windysblog.com Open in urlscan Pro
207.55.244.15 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://windysblog.com/citi/Verification.php
Submission: On January 04 via manual (January 4th 2019, 3:45:15 pm UTC) from US

Summary HTTP 88 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 14 IPs in 3 countries across 12 domains to perform 88 HTTP transactions. The main IP is 207.55.244.15, located in Saint Petersburg, United States and belongs to AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US. The main domain is windysblog.com.

This is the only time windysblog.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citibank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
24	207.55.244.15 207.55.244.15	17054 (AS17054) (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA)
21	104.108.41.14 104.108.41.14	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
4	52.214.176.176 52.214.176.176	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
11	91.235.134.21 91.235.134.21	30286 (THM) (THM - ThreatMetrix Inc.)
1	34.201.207.164 34.201.207.164	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	23.43.127.7 23.43.127.7	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
8	2a00:1450:400... 2a00:1450:4001:80b::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
1	23.60.196.160 23.60.196.160	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	54.246.153.43 54.246.153.43	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	172.217.18.162 172.217.18.162	15169 (GOOGLE) (GOOGLE - Google LLC)
1	192.225.158.3 192.225.158.3	30286 (THM) (THM - ThreatMetrix Inc.)
2 6	2a00:1450:400... 2a00:1450:4001:815::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
2 6	2a00:1450:400... 2a00:1450:4001:818::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
6	2a00:1450:400... 2a00:1450:4001:81c::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
88	14

24 207.55.244.15 (Saint Petersburg, United States)

ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US)
PTR: cp34.deluxehosting.com

windysblog.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 104.108.41.14 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-108-41-14.deploy.static.akamaitechnologies.com

online.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.214.176.176 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-214-176-176.eu-west-1.compute.amazonaws.com

nexus.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 91.235.134.21 (Netherlands)

ASN30286 (THM - ThreatMetrix Inc., US)

content22.online.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.201.207.164 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-201-207-164.compute-1.amazonaws.com

nexus.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.43.127.7 (Amsterdam, Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-43-127-7.deploy.static.akamaitechnologies.com

tags.bkrtx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:80b::2008 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.60.196.160 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-60-196-160.deploy.static.akamaitechnologies.com

tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.246.153.43 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-246-153-43.eu-west-1.compute.amazonaws.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.162 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s29-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.225.158.3 (San Jose, United States)

ASN30286 (THM - ThreatMetrix Inc., US)

89oebq5k-cd836ad10e34324fc665e90ab403fab81882f201-am1.d.aa.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:815::2002 (Ireland) 2 redirects

ASN15169 (GOOGLE - Google LLC, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:818::2004 (Ireland) 2 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:81c::2003 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
32	citi.com online.citi.com content22.online.citi.com	395 KB
24	windysblog.com windysblog.com	273 KB
8	googletagmanager.com www.googletagmanager.com	255 KB
6	google.de www.google.de	654 B
6	google.com 2 redirects www.google.com	1 KB
6	doubleclick.net 2 redirects googleads.g.doubleclick.net	5 KB
5	ensighten.com nexus.ensighten.com	141 KB
1	online-metrix.net 89oebq5k-cd836ad10e34324fc665e90ab403fab81882f201-am1.d.aa.online-metrix.net	393 B
1	googleadservices.com www.googleadservices.com	9 KB
1	adsrvr.org insight.adsrvr.org	278 B
1	bluekai.com tags.bluekai.com
1	bkrtx.com tags.bkrtx.com	10 KB
88	12

	Domain	Requested by
24	windysblog.com	windysblog.com
21	online.citi.com	windysblog.com
11	content22.online.citi.com	windysblog.com content22.online.citi.com
8	www.googletagmanager.com	nexus.ensighten.com
6	www.google.de
6	www.google.com	2 redirects
6	googleads.g.doubleclick.net	2 redirects www.googleadservices.com
5	nexus.ensighten.com	windysblog.com nexus.ensighten.com
1	89oebq5k-cd836ad10e34324fc665e90ab403fab81882f201-am1.d.aa.online-metrix.net
1	www.googleadservices.com	www.googletagmanager.com
1	insight.adsrvr.org
1	tags.bluekai.com	tags.bkrtx.com
1	tags.bkrtx.com	nexus.ensighten.com
88	13

This site contains links to these domains. Also see Links.

Domain
online.citi.com

Subject Issuer	Validity	Valid
online.citibank.com DigiCert SHA2 Extended Validation Server CA	`2018-03-14` - `2020-05-14`	2 years	crt.sh
content22.online.citi.com DigiCert SHA2 Extended Validation Server CA	`2018-08-06` - `2020-08-06`	2 years	crt.sh
nexus.ensighten.com DigiCert SHA2 Secure Server CA	`2018-10-17` - `2020-01-05`	a year	crt.sh
*.bkrtx.com DigiCert SHA2 Secure Server CA	`2018-02-01` - `2019-02-01`	a year	crt.sh
*.d.aa.online-metrix.net Thawte TLS RSA CA G1	`2018-01-26` - `2020-05-09`	2 years	crt.sh
*.g.doubleclick.net Google Internet Authority G3	`2018-12-04` - `2019-02-26`	3 months	crt.sh
www.google.de Google Internet Authority G3	`2018-12-04` - `2019-02-26`	3 months	crt.sh
www.google.com Google Internet Authority G3	`2018-12-04` - `2019-02-26`	3 months	crt.sh

This page contains 6 frames:

Primary Page: http://windysblog.com/citi/Verification.php
Frame ID: 9A0CEB5A8952CDA95E7B4F45C23F6772
Requests: 76 HTTP requests in this frame

Frame: http://tags.bluekai.com/site/63068?ret=html&phint=language&phint=product&phint=event&phint=category&phint=page&phint=section1&phint=section2&phint=section3&phint=section4&phint=productID&phint=__bk_t%3DUpdate%20Your%20Account%20-%20Citibank&phint=__bk_k%3D&phint=__bk_l%3Dhttp%3A%2F%2Fwindysblog.com%2Fciti%2FVerification.php&limit=10&r=70509659
Frame ID: 54B802F2CC0982FC70DAA49014D29E5F
Requests: 1 HTTP requests in this frame

Frame: https://content22.online.citi.com/fp/check.js;CIS3SID=2D8C1A3DCB076D61C8DC7DD7472571BE?org_id=89oebq5k&session_id=0562eba5337963e6a5bd4781cff4574c3d36ebfde923d9cb2696eb4a2e05fd83&nonce=327aa721755fb1a6&pageid=1
Frame ID: A8BCC449AD7AC3DB97C17A51F8988734
Requests: 8 HTTP requests in this frame

Frame: https://content22.online.citi.com/fp/HP?session_id=0562eba5337963e6a5bd4781cff4574c3d36ebfde923d9cb2696eb4a2e05fd83&org_id=89oebq5k&nonce=327aa721755fb1a6&mode=2&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx
Frame ID: 3FA637566633A36E027BD4D690F28850
Requests: 1 HTTP requests in this frame

Frame: https://content22.online.citi.com/fp/ls_fp.html;CIS3SID=2D8C1A3DCB076D61C8DC7DD7472571BE?org_id=89oebq5k&session_id=0562eba5337963e6a5bd4781cff4574c3d36ebfde923d9cb2696eb4a2e05fd83&nonce=327aa721755fb1a6&pageid=1
Frame ID: D3CB30164600D7EF0A33A1F974A3AD45
Requests: 1 HTTP requests in this frame

Frame: https://content22.online.citi.com/fp/top_fp.html;CIS3SID=2D8C1A3DCB076D61C8DC7DD7472571BE?org_id=89oebq5k&session_id=0562eba5337963e6a5bd4781cff4574c3d36ebfde923d9cb2696eb4a2e05fd83&nonce=327aa721755fb1a6&pageid=1
Frame ID: A34B068FBC5E33B8DAB3BC8F6167A459
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

OpenSSL (Web Server Extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

env /^google_tag_manager$/i

SiteCatalyst (Analytics) Expand

Overall confidence: 100%
Detected patterns

env /^s_(?:account|objectID|code|INST)$/i

Page Statistics

88
Requests

56 %
HTTPS

29 %
IPv6

12
Domains

13
Subdomains

14
IPs

3
Countries

1090 kB
Transfer

2725 kB
Size

5
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://online.citi.com/US/JSO/signoff/SummaryRecord.do?logOff=true
Title: Sign Off

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JSO/signon/DisplayUsernameSignon.do?JFP_TOKEN=AF6OQPO9
Title: YES

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/Welcome.c

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=TermsDisclaimer
Title: Terms & Conditions

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=Privacy
Title: Privacy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 76

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1546616700273&cv=9&fst=1546616700273&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=659255991&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&data=event%3Dgtag.config&gtm=2odbc0&sendb=1&frm=0&url=http%3A%2F%2Fwindysblog.com%2Fciti%2FVerification.php&tiba=Update%20Your%20Account%20-%20Citibank&async=1 HTTP 302
https://www.google.com/pagead/1p-user-list/916451471/?random=1546616700273&cv=9&fst=1546614000000&num=1&fmt=3&bg=ffffff&guid=ON&eid=659255991&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&data=event%3Dgtag.config&gtm=2odbc0&sendb=1&frm=0&url=http%3A%2F%2Fwindysblog.com%2Fciti%2FVerification.php&tiba=Update%20Your%20Account%20-%20Citibank&async=1&crd=CITQGw&cdct=2&is_vtc=1&random=4248391633&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-user-list/916451471/?random=1546616700273&cv=9&fst=1546614000000&num=1&fmt=3&bg=ffffff&guid=ON&eid=659255991&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&data=event%3Dgtag.config&gtm=2odbc0&sendb=1&frm=0&url=http%3A%2F%2Fwindysblog.com%2Fciti%2FVerification.php&tiba=Update%20Your%20Account%20-%20Citibank&async=1&crd=CITQGw&cdct=2&is_vtc=1&random=4248391633&resp=GooglemKTybQhCsO&ipr=y

