citicards.citi.com Open in urlscan Pro
35.190.22.40 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.citi.com/fraudprevention
Effective URL:
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID...
Submission: On July 11 via api (July 11th 2023, 5:46:04 pm UTC) from US — Scanned from DE

Summary HTTP 163 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 31 IPs in 4 countries across 21 domains to perform 163 HTTP transactions. The main IP is 35.190.22.40, located in Kansas City, United States and belongs to GOOGLE, US. The main domain is citicards.citi.com. The Cisco Umbrella rank of the primary domain is 172881.
TLS certificate: Issued by DigiCert EV RSA CA G2 on March 14th 2023. Valid for: a year.

This is the only time citicards.citi.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	104.102.55.191 104.102.55.191	16625 (AKAMAI-AS) (AKAMAI-AS)
1 55	35.190.22.40 35.190.22.40	15169 (GOOGLE) (GOOGLE)
4	2606:4700::68... 2606:4700::6813:9308	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	13.32.110.125 13.32.110.125	16509 (AMAZON-02) (AMAZON-02)
1 3	52.208.156.123 52.208.156.123	16509 (AMAZON-02) (AMAZON-02)
8	3.124.173.63 3.124.173.63	16509 (AMAZON-02) (AMAZON-02)
3	34.107.138.236 34.107.138.236	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	52.48.127.113 52.48.127.113	16509 (AMAZON-02) (AMAZON-02)
1	63.140.62.135 63.140.62.135	15224 (OMNITURE) (OMNITURE)
1 1	34.251.46.32 34.251.46.32	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:214... 2600:9000:214f:f200:1:76cf:fe80:93a1	16509 (AMAZON-02) (AMAZON-02)
1	18.66.97.4 18.66.97.4	16509 (AMAZON-02) (AMAZON-02)
1	18.66.122.45 18.66.122.45	16509 (AMAZON-02) (AMAZON-02)
13	2a00:1450:400... 2a00:1450:4001:80b::2008	15169 (GOOGLE) (GOOGLE)
1	66.235.152.115 66.235.152.115	15224 (OMNITURE) (OMNITURE)
1	34.253.91.174 34.253.91.174	16509 (AMAZON-02) (AMAZON-02)
1	193.0.160.131 193.0.160.131	54312 (ROCKETFUEL) (ROCKETFUEL)
8	104.17.208.240 104.17.208.240	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.190.60.146 35.190.60.146	15169 (GOOGLE) (GOOGLE)
7	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2600:9000:218... 2600:9000:218e:9c00:1d:bf0a:0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	108.138.15.119 108.138.15.119	16509 (AMAZON-02) (AMAZON-02)
1 2	52.46.143.56 52.46.143.56	16509 (AMAZON-02) (AMAZON-02)
1	34.226.6.56 34.226.6.56	14618 (AMAZON-AES) (AMAZON-AES)
9	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
1	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
2	34.206.177.80 34.206.177.80	14618 (AMAZON-AES) (AMAZON-AES)
1	52.222.169.27 52.222.169.27	16509 (AMAZON-02) (AMAZON-02)
9	2a00:1450:400... 2a00:1450:4001:80f::2004	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
3	104.17.209.240 104.17.209.240	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	95.101.149.99 95.101.149.99	16625 (AKAMAI-AS) (AKAMAI-AS)
163	31

1 104.102.55.191 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-102-55-191.deploy.static.akamaitechnologies.com

www.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

55 35.190.22.40 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 40.22.190.35.bc.googleusercontent.com

citi.bridgetrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
citicards.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6813:9308 (United States)

ASN13335 (CLOUDFLARENET, US)

script.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 13.32.110.125 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-110-125.vie50.r.cloudfront.net

nexus.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.208.156.123 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-208-156-123.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 3.124.173.63 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-173-63.eu-central-1.compute.amazonaws.com

tagmanager1.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
data.privacy.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.107.138.236 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 236.138.107.34.bc.googleusercontent.com

cdn.digitalmarketing.citibankonline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.48.127.113 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-48-127-113.eu-west-1.compute.amazonaws.com

citi.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.140.62.135 (United States)

ASN15224 (OMNITURE, US)
PTR: ip-63-140-62-135.data.adobedc.net

metrics1.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.251.46.32 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-251-46-32.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:214f:f200:1:76cf:fe80:93a1 (United States)

ASN16509 (AMAZON-02, US)

c1.rfihub.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.97.4 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-4.fra56.r.cloudfront.net

pagestates-tracking.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.122.45 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-122-45.fra60.r.cloudfront.net

assets-tracking.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:80b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.235.152.115 (United States)

