com/cts/city.com/ Message: Access to font at 'https://www.hidrotherms.com/cts/city.com/img/commonui-assets/fonts/interstate/Interstate-Bold.woff' (redirected from 'https://hidrotherms.com/cts/city.com/img/commonui-assets/fonts/interstate/Interstate-Bold.woff') from origin 'https://hidrotherms.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.hidrotherms.com/cts/city.com/img/commonui-assets/fonts/interstate/Interstate-Bold.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://hidrotherms.com/cts/city.com/ Message: Access to font at 'https://www.hidrotherms.com/cts/city.com/img/cds-assets/fonts/interstate/Interstate-Light.woff' (redirected from 'https://hidrotherms.com/cts/city.com/img/cds-assets/fonts/interstate/Interstate-Light.woff') from origin 'https://hidrotherms.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.hidrotherms.com/cts/city.com/img/cds-assets/fonts/interstate/Interstate-Light.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://hidrotherms.com/cts/city.com/ Message: Access to font at 'https://www.hidrotherms.com/cts/city.com/img/commonui-assets/fonts/interstate/Interstate-Bold.ttf' (redirected from 'https://hidrotherms.com/cts/city.com/img/commonui-assets/fonts/interstate/Interstate-Bold.ttf') from origin 'https://hidrotherms.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.hidrotherms.com/cts/city.com/img/commonui-assets/fonts/interstate/Interstate-Bold.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://hidrotherms.com/cts/city.com/ Message: Access to font at 'https://www.hidrotherms.com/cts/city.com/img/cds-assets/fonts/interstate/Interstate-Light.ttf' (redirected from 'https://hidrotherms.com/cts/city.com/img/cds-assets/fonts/interstate/Interstate-Light.ttf') from origin 'https://hidrotherms.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.hidrotherms.com/cts/city.com/img/cds-assets/fonts/interstate/Interstate-Light.ttf Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://cdn.pbbl.co/r/1560.js Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709 Message: Failed to load resource: the server responded with a status of 451 ()
javascript	error	URL: https://hidrotherms.com/cts/city.com/ Message: Access to XMLHttpRequest at 'chrome-extension://ghbmnnjooekpmoecnnnilnnbdlolhkhi/page_embed_script.js' from origin 'https://hidrotherms.com' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-untrusted, https.
network	error	URL: chrome-extension://ghbmnnjooekpmoecnnnilnnbdlolhkhi/page_embed_script.js Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://hidrotherms.com/cts/city.com/ Message: Access to XMLHttpRequest at 'chrome-extension://ghbmnnjooekpmoecnnnilnnbdlolhkhi/page_embed_script.js' from origin 'https://hidrotherms.com' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-untrusted, https.
network	error	URL: chrome-extension://ghbmnnjooekpmoecnnnilnnbdlolhkhi/page_embed_script.js Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://hidrotherms.com/cts/city.com/ Message: Access to XMLHttpRequest at 'chrome-extension://ghbmnnjooekpmoecnnnilnnbdlolhkhi/page_embed_script.js' from origin 'https://hidrotherms.com' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-untrusted, https.
network	error	URL: chrome-extension://ghbmnnjooekpmoecnnnilnnbdlolhkhi/page_embed_script.js Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://hidrotherms.com/cts/city.com/ Message: Access to font at 'https://www.hidrotherms.com/cts/city.com/img/commonui-assets/fonts/interstate/Interstate-Light.woff' (redirected from 'https://hidrotherms.com/cts/city.com/img/commonui-assets/fonts/interstate/Interstate-Light.woff') from origin 'https://hidrotherms.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.hidrotherms.com/cts/city.com/img/commonui-assets/fonts/interstate/Interstate-Light.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://hidrotherms.com/cts/city.com/ Message: Access to font at 'https://www.hidrotherms.com/cts/city.com/img/commonui-assets/fonts/interstate/Interstate-Light.ttf' (redirected from 'https://hidrotherms.com/cts/city.com/img/commonui-assets/fonts/interstate/Interstate-Light.ttf') from origin 'https://hidrotherms.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.hidrotherms.com/cts/city.com/img/commonui-assets/fonts/interstate/Interstate-Light.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	warning	URL: https://hidrotherms.com/cts/city.com/ Message: The resource https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://hidrotherms.com/cts/city.com/ Message: The resource https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Regular.woff was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://hidrotherms.com/cts/city.com/ Message: The resource https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