Request Chain 77

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1546616700275&cv=9&fst=1546616700275&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=659255991&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&data=event%3Dconversion&gtm=2odbc0&sendb=1&frm=0&url=http%3A%2F%2Fwindysblog.com%2Fciti%2FVerification.php&tiba=Update%20Your%20Account%20-%20Citibank&async=1 HTTP 302
https://www.google.com/pagead/1p-user-list/916451471/?random=1546616700275&cv=9&fst=1546614000000&num=1&fmt=3&bg=ffffff&guid=ON&eid=659255991&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&data=event%3Dconversion&gtm=2odbc0&sendb=1&frm=0&url=http%3A%2F%2Fwindysblog.com%2Fciti%2FVerification.php&tiba=Update%20Your%20Account%20-%20Citibank&async=1&crd=CITQGw&cdct=2&is_vtc=1&random=3249445861&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-user-list/916451471/?random=1546616700275&cv=9&fst=1546614000000&num=1&fmt=3&bg=ffffff&guid=ON&eid=659255991&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&data=event%3Dconversion&gtm=2odbc0&sendb=1&frm=0&url=http%3A%2F%2Fwindysblog.com%2Fciti%2FVerification.php&tiba=Update%20Your%20Account%20-%20Citibank&async=1&crd=CITQGw&cdct=2&is_vtc=1&random=3249445861&resp=GooglemKTybQhCsO&ipr=y

88 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set Verification.php Show response
windysblog.com/citi/ 267 KB
267 KB 522ms
273ms Document
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: http://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: f089858a4b6b04bb7374e02735cd3568e4b4d68d2e5dc05bfd56a32e0b579bc7

Request headers

Host: windysblog.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 04 Jan 2019 15:44:57 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=ptpetfu9oqjd3qant56t6o84r3; path=/
Keep-Alive: timeout=30, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK amw.js Show response
windysblog.com/JFP/amw/ 0
250 B 268ms
244ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: http://windysblog.com/JFP/amw/amw.js
Requested by: Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: http://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=ptpetfu9oqjd3qant56t6o84r3
Connection: keep-alive
Cache-Control: no-cache
Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 04 Jan 2019 15:44:58 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=99
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 Citi_Universal.min.css
online.citi.com/CBOL/nga/common/ui/uxf/css/ 201 KB
35 KB 699ms
641ms Stylesheet
text/css 104.108.41.14
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/nga/common/ui/uxf/css/Citi_Universal.min.css

Requested by

Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.108.41.14 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-108-41-14.deploy.static.akamaitechnologies.com

Software

Resource Hash

5bcafc26b27b50ec2e96ce4f9d3225b1287e9d8abec69593c7c47e1c61cf41e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
date: Fri, 04 Jan 2019 15:44:59 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-type: text/css
content-length: 35073
expires: Fri, 04 Jan 2019 21:44:59 GMT

GET
H2 200 JPPWidgetUxf.css
online.citi.com/JFP/css/common/ 194 KB
25 KB 758ms
699ms Stylesheet
text/css 104.108.41.14
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JFP/css/common/JPPWidgetUxf.css

Requested by

Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.108.41.14 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-108-41-14.deploy.static.akamaitechnologies.com

Software

Resource Hash

7a56e5f8a88d9644a0df7479b285ca29dad092fc3177283e9953bb613d41c655

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 30 Oct 2018 06:18:02 GMT
x-akamai-citisite: SWDC
date: Fri, 04 Jan 2019 15:44:59 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-type: text/css
content-length: 25610
expires: Fri, 04 Jan 2019 21:44:59 GMT

GET
H2 200 useregbnkcrd.min.css
online.citi.com/CBOL/sec/useregbnkcrd/css/ 22 KB
5 KB 556ms
498ms Stylesheet
text/css 104.108.41.14
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/sec/useregbnkcrd/css/useregbnkcrd.min.css

Requested by

Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.108.41.14 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-108-41-14.deploy.static.akamaitechnologies.com

Software

Resource Hash

cb00188bf688d97c7aa19b6d0ea9b6e3f69a4c08240f5039042478a4c9020ee8

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 03 Apr 2018 06:30:04 GMT
x-akamai-citisite: GTDC
date: Fri, 04 Jan 2019 15:44:58 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-type: text/css
content-length: 4580
expires: Fri, 04 Jan 2019 21:44:58 GMT

GET
H/1.1 200
OK jquery-combined.min.js Show response
windysblog.com/CBOL/portal/layout/js/ 0
251 B 490ms
249ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: http://windysblog.com/CBOL/portal/layout/js/jquery-combined.min.js
Requested by: Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: http://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=ptpetfu9oqjd3qant56t6o84r3
Connection: keep-alive
Cache-Control: no-cache
Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 04 Jan 2019 15:44:58 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=100
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK jfp.combined.min.js Show response
windysblog.com/CBOL/common/js/ 0
251 B 490ms
250ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: http://windysblog.com/CBOL/common/js/jfp.combined.min.js
Requested by: Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: http://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=ptpetfu9oqjd3qant56t6o84r3
Connection: keep-alive
Cache-Control: no-cache
Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 04 Jan 2019 15:44:58 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=100
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK Citi_Responsive.min.js Show response
windysblog.com/CBOL/common/js/ 0
251 B 502ms
261ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: http://windysblog.com/CBOL/common/js/Citi_Responsive.min.js
Requested by: Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: http://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=ptpetfu9oqjd3qant56t6o84r3
Connection: keep-alive
Cache-Control: no-cache
Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 04 Jan 2019 15:44:58 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=100
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK useregbnkcrd.min.js Show response
windysblog.com/CBOL/sec/useregbnkcrd/js/ 0
251 B 500ms
258ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: http://windysblog.com/CBOL/sec/useregbnkcrd/js/useregbnkcrd.min.js
Requested by: Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: http://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=ptpetfu9oqjd3qant56t6o84r3
Connection: keep-alive
Cache-Control: no-cache
Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 04 Jan 2019 15:44:58 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=100
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 RDSoverlay.css
online.citi.com/JRS/css/common/ 3 KB
1 KB 174ms
117ms Stylesheet
text/css 104.108.41.14
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JRS/css/common/RDSoverlay.css

Requested by

Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.108.41.14 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-108-41-14.deploy.static.akamaitechnologies.com

Software

Resource Hash

b7b30ac023f5c53ce801b8886ce0f2802ee7ca5751ea7f98b9c0318496271ed9

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
date: Fri, 04 Jan 2019 15:44:58 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-type: text/css
content-length: 947
expires: Fri, 04 Jan 2019 21:44:58 GMT

GET
H2 200 CitiEasyDeals.css
online.citi.com/NCCS/rewards/css/ 7 KB
2 KB 169ms
111ms Stylesheet
text/css 104.108.41.14
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/NCCS/rewards/css/CitiEasyDeals.css

Requested by

Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.108.41.14 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-108-41-14.deploy.static.akamaitechnologies.com

Software

Resource Hash

6975145b0d8bd5a952b4dfd4f4da82182c7488f67415a8012af227fcb95c3666

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 17:20:58 GMT
x-akamai-citisite: GTDC
date: Fri, 04 Jan 2019 15:44:58 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-type: text/css
content-length: 2052
expires: Fri, 04 Jan 2019 21:44:58 GMT

GET
H/1.1 200
OK jfpm.autocomplete.off.js Show response
windysblog.com/JFP/js/modules/ 0
250 B 1039ms
278ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: http://windysblog.com/JFP/js/modules/jfpm.autocomplete.off.js
Requested by: Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: http://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=ptpetfu9oqjd3qant56t6o84r3
Connection: keep-alive
Cache-Control: no-cache
Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 04 Jan 2019 15:44:59 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=98
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK Bootstrap.js Show response
nexus.ensighten.com/citi/na_prod/ 104 KB
31 KB 76ms
32ms Script
application/javascript 52.214.176.176
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: http://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Requested by: Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Server: 52.214.176.176 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-214-176-176.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: ed18ee1dae4d9168e1825435ef1dc2825e4d2916accc7c28bb9c2e6d761ea020

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 04 Jan 2019 15:44:58 GMT
Content-Encoding: gzip
Last-Modified: Thu, 20 Dec 2018 18:26:40 GMT
Server: nginx
ETag: W/"5c1bdee0-19f94"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=300
transfer-encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK BkDmp.js Show response
windysblog.com/DMP/ 0
251 B 507ms
261ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: http://windysblog.com/DMP/BkDmp.js
Requested by: Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: http://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=ptpetfu9oqjd3qant56t6o84r3
Connection: keep-alive
Cache-Control: no-cache
Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 04 Jan 2019 15:44:58 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=100
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 US-Regional.css
online.citi.com/JRS/css/ 48 KB
10 KB 167ms
110ms Stylesheet
text/css 104.108.41.14
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JRS/css/US-Regional.css

Requested by

Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.108.41.14 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-108-41-14.deploy.static.akamaitechnologies.com

Software

Resource Hash

888682b6f8961bc407df2027baf9ea22da7be5f298d037845c1724f7004c4338

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 17:12:06 GMT
x-akamai-citisite: GTDC
date: Fri, 04 Jan 2019 15:44:58 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-type: text/css
content-length: 9928
expires: Fri, 04 Jan 2019 21:44:58 GMT