ASN15224 (OMNITURE, US)
PTR: ip-66-235-152-115.data.adobedc.net

citicorpcreditservic.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.253.91.174 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-253-91-174.eu-west-1.compute.amazonaws.com

tracking.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.131 (United States)

ASN54312 (ROCKETFUEL, US)

20766699p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 104.17.208.240 (None, )

ASN13335 (CLOUDFLARENET, US)

zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.60.146 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com

sr.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:218e:9c00:1d:bf0a:0:93a1 (United States)

ASN16509 (AMAZON-02, US)

c.tvpixel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.15.119 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-15-119.fra56.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.46.143.56 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.226.6.56 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-226-6-56.compute-1.amazonaws.com

prod.report.nacustomerexperience.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.33.220.150 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.206.177.80 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-206-177-80.compute-1.amazonaws.com

p.tvpixel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.169.27 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-169-27.cdg52.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.17.209.240 (None, )

ASN13335 (CLOUDFLARENET, US)

siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.101.149.99 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a95-101-149-99.deploy.static.akamaitechnologies.com

iad1.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
57	citi.com 1 redirects www.citi.com — Cisco Umbrella Rank: 25553 citicards.citi.com — Cisco Umbrella Rank: 172881 tagmanager1.citi.com — Cisco Umbrella Rank: 51910 metrics1.citi.com — Cisco Umbrella Rank: 22914 prod.report.nacustomerexperience.citi.com — Cisco Umbrella Rank: 19460	882 KB
21	ensighten.com nexus.ensighten.com — Cisco Umbrella Rank: 3097 data.privacy.ensighten.com — Cisco Umbrella Rank: 8355	350 KB
13	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 79	759 KB
12	qualtrics.com zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com — Cisco Umbrella Rank: 31778 siteintercept.qualtrics.com — Cisco Umbrella Rank: 899 iad1.qualtrics.com — Cisco Umbrella Rank: 10800	95 KB
9	google.de www.google.de — Cisco Umbrella Rank: 4752	1 KB
9	google.com www.google.com — Cisco Umbrella Rank: 10	1 KB
9	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 57	14 KB
7	bing.com bat.bing.com — Cisco Umbrella Rank: 390	14 KB
7	crazyegg.com script.crazyegg.com — Cisco Umbrella Rank: 2357 pagestates-tracking.crazyegg.com — Cisco Umbrella Rank: 5243 assets-tracking.crazyegg.com — Cisco Umbrella Rank: 5234 tracking.crazyegg.com — Cisco Umbrella Rank: 4635	33 KB
4	demdex.net 1 redirects dpm.demdex.net — Cisco Umbrella Rank: 218 citi.demdex.net — Cisco Umbrella Rank: 40382	6 KB
3	tvpixel.com c.tvpixel.com — Cisco Umbrella Rank: 9442 p.tvpixel.com — Cisco Umbrella Rank: 2065	32 KB
3	citibankonline.com cdn.digitalmarketing.citibankonline.com — Cisco Umbrella Rank: 73076	52 KB
2	amazon-adsystem.com 1 redirects s.amazon-adsystem.com — Cisco Umbrella Rank: 333	763 B
2	adsrvr.org js.adsrvr.org — Cisco Umbrella Rank: 1592 insight.adsrvr.org — Cisco Umbrella Rank: 603	3 KB
2	bridgetrack.com 1 redirects citi.bridgetrack.com — Cisco Umbrella Rank: 150541	1 KB
1	scorecardresearch.com sb.scorecardresearch.com — Cisco Umbrella Rank: 162	298 B
1	rlcdn.com sr.rlcdn.com — Cisco Umbrella Rank: 20572	98 B
1	rfihub.com 20766699p.rfihub.com — Cisco Umbrella Rank: 117813	684 B
1	omtrdc.net citicorpcreditservic.tt.omtrdc.net — Cisco Umbrella Rank: 31853	1 KB
1	rfihub.net c1.rfihub.net — Cisco Umbrella Rank: 5437	6 KB
1	everesttech.net 1 redirects cm.everesttech.net — Cisco Umbrella Rank: 1111	517 B
163	21