20766699p.rfihub.com
89oebq5ka4b25zymnoyrkbsdklbqrknifamjhly35527618d41f91b6aam1.e.aa.online-metrix.net
89oebq5kczg3ghvfhl4btlj7hqcgbmpe5jomxzqk31f079b47db06ff4am1.e.aa.online-metrix.net
89oebq5ke4nv7d4lu5o7uz5ykg5teccehmspyww56b89f78c1aa12a6cam1.e.aa.online-metrix.net
bat.bing.com
c.bing.com
c.clarity.ms
c.tvpixel.com
c1.rfihub.net
cdn.pbbl.co
citi.demdex.net
cm.everesttech.net
content22.online.citi.com
contents3.00110.citi.com
d.agkn.com
dpm.demdex.net
ghbmnnjooekpmoecnnnilnnbdlolhkhi
googleads.g.doubleclick.net
h.online-metrix.net
hidrotherms.com
metrics1.citi.com
nebula-cdn.kampyle.com
nexus.ensighten.com
online.citi.com
p.tvpixel.com
prod.report.nacustomerexperience.citi.com
resources.digital-cloud-citi.medallia.com
sr.rlcdn.com
stags.bluekai.com
tags.bkrtx.com
udc-neb.kampyle.com
www.citi.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.hidrotherms.com
content22.online.citi.com
ghbmnnjooekpmoecnnnilnnbdlolhkhi
www.citi.com
www.hidrotherms.com
104.111.215.191
104.92.75.138
108.179.252.62
142.250.185.162
143.204.98.10
15.188.95.229
151.101.130.133
151.101.65.175
18.195.42.228
18.235.170.13
192.193.200.243
193.0.160.129
2600:9000:2156:2600:1d:bf0a:0:93a1
2600:9000:2156:be00:1:76cf:fe80:93a1
2620:1ec:c11::200
2a00:1450:4001:808::2008
2a00:1450:4001:80f::2003
2a00:1450:4001:811::2004
2a00:1450:4001:82f::2002
3.120.51.47
34.242.106.163
35.190.60.146
35.241.45.82
52.141.218.213
52.142.114.2
52.215.111.225
52.51.88.158
91.235.132.130
91.235.133.67
91.235.134.131
96.16.135.39
008aaa0eebea326ea356339b06467c2eb5f98d4b76759ae45f6eb1f953db28ee
0264c5423e565a05bcc16d1abdfec999c4e92fd5ea90146251a8549cb93773f6
02e871a789bf3801140ce6b9d8a205d308ca81bce448e87fb6bdd60ee98cafc1
094f2e28ded6db6a7a8a5115d832c324d6009d84bb2b550a89810cf1802e0bb9
0bcb15216559cb490a994fc29303e9e66b109926890e7d3abfddbbfcef347c8e
0c568bfe19dfcb7530599f06725ccad6c7c80d8e29b2d21acf3fbb10a7d6f15a
0e8665d56063213d42b3650b1325534735f0fefe09ee48a7f734f83b5e4bfdfe
0ed87b4fd56a4ea6f91e90ec9227281332adcb6d90c16871ddd93a8b0769fa24
0f01978ff439dabef0d32ee01460f5d0d0563b53efa8bb7b2b0d257ce5c3dfbf
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed
11b87923a399fe448c9e7a69ce55b551fd0fab3803854cf43609a626be26bed3
1243ffed4530d6d237dd040101bf2933687f6e9272b10132060115058f914206
1a6193c0936ec29f4350799172f83ad78a95112799ea30c662e80f25b418361c
1eb42101ce54fe62f817a560608ecdf28439729a75e7b0c3b48753161dece73e
209db3111df8be4b0414ecda1956ec28c519bd0e0d5da80b300e322e082eeef1
21201ecc3c1f81d2725b4f6b81c4dfa208edabe6a023711d6b48933b7acabf84
24ef04068969210454f752e9d8a9155e1a09ec0f8b3141a4cdb61060e1d5633c
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2c3e0f1421ec0c865caf07a6fee834c43eb456613a9d1aee3a3db0c463c9d340
2d9c56f0fb260cee2ef3fe2b0e94a008cdc359630b35696d79967d7564cfc4fb
31b00ff4929696dfca06885da68e58c3e09f6ecb4ae0fe1ae287e99a3fd1f716
33a5a6ffd12f5076076ee49e95ce48f69c5ab39c391be9385e9210d2fbfe618d
3701cadc5fc84e8ad639f83a87e20d82575e3cc28d479d73a0e66e5230e71c65
385f037070022c1a4ad9683a1b54a4953120436bfc9ce66df4a6599b2488d596
3b1b9d8e3c22e95ddf47154690af5ca4a67475fe23225999d0be41a51213902f
3c61d14457bf067d5dbda8c559a3b9d40b71ec02816f8e3dc5cc9e7838e06a4a
3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1
3f383b43ed678109c3a4006112945b4381899317658913dcf1d061a55b47cab5