GET
H/1.1 200
OK SitecatCampaigns.js Show response
windysblog.com/JPS/portal/js/ 0
250 B 528ms
256ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: http://windysblog.com/JPS/portal/js/SitecatCampaigns.js
Requested by: Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: http://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=ptpetfu9oqjd3qant56t6o84r3
Connection: keep-alive
Cache-Control: no-cache
Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 04 Jan 2019 15:44:58 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=98
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK citi_Common.js Show response
windysblog.com/GFC/common/js/ 0
250 B 743ms
248ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: http://windysblog.com/GFC/common/js/citi_Common.js
Requested by: Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: http://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=ptpetfu9oqjd3qant56t6o84r3
Connection: keep-alive
Cache-Control: no-cache
Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 04 Jan 2019 15:44:58 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=99
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK jquery.autocomplete.js Show response
windysblog.com/JFP/js/jquery/plugins/ 0
250 B 743ms
248ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: http://windysblog.com/JFP/js/jquery/plugins/jquery.autocomplete.js
Requested by: Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: http://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=ptpetfu9oqjd3qant56t6o84r3
Connection: keep-alive
Cache-Control: no-cache
Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 04 Jan 2019 15:44:58 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=99
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK JFPNav.js Show response
windysblog.com/JPS/portal/js/ 0
250 B 756ms
251ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: http://windysblog.com/JPS/portal/js/JFPNav.js
Requested by: Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: http://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=ptpetfu9oqjd3qant56t6o84r3
Connection: keep-alive
Cache-Control: no-cache
Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 04 Jan 2019 15:44:58 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=99
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK tags.js Show response
content22.online.citi.com/fp/ 23 KB
6 KB 90ms
17ms Script
text/javascript 91.235.134.21
ThreatMetrix Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/tags.js?org_id=89oebq5k&session_id=0562eba5337963e6a5bd4781cff4574c3d36ebfde923d9cb2696eb4a2e05fd83&allow_reprofile=1

Requested by

Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.235.134.21 , Netherlands, ASN30286 (THM - ThreatMetrix Inc., US),

Reverse DNS

Software

Apache /

Resource Hash

e64b72a9288c8b188e878aab1b75ef28588382b57754d340b54b978598b8ff54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 04 Jan 2019 15:44:58 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: Apache
Vary: Accept-Encoding
P3P: CP=IVAa PSAa
Cache-Control: no-cache, no-store, must-revalidate
Transfer-Encoding: chunked
tmx-nonce: 327aa721755fb1a6
Connection: Keep-Alive, Keep-Alive
Content-Type: text/javascript;charset=UTF-8
Keep-Alive: timeout=2, max=100
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 branding_main_citi.css
online.citi.com/GFC/branding/css/ 38 KB
7 KB 150ms
111ms Stylesheet
text/css 104.108.41.14
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/GFC/branding/css/branding_main_citi.css

Requested by

Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.108.41.14 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-108-41-14.deploy.static.akamaitechnologies.com

Software

Resource Hash

fea2ce318fe3e06af7549e140581f16de9801c39cdb33edbbd4293a505a3eb3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Mon, 12 Nov 2018 04:06:58 GMT
x-akamai-citisite: SWDC
date: Fri, 04 Jan 2019 15:44:58 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-type: text/css
content-length: 6550
expires: Fri, 04 Jan 2019 21:44:58 GMT

GET
H2 200 responsivePlain_citi.css
online.citi.com/GFC/branding/css/ 6 KB
2 KB 156ms
118ms Stylesheet
text/css 104.108.41.14
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/GFC/branding/css/responsivePlain_citi.css

Requested by

Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.108.41.14 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-108-41-14.deploy.static.akamaitechnologies.com

Software

Resource Hash

3582aed1f26fa2ba256161fb50028844b2a726b4ef45c82663e5108cd39bf034

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 05 Dec 2017 12:36:48 GMT
x-akamai-citisite: SWDC
date: Fri, 04 Jan 2019 15:44:58 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-type: text/css
content-length: 1249
expires: Fri, 04 Jan 2019 21:44:58 GMT

GET
H2 200 regionalBrandingResponsivePatch.css
online.citi.com/JRS/ 2 KB
1 KB 146ms
108ms Stylesheet
text/css 104.108.41.14
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JRS/regionalBrandingResponsivePatch.css

Requested by

Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.108.41.14 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-108-41-14.deploy.static.akamaitechnologies.com

Software

Resource Hash

1a1d7795e2fa34d6a9ae37358f8aea2bf8e60f19726078a0185a05035a7f8925

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
date: Fri, 04 Jan 2019 15:44:58 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-type: text/css
content-length: 791
expires: Fri, 04 Jan 2019 21:44:58 GMT

GET
H2 200 costcoOnboarding.css
online.citi.com/JRS/branding/css/ 2 KB
930 B 732ms
694ms Stylesheet
text/css 104.108.41.14
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JRS/branding/css/costcoOnboarding.css

Requested by

Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.108.41.14 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-108-41-14.deploy.static.akamaitechnologies.com

Software

Resource Hash

9b6605a9eb8923449d13063b127bfdc46ac82fd3a2fba6c843d0becc6d7554ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
date: Fri, 04 Jan 2019 15:44:59 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-type: text/css
content-length: 612
expires: Fri, 04 Jan 2019 21:44:59 GMT

GET
H/1.1 200
OK s_code.js Show response
windysblog.com/JRS/js/ 0
250 B 736ms
249ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: http://windysblog.com/JRS/js/s_code.js
Requested by: Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: http://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=ptpetfu9oqjd3qant56t6o84r3
Connection: keep-alive
Cache-Control: no-cache
Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 04 Jan 2019 15:44:58 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=99
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK dp.min.js Show response
windysblog.com/CBOL/sec/rba/js/ 0
250 B 750ms
255ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: http://windysblog.com/CBOL/sec/rba/js/dp.min.js
Requested by: Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: http://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=ptpetfu9oqjd3qant56t6o84r3
Connection: keep-alive
Cache-Control: no-cache
Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 04 Jan 2019 15:44:58 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=99
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK mbox.js Show response
windysblog.com/JRS/js/ 0
250 B 762ms
247ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: http://windysblog.com/JRS/js/mbox.js
Requested by: Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: http://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=ptpetfu9oqjd3qant56t6o84r3
Connection: keep-alive
Cache-Control: no-cache
Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 04 Jan 2019 15:44:59 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=97
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK appendToken.js Show response
windysblog.com/JSE/token/ 0
250 B 986ms
256ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: http://windysblog.com/JSE/token/appendToken.js
Requested by: Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: http://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=ptpetfu9oqjd3qant56t6o84r3
Connection: keep-alive
Cache-Control: no-cache
Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 04 Jan 2019 15:44:59 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=98
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK MFAOverlay.js Show response
windysblog.com/JPS/portal/js/ 0
250 B 1048ms
319ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: http://windysblog.com/JPS/portal/js/MFAOverlay.js
Requested by: Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: http://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=ptpetfu9oqjd3qant56t6o84r3
Connection: keep-alive
Cache-Control: no-cache
Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 04 Jan 2019 15:44:59 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=98
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK Citi-Enterprise-Blue.png
windysblog.com/GFC/branding/img/ 0
250 B 294ms
293ms Image
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://windysblog.com/GFC/branding/img/Citi-Enterprise-Blue.png
Requested by: Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: http://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=ptpetfu9oqjd3qant56t6o84r3
Connection: keep-alive
Cache-Control: no-cache
Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 04 Jan 2019 15:44:59 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=97
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 Citi-Enterprise-White.png
online.citi.com/GFC/branding/img/ 1 KB
1 KB 67ms
66ms Image
image/png 104.108.41.14
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/GFC/branding/img/Citi-Enterprise-White.png

Requested by

Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.108.41.14 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-108-41-14.deploy.static.akamaitechnologies.com

Software

Resource Hash

7cb24e06c00e47bb6bc6c38b935d6bc62817f656703387e4fb7591add96c7454

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=300
last-modified: Wed, 14 Jun 2017 18:29:05 GMT
x-akamai-citisite: SWDC
date: Fri, 04 Jan 2019 15:44:58 GMT
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
accept-ranges: bytes
content-type: image/png
content-length: 1040

GET
H2 200 spacer.gif
online.citi.com/JFP/images/ 43 B
312 B 673ms
673ms Image
image/gif 104.108.41.14
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JFP/images/spacer.gif

Requested by

Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.108.41.14 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-108-41-14.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=300
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
date: Fri, 04 Jan 2019 15:44:59 GMT
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
accept-ranges: bytes
content-type: image/gif
content-length: 43

GET
H2 200 useregresponsive.min.css
online.citi.com/CBOL/sec/useregbnkcrd/css/ 27 KB
5 KB 661ms
625ms Stylesheet
text/css 104.108.41.14
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/sec/useregbnkcrd/css/useregresponsive.min.css

Requested by

Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.108.41.14 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-108-41-14.deploy.static.akamaitechnologies.com

Software

Resource Hash

8376fd61ad9aeb99e290d4a3a7fb753f9c8923d9b6b0224c5d256496beea8869

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 17:12:06 GMT
x-akamai-citisite: GTDC
date: Fri, 04 Jan 2019 15:44:59 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-type: text/css
content-length: 5154
expires: Fri, 04 Jan 2019 21:44:59 GMT

GET
H/1.1 200
OK CBOL.mask.min.js Show response
windysblog.com/CBOL/common/js/ 0
250 B 272ms
272ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: http://windysblog.com/CBOL/common/js/CBOL.mask.min.js
Requested by: Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: http://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=ptpetfu9oqjd3qant56t6o84r3
Connection: keep-alive
Cache-Control: no-cache
Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 04 Jan 2019 15:44:59 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=98
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 citi-logo-footer.png
online.citi.com/CBOL/common/ddl/1.1.0/images/catalogue/ 2 KB
2 KB 672ms
672ms Image
image/png 104.108.41.14
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/CBOL/common/ddl/1.1.0/images/catalogue/citi-logo-footer.png

Requested by

Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.108.41.14 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-108-41-14.deploy.static.akamaitechnologies.com

Software

Resource Hash

c03c473373b74ec78cd18149c63791f1879e0521776846e6ffd9dcfecd413b1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=300
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
date: Fri, 04 Jan 2019 15:44:59 GMT
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
accept-ranges: bytes
content-type: image/png
content-length: 1705

GET
H/1.1 200
OK branding_universal_megaMenu.js Show response
windysblog.com/GFC/branding/js/ 0
250 B 278ms
278ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: http://windysblog.com/GFC/branding/js/branding_universal_megaMenu.js
Requested by: Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: http://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=ptpetfu9oqjd3qant56t6o84r3
Connection: keep-alive
Cache-Control: no-cache
Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 04 Jan 2019 15:44:59 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=98
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK le-mtagconfig.js Show response
windysblog.com/JRS/js/chat/ 0
250 B 268ms
267ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: http://windysblog.com/JRS/js/chat/le-mtagconfig.js
Requested by: Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: http://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=ptpetfu9oqjd3qant56t6o84r3
Connection: keep-alive
Cache-Control: no-cache
Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 04 Jan 2019 15:44:59 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=96
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK LPAttributes.js Show response
windysblog.com/JRS/js/chat/ 0
250 B 268ms
268ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: http://windysblog.com/JRS/js/chat/LPAttributes.js
Requested by: Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: http://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=ptpetfu9oqjd3qant56t6o84r3
Connection: keep-alive
Cache-Control: no-cache
Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 04 Jan 2019 15:44:59 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=97
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK chatMask.js Show response
windysblog.com/JRS/js/chat/ 0
250 B 275ms
275ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: http://windysblog.com/JRS/js/chat/chatMask.js
Requested by: Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: http://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=ptpetfu9oqjd3qant56t6o84r3
Connection: keep-alive
Cache-Control: no-cache
Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 04 Jan 2019 15:44:59 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=97
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK chatLPHandler.js Show response
windysblog.com/JRS/js/chat/ 0
250 B 266ms
265ms Script
text/html 207.55.244.15
CONTINENTAL BROAD...