	Domain	Requested by
53	citicards.citi.com	nexus.ensighten.com citicards.citi.com
14	nexus.ensighten.com	citicards.citi.com nexus.ensighten.com
13	www.googletagmanager.com	nexus.ensighten.com
10	siteintercept.qualtrics.com	nexus.ensighten.com
9	www.google.de
9	www.google.com
9	googleads.g.doubleclick.net	nexus.ensighten.com
7	bat.bing.com	nexus.ensighten.com
7	data.privacy.ensighten.com	citicards.citi.com
4	script.crazyegg.com	citicards.citi.com script.crazyegg.com nexus.ensighten.com
3	cdn.digitalmarketing.citibankonline.com	citicards.citi.com
3	dpm.demdex.net	1 redirects citicards.citi.com
2	p.tvpixel.com	nexus.ensighten.com
2	s.amazon-adsystem.com	1 redirects
2	citi.bridgetrack.com	1 redirects citicards.citi.com
1	iad1.qualtrics.com
1	sb.scorecardresearch.com
1	insight.adsrvr.org	nexus.ensighten.com
1	prod.report.nacustomerexperience.citi.com	nexus.ensighten.com
1	js.adsrvr.org	nexus.ensighten.com
1	c.tvpixel.com	nexus.ensighten.com
1	sr.rlcdn.com	nexus.ensighten.com
1	zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com	nexus.ensighten.com
1	20766699p.rfihub.com	nexus.ensighten.com
1	tracking.crazyegg.com	script.crazyegg.com
1	citicorpcreditservic.tt.omtrdc.net	nexus.ensighten.com
1	assets-tracking.crazyegg.com	script.crazyegg.com
1	pagestates-tracking.crazyegg.com	script.crazyegg.com
1	c1.rfihub.net	nexus.ensighten.com
1	cm.everesttech.net	1 redirects
1	metrics1.citi.com	nexus.ensighten.com
1	citi.demdex.net	nexus.ensighten.com
1	tagmanager1.citi.com	nexus.ensighten.com
1	www.citi.com	1 redirects
163	34

This site contains links to these domains. Also see Links.

Domain
online.citi.com
citi.bridgetrack.com
www.lifeandmoney.citi.com
www.ftc.gov

Subject Issuer	Validity	Valid
citicards.citi.com DigiCert EV RSA CA G2	`2023-03-14` - `2024-04-13`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-03-09` - `2024-03-08`	a year	crt.sh
nexus.ensighten.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-07` - `2023-10-14`	a year	crt.sh
citi.bridgetrack.com Thawte EV RSA CA G2	`2023-03-20` - `2024-04-19`	a year	crt.sh
tagmanager1.citi.com DigiCert EV RSA CA G2	`2022-09-21` - `2023-09-22`	a year	crt.sh
*.privacy.ensighten.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-03` - `2024-02-16`	a year	crt.sh
cdn.digitalmarketing.citibankonline.com DigiCert EV RSA CA G2	`2023-05-23` - `2024-06-22`	a year	crt.sh
*.demdex.com DigiCert TLS RSA SHA256 2020 CA1	`2022-09-26` - `2023-10-27`	a year	crt.sh
metrics1.citi.com DigiCert EV RSA CA G2	`2022-07-22` - `2023-08-22`	a year	crt.sh
*.rfihub.net Amazon RSA 2048 M01	`2023-02-24` - `2023-12-29`	10 months	crt.sh
crazyegg.com Amazon RSA 2048 M02	`2023-05-28` - `2024-06-26`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.tt.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1	`2022-08-01` - `2023-09-01`	a year	crt.sh
*.rfihub.com Sectigo RSA Domain Validation Secure Server CA	`2023-04-27` - `2024-04-27`	a year	crt.sh
*.qualtrics.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-27` - `2024-03-26`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2023-02-02` - `2024-03-03`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2023-02-16` - `2023-08-16`	6 months	crt.sh
*.tvpixel.com Amazon RSA 2048 M01	`2023-02-21` - `2024-01-13`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
prod.report.nacustomerexperience.citi.com DigiCert EV RSA CA G2	`2023-05-19` - `2024-05-22`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.scorecardresearch.com Sectigo RSA Domain Validation Secure Server CA	`2022-12-15` - `2023-12-28`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh

This page contains 6 frames:

Primary Page: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Frame ID: 2ED5833EF50713D64C75646699C1E0E8
Requests: 154 HTTP requests in this frame

Frame: https://citi.demdex.net/dest5.html?d_nsid=0
Frame ID: 52F73283DC4328BC307A649D9BD71C5B
Requests: 1 HTTP requests in this frame

Frame: https://script.crazyegg.com/pages/data-scripts/0090/1567/sampling/citicards.citi.com.json?t=469193
Frame ID: F7304F187A5B39CF0270758E170BAF30
Requests: 4 HTTP requests in this frame