4027f452062da70c1206681e4d1e3ad20d633d217bcd0f954f98e4ea7743c842
441dbbcac58f504c76ab5ff91afa232a4f7734790a9fd2345cad297f00537aa0
44c36e682418ebd44513d8891d39751e69b6f4cb66c33caec68b8c99784c08eb
48451bef935eba4b7a149a7b6dc16cc7183e75cb2887d571a3382ae3f155686a
48e89b7e40e096b89d864a5c8ee340ce44ca60fe9675310ef2f3f40a53a7d593
4b1b13a9bf37b3f15910d0b01bdfd90420f20445ac1cd4dcf296831d5df43c04
4f9fd9895e83793d5ad6d3eda4c4d86b306c917b93a8e4a5944a6ad9515f7f1f
53074df5733dc65a1de490d124a00fc25a7a7ff514b607be744a05c50faca4b8
53350525edba0b889e87ea52a16ed843a928a2557e9f8d6747acd7ff991c95c3
5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837
53c561089a7987d29afa32543f9d7585b9a4f565b0b6c54b703e802f2f52d386
5a2aa8a1ce876434e8f0912c3be63026f79d0b0f24ea591e5379d9186fae451f
5cbb5852d6dd001b4defb3f6ace7f8beb88d0f19d20d00ebfd086a24c31988db
5df469ee4da2bc124065cb8df0e24173c5cbc8b9e0c807960fc39c93ffb640c8
60efe6c61d482a9ad16c13a430e4f9b230d4a7667873a043327afadd372bef6d
61d8137d275f12306e177bc726c2b3e072f9efa4743a0ace6ecbcf7a0932fd07
61e01b4da87624c5972c4f051d92695a76fa8491c2c1512342b714b9f5db2008
62dc9854208b9e1d672975fb472853c405df8f691915ca94dc27b6c7d8ddf77d
6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b
66e0a4b3019f0e19c99a314095a7e13932cd8afcb82a236475abf3f8723ea69d
677cec65f2895fca126756615b8f96c2801078d2b59a98bab4aab3ee8a89d645
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b
6a4572cbce614543d10ffc2276b91140ecb0b0b9e2de0b9a87d4bc4016051f17
6bb0c1eaae6f6770f889c139ca441c1c21ab76ba7cd86cb28600955f3ee15302
6f56350d404b7363262ab1a2331f6ee082822c230c2dda9061439acb0ee2ea29
74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b
74e6d044e6e3cd891c155921c7486752c5f0461dbc8cb7e7b92a027d3da2941f
76b3e3ecb44a3b1216be2633c4736dc6fbef5a83a7058b7919dcb1489b5b211b
76fb126ee024dcf4a093ac4d3614448b9281355f1033a422fc929298e88fa877
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7c538f8a3c3e0da60b45759f24187eb0b25dd0531a5a2609302ed0b6b88365b7
7c61e941b642ce421086c40e8edd357d643de75763ebe83073d329f2693f6786
7ce1ab6d7d544d02fdbfd070df6d6290a630944648f78629bccf6b7c426254ff
7df13706eaab8ce9a3dcd2a501f60bc66987c83834d07dfaf07ae56ef814c110
7e035fe791d86c0346cacc50c10ab1cea6941f3dae04a87b7acc0e30ce6436d9
7e69abfd8a5aeeffd9a6f8e6ffa3aeb11c8a7b2923af4911a8deefd139368ca1
7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f
84129e02573a4f7ca911b6b37f7129a748efdae9decea2efe415ffeabf1a66bb
85272ec3d43640c29bdc41f4f2f7c2942b2f96d76254e8b2802006eab8bc44fa
8540c5e2d2e85cc6c5d46b1b06b7f6642dce39e0314299a08976cfe6053c7c52
87c763c6b05015e55915d0a1e6647e4e5d0b996e78d79e1afe228dd33b68e65b
88cd43c3f5453f7b4db2cbe884b47db3c8317860a2ce6e9b2bc934ff4b8e32eb
8a13175818c1064520ce05abb77e35d1c88111dcf0cd991d5227a55ff196a7e3
8cce4b434becd61058f7f911f761996c8e3aab03b12bc2861142960a98bc08db
93a2bf9c16a92eea122a84d246579a50fb89c3b269c78c080588cee14129b2c7
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
9616865a4344d7bd7631fb93925d422d89ea1db93bc52f9d217354841c2bdf3a
967a765de5c8723590db8b187db737a6779d0fd6e6c21bab393d93d0996439f5
96826fb02b92df09140aad9b47ce6c0988b65d638a941f5a63fb2a33a1a6833e
97264268a9c8d556199c774b82eae64f91a1b3979e53e13e4bdceedf16679773
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9d8bd151fa62285091c5ee38da71396bd5cfd92f91c833cd4c785de54c5ede9a
a079bb0d5590826bcc664715122004dff51e76c79608bc29f586c9388b623b77