General

Check archive.org

Show headers Download Go to

Full URL: http://windysblog.com/JRS/js/chat/chatLPHandler.js
Requested by: Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Server: 207.55.244.15 Saint Petersburg, United States, ASN17054 (AS17054 - CONTINENTAL BROADBAND PENNSYLVANIA, INC., US),
Reverse DNS: cp34.deluxehosting.com
Software: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: windysblog.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: http://windysblog.com/citi/Verification.php
Cookie: PHPSESSID=ptpetfu9oqjd3qant56t6o84r3
Connection: keep-alive
Cache-Control: no-cache
Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 04 Jan 2019 15:44:59 GMT
Server: Apache/2.4.37 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
Connection: Keep-Alive
Keep-Alive: timeout=30, max=97
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 cobrowse_overlay.css
online.citi.com/GPS/portal/css/ 7 KB
2 KB 151ms
118ms Stylesheet
text/css 104.108.41.14
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/GPS/portal/css/cobrowse_overlay.css

Requested by

Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.108.41.14 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-108-41-14.deploy.static.akamaitechnologies.com

Software

Resource Hash

d636d0f6c2e9c491b04ed9a5f1fb2120da61b3cbbf4caef3f1ae265bd0bfae43

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Jun 2018 05:31:28 GMT
x-akamai-citisite: SWDC
date: Fri, 04 Jan 2019 15:44:58 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-type: text/css
content-length: 1589
expires: Fri, 04 Jan 2019 21:44:58 GMT

GET
H2 200 branding_main.css
online.citi.com/GFC/branding/css/ 110 KB
16 KB 29ms
29ms Stylesheet
text/css 104.108.41.14
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/GFC/branding/css/branding_main.css

Requested by

Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.108.41.14 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-108-41-14.deploy.static.akamaitechnologies.com

Software

Resource Hash

f01d6dfe7e76d3338980e1cca73c26d13829daecc59ca18344f52170893e878f

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Wed, 14 Nov 2018 17:31:43 GMT
x-akamai-citisite: GTDC
date: Fri, 04 Jan 2019 15:44:59 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-type: text/css
content-length: 16449
expires: Fri, 04 Jan 2019 21:44:59 GMT

GET
H/1.1 200
OK serverComponent.php Show response
nexus.ensighten.com/citi/na_prod/ 828 B
1 KB 43ms
42ms Script
text/javascript 52.214.176.176
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: http://nexus.ensighten.com/citi/na_prod/serverComponent.php?r=5820926434.977791&ClientID=1129&PageID=http%3A%2F%2Fwindysblog.com%2Fciti%2FVerification.php
Requested by: Host: nexus.ensighten.com
URL: http://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: HTTP/1.1
Server: 52.214.176.176 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-214-176-176.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 2f7bb02e212529d59a1855eabce7d0bdfcd64d1e127bf99a5a8d765952d516df

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 04 Jan 2019 15:44:59 GMT
Cache-Control: no-cache, no-store
Server: nginx
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 828
Expires: Fri, 04 Jan 2019 15:44:58 GMT

GET
H/1.1 200
OK Bootstrap.js Show response
nexus.ensighten.com/citi/na_stage/ 151 KB
46 KB 512ms
198ms Script
application/javascript 34.201.207.164
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_stage/Bootstrap.js
Requested by: Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.201.207.164 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-201-207-164.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 84f4ed952d684efca672450a0fe3712a3325aa94fd66272483314a2932b8d1d5

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 04 Jan 2019 15:44:59 GMT
Content-Encoding: gzip
Last-Modified: Thu, 03 Jan 2019 22:16:26 GMT
Server: nginx
ETag: W/"5c2e89ba-25ba3"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=300
Transfer-Encoding: chunked
Connection: keep-alive

GET
H2 200 CBOLClassic.min.css
online.citi.com/JFP/css/ 195 KB
31 KB 30ms
30ms Stylesheet
text/css 104.108.41.14
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JFP/css/CBOLClassic.min.css

Requested by

Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.108.41.14 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-108-41-14.deploy.static.akamaitechnologies.com

Software

Resource Hash

bb1bd01ab614af54f6c546c88f92ad916365566583639f3fd045defcfd9e43e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 17:20:58 GMT
x-akamai-citisite: GTDC
date: Fri, 04 Jan 2019 15:44:59 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-type: text/css
content-length: 31753
expires: Fri, 04 Jan 2019 21:44:59 GMT

GET
H/1.1 200
OK 4d4b17ada5007a6dcc8578b2c54b0b71.js Show response
nexus.ensighten.com/citi/na_prod/code/ 128 KB
34 KB 33ms
33ms Script
application/javascript 52.214.176.176
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: http://nexus.ensighten.com/citi/na_prod/code/4d4b17ada5007a6dcc8578b2c54b0b71.js?conditionId0=421908
Requested by: Host: nexus.ensighten.com
URL: http://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: HTTP/1.1
Server: 52.214.176.176 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-214-176-176.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: a9e78acf84e8112a949112ab971ed23038aa63126d093b20f6ab2961f628c1aa

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 04 Jan 2019 15:44:59 GMT
Content-Encoding: gzip
Last-Modified: Thu, 20 Dec 2018 18:26:40 GMT
Server: nginx
ETag: W/"5c1bdee0-1ffa6"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=315360000
transfer-encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK f04c5b50298b4704020615c60c2f1ae8.js Show response
nexus.ensighten.com/citi/na_prod/code/ 98 KB
29 KB 111ms
49ms Script
application/javascript 52.214.176.176
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: http://nexus.ensighten.com/citi/na_prod/code/f04c5b50298b4704020615c60c2f1ae8.js?conditionId0=486757
Requested by: Host: nexus.ensighten.com
URL: http://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: HTTP/1.1
Server: 52.214.176.176 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-214-176-176.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6a696ac98a391d139157ffa78da863939c76379d0d2bcc06191546aa4aeeeff6

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 04 Jan 2019 15:44:59 GMT
Content-Encoding: gzip
Last-Modified: Thu, 13 Dec 2018 16:47:32 GMT
Server: nginx
ETag: W/"5c128d24-18780"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=315360000
Connection: keep-alive
Content-Length: 29220

GET
H2 200 Interstate-Light.woff
online.citi.com/GFC/branding/fonts/ 74 KB
74 KB 58ms
17ms Font
application/octet-stream 104.108.41.14
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/GFC/branding/fonts/Interstate-Light.woff

Requested by

Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.108.41.14 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-108-41-14.deploy.static.akamaitechnologies.com

Software

Resource Hash

f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://online.citi.com/GFC/branding/css/branding_main_citi.css
Origin: http://windysblog.com

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
date: Fri, 04 Jan 2019 15:44:59 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
content-type: text/plain
access-control-allow-origin: *
content-length: 75483

GET
H2 200 Interstate-Bold.woff
online.citi.com/GFC/branding/fonts/ 70 KB
71 KB 55ms
32ms Font
application/octet-stream 104.108.41.14
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/GFC/branding/fonts/Interstate-Bold.woff

Requested by

Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.108.41.14 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-108-41-14.deploy.static.akamaitechnologies.com

Software

Resource Hash

e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://online.citi.com/GFC/branding/css/branding_main_citi.css
Origin: http://windysblog.com

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
date: Fri, 04 Jan 2019 15:44:59 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
content-type: text/plain
access-control-allow-origin: *
content-length: 71859

GET
H2 200 Interstate-ExtraLight.woff
online.citi.com/JFP/fonts/ 38 KB
38 KB 190ms
167ms Font
application/octet-stream 104.108.41.14
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JFP/fonts/Interstate-ExtraLight.woff

Requested by

Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.108.41.14 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-108-41-14.deploy.static.akamaitechnologies.com

Software

Resource Hash

9a93b0d48f5d73e23d7eff3e2c5f855b84398c37939253ce5eb3c2873a99a8bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://online.citi.com/CBOL/nga/common/ui/uxf/css/Citi_Universal.min.css
Origin: http://windysblog.com

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 17:12:06 GMT
x-akamai-citisite: GTDC
date: Fri, 04 Jan 2019 15:44:59 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
content-type: text/plain
access-control-allow-origin: *
content-length: 38001

GET
H2 200 glyphicons-halflings-regular.woff
online.citi.com/CBOL/sec/common/fonts/ 23 KB
23 KB 213ms
191ms Font
application/octet-stream 104.108.41.14
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/sec/common/fonts/glyphicons-halflings-regular.woff

Requested by

Host: windysblog.com
URL: http://windysblog.com/citi/Verification.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.108.41.14 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a104-108-41-14.deploy.static.akamaitechnologies.com

Software

Resource Hash

fc969dc1c6ff531abcf368089dcbaf5775133b0626ff56b52301a059fc0f9e1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://online.citi.com/CBOL/sec/useregbnkcrd/css/useregbnkcrd.min.css
Origin: http://windysblog.com

