tw-ec.com Open in urlscan Pro
66.113.180.84 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
Submission: On June 17 via automatic, source openphish (June 17th 2020, 1:27:07 am UTC)

Summary HTTP 73 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 24 IPs in 6 countries across 21 domains to perform 73 HTTP transactions. The main IP is 66.113.180.84, located in Chicago, United States and belongs to NETNATION, CA. The main domain is tw-ec.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on June 1st 2020. Valid for: 3 months.

This is the only time tw-ec.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citibank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
2	66.113.180.84 66.113.180.84	14280 (NETNATION) (NETNATION)
1	172.217.21.194 172.217.21.194	15169 (GOOGLE) (GOOGLE)
2	151.101.13.175 151.101.13.175	54113 (FASTLY) (FASTLY)
2	13.226.154.56 13.226.154.56	16509 (AMAZON-02) (AMAZON-02)
8	2a00:1450:400... 2a00:1450:4001:824::2008	15169 (GOOGLE) (GOOGLE)
1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.226.145.171 13.226.145.171	16509 (AMAZON-02) (AMAZON-02)
1	104.111.247.111 104.111.247.111	16625 (AKAMAI-AS) (AKAMAI-AS)
1	104.111.245.241 104.111.245.241	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
17	18.197.253.20 18.197.253.20	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:820::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:816::200e	15169 (GOOGLE) (GOOGLE)
15	92.123.176.136 92.123.176.136	16625 (AKAMAI-AS) (AKAMAI-AS)
2	151.101.114.133 151.101.114.133	54113 (FASTLY) (FASTLY)
2 4	2a00:1450:400... 2a00:1450:4001:81e::2013	15169 (GOOGLE) (GOOGLE)
2 2	52.29.85.133 52.29.85.133	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:819::2004	15169 (GOOGLE) (GOOGLE)
1 5	34.241.125.133 34.241.125.133	16509 (AMAZON-02) (AMAZON-02)
2	185.31.128.128 185.31.128.128	54312 (ROCKETFUEL) (ROCKETFUEL)
1	15.188.154.177 15.188.154.177	16509 (AMAZON-02) (AMAZON-02)
1 1	66.117.28.86 66.117.28.86	15224 (OMNITURE) (OMNITURE)
1	35.241.8.149 35.241.8.149	15169 (GOOGLE) (GOOGLE)
1	23.43.114.84 23.43.114.84	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	52.48.230.192 52.48.230.192	16509 (AMAZON-02) (AMAZON-02)
1	35.241.45.82 35.241.45.82	15169 (GOOGLE) (GOOGLE)
73	24

2 66.113.180.84 (Chicago, United States)

ASN14280 (NETNATION, CA)
PTR: server.loginmktdigital.com

tw-ec.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.21.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s12-in-f194.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.13.175 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

nebula-cdn.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.226.154.56 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-154-56.dus51.r.cloudfront.net

cdn.pbbl.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:824::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.226.145.171 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-145-171.dus51.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.247.111 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-247-111.deploy.static.akamaitechnologies.com

c1.rfihub.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.245.241 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-245-241.deploy.static.akamaitechnologies.com

tags.bkrtx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 18.197.253.20 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com

nexus.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:816::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cse.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 92.123.176.136 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a92-123-176-136.deploy.static.akamaitechnologies.com

online.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.114.133 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

resources.digital-cloud-citi.medallia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:81e::2013 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

px0.pbbl.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.29.85.133 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-29-85-133.eu-central-1.compute.amazonaws.com

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:819::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.241.125.133 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-241-125-133.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
citi.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.31.128.128 (Netherlands)

ASN54312 (ROCKETFUEL, US)

a.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
20766699p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.188.154.177 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-188-154-177.eu-west-3.compute.amazonaws.com

metrics1.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.117.28.86 (United States) 1 redirects

ASN15224 (OMNITURE, US)

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.8.149 (Ascension Island)

ASN15169 (GOOGLE, US)
PTR: 149.8.241.35.bc.googleusercontent.com

sr.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.43.114.84 (Netherlands)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a23-43-114-84.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.48.230.192 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-48-230-192.eu-west-1.compute.amazonaws.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.82 (Ascension Island)

ASN15169 (GOOGLE, US)
PTR: 82.45.241.35.bc.googleusercontent.com

udc-neb.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	ensighten.com nexus.ensighten.com	174 KB
16	citi.com online.citi.com metrics1.citi.com	362 KB
8	googletagmanager.com www.googletagmanager.com	260 KB
6	pbbl.co 2 redirects cdn.pbbl.co px0.pbbl.co	10 KB
5	demdex.net 1 redirects dpm.demdex.net citi.demdex.net	4 KB
4	google.com cse.google.com www.google.com	101 KB
3	kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com	11 KB
2	rfihub.com a.rfihub.com 20766699p.rfihub.com	686 B
2	agkn.com 2 redirects aa.agkn.com	800 B
2	medallia.com resources.digital-cloud-citi.medallia.com	58 KB
2	ytimg.com s.ytimg.com	51 KB
2	adsrvr.org js.adsrvr.org insight.adsrvr.org	2 KB
2	tw-ec.com tw-ec.com	8 KB
1	bluekai.com stags.bluekai.com
1	rlcdn.com sr.rlcdn.com
1	everesttech.net 1 redirects cm.everesttech.net	554 B
1	youtube.com www.youtube.com	1 KB
1	bkrtx.com tags.bkrtx.com	11 KB
1	rfihub.net c1.rfihub.net	7 KB
1	bing.com bat.bing.com	8 KB
1	googleadservices.com www.googleadservices.com	11 KB
73	21

	Domain	Requested by
17	nexus.ensighten.com	tw-ec.com nexus.ensighten.com
15	online.citi.com	tw-ec.com
8	www.googletagmanager.com	tw-ec.com
4	dpm.demdex.net	1 redirects tw-ec.com nexus.ensighten.com
4	px0.pbbl.co	2 redirects tw-ec.com
3	www.google.com	cse.google.com
2	aa.agkn.com	2 redirects
2	resources.digital-cloud-citi.medallia.com	tw-ec.com resources.digital-cloud-citi.medallia.com
2	s.ytimg.com	tw-ec.com www.youtube.com
2	cdn.pbbl.co	tw-ec.com cdn.pbbl.co
2	nebula-cdn.kampyle.com	tw-ec.com resources.digital-cloud-citi.medallia.com
2	tw-ec.com	tw-ec.com
1	udc-neb.kampyle.com
1	insight.adsrvr.org	js.adsrvr.org
1	stags.bluekai.com	tags.bkrtx.com
1	sr.rlcdn.com	nexus.ensighten.com
1	cm.everesttech.net	1 redirects
1	metrics1.citi.com	nexus.ensighten.com
1	citi.demdex.net	nexus.ensighten.com
1	20766699p.rfihub.com	c1.rfihub.net
1	a.rfihub.com	c1.rfihub.net
1	cse.google.com	tw-ec.com
1	www.youtube.com	tw-ec.com
1	tags.bkrtx.com	tw-ec.com
1	c1.rfihub.net	tw-ec.com
1	js.adsrvr.org	tw-ec.com
1	bat.bing.com	tw-ec.com
1	www.googleadservices.com	tw-ec.com
73	28

This site contains links to these domains. Also see Links.

Domain
online.citi.com
www.citi.com
www.citicards.com

Subject Issuer	Validity	Valid
tw-ec.com cPanel, Inc. Certification Authority	`2020-06-01` - `2020-08-30`	3 months	crt.sh
www.googleadservices.com GTS CA 1O1	`2020-05-26` - `2020-08-18`	3 months	crt.sh
j.ssl.fastly.net GlobalSign Organization Validation CA - SHA256 - G2	`2020-05-18` - `2022-08-21`	2 years	crt.sh
*.pbbl.co Amazon	`2020-01-01` - `2021-02-01`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-05-26` - `2020-08-18`	3 months	crt.sh
www.bing.com Microsoft IT TLS CA 2	`2019-04-30` - `2021-04-30`	2 years	crt.sh
*.adsrvr.org Trustwave Organization Validation SHA256 CA, Level 1	`2019-03-07` - `2021-04-19`	2 years	crt.sh
*.rfihub.net DigiCert SHA2 Secure Server CA	`2020-04-01` - `2021-07-01`	a year	crt.sh
*.bkrtx.com DigiCert SHA2 Secure Server CA	`2020-02-28` - `2021-05-29`	a year	crt.sh
*.google.com GTS CA 1O1	`2020-05-26` - `2020-08-18`	3 months	crt.sh
nexus.ensighten.com DigiCert SHA2 Secure Server CA	`2019-10-03` - `2020-10-02`	a year	crt.sh
online.citibank.com DigiCert SHA2 Extended Validation Server CA	`2020-03-13` - `2022-05-14`	2 years	crt.sh
*.digital-cloud-citi.medallia.com SSL.com DV CA	`2018-11-13` - `2020-11-12`	2 years	crt.sh
px0.pbbl.co GTS CA 1D2	`2020-04-30` - `2020-07-29`	3 months	crt.sh
www.google.com GTS CA 1O1	`2020-05-26` - `2020-08-18`	3 months	crt.sh
*.demdex.net DigiCert SHA2 High Assurance Server CA	`2018-01-09` - `2021-02-12`	3 years	crt.sh
*.rfihub.com DigiCert SHA2 Secure Server CA	`2019-08-27` - `2020-08-31`	a year	crt.sh
metrics1.citi.com DigiCert SHA2 Extended Validation Server CA	`2018-08-31` - `2020-08-30`	2 years	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-14` - `2021-04-23`	a year	crt.sh
odc-prod-01.oracle.com DigiCert Secure Site ECC CA-1	`2020-04-14` - `2021-04-10`	a year	crt.sh
*.kampyle.com RapidSSL RSA CA 2018	`2020-02-11` - `2022-03-06`	2 years	crt.sh