a1012b65a2ec44d9f1a2e3a11f74e644e505cb6544e3717b4442cb9aa73452b0
a38709093d18eab6976c76c38e9776c1f64e8e2b20a697b260330aa2a4e41877
a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f
a9a43473908fb995ecdc6bd80d80fd42d3e43bf31687aff0978d7389de2573aa
ac3211cc5864f812b2e7fe668137258fe2e2405cc42642d4fbcd07199f3c4028
b2f64ca38860d135b6d6b4b89f63d9e8842d32e05e92c6f337f68a57308156c3
b49bc154974730d2954aee4c055dacd8d71e7cb2e2eec1d42f0688a8ba8a6826
b4d7c52d0920ce3ce14dd5f198df3fb2e9bf39ff31e209a92cf146c86de4ce62
b5d1c26722742c44e62a4fbb4b67117d2587aa320f61784a27fea9d66d9f62b4
b6f517c4279c052b89206db39d95274ef20699f4142aaa9e4339790d3228a64f
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8
bf8892a953595eb96b9ca68c5756849d404115dcf2ee9bf87e8b4e7b3cf8e650
c1b3f3803c42132039b21ce8921335c9cb785a58d513fdc04b0350434bec8e29
c3e52e2768c6883e8d5d4df742e1f568d06c36d8dd1f849ccc763dec25785821
c437eb764a99e6cd5172d63c3fae564bbc51eda4981058d5edebd2bf0700eb76
c49f7ec632ced66bfd8ac1ed0cc98a6c8e583f7b36e1faccf190a04955d39c01
c53e30430accdb4f8dac0b1a6e3773351faade4937d323fdc8782278aa6c87dc
c8b3e1e2d569a9e4ef19e0b1e615750b5be5b210ee012f49dd9646fe1660b4c8
c8bc330a07fc8ba4ead1f924570b2eeb220dfb170e86ea6594f7a2daef2efc16
c9c84a02bd7802730402506e08933a2bf019ce78600f266189b86a2d53c0bdd6
cae0ae2d67aac89367108586ebd25e00afc5d0f8110e6eb71b8d274037f7a5d8
ccfb5db43003cacddbd0448e046ce4566e75aed58c16373cb087c89b2a0be0b8
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d8c9104153ad82c0844b013d458a55c4787915e7da1ea8e521a6aceeed596ecf
d9181c42b463ba85677421a93ae1ba80ae774c9bf8af67200ed78a419bd067a0
d9cfab9e3d253c199d21b744b2db5eaa8ebe01910fd7205091cc85d75a417794
dc876f814074650acde84db7a7f34c583f043b83130e5de49de65f18d1ee2683
ddec14acc0874ecb8f1d72e0675c6cb4ee23bc42ecafac7164f3bf40d847b172
dfb30742c209a6119b53853df43d609166ce3b72e09c0f6d7bafaac8a4f1bd00
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5c725c5a6510cd7323ff66fa032e69cfe7aec1dd042911cae0607d071670eec
e76caa473d34a77670863ffd51ee0e59b44c4bdc6367aa0e8e698bf6b264919f
e83c9c5a686b6460be3df5f34ddbe456588d4f575083e74045a00c4ff2be7db0
e94feefca82a350262c842dac1fe5aee4ae851efced05a80bee55f6b2eb3b7b3
ec92c710f2d67faf40a7c39947630493ffd75ca46a82cfadde25e8eb05e53bf3
ecddeb2adfa02b823671f9e56787dd23cadfe86fa9042940d5fea9e38054c174
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efcb0e09a533713a54d617f43991909e46d6430c9c1531787ea15492a15b9e86
f1e94a544cd45f9c17e65de0d984263659f451a9d0be5821d469abcf76fa0c0d
f23485e8b9c368f28f18a0bb110573df79c00ac3a2ca71d68017db100207639d
fbfbcd5ac1839093e7f7fed9f57af9bdca51c799c591af25b624ebc421fdd052
fcf804ddfb639af57ed1b90ce4f502764c3f8cff93442841efeca2416ac847f3

hidrotherms.com Open in urlscan Pro 108.179.252.62 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

226 Requests

88 %HTTPS

23 %IPv6

24 Domains

37 Subdomains

31 IPs

4 Countries

4553 kBTransfer

11321 kBSize

40 Cookies

34 Outgoing links

Redirected requests

226 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

hidrotherms.com Open in urlscan Pro
108.179.252.62 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

226
Requests

88 %
HTTPS

23 %
IPv6

24
Domains

37
Subdomains

31
IPs

4
Countries

4553 kB
Transfer

11321 kB
Size

40
Cookies

226 HTTP transactions
0 data transactions