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 03 Apr 2018 06:30:04 GMT
x-akamai-citisite: SWDC
date: Fri, 04 Jan 2019 15:44:59 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
content-type: text/plain
access-control-allow-origin: *
content-length: 23132

GET
H/1.1 200
OK bk-coretag.js Show response
tags.bkrtx.com/js/ 31 KB
10 KB 57ms
14ms Script
text/javascript 23.43.127.7
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.bkrtx.com/js/bk-coretag.js
Requested by: Host: nexus.ensighten.com
URL: http://nexus.ensighten.com/citi/na_prod/code/4d4b17ada5007a6dcc8578b2c54b0b71.js?conditionId0=421908
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.43.127.7 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-43-127-7.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 2c7b95e516f24a2da447755f07b107bd8566745dc36322a1419ef92662019cf6

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 04 Jan 2019 15:44:59 GMT
Content-Encoding: gzip
Last-Modified: Mon, 23 Jul 2018 20:07:28 GMT
Server: Apache
ETag: "3160052-7a94-571b031e6f476"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 10358
Expires: Fri, 11 Jan 2019 15:44:59 GMT

GET
H/1.1 200
OK js Show response
www.googletagmanager.com/gtag/ 87 KB
32 KB 23ms
17ms Script
application/javascript 2a00:1450:4001:80b::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

http://www.googletagmanager.com/gtag/js?id=DC-6260004

Requested by

Host: nexus.ensighten.com
URL: http://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

HTTP/1.1

Server

2a00:1450:4001:80b::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager (scaffolding) /

Resource Hash

63aa09de1e414ffc834001fa40dd9ba1f276c985603fc5f1f923bba2af48a0a8

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 04 Jan 2019 15:44:59 GMT
Content-Encoding: gzip
Server: Google Tag Manager (scaffolding)
Vary: Accept-Encoding
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: http://www.googletagmanager.com
Cache-Control: private, max-age=900
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Cache-Control
Content-Length: 32162
X-XSS-Protection: 1; mode=block
Expires: Fri, 04 Jan 2019 15:44:59 GMT

GET
H/1.1 200
OK js Show response
www.googletagmanager.com/gtag/ 87 KB
32 KB 21ms
15ms Script
application/javascript 2a00:1450:4001:80b::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

http://www.googletagmanager.com/gtag/js?id=DC-6417343

Requested by

Host: nexus.ensighten.com
URL: http://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

HTTP/1.1

Server

2a00:1450:4001:80b::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager (scaffolding) /

Resource Hash

097ae780e0d51a99c71b9bed4e2a147a33a00d812cbc9c361aab07eb328c4363

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 04 Jan 2019 15:44:59 GMT
Content-Encoding: gzip
Server: Google Tag Manager (scaffolding)
Vary: Accept-Encoding
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: http://www.googletagmanager.com
Cache-Control: private, max-age=900
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Cache-Control
Content-Length: 32162
X-XSS-Protection: 1; mode=block
Expires: Fri, 04 Jan 2019 15:44:59 GMT

GET
H/1.1 200
OK js Show response
www.googletagmanager.com/gtag/ 87 KB
32 KB 23ms
17ms Script
application/javascript 2a00:1450:4001:80b::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

http://www.googletagmanager.com/gtag/js?id=DC-6269322

Requested by

Host: nexus.ensighten.com
URL: http://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

HTTP/1.1

Server

2a00:1450:4001:80b::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager (scaffolding) /

Resource Hash

f38bc0c3aefa476b121c0a4f9f9a3de1c821dc4aae10583a4dc524fdb9b8a9c7

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 04 Jan 2019 15:44:59 GMT
Content-Encoding: gzip
Server: Google Tag Manager (scaffolding)
Vary: Accept-Encoding
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: http://www.googletagmanager.com
Cache-Control: private, max-age=900
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Cache-Control
Content-Length: 32163
X-XSS-Protection: 1; mode=block
Expires: Fri, 04 Jan 2019 15:44:59 GMT

GET
H/1.1 200
OK js Show response
www.googletagmanager.com/gtag/ 87 KB
32 KB 21ms
16ms Script
application/javascript 2a00:1450:4001:80b::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

http://www.googletagmanager.com/gtag/js?id=DC-9001195

Requested by

Host: nexus.ensighten.com
URL: http://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

HTTP/1.1

Server

2a00:1450:4001:80b::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager (scaffolding) /

Resource Hash

cfbdd52ff7d416c792fcf53be488f99083155c916392a69eacd88a450dcc0615

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 04 Jan 2019 15:44:59 GMT
Content-Encoding: gzip
Server: Google Tag Manager (scaffolding)
Vary: Accept-Encoding
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: http://www.googletagmanager.com
Cache-Control: private, max-age=900
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Cache-Control
Content-Length: 32162
X-XSS-Protection: 1; mode=block
Expires: Fri, 04 Jan 2019 15:44:59 GMT

GET
H/1.1 200
OK js Show response
www.googletagmanager.com/gtag/ 87 KB
32 KB 16ms
15ms Script
application/javascript 2a00:1450:4001:80b::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

http://www.googletagmanager.com/gtag/js?id=DC-6268858

Requested by

Host: nexus.ensighten.com
URL: http://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

HTTP/1.1

Server

2a00:1450:4001:80b::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager (scaffolding) /

Resource Hash

91aa28af2e29d3c037a6b5d80f1af0d8337ec41b0fe9d244b275dc129bbc84a4

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 04 Jan 2019 15:44:59 GMT
Content-Encoding: gzip
Server: Google Tag Manager (scaffolding)
Vary: Accept-Encoding
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: http://www.googletagmanager.com
Cache-Control: private, max-age=900
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Cache-Control
Content-Length: 32163
X-XSS-Protection: 1; mode=block
Expires: Fri, 04 Jan 2019 15:44:59 GMT

GET
H/1.1 200
OK js Show response
www.googletagmanager.com/gtag/ 87 KB
32 KB 17ms
16ms Script
application/javascript 2a00:1450:4001:80b::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

http://www.googletagmanager.com/gtag/js?id=DC-8114478

Requested by

Host: nexus.ensighten.com
URL: http://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

HTTP/1.1

Server

2a00:1450:4001:80b::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager (scaffolding) /

Resource Hash

4cb6a2910f4374340b3d394bc469b27254982844ef63d0f7a392ce671ba3de4b

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 04 Jan 2019 15:44:59 GMT
Content-Encoding: gzip
Server: Google Tag Manager (scaffolding)
Vary: Accept-Encoding
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: http://www.googletagmanager.com
Cache-Control: private, max-age=900
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Cache-Control
Content-Length: 32162
X-XSS-Protection: 1; mode=block
Expires: Fri, 04 Jan 2019 15:44:59 GMT

GET
H/1.1 200
OK js Show response
www.googletagmanager.com/gtag/ 87 KB
32 KB 18ms
17ms Script
application/javascript 2a00:1450:4001:80b::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

http://www.googletagmanager.com/gtag/js?id=DC-6256710

Requested by

Host: nexus.ensighten.com
URL: http://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

HTTP/1.1

Server

2a00:1450:4001:80b::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager (scaffolding) /

Resource Hash

a34f0371d7d2c31a3af5fe600a71629bd0afc664ca7c42d5c79e38a89910beec

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 04 Jan 2019 15:44:59 GMT
Content-Encoding: gzip
Server: Google Tag Manager (scaffolding)
Vary: Accept-Encoding
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: http://www.googletagmanager.com
Cache-Control: private, max-age=900
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Cache-Control
Content-Length: 32163
X-XSS-Protection: 1; mode=block
Expires: Fri, 04 Jan 2019 15:44:59 GMT

GET
H/1.1 200
OK 63068
tags.bluekai.com/site/ Frame 54B8 0
0 143ms
104ms Document
text/html 23.60.196.160
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: http://tags.bluekai.com/site/63068?ret=html&phint=language&phint=product&phint=event&phint=category&phint=page&phint=section1&phint=section2&phint=section3&phint=section4&phint=productID&phint=__bk_t%3DUpdate%20Your%20Account%20-%20Citibank&phint=__bk_k%3D&phint=__bk_l%3Dhttp%3A%2F%2Fwindysblog.com%2Fciti%2FVerification.php&limit=10&r=70509659
Requested by: Host: tags.bkrtx.com
URL: https://tags.bkrtx.com/js/bk-coretag.js
Protocol: HTTP/1.1
Server: 23.60.196.160 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-60-196-160.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Host: tags.bluekai.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://windysblog.com/citi/Verification.php
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: http://windysblog.com/citi/Verification.php

Response headers

Content-Type: text/html
Content-Length: 71
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
BK-Server: 8aca
Date: Fri, 04 Jan 2019 15:44:59 GMT
Connection: keep-alive
X-N: S

GET
H/1.1 200
OK check.js;CIS3SID=2D8C1A3DCB076D61C8DC7DD7472571BE Show response
content22.online.citi.com/fp/ Frame A8BC 125 KB
34 KB 44ms
43ms Script
text/javascript 91.235.134.21
ThreatMetrix Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/check.js;CIS3SID=2D8C1A3DCB076D61C8DC7DD7472571BE?org_id=89oebq5k&session_id=0562eba5337963e6a5bd4781cff4574c3d36ebfde923d9cb2696eb4a2e05fd83&nonce=327aa721755fb1a6&pageid=1

Requested by

Host: content22.online.citi.com
URL: https://content22.online.citi.com/fp/tags.js?org_id=89oebq5k&session_id=0562eba5337963e6a5bd4781cff4574c3d36ebfde923d9cb2696eb4a2e05fd83&allow_reprofile=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.235.134.21 , Netherlands, ASN30286 (THM - ThreatMetrix Inc., US),