This page contains 7 frames:

Primary Page: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
Frame ID: 5149F9C8137C548606FD53C99E3A4E36
Requests: 67 HTTP requests in this frame

Frame: https://20766699p.rfihub.com/ca.html?rfiidc=1040964860560802492&rfiaid=58004067c97f4c8693656e9af6f41dad&ver=9&ra=490&rb=648&ca=20766699&_o=17169175&_t=&ssv_cuuid=&ssv_pagename=&pe=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2F343072ff50612a1e354ddf2c40313a51%2Fcrm.php&pf=&ra=3382245471250549
Frame ID: 1B68619EFE5E5C8DD3FE6D11A93EA2AB
Requests: 1 HTTP requests in this frame

Frame: https://citi.demdex.net/dest5.html?d_nsid=0
Frame ID: 8DB10D72BEF6F3F3C8411079AF316D5D
Requests: 1 HTTP requests in this frame

Frame: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Frame ID: EB0E3B58F936E0CE4DA6A14DD41595D4
Requests: 1 HTTP requests in this frame

Frame: https://stags.bluekai.com/site/63068?ret=html&phint=language&phint=product&phint=event&phint=category&phint=page&phint=section1&phint=section2&phint=section3&phint=section4&phint=bankappstatus&phint=productID&phint=__bk_t%3DSign%20On%20to%20view%20your%20account&phint=__bk_k%3D&phint=__bk_l%3Dhttps%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2F343072ff50612a1e354ddf2c40313a51%2Fcrm.php&phint=__bk_v%3D3.1.5&limit=10&r=35761507
Frame ID: 8DE7B82A8E81E74D4786E5993A5DC865
Requests: 1 HTTP requests in this frame

Frame: https://cdn.pbbl.co/i/pp.html
Frame ID: 00E13E631FB170F3DD39D0590012AB7A
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=1jw5cvl&ref=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2F343072ff50612a1e354ddf2c40313a51%2Fcrm.php&upid=t1sl5ty&upv=1.1.0&orderid={orderid}&v={v}&vf={vf}&td1=undefined&td2=undefined&td3=undefined&td4=undefined&td5=https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php&td6={td6}&td7={td7}&td8={td8}&td9={td9}&td10={td10}
Frame ID: 74ED0EECBDD5E4885981F2363A8ABD50
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

OpenSSL (Web Server Extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Ensighten (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

script /\/\/nexus\.ensighten\.com\//i

Page Statistics

73
Requests

100 %
HTTPS

27 %
IPv6

21
Domains

28
Subdomains

24
IPs

6
Countries

1078 kB
Transfer

3579 kB
Size

8
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://online.citi.com/US/JSO/loginpage/retarget.action?loginscreenId=SignOn&next_page=jfp|dashboard&deepdrop=true&locale=es_US
Title: Español

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/open-a-bank-account
Title: Open an Account

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare/view-all-credit-cards
Title: View All Credit Cards

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare/0-percent-intro-apr-credit-cards
Title: 0% Intro APR Credit Cards

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare/balance-transfer-credit-cards
Title: Balance Transfer Credit Cards

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare/savings-and-cash-back-credit-cards
Title: Cash Back Credit Cards

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare/rewards-credit-cards
Title: Rewards Credit Cards

Search URL Search Domain Scan URL

URL: https://www.citicards.com/cards/credit/application/flow.action?isInvitation=N&OC=CC-CITI-3D5
Title: See If You're Pre-Qualified

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare/business-credit-cards
Title: Small Business Credit Cards

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=CitigoldOverview
Title: Citigold®

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 46

https://px0.pbbl.co/ns/__p2.gif?ppid=&chk=true&brid=&brcid=&email=&orderId=&orderValue=&productId=&offerCode=&label=&pageUrl=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2F343072ff50612a1e354ddf2c40313a51%2Fcrm.php&referrerUrl=&targetUrl=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2F343072ff50612a1e354ddf2c40313a51%2Fcrm.php&sessionId=&markerType=seg&rand=PjEaXTcdPtKqjPFD&iabOptOut=-&jsVer=3.2.1&frVer=&markerId=348192 HTTP 302
https://aa.agkn.com/adscores/g.pixel?sid=9212282598&_ppid=6c67dfd1-97bf-45c3-ab2f-1f978e0b6bcc&_segid=99&iid=fc506121-b30f-4276-8ac5-9b56f061a2cc HTTP 302
https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=6c67dfd1-97bf-45c3-ab2f-1f978e0b6bcc&_segid=99&_zip=&hk=&iid=fc506121-b30f-4276-8ac5-9b56f061a2cc&mt=&bd=

Request Chain 50

https://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1592357209897 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1592357209897

Request Chain 62

https://cm.everesttech.net/cm/dd?d_uuid=74819059017880210683355691337080008201 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=XulxWgAAA5RZX1L0

Request Chain 69

https://px0.pbbl.co/ns/__p2.gif?ppid=a5f03234-1fda-4562-9adc-55d57cbcf39d&chk=false&brid=1560&brcid=&email=&orderId=&orderValue=&productId=&offerCode=&label=&pageUrl=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2F343072ff50612a1e354ddf2c40313a51%2Fcrm.php&referrerUrl=&targetUrl=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2F343072ff50612a1e354ddf2c40313a51%2Fcrm.php&sessionId=&markerType=seg&rand=Pdon43A36e5CXvOK&iabOptOut=-&jsVer=3.2.1&frVer=1.1&markerId=348192 HTTP 302
https://aa.agkn.com/adscores/g.pixel?sid=9212282598&_ppid=a5f03234-1fda-4562-9adc-55d57cbcf39d&_segid=99&iid=54a31ce8-27f6-46e0-9b85-a1a26669deba HTTP 302
https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=a5f03234-1fda-4562-9adc-55d57cbcf39d&_segid=99&_zip=&hk=&iid=54a31ce8-27f6-46e0-9b85-a1a26669deba&mt=&bd=

73 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request crm.php Show response
tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/ 30 KB
8 KB 556ms
238ms Document
text/html 66.113.180.84
NETNATION

General

Check archive.org

Show headers Download Go to

Full URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 66.113.180.84 Chicago, United States, ASN14280 (NETNATION, CA),
Reverse DNS: server.loginmktdigital.com
Software: Apache/2.4.43 (cPanel) OpenSSL/1.1.1g mod_bwlimited/1.4 /
Resource Hash: 02541822a2ef51c24d16591f73ac8cf6e61fc365c53f13d45ad363b0193a0302

Request headers

Host: tw-ec.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Jun 2020 01:26:46 GMT
Server: Apache/2.4.43 (cPanel) OpenSSL/1.1.1g mod_bwlimited/1.4
Content-Encoding: gzip
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 29 KB
11 KB 36ms
36ms Script
text/javascript 172.217.21.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.21.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s12-in-f194.1e100.net

Software

cafe /

Resource Hash

a693efa7265b630e27e537f6ba09c5558a23b9ed2f57abdbf417c237a50a5156

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 11020
x-xss-protection: 0
server: cafe
etag: 13497728949557021888
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 17 Jun 2020 01:26:47 GMT

GET
H2 200 cool-2.1.15.min.js Show response
nebula-cdn.kampyle.com/resources/onsite/js/ 14 KB
5 KB 69ms
22ms Script
application/javascript 151.101.13.175
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.175 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:47 GMT
content-encoding: gzip
age: 0
accept-ranges: bytes
x-cache: HIT, HIT
status: 200
x-amz-request-id: 9951A5F978E3F1C8
x-amz-id-2: XqVaKHOURU7MwBcpCCMUctvOEFoT/DWescBxrAjf4sZMYSxmxYYg9yZGPXef3JTIqggebmjHsaM=
x-served-by: cache-iad2139-IAD, cache-fra19164-FRA
access-control-allow-origin: *
last-modified: Tue, 17 Mar 2020 11:10:17 GMT
server: AmazonS3
x-timer: S1592357207.047508,VS0,VE0
etag: "80dd5e3be5152c5c72d552c6a26ef6ff"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=31536000
content-length: 5197
x-cache-hits: 1, 253725

GET
H2 200 1560.js Show response
cdn.pbbl.co/r/ 33 KB
9 KB 173ms
122ms Script
application/javascript 13.226.154.56
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.pbbl.co/r/1560.js

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.226.154.56 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-226-154-56.dus51.r.cloudfront.net

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

8e60e8edaca8a3167fe48e62f9b53ba1989a5b6a23283555f09ab12175fed96e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Tue, 03 Mar 2020 17:36:15 GMT
server: nginx/1.10.3 (Ubuntu)
x-amz-cf-pop: DUS51-C1
status: 200
date: Wed, 17 Jun 2020 01:26:47 GMT
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
via: 1.1 50f438df6dbb947f3e4702890bc9cc06.cloudfront.net (CloudFront)
cache-control: max-age=1800, public
x-amz-cf-id: rGh2vRCi7UCPa-7bB5jexpJVLQiEikpc3fPdwopUYyBuxiwwsFKQFg==
x-xss-protection: 1
expires: Wed, 17 Jun 2020 01:56:47 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 83 KB
33 KB 19ms
18ms Script
application/javascript 2a00:1450:4001:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-677332377&l=dataLayer&cx=c