Reverse DNS

Software

Apache /

Resource Hash

5f2384776bf5de2e5d2bf9d2f34a08ac1de79ef4544f418d77939eec92cffcc1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 04 Jan 2019 15:45:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: Apache
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Transfer-Encoding: chunked
tmx-nonce: 327aa721755fb1a6
Connection: Keep-Alive, Keep-Alive
Keep-Alive: timeout=2, max=99
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK clear.png
content22.online.citi.com/fp/ Frame A8BC 81 B
430 B 69ms
18ms Image
image/png 91.235.134.21
ThreatMetrix Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=0562eba5337963e6a5bd4781cff4574c3d36ebfde923d9cb2696eb4a2e05fd83&nonce=327aa721755fb1a6&pageid=1&w=b79ad7cf426fc5ac&ck=0&m=1

Requested by

Host: content22.online.citi.com
URL: https://content22.online.citi.com/fp/tags.js?org_id=89oebq5k&session_id=0562eba5337963e6a5bd4781cff4574c3d36ebfde923d9cb2696eb4a2e05fd83&allow_reprofile=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.235.134.21 , Netherlands, ASN30286 (THM - ThreatMetrix Inc., US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 04 Jan 2019 15:45:00 GMT
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK clear.png
content22.online.citi.com/fp/ Frame A8BC 81 B
430 B 65ms
17ms Image
image/png 91.235.134.21
ThreatMetrix Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=0562eba5337963e6a5bd4781cff4574c3d36ebfde923d9cb2696eb4a2e05fd83&nonce=327aa721755fb1a6&pageid=1&ck=0&m=2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.235.134.21 , Netherlands, ASN30286 (THM - ThreatMetrix Inc., US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 04 Jan 2019 15:45:00 GMT
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK js Show response
www.googletagmanager.com/gtag/ 87 KB
32 KB 16ms
16ms Script
application/javascript 2a00:1450:4001:80b::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

http://www.googletagmanager.com/gtag/js?id=AW-959299794

Requested by

Host: nexus.ensighten.com
URL: http://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

HTTP/1.1

Server

2a00:1450:4001:80b::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager (scaffolding) /

Resource Hash

1355fa1376b714e494ef2acf3bda679c189c896374ce83279a38decf03636c6f

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 04 Jan 2019 15:45:00 GMT
Content-Encoding: gzip
Server: Google Tag Manager (scaffolding)
Vary: Accept-Encoding
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: http://www.googletagmanager.com
Cache-Control: private, max-age=900
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Cache-Control
Content-Length: 32166
X-XSS-Protection: 1; mode=block
Expires: Fri, 04 Jan 2019 15:45:00 GMT

GET
H/1.1 200
OK /
insight.adsrvr.org/track/conv/ 0
278 B 77ms
27ms Image
text/plain 54.246.153.43
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://insight.adsrvr.org/track/conv/?ct=0:t1sl5ty&adv=1jw5cvl
Protocol: HTTP/1.1
Server: 54.246.153.43 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-246-153-43.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 04 Jan 2019 15:45:00 GMT
Cache-Control: private,no-cache, must-revalidate
Connection: keep-alive
X-AspNet-Version: 4.0.30319
Transfer-Encoding: chunked
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1 200
OK conversion_async.js Show response
www.googleadservices.com/pagead/ 23 KB
9 KB 56ms
18ms Script
text/javascript 172.217.18.162
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

http://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: http://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

HTTP/1.1

Server

172.217.18.162 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s29-in-f2.1e100.net

Software

cafe /

Resource Hash

9f7ec14b65196ecc6380422716725a5a5dcb4261f5988ef381905dd0f8fd031f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 04 Jan 2019 15:45:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Type: text/javascript; charset=UTF-8
Server: cafe
ETag: 14625954634965495121
Vary: Accept-Encoding
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control: private, max-age=3600
Content-Disposition: attachment; filename="f.txt"
Timing-Allow-Origin: *
Content-Length: 8755
X-XSS-Protection: 1; mode=block
Expires: Fri, 04 Jan 2019 15:45:00 GMT

GET
H/1.1 200
OK HP
content22.online.citi.com/fp/ Frame 3FA6 0
0 21ms
18ms Document
text/html 91.235.134.21
ThreatMetrix Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/HP?session_id=0562eba5337963e6a5bd4781cff4574c3d36ebfde923d9cb2696eb4a2e05fd83&org_id=89oebq5k&nonce=327aa721755fb1a6&mode=2&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx

Requested by

Host: content22.online.citi.com
URL: https://content22.online.citi.com/fp/check.js;CIS3SID=2D8C1A3DCB076D61C8DC7DD7472571BE?org_id=89oebq5k&session_id=0562eba5337963e6a5bd4781cff4574c3d36ebfde923d9cb2696eb4a2e05fd83&nonce=327aa721755fb1a6&pageid=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.235.134.21 , Netherlands, ASN30286 (THM - ThreatMetrix Inc., US),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: content22.online.citi.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://windysblog.com/citi/Verification.php
Accept-Encoding: gzip, deflate, br
Cookie: thx_guid=16d2d8ff658b4d7ca510cbd8255e297d; AKMTLTSID=D52E1A60FA17BA5D7E3A349C58DB98CE
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: http://windysblog.com/citi/Verification.php

Response headers

Date: Fri, 04 Jan 2019 15:45:00 GMT
Server: Apache
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-UA-Compatible: IE=Edge
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5821
Keep-Alive: timeout=2, max=99

GET
H/1.1 200
OK ls_fp.html;CIS3SID=2D8C1A3DCB076D61C8DC7DD7472571BE
content22.online.citi.com/fp/ Frame D3CB 0
0 20ms
18ms Document
text/html 91.235.134.21
ThreatMetrix Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/ls_fp.html;CIS3SID=2D8C1A3DCB076D61C8DC7DD7472571BE?org_id=89oebq5k&session_id=0562eba5337963e6a5bd4781cff4574c3d36ebfde923d9cb2696eb4a2e05fd83&nonce=327aa721755fb1a6&pageid=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.235.134.21 , Netherlands, ASN30286 (THM - ThreatMetrix Inc., US),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: content22.online.citi.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://windysblog.com/citi/Verification.php
Accept-Encoding: gzip, deflate, br
Cookie: thx_guid=16d2d8ff658b4d7ca510cbd8255e297d; AKMTLTSID=D52E1A60FA17BA5D7E3A349C58DB98CE
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: http://windysblog.com/citi/Verification.php

Response headers

Date: Fri, 04 Jan 2019 15:45:00 GMT
Server: Apache
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=99
Transfer-Encoding: chunked

GET
H/1.1 204
No Content clear.png Show response
content22.online.citi.com/fp/ Frame A8BC 0
342 B 15ms
14ms Script
text/javascript 91.235.134.21
ThreatMetrix Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=0562eba5337963e6a5bd4781cff4574c3d36ebfde923d9cb2696eb4a2e05fd83&nonce=327aa721755fb1a6&pageid=1&jd=37362424773f62373b61663f616434303666613561612e6a646c3f3130246a646a3d63306333643132316761613e663131633c6631366236353065613a326b303833246866766e3d3238343f383330

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.235.134.21 , Netherlands, ASN30286 (THM - ThreatMetrix Inc., US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 04 Jan 2019 15:45:00 GMT
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=98
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK top_fp.html;CIS3SID=2D8C1A3DCB076D61C8DC7DD7472571BE
content22.online.citi.com/fp/ Frame A34B 0
0 19ms
19ms Document
text/html 91.235.134.21
ThreatMetrix Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/top_fp.html;CIS3SID=2D8C1A3DCB076D61C8DC7DD7472571BE?org_id=89oebq5k&session_id=0562eba5337963e6a5bd4781cff4574c3d36ebfde923d9cb2696eb4a2e05fd83&nonce=327aa721755fb1a6&pageid=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.235.134.21 , Netherlands, ASN30286 (THM - ThreatMetrix Inc., US),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: content22.online.citi.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://windysblog.com/citi/Verification.php
Accept-Encoding: gzip, deflate, br
Cookie: thx_guid=16d2d8ff658b4d7ca510cbd8255e297d; AKMTLTSID=D52E1A60FA17BA5D7E3A349C58DB98CE
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: http://windysblog.com/citi/Verification.php

Response headers

Date: Fri, 04 Jan 2019 15:45:00 GMT
Server: Apache
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=98
Transfer-Encoding: chunked

GET
H/1.1 204
204 clear.png Show response
content22.online.citi.com/fp/ Frame A8BC 0
173 B 17ms
16ms Script
text/javascript 91.235.134.21
ThreatMetrix Inc.

General

Check archive.org

Show headers Download Go to

Full URL: https://content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=0562eba5337963e6a5bd4781cff4574c3d36ebfde923d9cb2696eb4a2e05fd83&nonce=327aa721755fb1a6&pageid=1&ja=3530362426753d62353b616c356166363236646335636b26613f32267a3f3024643d333430327a3132383224736b663f30362e6e683f68747670253343253a4425324475696c647971606e67652c636d6d253046636b7c6927304456657069646b636376696d6c2e70607224647a3f6a767678273343253244253246756966667973606e6f652e636d6f273a446169766925304656677a69646b6161746b6f6c2c706a7226723f706c7d656b6e57646e6371605c66636c736721706c7767616c5f776b6c646d77735d6f676c6b635f726c617b65725c6e616e716721706e75656b6e5d63646d60655f6961706f6a63765c64696e736721706e7567696c5f797769636976696f655e64636e7b6723706e75676b6e5f71606f6169756176675e64636c716721726e7567616c5d726d636e726e697b65705e66636c73652370647767696c5d766e635f726e637167705e64616c716521726475656b6c5f646776636e76705c66636e736529726e756f6b6c5d717e655f7469657565725e646164716521726e7565696e5d68637e635c66636c736726686a35363b3660333732303366623536343b3731633f3560376b346660303f34316765266778333d32346a3a33303130303666306466643b3233313166346735623a31393a613536623a6633613435312668716f3d446b6c757024687160354168706f6d67203637&jb=31353b246c733d4d6d786b646e63253046352c30253038284f6361696e766f716a253140253032496e7c676e253a324f63612d30304d532530305825303039325f31315d352b2532324372786e675767624b6b7425304e3531352c33362732322a4b4a564d4e2732432d30326c6169672730384565616b6f2b25323041687a6d6d6527304634372e322c313b3b342e3a3725303053636e61706b2732463733352c3334
Requested by: Host: content22.online.citi.com
URL: https://content22.online.citi.com/fp/check.js;CIS3SID=2D8C1A3DCB076D61C8DC7DD7472571BE?org_id=89oebq5k&session_id=0562eba5337963e6a5bd4781cff4574c3d36ebfde923d9cb2696eb4a2e05fd83&nonce=327aa721755fb1a6&pageid=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 91.235.134.21 , Netherlands, ASN30286 (THM - ThreatMetrix Inc., US),
Reverse DNS
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 04 Jan 2019 15:45:00 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=98
Content-Type: text/javascript;charset=UTF-8

GET
H/1.1 200
OK clear.png
89oebq5k-cd836ad10e34324fc665e90ab403fab81882f201-am1.d.aa.online-metrix.net/fp/ Frame A8BC 81 B
393 B 670ms
164ms Image
image/png 192.225.158.3
ThreatMetrix Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://89oebq5k-cd836ad10e34324fc665e90ab403fab81882f201-am1.d.aa.online-metrix.net/fp/clear.png?org_id=89oebq5k&session_id=0562eba5337963e6a5bd4781cff4574c3d36ebfde923d9cb2696eb4a2e05fd83&nonce=327aa721755fb1a6&pageid=1&di=yes

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.225.158.3 San Jose, United States, ASN30286 (THM - ThreatMetrix Inc., US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 04 Jan 2019 15:45:00 GMT
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: close
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK clear.png
content22.online.citi.com/fp/ Frame A8BC 81 B
431 B 18ms
14ms Image
image/png 91.235.134.21
ThreatMetrix Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://content22.online.citi.com/fp/clear.png
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 91.235.134.21 , Netherlands, ASN30286 (THM - ThreatMetrix Inc., US),
Reverse DNS
Software: Apache /
Resource Hash: 95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Fri, 04 Jan 2019 15:45:00 GMT
Last-Modified: Fri, 04 Jan 2019 15:45:00 GMT
Server: Apache
Etag: 73b4ed95de56437287a505ac569aacea
Content-Type: image/png
Cache-Control: private, must-revalidate, max-age=0
Connection: Keep-Alive
Keep-Alive: timeout=2, max=97
Content-Length: 81
Expires: Wed, 03 Jan 2024 15:45:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/ 2 KB
1 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:815::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1546616700270&cv=9&fst=1546616700270&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=659255991&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&data=event%3Dgtag.config&gtm=2odbc0&sendb=1&frm=0&url=http%3A%2F%2Fwindysblog.com%2Fciti%2FVerification.php&tiba=Update%20Your%20Account%20-%20Citibank&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: http://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:815::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

960f9d37ac4888b02637695e58cea9130e67339b7775207038249a922d1c69da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Jan 2019 15:45:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 999
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/ 2 KB
1 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:815::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1546616700273&cv=9&fst=1546616700273&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=659255991&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&data=event%3Dgtag.config&gtm=2odbc0&sendb=1&frm=0&url=http%3A%2F%2Fwindysblog.com%2Fciti%2FVerification.php&tiba=Update%20Your%20Account%20-%20Citibank&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: http://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:815::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

58632390adfc138c20a5839e091f6c73fd8d6888103a2b0ff32f2eb39f4daa07

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Jan 2019 15:45:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 1000
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/ 2 KB
1 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:815::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1546616700274&cv=9&fst=1546616700274&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=659255991&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&data=event%3Dconversion&gtm=2odbc0&sendb=1&frm=0&url=http%3A%2F%2Fwindysblog.com%2Fciti%2FVerification.php&tiba=Update%20Your%20Account%20-%20Citibank&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: http://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:815::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

82060a179cb5cd2053328665835aed9b4a7d742b2ff0e685cc1b27ea381ab48a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Jan 2019 15:45:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 999
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/ 2 KB
1 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:815::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1546616700275&cv=9&fst=1546616700275&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=659255991&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&data=event%3Dconversion&gtm=2odbc0&sendb=1&frm=0&url=http%3A%2F%2Fwindysblog.com%2Fciti%2FVerification.php&tiba=Update%20Your%20Account%20-%20Citibank&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: http://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:815::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

71d8db496b40d9fe21223ca2ec06a38830d36cd0a17bc092c2e5db4a80208373

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Jan 2019 15:45:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39,35",quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 1000
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.de/pagead/1p-user-list/916451471/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1546616700273&cv=9&fst=1546616700273&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=659255991&u_h=1200&u_...
https://www.google.com/pagead/1p-user-list/916451471/?random=1546616700273&cv=9&fst=1546614000000&num=1&fmt=3&bg=ffffff&guid=ON&eid=659255991&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u...
https://www.google.de/pagead/1p-user-list/916451471/?random=1546616700273&cv=9&fst=1546614000000&num=1&fmt=3&bg=ffffff&guid=ON&eid=659255991&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_...

42 B
109 B

24ms
23ms

Image
image/gif

2a00:1450:4001:81c::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/916451471/?random=1546616700273&cv=9&fst=1546614000000&num=1&fmt=3&bg=ffffff&guid=ON&eid=659255991&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&data=event%3Dgtag.config&gtm=2odbc0&sendb=1&frm=0&url=http%3A%2F%2Fwindysblog.com%2Fciti%2FVerification.php&tiba=Update%20Your%20Account%20-%20Citibank&async=1&crd=CITQGw&cdct=2&is_vtc=1&random=4248391633&resp=GooglemKTybQhCsO&ipr=y

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81c::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Jan 2019 15:45:00 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 04 Jan 2019 15:45:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/pagead/1p-user-list/916451471/?random=1546616700273&cv=9&fst=1546614000000&num=1&fmt=3&bg=ffffff&guid=ON&eid=659255991&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&data=event%3Dgtag.config&gtm=2odbc0&sendb=1&frm=0&url=http%3A%2F%2Fwindysblog.com%2Fciti%2FVerification.php&tiba=Update%20Your%20Account%20-%20Citibank&async=1&crd=CITQGw&cdct=2&is_vtc=1&random=4248391633&resp=GooglemKTybQhCsO&ipr=y
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.de/pagead/1p-user-list/916451471/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1546616700275&cv=9&fst=1546616700275&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=659255991&u_h=1200&u_...
https://www.google.com/pagead/1p-user-list/916451471/?random=1546616700275&cv=9&fst=1546614000000&num=1&fmt=3&bg=ffffff&guid=ON&eid=659255991&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u...
https://www.google.de/pagead/1p-user-list/916451471/?random=1546616700275&cv=9&fst=1546614000000&num=1&fmt=3&bg=ffffff&guid=ON&eid=659255991&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_...

42 B
109 B

36ms
36ms

Image
image/gif

2a00:1450:4001:81c::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/916451471/?random=1546616700275&cv=9&fst=1546614000000&num=1&fmt=3&bg=ffffff&guid=ON&eid=659255991&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&data=event%3Dconversion&gtm=2odbc0&sendb=1&frm=0&url=http%3A%2F%2Fwindysblog.com%2Fciti%2FVerification.php&tiba=Update%20Your%20Account%20-%20Citibank&async=1&crd=CITQGw&cdct=2&is_vtc=1&random=3249445861&resp=GooglemKTybQhCsO&ipr=y