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8a29e88d6b49a7fd837d0e975baf34d816f9e18ae069ae691096278a35a73701

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:47 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33232
x-xss-protection: 0
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 17 Jun 2020 01:26:47 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 83 KB
33 KB 20ms
20ms Script
application/javascript 2a00:1450:4001:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c755d17450214bd5a8a1ce910845e29343980d8ddf9812f443503bfd34723475

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:47 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33231
x-xss-protection: 0
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 17 Jun 2020 01:26:47 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 83 KB
33 KB 35ms
34ms Script
application/javascript 2a00:1450:4001:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f689ff5f873be3f1749ed3299474e5b792c700d0ab230372a2b5a7cd9fda0a8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:47 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33232
x-xss-protection: 0
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 17 Jun 2020 01:26:47 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 83 KB
33 KB 22ms
22ms Script
application/javascript 2a00:1450:4001:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-916451471&l=dataLayer&cx=c

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6319178797b6a3400b501cd79ec72c77e74d96e7c74de4302880652c958a444a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:47 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33231
x-xss-protection: 0
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 17 Jun 2020 01:26:47 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 83 KB
33 KB 15ms
15ms Script
application/javascript 2a00:1450:4001:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e85a58eccc2a478531699234f67f8b7d7eb826b7fc111b25ddc65335c58870b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:47 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33233
x-xss-protection: 0
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 17 Jun 2020 01:26:47 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 25 KB
8 KB 40ms
29ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: b6f7b31210a709daca9760b215660b2cbe719757df3059364beeda005fca2dbe

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:47 GMT
content-encoding: gzip
last-modified: Wed, 10 Jun 2020 19:59:59 GMT
x-msedge-ref: Ref A: F6D0F561DCB648DF840526D5844396A2 Ref B: FRAEDGE1518 Ref C: 2020-06-17T01:26:47Z
status: 200
etag: "804946b8613fd61:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 7791

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 4 KB
2 KB 100ms
25ms Script
application/x-javascript 13.226.145.171
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.145.171 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-145-171.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0615974c40d602afdbf9759533e352bc17b0458c85aad6694b1a1ad20659625b

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Jun 2020 16:28:36 GMT
Content-Encoding: gzip
Last-Modified: Mon, 13 Jan 2020 19:16:48 GMT
Server: AmazonS3
Age: 32300
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
Via: 1.1 2395e6175733260a159a0b484ed8febd.cloudfront.net (CloudFront)
Connection: keep-alive
Transfer-Encoding: chunked
X-Amz-Cf-Pop: DUS51-C1
X-Amz-Cf-Id: glJ1uA-cL4TPkYPkCXYE0LKNZaSOkiHRP1PczfYCA8ffCTo-OOWftw==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 83 KB
33 KB 15ms
15ms Script
application/javascript 2a00:1450:4001:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6256710&l=dataLayer&cx=c

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1a494eeab02f36c9e54dac13dda7671dc383e7be18ca9ebf181008cd062975be

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:47 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33245
x-xss-protection: 0
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 17 Jun 2020 01:26:47 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 83 KB
33 KB 23ms
22ms Script
application/javascript 2a00:1450:4001:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6269322&l=dataLayer&cx=c

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a8eedbe1e0481498041c775d09b94d7b45f7a798d70d8824ade377490681597b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:47 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33244
x-xss-protection: 0
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 17 Jun 2020 01:26:47 GMT

GET
H/1.1 200
OK tc.min.js Show response
c1.rfihub.net/js/ 20 KB
7 KB 75ms
25ms Script
application/x-javascript 104.111.247.111
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.rfihub.net/js/tc.min.js
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.247.111 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-247-111.deploy.static.akamaitechnologies.com
Software: Jetty(9.0.6.v20130930) /
Resource Hash: cb2bb21705b9cce9781d02c9223f3344a65bd5314027d11c5a8518ad4bd84e84

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Jun 2020 01:26:47 GMT
Content-Encoding: gzip
Last-Modified: Wed, 08 Apr 2020 01:56:14 GMT
Server: Jetty(9.0.6.v20130930)
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: public, max-age=3600
Connection: keep-alive
Content-Type: application/x-javascript
Content-Length: 6375
Expires: Wed, 17 Jun 2020 02:26:47 GMT

GET
H/1.1 200
OK bk-coretag.js Show response
tags.bkrtx.com/js/ 30 KB
11 KB 75ms
25ms Script
application/javascript 104.111.245.241
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://tags.bkrtx.com/js/bk-coretag.js

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.245.241 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-245-241.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

d406a6cab9bdacdbb630437c932d1c38fa7ebbfedccb57b90952610e8b2b2130

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15724800; includeSubDomains
Content-Encoding: gzip
Last-Modified: Tue, 26 May 2020 20:03:16 GMT
Server: nginx/1.15.8
ETag: W/"5ecd7604-784f"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=604800
Date: Wed, 17 Jun 2020 01:26:48 GMT
Connection: keep-alive
Content-Length: 10652
Expires: Wed, 24 Jun 2020 01:26:48 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 83 KB
33 KB 20ms
19ms Script
application/javascript 2a00:1450:4001:824::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6260004

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

dc98dcf67096a5abf3b5e5f0e964aa8efbadbef9258abc2516e182a49de030e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:48 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33207
x-xss-protection: 0
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 17 Jun 2020 01:26:48 GMT

GET
H2 200 www-widgetapi.js Show response
s.ytimg.com/yts/jsbin/www-widgetapi-vfl_t-EQa/ 68 KB
26 KB 18ms
6ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s.ytimg.com/yts/jsbin/www-widgetapi-vfl_t-EQa/www-widgetapi.js

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f925b6e79c9db6aef97728f7c4799d0a6b2de63f02b85f5f6623bb7fcb9e3c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 14 Jun 2020 05:44:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 243736
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25703
x-xss-protection: 0
last-modified: Fri, 12 Jun 2020 21:42:42 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=691200
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
expires: Mon, 22 Jun 2020 05:44:32 GMT

GET
H2 200 557566dc60916e3de69e006bef252459.js Show response
nexus.ensighten.com/citi/na_prod/code/ 2 KB
961 B 23ms
23ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 31b00ff4929696dfca06885da68e58c3e09f6ecb4ae0fe1ae287e99a3fd1f716

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:48 GMT
content-encoding: gzip
last-modified: Tue, 27 Aug 2019 16:59:12 GMT
server: nginx
etag: W/"5d656160-887"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H2 200 119cb7baf6c8377b2b2693b16e566a65.js Show response
nexus.ensighten.com/citi/na_prod/code/ 588 B
770 B 23ms
23ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/119cb7baf6c8377b2b2693b16e566a65.js?conditionId0=4824253
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 08c82aa4b25dca6ee19448742bec9104d74edf74ddaad926de6bf1d68edd23b7

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:48 GMT
last-modified: Tue, 22 Oct 2019 16:59:12 GMT
server: nginx
etag: "5daf3560-24c"
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 588

GET
H2 200 7a9abd5b52a3e438cec898587d77cfa0.js Show response
nexus.ensighten.com/citi/na_prod/code/ 24 B
247 B 23ms
23ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/7a9abd5b52a3e438cec898587d77cfa0.js?conditionId0=3013337
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1eeac0c64e470dee27f5a247a04d72fdc46f8b5e6809fdd865c01dc56a2853a8

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:48 GMT
last-modified: Thu, 05 Apr 2012 12:15:43 GMT
server: nginx
etag: "4f7d8cef-18"
content-type: application/javascript; charset=utf-8
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 24
expires: Wed, 17 Jun 2020 01:26:47 GMT

GET
H2 200 8637af7c210f4e79436bc39f71b49bfa.js Show response
nexus.ensighten.com/citi/na_prod/code/ 1 KB
737 B 23ms
23ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/8637af7c210f4e79436bc39f71b49bfa.js?conditionId0=4827153
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 06dfb367edf9bbff810def9f75f8695b3ccfbcb2813306609fc6e18fcacfc17e

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:48 GMT
content-encoding: gzip
last-modified: Wed, 10 Jul 2019 12:57:13 GMT
server: nginx
etag: W/"5d25e0a9-412"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H2 200 8e65688c37e3cfac5fcf631a6bbebaf5.js Show response
nexus.ensighten.com/citi/na_prod/code/ 24 B
247 B 23ms
23ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/8e65688c37e3cfac5fcf631a6bbebaf5.js?conditionId0=467299
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1eeac0c64e470dee27f5a247a04d72fdc46f8b5e6809fdd865c01dc56a2853a8

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:48 GMT
last-modified: Thu, 05 Apr 2012 12:15:43 GMT
server: nginx
etag: "4f7d8cef-18"
content-type: application/javascript; charset=utf-8
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 24
expires: Wed, 17 Jun 2020 01:26:47 GMT

GET
H2 200 6079f51b39f93dfe6843f5f9d6980bc1.js Show response
nexus.ensighten.com/citi/na_prod/code/ 3 KB
1 KB 23ms
23ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/6079f51b39f93dfe6843f5f9d6980bc1.js?conditionId0=472983
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: c1abc9ffd5c0db801942f609d24750804687683543ad5194d5044a87829c5e31

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:48 GMT
content-encoding: gzip
last-modified: Tue, 04 Feb 2020 18:16:27 GMT
server: nginx
etag: W/"5e39b4fb-afb"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H2 200 d06a7425889facdccb0c0703252e84f2.js Show response
nexus.ensighten.com/citi/na_prod/code/ 24 B
247 B 23ms
23ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/d06a7425889facdccb0c0703252e84f2.js?conditionId0=486757
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1eeac0c64e470dee27f5a247a04d72fdc46f8b5e6809fdd865c01dc56a2853a8

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:48 GMT
last-modified: Thu, 05 Apr 2012 12:15:43 GMT
server: nginx
etag: "4f7d8cef-18"
content-type: application/javascript; charset=utf-8
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 24
expires: Wed, 17 Jun 2020 01:26:47 GMT

GET
H2 200 fdf45a7c15c1cee06bb71e10dac4e26e.js Show response
nexus.ensighten.com/citi/na_prod/code/ 989 B
1 KB 23ms
23ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 7df13706eaab8ce9a3dcd2a501f60bc66987c83834d07dfaf07ae56ef814c110

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:48 GMT
last-modified: Tue, 14 May 2019 17:01:42 GMT
server: nginx
etag: "5cdaf476-3dd"
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 989

GET
H2 200 2f8cdd7d5384233c3c08b77d77830f4b.js Show response
nexus.ensighten.com/citi/na_prod/code/ 3 KB
1 KB 23ms
23ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/2f8cdd7d5384233c3c08b77d77830f4b.js?conditionId0=4854834
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 64a50e5d7873ed91d8816ef8a4e583dbab9b2c41bb78c4e293723aed29ad61b4

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:48 GMT
content-encoding: gzip
last-modified: Wed, 27 May 2020 04:03:42 GMT
server: nginx
etag: W/"5ecde69e-cc8"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H2 200 452786ced3e658890f8f25121c88ab98.js Show response
nexus.ensighten.com/citi/na_prod/code/ 24 B
247 B 23ms
23ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/452786ced3e658890f8f25121c88ab98.js?conditionId0=421908
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1eeac0c64e470dee27f5a247a04d72fdc46f8b5e6809fdd865c01dc56a2853a8

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:48 GMT
last-modified: Thu, 05 Apr 2012 12:15:43 GMT
server: nginx
etag: "4f7d8cef-18"
content-type: application/javascript; charset=utf-8
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 24
expires: Wed, 17 Jun 2020 01:26:47 GMT

GET
H2 200 f1c71c10d3e2f87f440821ca1f9e2e65.js Show response
nexus.ensighten.com/citi/na_prod/code/ 2 KB
863 B 23ms
23ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/f1c71c10d3e2f87f440821ca1f9e2e65.js?conditionId0=480881
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e226935ba96b671378a7552d0669729f2b4733fab20624ed8018e86bad35401e

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:48 GMT
content-encoding: gzip
last-modified: Tue, 04 Feb 2020 18:16:27 GMT
server: nginx
etag: W/"5e39b4fb-631"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H2 200 iframe_api Show response
www.youtube.com/ 859 B
1 KB 35ms
22ms Script
application/javascript 2a00:1450:4001:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

fea31b925e08f792faec014611a6e2567fd23eb56549e03605d10f5ecc91c948

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:47 GMT
x-content-type-options: nosniff
server: YouTube Frontend Proxy
content-type: application/javascript
status: 200
cache-control: no-cache
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
expires: Tue, 27 Apr 1971 19:44:06 GMT

GET
H2 200 cse.js Show response
cse.google.com/cse/ 10 KB
4 KB 52ms
31ms Script
text/javascript 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gws /

Resource Hash

2e9a75694da6dbcce949afd25c0ac63fe36b333f66ddb78c3c54afbd1d6f723f

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:48 GMT
content-encoding: br
server: gws
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
status: 200
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-28=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3476
x-xss-protection: 0
expires: Wed, 17 Jun 2020 01:26:48 GMT

GET
H2 200 serverComponent.php Show response
nexus.ensighten.com/citi/na_prod/ 2 KB
836 B 104ms
54ms Script
text/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/serverComponent.php?r=382814.40512243094&ClientID=1129&PageID=https%3A%2F%2Fonline.citi.com%2FUS%2FJSO%2Floginpage%2Fretarget.action%3Fnext_page%3Ddashboard%26loginscreenId%3DSignOn%26deepdrop%3Dtrue%26intc%3D1~7~51~3~191101~8~LegacyHeader~LoginLink
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: c451772248a707259756c57bb7ef7cb253d535e2af27221ae055339dcccd71f6

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:47 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: no-cache, no-store
expires: Wed, 17 Jun 2020 01:26:46 GMT

GET
H/1.1 404
Not Found tagging.js
tw-ec.com/CBOL/taggingTransformation/ 0
0 2844ms
2842ms Script
text/html 66.113.180.84
NETNATION

General

Check archive.org

Show headers Download Go to

Full URL: https://tw-ec.com/CBOL/taggingTransformation/tagging.js
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 66.113.180.84 Chicago, United States, ASN14280 (NETNATION, CA),
Reverse DNS: server.loginmktdigital.com
Software: Apache/2.4.43 (cPanel) OpenSSL/1.1.1g mod_bwlimited/1.4 /
Resource Hash

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 17 Jun 2020 01:26:47 GMT
Content-Encoding: gzip
Server: Apache/2.4.43 (cPanel) OpenSSL/1.1.1g mod_bwlimited/1.4
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate, max-age=0
Transfer-Encoding: chunked
Connection: Keep-Alive
Link: <https://tw-ec.com/wp-json/>; rel="https://api.w.org/"
Keep-Alive: timeout=5, max=99
Expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 ddl.min.css
online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/ 624 KB
69 KB 113ms
39ms Stylesheet
text/css 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

6177c6163dc1ad67fb596a94ef3d18a277bfd437dbb3c1a928cd6caacefeff2e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 17:16:57 GMT
x-akamai-citisite: GTDC
date: Wed, 17 Jun 2020 01:26:47 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
expires: Wed, 17 Jun 2020 07:26:47 GMT
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 69738
content-type: text/css
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 jfpm.autocomplete.off.js Show response
online.citi.com/JFP/js/modules/ 1 KB
834 B 40ms
39ms Script
application/x-javascript 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JFP/js/modules/jfpm.autocomplete.off.js

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

9dad502247a8488c21ef5beb32aed1a78b17b748711bec817c472911f76b4ead

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
date: Wed, 17 Jun 2020 01:26:48 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
expires: Wed, 17 Jun 2020 07:26:48 GMT
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 344
content-type: application/x-javascript
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 main_branding.css
online.citi.com/GFC/branding/responsivebranding/css/ 273 KB
43 KB 152ms
79ms Stylesheet
text/css 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/GFC/branding/responsivebranding/css/main_branding.css

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

242cb1fe2274ec738de60067a2c54568126e01792e55d2db82f8cfb48cbb4f24

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 05 May 2020 09:06:51 GMT
x-akamai-citisite: GTDC
date: Wed, 17 Jun 2020 01:26:47 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
expires: Wed, 17 Jun 2020 07:26:47 GMT
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 43751
content-type: text/css
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 vendor.js Show response
online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/ 204 KB
64 KB 161ms
88ms Script
application/x-javascript 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/vendor.js

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

f2dd1ff20c3df202418f9d59c76f40bdb304d7a85d7163fc9935391528f3dee8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 17:22:45 GMT
x-akamai-citisite: GTDC
date: Wed, 17 Jun 2020 01:26:47 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
expires: Wed, 17 Jun 2020 07:26:47 GMT
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 64910
content-type: application/x-javascript
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 Bootstrap.js Show response
nexus.ensighten.com/citi/na_prod/ 311 KB
102 KB 88ms
38ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: d250860d730986fa3e4643c1aa67d3bb80af668ae140aa8b6888acdef53e739c

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:47 GMT
content-encoding: gzip
last-modified: Mon, 15 Jun 2020 15:13:13 GMT
server: nginx
etag: W/"5ee79009-4dbbb"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=300

GET
H2 200 homePage.min.css
online.citi.com/loginpage/styles/ 24 KB
5 KB 159ms
86ms Stylesheet
text/css 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/loginpage/styles/homePage.min.css

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

ed48ae9c1a324d49404d9fb4c508b880ca97a65f8fd21d352e241d1e4dfc50e2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Jun 2018 05:31:28 GMT
x-akamai-citisite: GTDC
date: Wed, 17 Jun 2020 01:26:47 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
expires: Wed, 17 Jun 2020 07:26:47 GMT
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 5032
content-type: text/css
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 jquery.tmpl.js Show response
online.citi.com/JFP/js/jquery/plugins/ 6 KB
3 KB 175ms
102ms Script
application/x-javascript 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JFP/js/jquery/plugins/jquery.tmpl.js

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

629b48196dcc270143a42ce57535b251c655617f8d510277d4a05306c426fd38

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
date: Wed, 17 Jun 2020 01:26:47 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
expires: Wed, 17 Jun 2020 07:26:47 GMT
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 2905
content-type: application/x-javascript
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 fp.min.js Show response
online.citi.com/JSO/js/ 15 KB
5 KB 40ms
39ms Script
application/x-javascript 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JSO/js/fp.min.js

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

c3c994c3fe9bd4e055f6d0eb42067ecd6bdd3247e136bc22835b9882cfe77c61

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 17:12:07 GMT
x-akamai-citisite: GTDC
date: Wed, 17 Jun 2020 01:26:48 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
expires: Wed, 17 Jun 2020 07:26:48 GMT
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 4322
content-type: application/x-javascript
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 cbol-smartSearch.css
online.citi.com/NCCS/smartSearch/css/ 8 KB
1 KB 160ms
87ms Stylesheet
text/css 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/NCCS/smartSearch/css/cbol-smartSearch.css