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81c::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Jan 2019 15:45:00 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 04 Jan 2019 15:45:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/pagead/1p-user-list/916451471/?random=1546616700275&cv=9&fst=1546614000000&num=1&fmt=3&bg=ffffff&guid=ON&eid=659255991&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&data=event%3Dconversion&gtm=2odbc0&sendb=1&frm=0&url=http%3A%2F%2Fwindysblog.com%2Fciti%2FVerification.php&tiba=Update%20Your%20Account%20-%20Citibank&async=1&crd=CITQGw&cdct=2&is_vtc=1&random=3249445861&resp=GooglemKTybQhCsO&ipr=y
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/960621875/ 42 B
109 B 56ms
51ms Image
image/gif 2a00:1450:4001:818::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/960621875/?random=1546616700273&cv=9&fst=1546614000000&num=1&bg=ffffff&guid=ON&eid=659255991&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&data=event%3Dgtag.config&gtm=2odbc0&sendb=1&frm=0&url=http%3A%2F%2Fwindysblog.com%2Fciti%2FVerification.php&tiba=Update%20Your%20Account%20-%20Citibank&async=1&fmt=3&crd=CITQGw&cdct=2&is_vtc=1&random=2052529994&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:818::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Jan 2019 15:45:00 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/960621875/ 42 B
109 B 26ms
22ms Image
image/gif 2a00:1450:4001:81c::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/960621875/?random=1546616700273&cv=9&fst=1546614000000&num=1&bg=ffffff&guid=ON&eid=659255991&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&data=event%3Dgtag.config&gtm=2odbc0&sendb=1&frm=0&url=http%3A%2F%2Fwindysblog.com%2Fciti%2FVerification.php&tiba=Update%20Your%20Account%20-%20Citibank&async=1&fmt=3&crd=CITQGw&cdct=2&is_vtc=1&random=2052529994&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81c::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Jan 2019 15:45:00 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/960621875/ 42 B
109 B 33ms
31ms Image
image/gif 2a00:1450:4001:818::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/960621875/?random=1546616700275&cv=9&fst=1546614000000&num=1&bg=ffffff&guid=ON&eid=659255991&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&data=event%3Dconversion&gtm=2odbc0&sendb=1&frm=0&url=http%3A%2F%2Fwindysblog.com%2Fciti%2FVerification.php&tiba=Update%20Your%20Account%20-%20Citibank&async=1&fmt=3&crd=CITQGw&cdct=2&is_vtc=1&random=2039470678&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:818::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Jan 2019 15:45:00 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/960621875/ 42 B
109 B 32ms
30ms Image
image/gif 2a00:1450:4001:81c::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/960621875/?random=1546616700275&cv=9&fst=1546614000000&num=1&bg=ffffff&guid=ON&eid=659255991&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&data=event%3Dconversion&gtm=2odbc0&sendb=1&frm=0&url=http%3A%2F%2Fwindysblog.com%2Fciti%2FVerification.php&tiba=Update%20Your%20Account%20-%20Citibank&async=1&fmt=3&crd=CITQGw&cdct=2&is_vtc=1&random=2039470678&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81c::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Jan 2019 15:45:00 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/959299794/ 42 B
109 B 35ms
34ms Image
image/gif 2a00:1450:4001:818::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/959299794/?random=1546616700270&cv=9&fst=1546614000000&num=1&bg=ffffff&guid=ON&eid=659255991&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&data=event%3Dgtag.config&gtm=2odbc0&sendb=1&frm=0&url=http%3A%2F%2Fwindysblog.com%2Fciti%2FVerification.php&tiba=Update%20Your%20Account%20-%20Citibank&async=1&fmt=3&crd=CITQGw&cdct=2&is_vtc=1&random=932792799&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:818::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Jan 2019 15:45:00 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/959299794/ 42 B
109 B 28ms
26ms Image
image/gif 2a00:1450:4001:81c::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/959299794/?random=1546616700270&cv=9&fst=1546614000000&num=1&bg=ffffff&guid=ON&eid=659255991&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&data=event%3Dgtag.config&gtm=2odbc0&sendb=1&frm=0&url=http%3A%2F%2Fwindysblog.com%2Fciti%2FVerification.php&tiba=Update%20Your%20Account%20-%20Citibank&async=1&fmt=3&crd=CITQGw&cdct=2&is_vtc=1&random=932792799&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81c::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Jan 2019 15:45:00 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/959299794/ 42 B
109 B 52ms
51ms Image
image/gif 2a00:1450:4001:818::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/959299794/?random=1546616700274&cv=9&fst=1546614000000&num=1&bg=ffffff&guid=ON&eid=659255991&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&data=event%3Dconversion&gtm=2odbc0&sendb=1&frm=0&url=http%3A%2F%2Fwindysblog.com%2Fciti%2FVerification.php&tiba=Update%20Your%20Account%20-%20Citibank&async=1&fmt=3&crd=CITQGw&cdct=2&is_vtc=1&random=866742628&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:818::2004 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Jan 2019 15:45:00 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/959299794/ 42 B
109 B 22ms
22ms Image
image/gif 2a00:1450:4001:81c::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/959299794/?random=1546616700274&cv=9&fst=1546614000000&num=1&bg=ffffff&guid=ON&eid=659255991&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&data=event%3Dconversion&gtm=2odbc0&sendb=1&frm=0&url=http%3A%2F%2Fwindysblog.com%2Fciti%2FVerification.php&tiba=Update%20Your%20Account%20-%20Citibank&async=1&fmt=3&crd=CITQGw&cdct=2&is_vtc=1&random=866742628&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:81c::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 04 Jan 2019 15:45:00 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 204
No Content clear.png Show response
content22.online.citi.com/fp/ Frame A8BC 0
342 B 14ms
14ms Script
text/javascript 91.235.134.21
ThreatMetrix Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=0562eba5337963e6a5bd4781cff4574c3d36ebfde923d9cb2696eb4a2e05fd83&nonce=327aa721755fb1a6&pageid=1&jac=1&je=383724247767627276615d616c7665706e616e5f69723531363a2c3235332e36372e3335302e306130393836663038303230326339383a322477656270746b5d65787667726c616c5d6b7235333a352c3232322e373226323230

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

91.235.134.21 , Netherlands, ASN30286 (THM - ThreatMetrix Inc., US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://windysblog.com/citi/Verification.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 04 Jan 2019 15:45:00 GMT
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=94
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citibank (Banking)

299 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.citi.com/	1969-12-31 23:59:59	Name: AKMTLTSID Value: D52E1A60FA17BA5D7E3A349C58DB98CE
content22.online.citi.com/	1970-01-20 16:48:56	Name: thx_guid Value: 16d2d8ff658b4d7ca510cbd8255e297d
windysblog.com/	1970-01-18 21:36:58	Name: 7018 Value:
windysblog.com/	1970-01-18 21:36:58	Name: 7830 Value: error
windysblog.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: ptpetfu9oqjd3qant56t6o84r3

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

89oebq5k-cd836ad10e34324fc665e90ab403fab81882f201-am1.d.aa.online-metrix.net
content22.online.citi.com
googleads.g.doubleclick.net
insight.adsrvr.org
nexus.ensighten.com
online.citi.com
tags.bkrtx.com
tags.bluekai.com
windysblog.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
104.108.41.14
172.217.18.162
192.225.158.3
207.55.244.15
23.43.127.7
23.60.196.160
2a00:1450:4001:80b::2008
2a00:1450:4001:815::2002
2a00:1450:4001:818::2004
2a00:1450:4001:81c::2003
34.201.207.164
52.214.176.176
54.246.153.43
91.235.134.21
097ae780e0d51a99c71b9bed4e2a147a33a00d812cbc9c361aab07eb328c4363
1355fa1376b714e494ef2acf3bda679c189c896374ce83279a38decf03636c6f
1a1d7795e2fa34d6a9ae37358f8aea2bf8e60f19726078a0185a05035a7f8925
2c7b95e516f24a2da447755f07b107bd8566745dc36322a1419ef92662019cf6
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f7bb02e212529d59a1855eabce7d0bdfcd64d1e127bf99a5a8d765952d516df
3582aed1f26fa2ba256161fb50028844b2a726b4ef45c82663e5108cd39bf034
4cb6a2910f4374340b3d394bc469b27254982844ef63d0f7a392ce671ba3de4b
58632390adfc138c20a5839e091f6c73fd8d6888103a2b0ff32f2eb39f4daa07
5bcafc26b27b50ec2e96ce4f9d3225b1287e9d8abec69593c7c47e1c61cf41e0
5f2384776bf5de2e5d2bf9d2f34a08ac1de79ef4544f418d77939eec92cffcc1
63aa09de1e414ffc834001fa40dd9ba1f276c985603fc5f1f923bba2af48a0a8
6975145b0d8bd5a952b4dfd4f4da82182c7488f67415a8012af227fcb95c3666
6a696ac98a391d139157ffa78da863939c76379d0d2bcc06191546aa4aeeeff6
71d8db496b40d9fe21223ca2ec06a38830d36cd0a17bc092c2e5db4a80208373
7a56e5f8a88d9644a0df7479b285ca29dad092fc3177283e9953bb613d41c655
7cb24e06c00e47bb6bc6c38b935d6bc62817f656703387e4fb7591add96c7454
82060a179cb5cd2053328665835aed9b4a7d742b2ff0e685cc1b27ea381ab48a
8376fd61ad9aeb99e290d4a3a7fb753f9c8923d9b6b0224c5d256496beea8869
84f4ed952d684efca672450a0fe3712a3325aa94fd66272483314a2932b8d1d5
888682b6f8961bc407df2027baf9ea22da7be5f298d037845c1724f7004c4338
91aa28af2e29d3c037a6b5d80f1af0d8337ec41b0fe9d244b275dc129bbc84a4
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
960f9d37ac4888b02637695e58cea9130e67339b7775207038249a922d1c69da
9a93b0d48f5d73e23d7eff3e2c5f855b84398c37939253ce5eb3c2873a99a8bc
9b6605a9eb8923449d13063b127bfdc46ac82fd3a2fba6c843d0becc6d7554ee
9f7ec14b65196ecc6380422716725a5a5dcb4261f5988ef381905dd0f8fd031f
a34f0371d7d2c31a3af5fe600a71629bd0afc664ca7c42d5c79e38a89910beec
a9e78acf84e8112a949112ab971ed23038aa63126d093b20f6ab2961f628c1aa
b7b30ac023f5c53ce801b8886ce0f2802ee7ca5751ea7f98b9c0318496271ed9
bb1bd01ab614af54f6c546c88f92ad916365566583639f3fd045defcfd9e43e8
c03c473373b74ec78cd18149c63791f1879e0521776846e6ffd9dcfecd413b1e
cb00188bf688d97c7aa19b6d0ea9b6e3f69a4c08240f5039042478a4c9020ee8
cfbdd52ff7d416c792fcf53be488f99083155c916392a69eacd88a450dcc0615
d636d0f6c2e9c491b04ed9a5f1fb2120da61b3cbbf4caef3f1ae265bd0bfae43
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e64b72a9288c8b188e878aab1b75ef28588382b57754d340b54b978598b8ff54
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7
ed18ee1dae4d9168e1825435ef1dc2825e4d2916accc7c28bb9c2e6d761ea020
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f01d6dfe7e76d3338980e1cca73c26d13829daecc59ca18344f52170893e878f
f089858a4b6b04bb7374e02735cd3568e4b4d68d2e5dc05bfd56a32e0b579bc7
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296
f38bc0c3aefa476b121c0a4f9f9a3de1c821dc4aae10583a4dc524fdb9b8a9c7
fc969dc1c6ff531abcf368089dcbaf5775133b0626ff56b52301a059fc0f9e1e
fea2ce318fe3e06af7549e140581f16de9801c39cdb33edbbd4293a505a3eb3b

windysblog.com Open in urlscan Pro 207.55.244.15 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

88 Requests

56 %HTTPS

29 %IPv6

12 Domains

13 Subdomains

14 IPs

3 Countries

1090 kBTransfer

2725 kBSize

5 Cookies

5 Outgoing links

Redirected requests

88 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

windysblog.com Open in urlscan Pro
207.55.244.15 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

88
Requests

56 %
HTTPS

29 %
IPv6

12
Domains

13
Subdomains

14
IPs

3
Countries

1090 kB
Transfer

2725 kB
Size

5
Cookies

88 HTTP transactions
0 data transactions