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

6d3001c9deac8cb1f88ea5254105f8d678de5532f1998a24eab1b59906eaf86b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 13 Feb 2018 16:10:30 GMT
x-akamai-citisite: GTDC
date: Wed, 17 Jun 2020 01:26:47 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
expires: Wed, 17 Jun 2020 07:26:47 GMT
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 899
content-type: text/css
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 HowCanWeHelpButton_default.png
online.citi.com/GFC/branding/img/ 3 KB
4 KB 39ms
39ms Image
image/png 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/GFC/branding/img/HowCanWeHelpButton_default.png

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

f35167f960fb0ce996db66bdfc5723771a4acc8e7206b282e7dfaa8c2ca81e3b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
last-modified: Mon, 27 Apr 2020 04:42:01 GMT
x-akamai-citisite: SWDC
date: Wed, 17 Jun 2020 01:26:48 GMT
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
content-length: 3364
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/png
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 main.css
online.citi.com/GFC/branding/responsivebranding/css/ 45 KB
7 KB 40ms
40ms Stylesheet
text/css 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/GFC/branding/responsivebranding/css/main.css

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

429d8af3190c76d5fcb9b1cad2aa6eb555684921323da905d62017fbdbf557c6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Wed, 26 Jun 2019 07:44:47 GMT
x-akamai-citisite: GTDC
date: Wed, 17 Jun 2020 01:26:47 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
expires: Wed, 17 Jun 2020 07:26:47 GMT
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 7108
content-type: text/css
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 rsa.js Show response
online.citi.com/CBOL/sec/debcaract/js/ 36 KB
11 KB 40ms
39ms Script
application/x-javascript 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/sec/debcaract/js/rsa.js

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

793c2f3d02d0bc3ad8a2cdc901b2134159b66245e951ac258fee1ac8b2709f44

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: GTDC
date: Wed, 17 Jun 2020 01:26:47 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
expires: Wed, 17 Jun 2020 07:26:47 GMT
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 10616
content-type: application/x-javascript
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 TMXProfiling.js Show response
online.citi.com/TMX/ 1 KB
1 KB 40ms
40ms Script
application/x-javascript 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/TMX/TMXProfiling.js

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

157430093a6d2ee63082eae5dabf826926d3b6259d33482aa6713c48728e82fa

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Fri, 10 Aug 2018 07:26:42 GMT
x-akamai-citisite: GTDC
date: Wed, 17 Jun 2020 01:26:47 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
expires: Wed, 17 Jun 2020 07:26:47 GMT
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 546
content-type: application/x-javascript
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 embed.js Show response
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ 2 KB
1 KB 65ms
20ms Script
application/javascript 151.101.114.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
Requested by: Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b84a6ee3aa9ea3d4b049cdb016d0005deade4abbe00ff05ec11c7efd366bff4a

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: mgQTkYdcRiRLQUJcdXLWi1M5ookEcoqM
content-encoding: gzip
etag: "9cae4dcb6a8a9556a0a5839bd5432d0d"
age: 37
via: 1.1 varnish
x-cache: HIT
status: 200
content-length: 675
x-amz-id-2: PGwWtWbcdjPe9HGXIO1yGg5ETDTyKDBY0jUWQPg2n5Cdq/UW9SXloiNJCETiwQm1s5k3515IlxQ=
x-served-by: cache-hhn4067-HHN
last-modified: Mon, 15 Jun 2020 20:21:11 GMT
server: AmazonS3
x-timer: S1592357207.352111,VS0,VE0
date: Wed, 17 Jun 2020 01:26:47 GMT
vary: Accept-Encoding
x-amz-request-id: 0CA505672AE3B401
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 4

GET
H2 200 www-widgetapi.js Show response
s.ytimg.com/yts/jsbin/www-widgetapi-vflF_QJuO/ 67 KB
25 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s.ytimg.com/yts/jsbin/www-widgetapi-vflF_QJuO/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf976a6c8a6bb7206d93bad74c6029bc3739a12a81f2e32433d81195e8f9c416

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Jun 2020 05:46:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 330045
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25512
x-xss-protection: 0
last-modified: Sat, 13 Jun 2020 04:07:05 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=691200
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
expires: Sun, 21 Jun 2020 05:46:03 GMT

GET
H2

200

adadvisor.gif
px0.pbbl.co/
Redirect Chain

https://px0.pbbl.co/ns/__p2.gif?ppid=&chk=true&brid=&brcid=&email=&orderId=&orderValue=&productId=&offerCode=&label=&pageUrl=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2F343072ff50612a1e354ddf2c40313a5...
https://aa.agkn.com/adscores/g.pixel?sid=9212282598&_ppid=6c67dfd1-97bf-45c3-ab2f-1f978e0b6bcc&_segid=99&iid=fc506121-b30f-4276-8ac5-9b56f061a2cc
https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=6c67dfd1-97bf-45c3-ab2f-1f978e0b6bcc&_segid=99&_zip=&hk=&iid=fc506121-b30f-4276-8ac5-9b56f061a2cc&mt=&bd=

42 B
131 B

136ms
136ms

Image
image/gif

2a00:1450:4001:81e::2013
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=6c67dfd1-97bf-45c3-ab2f-1f978e0b6bcc&_segid=99&_zip=&hk=&iid=fc506121-b30f-4276-8ac5-9b56f061a2cc&mt=&bd=

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Jun 2020 01:26:48 GMT
x-content-type-options: nosniff
server: Google Frontend
content-type: image/gif
status: 200
x-cloud-trace-context: c3315c71a625f24eb561019050aa1818
cache-control: must-revalidate, no-cache, no-store
content-length: 42
x-xss-protection: 1
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 17 Jun 2020 01:26:48 GMT
server: AAWebServer
status: 302
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location: https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=6c67dfd1-97bf-45c3-ab2f-1f978e0b6bcc&_segid=99&_zip=&hk=&iid=fc506121-b30f-4276-8ac5-9b56f061a2cc&mt=&bd=
cache-control: no-cache, no-store, must-revalidate
content-length: 0
expires: 0

GET
H2 200 cse_element__de.js Show response
www.google.com/cse/static/element/57975621473fd078/ 261 KB
87 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:819::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/57975621473fd078/cse_element__de.js?usqp=CAI%3D

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

390f8b1161ed9507a415fa57f33c7d8559dde560fcc8c7af3323da2fa8d211dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Jun 2020 08:17:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 29 Apr 2020 13:21:59 GMT
server: sffe
age: 61739
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 88534
x-xss-protection: 0
expires: Wed, 16 Jun 2021 08:17:49 GMT

GET
H2 200 default_v2+de.css
www.google.com/cse/static/element/57975621473fd078/ 40 KB
9 KB 7ms
7ms Stylesheet
text/css 2a00:1450:4001:819::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/57975621473fd078/default_v2+de.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a50f20ecac24eeea05e7fc20c4f5d20b5075e061fd067d1f956e424fe010dcf2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 16 Jun 2020 08:17:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 29 Apr 2020 13:21:59 GMT
server: sffe
age: 61745
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8905
x-xss-protection: 0
expires: Wed, 16 Jun 2021 08:17:43 GMT

GET
H2 200 default.css
www.google.com/cse/static/style/look/v4/ 4 KB
1 KB 6ms
6ms Stylesheet
text/css 2a00:1450:4001:819::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/style/look/v4/default.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 00:58:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: sffe
age: 1728
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=3000
accept-ranges: bytes
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1345
x-xss-protection: 0
expires: Wed, 17 Jun 2020 01:48:00 GMT

GET
H/1.1

200
OK

rd Show response
dpm.demdex.net/id/
Redirect Chain

https://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1592357209897
https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1592357209897

363 B
1 KB

37ms
36ms

XHR
application/json

34.241.125.133
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1592357209897

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.241.125.133 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-241-125-133.eu-west-1.compute.amazonaws.com

Software

Resource Hash

a38ba61985bc8084d1b857dc5aad827b87791c429016096b8384c6ef5ed6c654

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

DCS: dcs-prod-irl1-v072-0e8bdbbc5.edge-irl1.demdex.com 5.73.2.20200611122118 2ms (+1ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-TID: Kbb77YN3RkY=
Vary: Origin, Accept-Encoding, User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://tw-ec.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 298
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: https://tw-ec.com
X-TID: 8TpZJ+2QQ4s=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1592357209897
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 Citi-Enterprise-White.png
online.citi.com/GFC/branding/img/ 1 KB
1 KB 40ms
39ms Image
image/png 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/GFC/branding/img/Citi-Enterprise-White.png

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

7cb24e06c00e47bb6bc6c38b935d6bc62817f656703387e4fb7591add96c7454

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://online.citi.com/GFC/branding/responsivebranding/css/main_branding.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=300
last-modified: Wed, 14 Jun 2017 18:29:05 GMT
x-akamai-citisite: SWDC
date: Wed, 17 Jun 2020 01:26:49 GMT
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
content-length: 1040
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/png
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 Interstate-Light.woff
online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/ 74 KB
74 KB 113ms
45ms Font
application/octet-stream 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Light.woff

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css
Origin: https://tw-ec.com

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
date: Wed, 17 Jun 2020 01:26:50 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 75483
content-type: text/plain
access-control-allow-origin: *
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 serverComponent.php Show response
nexus.ensighten.com/citi/na_prod/ 1 KB
703 B 34ms
33ms Script
text/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/serverComponent.php?r=340525112.35914886&ClientID=1129&PageID=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2F343072ff50612a1e354ddf2c40313a51%2Fcrm.php
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 10a510939fc641893634c4b5839fad4621e78519268e8f73da35840d8848dda6

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:49 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: no-cache, no-store
expires: Wed, 17 Jun 2020 01:26:48 GMT

GET
H2 200 Interstate-Bold.woff
online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/ 70 KB
71 KB 124ms
86ms Font
application/octet-stream 92.123.176.136
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Bold.woff

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

92.123.176.136 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-176-136.deploy.static.akamaitechnologies.com

Software

Resource Hash

e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css
Origin: https://tw-ec.com

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
date: Wed, 17 Jun 2020 01:26:50 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 71859
content-type: text/plain
access-control-allow-origin: *
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 29c31210f5090c402a7dd5c972af33d8.js Show response
nexus.ensighten.com/citi/na_prod/code/ 98 KB
22 KB 33ms
33ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/29c31210f5090c402a7dd5c972af33d8.js?conditionId0=421908
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6c5449f11408652805b0e758e1126bd334813c263228f4ba92892124bb572bf4

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:49 GMT
content-encoding: gzip
last-modified: Fri, 12 Jun 2020 20:38:54 GMT
server: nginx
etag: W/"5ee3e7de-186d1"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H2 200 6bf99ef458403d186da9a034d9628c7f.js Show response
nexus.ensighten.com/citi/na_prod/code/ 124 KB
34 KB 35ms
34ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/6bf99ef458403d186da9a034d9628c7f.js?conditionId0=486757
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 4aede649b1b4a3c290fa9d07fab79f2f64c9fe7581c6ca672b2002e384acb5b0

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:49 GMT
content-encoding: gzip
last-modified: Fri, 12 Jun 2020 02:03:22 GMT
server: nginx
etag: W/"5ee2e26a-1ee5b"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H2 200 da167c55d765aa5c0bbbeaa450af06e1.js Show response
nexus.ensighten.com/citi/na_prod/code/ 26 KB
6 KB 27ms
26ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/da167c55d765aa5c0bbbeaa450af06e1.js?conditionId0=467299
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e1ec332b96174cc27b767f6c047cd2623c7dbf299a8bf14b484b1e6991431d7d

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:49 GMT
content-encoding: gzip
last-modified: Fri, 12 Jun 2020 02:03:22 GMT
server: nginx
etag: W/"5ee2e26a-69f7"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H/1.1 200
OK idr.js Show response
a.rfihub.com/ 83 B
686 B 101ms
26ms Script
application/javascript 185.31.128.128
ROCKETFUEL

General

Check archive.org

Show headers Download Go to

Full URL: https://a.rfihub.com/idr.js?_callback=window.RocketfuelBCP.jsonpCallbacks.request_cmZpSWRJbkNhY2hl
Requested by: Host: c1.rfihub.net
URL: https://c1.rfihub.net/js/tc.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.31.128.128 , Netherlands, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.0.6.v20130930) /
Resource Hash: 2d90af96edf6d55c8ecc3dfeaa823e4a291f8d750c29740e3aef197d45b21ab9

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Cache-Control: public, max-age=33696000
Content-Type: application/javascript
Server: Jetty(9.0.6.v20130930)
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 83
Expires: Mon, 12 Jul 2021 01:26:50 GMT

GET
H/1.1 200
OK Cookie set ca.html
20766699p.rfihub.com/ Frame 1B68 0
0 101ms
27ms Document
text/html 185.31.128.128
ROCKETFUEL

General

Check archive.org

Show headers Download Go to

Full URL: https://20766699p.rfihub.com/ca.html?rfiidc=1040964860560802492&rfiaid=58004067c97f4c8693656e9af6f41dad&ver=9&ra=490&rb=648&ca=20766699&_o=17169175&_t=&ssv_cuuid=&ssv_pagename=&pe=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2F343072ff50612a1e354ddf2c40313a51%2Fcrm.php&pf=&ra=3382245471250549
Requested by: Host: c1.rfihub.net
URL: https://c1.rfihub.net/js/tc.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 185.31.128.128 , Netherlands, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.0.6.v20130930) /
Resource Hash

Request headers

Host: 20766699p.rfihub.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ruds=H4sIAAAAAAAAAOMSNjQwMbA0M7EwMzA1M7AwMDKxNBLiM9S1yPLIDinODzUoC9IFAKLEudAlAAAA; rud=H4sIAAAAAAAAAOMSNjQwMbA0M7EwMzA1M7AwMDKxNBLiM9S1yPLIDinODzUoC9KV4jU0tTQyNjU3MjQwsDQHAIHkR-M0AAAA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php

Response headers

P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rud=H4sIAAAAAAAAAOMSNjQwMbA0M7EwMzA1M7AwMDKxNBLiM9S1yPLIDinODzUoC9KV4jU0tTQyNjU3MjQwsDQHAIHkR-M0AAAA; Path=/; Domain=.rfihub.com; Expires=Mon, 12 Jul 2021 01:26:50 GMT; Secure; SameSite=None ruds=H4sIAAAAAAAAAOMSNjQwMbA0M7EwMzA1M7AwMDKxNBLiM9S1yPLIDinODzUoC9IFAKLEudAlAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
Cache-Control: no-cache
Content-Type: text/html
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Transfer-Encoding: chunked
Server: Jetty(9.0.6.v20130930)

GET
H/1.1 200
OK Cookie set dest5.html
citi.demdex.net/ Frame 8DB1 0
0 134ms
34ms Document
text/html 34.241.125.133
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://citi.demdex.net/dest5.html?d_nsid=0

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.241.125.133 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-241-125-133.eu-west-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Host: citi.demdex.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: demdex=74819059017880210683355691337080008201
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=21600
Content-Encoding: gzip
Content-Type: text/html
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified: Thu, 11 Jun 2020 13:37:38 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Set-Cookie: demdex=74819059017880210683355691337080008201;Path=/;Domain=.demdex.net;Expires=Mon, 14-Dec-2020 01:26:50 GMT;Max-Age=15552000;Secure;SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding, User-Agent
X-TID: 32tqKO1yT3w=
Content-Length: 2785
Connection: keep-alive

GET
H2 200 id Show response
metrics1.citi.com/ 89 B
621 B 126ms
30ms XHR
application/x-javascript 15.188.154.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics1.citi.com/id?d_visid_ver=3.1.2&d_fieldgroup=A&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&mid=79597033208605227352824413668087191466&ts=1592357210131

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.188.154.177 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-154-177.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

8e7aa714439a8a64023cb15238d930607f310a56f882ea8151dd5c3f3d2d1898

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

status: 200
date: Wed, 17 Jun 2020 01:26:50 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-6f7565dc8b-pcq6h
vary: Origin
x-c: master-1308.I3d0a82.M0-421
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://tw-ec.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-type: application/x-javascript;charset=utf-8
content-length: 89
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=XulxWgAAA5RZX1L0
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=74819059017880210683355691337080008201
https://dpm.demdex.net/ibs:dpid=411&dpuuid=XulxWgAAA5RZX1L0

42 B
915 B

35ms
35ms

Image
image/gif

34.241.125.133
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=XulxWgAAA5RZX1L0

Requested by

Host: tw-ec.com
URL: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.241.125.133 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-241-125-133.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

DCS: dcs-prod-irl1-v072-032b18bff.edge-irl1.demdex.com 5.73.2.20200611122118 0ms (+1ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: atGq+CuvTyM=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date: Wed, 17 Jun 2020 01:26:50 GMT
Server: AMO-cookiemap/1.1
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=XulxWgAAA5RZX1L0
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=15,max=100
Content-Length: 0

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 363 B
1 KB 37ms
37ms XHR
application/json 34.241.125.133
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&d_mid=79597033208605227352824413668087191466&d_blob=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&d_cid_ic=AVID%012F74B8AD0515C444-4000073B1D9BEC2B&ts=1592357210259

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.241.125.133 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-241-125-133.eu-west-1.compute.amazonaws.com

Software

Resource Hash

86142c580e3dc028641a0ccddb4c02322c0b4f2bf2a30272921688817c7ccdd9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-v072-07d0db649.edge-irl1.demdex.com 5.73.2.20200611122118 3ms (+0ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-TID: /p+7n4VVSg4=
Vary: Origin, Accept-Encoding, User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://tw-ec.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 298
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 204 425466.html
sr.rlcdn.com/ Frame EB0E 0
0 158ms
120ms Document
text/plain 35.241.8.149
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/da167c55d765aa5c0bbbeaa450af06e1.js?conditionId0=467299
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.8.149 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 149.8.241.35.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: sr.rlcdn.com
:scheme: https
:path: /425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php

Response headers

status: 204
date: Wed, 17 Jun 2020 01:26:50 GMT
via: 1.1 google
alt-svc: clear

GET
H2 200 generic1592252470076.js Show response
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ 306 KB
57 KB 21ms
20ms Script
application/javascript 151.101.114.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1592252470076.js
Requested by: Host: resources.digital-cloud-citi.medallia.com
URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e58685eb1777eeef95348ce04c8d41ebaa048e748a618855e6a965ad4f234d11

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: tQ9017fc.zeF_GjfoDMNfMQpRZYcKHNO
content-encoding: gzip
etag: "1b861237647271927f8de45ff11c3a2a"
age: 41
via: 1.1 varnish
x-cache: HIT
status: 200
content-length: 58385
x-amz-id-2: sX1U7njeR1Hog7CLS93HENPvTzY0ig+wahzyo8PyvqWfIY6MsoHdxHz2x6oZZUOhkvzkFBRvulc=
x-served-by: cache-hhn4067-HHN
last-modified: Mon, 15 Jun 2020 20:21:11 GMT
server: AmazonS3
x-timer: S1592357210.299305,VS0,VE0
date: Wed, 17 Jun 2020 01:26:50 GMT
vary: Accept-Encoding
x-amz-request-id: 6F2F7577B058126A
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 4

GET
H/1.1 200
OK 63068
stags.bluekai.com/site/ Frame 8DE7 0
0 223ms
177ms Document
text/html 23.43.114.84
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://stags.bluekai.com/site/63068?ret=html&phint=language&phint=product&phint=event&phint=category&phint=page&phint=section1&phint=section2&phint=section3&phint=section4&phint=bankappstatus&phint=productID&phint=__bk_t%3DSign%20On%20to%20view%20your%20account&phint=__bk_k%3D&phint=__bk_l%3Dhttps%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2F343072ff50612a1e354ddf2c40313a51%2Fcrm.php&phint=__bk_v%3D3.1.5&limit=10&r=35761507
Requested by: Host: tags.bkrtx.com
URL: https://tags.bkrtx.com/js/bk-coretag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.43.114.84 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS: a23-43-114-84.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Host: stags.bluekai.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php

Response headers

Content-Type: text/html
Content-Length: 71
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
BK-Server: 984c
Date: Wed, 17 Jun 2020 01:26:50 GMT
Connection: keep-alive
X-N: S

GET
H2 200 pp.html
cdn.pbbl.co/i/ Frame 00E1 0
0 28ms
27ms Document
text/html 13.226.154.56
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pbbl.co/i/pp.html
Requested by: Host: cdn.pbbl.co
URL: https://cdn.pbbl.co/r/1560.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.154.56 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-154-56.dus51.r.cloudfront.net
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash

Request headers

:method: GET
:authority: cdn.pbbl.co
:scheme: https
:path: /i/pp.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: pp_uid=6c67dfd1-97bf-45c3-ab2f-1f978e0b6bcc
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php

Response headers

status: 200
content-type: text/html
server: nginx/1.10.3 (Ubuntu)
date: Wed, 17 Jun 2020 00:42:41 GMT
last-modified: Thu, 30 Jan 2020 18:07:58 GMT
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 50f438df6dbb947f3e4702890bc9cc06.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-C1
x-amz-cf-id: 2P4R3QCfnqgGiVCeL2SGOTooyFpAYwd0sUATfKbwGxMMOEjK-jZ6bQ==
age: 2650

GET
H2 200 up
insight.adsrvr.org/track/ Frame 74ED 0
0 100ms
33ms Document
text/html 52.48.230.192
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=1jw5cvl&ref=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2F343072ff50612a1e354ddf2c40313a51%2Fcrm.php&upid=t1sl5ty&upv=1.1.0&orderid={orderid}&v={v}&vf={vf}&td1=undefined&td2=undefined&td3=undefined&td4=undefined&td5=https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php&td6={td6}&td7={td7}&td8={td8}&td9={td9}&td10={td10}
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.48.230.192 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-48-230-192.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: insight.adsrvr.org
:scheme: https
:path: /track/up?adv=1jw5cvl&ref=https%3A%2F%2Ftw-ec.com%2Flogin%2Fciti%2F343072ff50612a1e354ddf2c40313a51%2Fcrm.php&upid=t1sl5ty&upv=1.1.0&orderid={orderid}&v={v}&vf={vf}&td1=undefined&td2=undefined&td3=undefined&td4=undefined&td5=https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php&td6={td6}&td7={td7}&td8={td8}&td9={td9}&td10={td10}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php

Response headers

status: 200
date: Wed, 17 Jun 2020 01:26:50 GMT
content-type: text/html
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2

200

adadvisor.gif
px0.pbbl.co/
Redirect Chain

https://px0.pbbl.co/ns/__p2.gif?ppid=a5f03234-1fda-4562-9adc-55d57cbcf39d&chk=false&brid=1560&brcid=&email=&orderId=&orderValue=&productId=&offerCode=&label=&pageUrl=https%3A%2F%2Ftw-ec.com%2Flogin...
https://aa.agkn.com/adscores/g.pixel?sid=9212282598&_ppid=a5f03234-1fda-4562-9adc-55d57cbcf39d&_segid=99&iid=54a31ce8-27f6-46e0-9b85-a1a26669deba
https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=a5f03234-1fda-4562-9adc-55d57cbcf39d&_segid=99&_zip=&hk=&iid=54a31ce8-27f6-46e0-9b85-a1a26669deba&mt=&bd=

42 B
128 B

145ms
145ms

Image
image/gif

2a00:1450:4001:81e::2013
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=a5f03234-1fda-4562-9adc-55d57cbcf39d&_segid=99&_zip=&hk=&iid=54a31ce8-27f6-46e0-9b85-a1a26669deba&mt=&bd=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 17 Jun 2020 01:26:50 GMT
x-content-type-options: nosniff
server: Google Frontend
content-type: image/gif
status: 200
x-cloud-trace-context: a23455a61064c4bf72d528341ed31c0f
cache-control: must-revalidate, no-cache, no-store
content-length: 42
x-xss-protection: 1
expires: 0

Redirect headers

pragma: no-cache
date: Wed, 17 Jun 2020 01:26:50 GMT
server: AAWebServer
status: 302
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location: https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=a5f03234-1fda-4562-9adc-55d57cbcf39d&_segid=99&_zip=&hk=&iid=54a31ce8-27f6-46e0-9b85-a1a26669deba&mt=&bd=
cache-control: no-cache, no-store, must-revalidate
content-length: 0
expires: 0

GET
H2 200 cool-2.1.15.min.js Show response
nebula-cdn.kampyle.com/resources/onsite/js/ 14 KB
5 KB 22ms
22ms Script
application/javascript 151.101.13.175
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
Requested by: Host: resources.digital-cloud-citi.medallia.com
URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1592252470076.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.175 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 17 Jun 2020 01:26:50 GMT
content-encoding: gzip
age: 0
accept-ranges: bytes
x-cache: HIT, HIT
status: 200
x-amz-request-id: 9951A5F978E3F1C8
x-amz-id-2: XqVaKHOURU7MwBcpCCMUctvOEFoT/DWescBxrAjf4sZMYSxmxYYg9yZGPXef3JTIqggebmjHsaM=
x-served-by: cache-iad2139-IAD, cache-fra19164-FRA
access-control-allow-origin: *
last-modified: Tue, 17 Mar 2020 11:10:17 GMT
server: AmazonS3
x-timer: S1592357210.374717,VS0,VE0
etag: "80dd5e3be5152c5c72d552c6a26ef6ff"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=31536000
content-length: 5197
x-cache-hits: 1, 253726

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
318 B 144ms
105ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKE1hY2ludG9zaDsgSW50ZWwgTWFjIE9TIFggMTBfMTRfNSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzgzLjAuNDEwMy42MSBTYWZhcmkvNTM3LjM2Iiwic2Vzc2lvbl9wbGF0Zm9ybSI6ICJMaW51eCB4ODZfNjQiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjEuMTUiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTU5MjM1NzIxMDM5MCIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDIsInVzZXJfaWQiOiAiMTcyYmZlMmM5MTQ0OWMtMDE4YjViZTYzY2JhYzYtMWIzOTYyNTYtMWQ0YzAwLTE3MmJmZTJjOTE1YTM0IiwiZW52aXJvbWVudCI6ICJkaWdpdGFsLWNsb3VkLXVzLWNpdGkiLCJhY2NvdW50SWQiOiA0OSwidXJsIjogImh0dHBzOi8vdHctZWMuY29tL2xvZ2luL2NpdGkvMzQzMDcyZmY1MDYxMmExZTM1NGRkZjJjNDAzMTNhNTEvY3JtLnBocCIsIndlYnNpdGVJZCI6IDUwLCJmZWVkYmFja191dWlkIjogbnVsbCwiZm9ybUlkIjogbnVsbCwiZm9ybVRyaWdnZXJUeXBlIjogbnVsbCwia2FtcHlsZV9kYXRhIjogeyJMQVNUX0lOVklUQVRJT05fVklFVyI6ICIiLCJERUNMSU5FRF9EQVRFIjogIiIsImthbXB5bGVJbnZpdGVQcmVzZW50ZWQiOiAiIiwia2FtcHlsZV91c2VyaWQiOiAiMmVlZC1mYjc3LTAyMTYtOWIxOC02YzEyLWI5NjQtMzhhNS0xMWY1Iiwia2FtcHlsZVVzZXJTZXNzaW9uIjogIjE1OTIzNTcyMTAzNjQiLCJrYW1weWxlVXNlclBlcmNlbnRpbGUiOiAiIiwiU1VCTUlUVEVEX0RBVEUiOiAiIn0sImNvb2tpZV9zaXplIjogNjgyLCJrYW1weWxlX3ZlcnNpb24iOiAiMC4wLjAuMCIsImhpc3RvcnlfbGVuZ3RoIjogMiwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTU5MjM1NzIxMDM2NywicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2V9Cl19
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.82 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://tw-ec.com/login/citi/343072ff50612a1e354ddf2c40313a51/crm.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-me: prod-instance-gatewayservice-green-vngh
date: Wed, 17 Jun 2020 01:26:50 GMT
via: 1.1 google
server: Jetty(9.2.11.v20150529)
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
status: 200
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-application-context: application:9090

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citibank (Banking)

149 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.rfihub.com/	1970-01-19 19:40:53	Name: rud Value: H4sIAAAAAAAAAOMSNjQwMbA0M7EwMzA1M7AwMDKxNBLiM9S1yPLIDinODzUoC9KV4jU0tTQyNjU3MjQwsDQHAIHkR-M0AAAA
tw-ec.com/	1970-01-20 03:50:29	Name: AMCV_61834D9B5228A7430A490D45%40AdobeOrg Value: -330454231%7CMCIDTS%7C18431%7CMCMID%7C79597033208605227352824413668087191466%7CMCAAMLH-1592962010%7C6%7CMCAAMB-1592357209%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1592364410s%7CNONE%7CMCSYNCSOP%7C411-18438%7CMCAID%7C2F74B8AD0515C444-4000073B1D9BEC2B%7CvVersion%7C3.1.2
tw-ec.com/	1969-12-31 23:59:59	Name: AMCVS_61834D9B5228A7430A490D45%40AdobeOrg Value: 1
.tw-ec.com/	1970-01-19 12:28:53	Name: _gcl_au Value: 1.1.844304535.1592357210
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAAAOMSNjQwMbA0M7EwMzA1M7AwMDKxNBLiM9S1yPLIDinODzUoC9IFAKLEudAlAAAA
tw-ec.com/	1970-01-19 10:19:19	Name: 7018 Value:
.demdex.net/	1970-01-19 14:38:29	Name: demdex Value: 74819059017880210683355691337080008201
tw-ec.com/	1970-01-19 10:19:19	Name: 7830 Value: error

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	error	URL: https://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js(Line 13) Message: Cooladata error: 'cooladata' object not initialized. Ensure you are using the latest version of the Cooladata JS Library along with the snippet we provide.
console-api	log	URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js(Line 294) Message: addMbox_tnt_cards value is false
console-api	log	URL: https://online.citi.com/TMX/TMXProfiling.js(Line 4) Message: start tmxProfiling.js

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

20766699p.rfihub.com
a.rfihub.com
aa.agkn.com
bat.bing.com
c1.rfihub.net
cdn.pbbl.co
citi.demdex.net
cm.everesttech.net
cse.google.com
dpm.demdex.net
insight.adsrvr.org
js.adsrvr.org
metrics1.citi.com
nebula-cdn.kampyle.com
nexus.ensighten.com
online.citi.com
px0.pbbl.co
resources.digital-cloud-citi.medallia.com
s.ytimg.com
sr.rlcdn.com
stags.bluekai.com
tags.bkrtx.com
tw-ec.com
udc-neb.kampyle.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.youtube.com
104.111.245.241
104.111.247.111
13.226.145.171
13.226.154.56
15.188.154.177
151.101.114.133
151.101.13.175
172.217.21.194
18.197.253.20
185.31.128.128
23.43.114.84
2620:1ec:c11::200
2a00:1450:4001:808::200e
2a00:1450:4001:816::200e
2a00:1450:4001:819::2004
2a00:1450:4001:81e::2013
2a00:1450:4001:820::200e
2a00:1450:4001:824::2008
34.241.125.133
35.241.45.82
35.241.8.149
52.29.85.133
52.48.230.192
66.113.180.84
66.117.28.86
92.123.176.136
02541822a2ef51c24d16591f73ac8cf6e61fc365c53f13d45ad363b0193a0302
0615974c40d602afdbf9759533e352bc17b0458c85aad6694b1a1ad20659625b
06dfb367edf9bbff810def9f75f8695b3ccfbcb2813306609fc6e18fcacfc17e
08c82aa4b25dca6ee19448742bec9104d74edf74ddaad926de6bf1d68edd23b7
0f925b6e79c9db6aef97728f7c4799d0a6b2de63f02b85f5f6623bb7fcb9e3c5
10a510939fc641893634c4b5839fad4621e78519268e8f73da35840d8848dda6
157430093a6d2ee63082eae5dabf826926d3b6259d33482aa6713c48728e82fa
1a494eeab02f36c9e54dac13dda7671dc383e7be18ca9ebf181008cd062975be
1eeac0c64e470dee27f5a247a04d72fdc46f8b5e6809fdd865c01dc56a2853a8
242cb1fe2274ec738de60067a2c54568126e01792e55d2db82f8cfb48cbb4f24
2d90af96edf6d55c8ecc3dfeaa823e4a291f8d750c29740e3aef197d45b21ab9
2e9a75694da6dbcce949afd25c0ac63fe36b333f66ddb78c3c54afbd1d6f723f
31b00ff4929696dfca06885da68e58c3e09f6ecb4ae0fe1ae287e99a3fd1f716
390f8b1161ed9507a415fa57f33c7d8559dde560fcc8c7af3323da2fa8d211dc
3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1
429d8af3190c76d5fcb9b1cad2aa6eb555684921323da905d62017fbdbf557c6
4aede649b1b4a3c290fa9d07fab79f2f64c9fe7581c6ca672b2002e384acb5b0
6177c6163dc1ad67fb596a94ef3d18a277bfd437dbb3c1a928cd6caacefeff2e
629b48196dcc270143a42ce57535b251c655617f8d510277d4a05306c426fd38
6319178797b6a3400b501cd79ec72c77e74d96e7c74de4302880652c958a444a
64a50e5d7873ed91d8816ef8a4e583dbab9b2c41bb78c4e293723aed29ad61b4
6c5449f11408652805b0e758e1126bd334813c263228f4ba92892124bb572bf4
6d3001c9deac8cb1f88ea5254105f8d678de5532f1998a24eab1b59906eaf86b
793c2f3d02d0bc3ad8a2cdc901b2134159b66245e951ac258fee1ac8b2709f44
7cb24e06c00e47bb6bc6c38b935d6bc62817f656703387e4fb7591add96c7454
7df13706eaab8ce9a3dcd2a501f60bc66987c83834d07dfaf07ae56ef814c110
86142c580e3dc028641a0ccddb4c02322c0b4f2bf2a30272921688817c7ccdd9
8a29e88d6b49a7fd837d0e975baf34d816f9e18ae069ae691096278a35a73701
8e60e8edaca8a3167fe48e62f9b53ba1989a5b6a23283555f09ab12175fed96e
8e7aa714439a8a64023cb15238d930607f310a56f882ea8151dd5c3f3d2d1898
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9dad502247a8488c21ef5beb32aed1a78b17b748711bec817c472911f76b4ead
a38ba61985bc8084d1b857dc5aad827b87791c429016096b8384c6ef5ed6c654
a50f20ecac24eeea05e7fc20c4f5d20b5075e061fd067d1f956e424fe010dcf2
a693efa7265b630e27e537f6ba09c5558a23b9ed2f57abdbf417c237a50a5156
a8eedbe1e0481498041c775d09b94d7b45f7a798d70d8824ade377490681597b
b6f7b31210a709daca9760b215660b2cbe719757df3059364beeda005fca2dbe
b84a6ee3aa9ea3d4b049cdb016d0005deade4abbe00ff05ec11c7efd366bff4a
c1abc9ffd5c0db801942f609d24750804687683543ad5194d5044a87829c5e31
c3c994c3fe9bd4e055f6d0eb42067ecd6bdd3247e136bc22835b9882cfe77c61
c451772248a707259756c57bb7ef7cb253d535e2af27221ae055339dcccd71f6
c755d17450214bd5a8a1ce910845e29343980d8ddf9812f443503bfd34723475
cb2bb21705b9cce9781d02c9223f3344a65bd5314027d11c5a8518ad4bd84e84
cf976a6c8a6bb7206d93bad74c6029bc3739a12a81f2e32433d81195e8f9c416
d250860d730986fa3e4643c1aa67d3bb80af668ae140aa8b6888acdef53e739c
d406a6cab9bdacdbb630437c932d1c38fa7ebbfedccb57b90952610e8b2b2130
dc98dcf67096a5abf3b5e5f0e964aa8efbadbef9258abc2516e182a49de030e6
dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89
e1ec332b96174cc27b767f6c047cd2623c7dbf299a8bf14b484b1e6991431d7d
e226935ba96b671378a7552d0669729f2b4733fab20624ed8018e86bad35401e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e58685eb1777eeef95348ce04c8d41ebaa048e748a618855e6a965ad4f234d11
e85a58eccc2a478531699234f67f8b7d7eb826b7fc111b25ddc65335c58870b1
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7
ed48ae9c1a324d49404d9fb4c508b880ca97a65f8fd21d352e241d1e4dfc50e2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2dd1ff20c3df202418f9d59c76f40bdb304d7a85d7163fc9935391528f3dee8
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296
f35167f960fb0ce996db66bdfc5723771a4acc8e7206b282e7dfaa8c2ca81e3b
f689ff5f873be3f1749ed3299474e5b792c700d0ab230372a2b5a7cd9fda0a8f
fea31b925e08f792faec014611a6e2567fd23eb56549e03605d10f5ecc91c948

tw-ec.com Open in urlscan Pro 66.113.180.84 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

73 Requests

100 %HTTPS

27 %IPv6

21 Domains

28 Subdomains

24 IPs

6 Countries

1078 kBTransfer

3579 kBSize

8 Cookies

10 Outgoing links

Redirected requests

73 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

tw-ec.com Open in urlscan Pro
66.113.180.84 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

73
Requests

100 %
HTTPS

27 %
IPv6

21
Domains

28
Subdomains

24
IPs

6
Countries

1078 kB
Transfer

3579 kB
Size

8
Cookies

73 HTTP transactions
0 data transactions