Frame: https://20766699p.rfihub.com/ca.html?ver=9&ra=296&rb=648&ca=20766699&_o=17169175&_t=citifraudpreventionlp&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=citifraudpreventionlp&pe=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0%21.SEOz.eGI.lYg.xG%21.Bj.SX.0f.E%26ProspectID%3D27F68BAF5D13409B8ED9C27580B980F7&pf=&ra=024443515395646376
Frame ID: 79087F248E91D1FBD82FB5BB83CC5FDE
Requests: 1 HTTP requests in this frame

Frame: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Frame ID: 69CEA6A3095637950FB0C0EE24FEDC0D
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=1jw5cvl&ref=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D27F68BAF5D13409B8ED9C27580B980F7&upid=hqgowpz&upv=1.1.0&id=ttdUniversalPixelTag1689097558560&td1=Sapient_cbol_citi_fraud_prevention_lp
Frame ID: 26F24CC26C4FC90278748BAD9CC32841
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Fraud Prevention | Citi.com

Page URL History Show full URLs

http://www.citi.com/fraudprevention HTTP 301
https://citi.bridgetrack.com/cbol/_spredir.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E HTTP 302
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.B... Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Akamai Bot Manager (Security) Expand

Overall confidence: 100%
Detected patterns

Crazy Egg (Analytics) Expand

Overall confidence: 100%
Detected patterns

script\.crazyegg\.com/pages/scripts/\d+/\d+\.js

Ensighten (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

//nexus\.ensighten\.com/

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

163
Requests

97 %
HTTPS

25 %
IPv6

21
Domains

34
Subdomains

31
IPs

4
Countries

2248 kB
Transfer

5283 kB
Size

48
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: https://online.citi.com/US/ag/security-center
Title: Learn More

Search URL Search Domain Scan URL

URL: https://citi.bridgetrack.com/track/?TGT=28718

Search URL Search Domain Scan URL

URL: https://citi.bridgetrack.com/track/?TGT=28715
Title: Terms & Conditions

Search URL Search Domain Scan URL

URL: https://citi.bridgetrack.com/track/?TGT=28717
Title: Privacy

Search URL Search Domain Scan URL

URL: https://citi.bridgetrack.com/track/?TGT=151056
Title: Notice at Collection

Search URL Search Domain Scan URL

URL: https://citi.bridgetrack.com/track/?TGT=151057
Title: CA Privacy Hub

Search URL Search Domain Scan URL

URL: https://citi.bridgetrack.com/track/?TGT=153112
Title: Accessibility

Search URL Search Domain Scan URL

URL: https://citi.bridgetrack.com/track/?TGT=28716
Title: Security

Search URL Search Domain Scan URL

URL: https://citi.bridgetrack.com/track/?TGT=143095
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://citi.bridgetrack.com/track/?TGT=143097

Search URL Search Domain Scan URL

URL: https://citi.bridgetrack.com/track/?TGT=143098

Search URL Search Domain Scan URL

URL: https://citi.bridgetrack.com/track/?TGT=143100

Search URL Search Domain Scan URL

URL: https://www.lifeandmoney.citi.com/money/finance-101/protect-your-information-online
Title: safeguard those details.

Search URL Search Domain Scan URL

URL: https://www.ftc.gov/
Title: FTC.Gov

Search URL Search Domain Scan URL

URL: https://www.lifeandmoney.citi.com/Money/Finance101/2022-Scams-to-Watch-For
Title: Read more on Life and Money

Search URL Search Domain Scan URL

URL: https://www.lifeandmoney.citi.com/money/finance-101/protecting-yourself-from-financial-scams
Title: Read More > 8 Financial Scams to Watch Out For

Search URL Search Domain Scan URL

URL: https://www.lifeandmoney.citi.com/money/finance-101/home-office-business-scams
Title: Read More > Working Remotely? Be Aware of these Home Office Scams

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.citi.com/fraudprevention HTTP 301
https://citi.bridgetrack.com/cbol/_spredir.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E HTTP 302
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

https://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1689097557223 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1689097557223

Request Chain 14

https://cm.everesttech.net/cm/dd?d_uuid=85913860889323299874321821020008384518 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZK2VVQAAAHeomwOJ

Request Chain 98

https://s.amazon-adsystem.com/iu3?pid=c3702eea-109e-48b0-9ef4-c856bdd405e2&event=PageView HTTP 302
https://s.amazon-adsystem.com/iu3?pid=c3702eea-109e-48b0-9ef4-c856bdd405e2&event=PageView&dcc=t

163 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request default.htm Show response
citicards.citi.com/cbol/fraudprevention/
Redirect Chain

http://www.citi.com/fraudprevention
https://citi.bridgetrack.com/cbol/_spredir.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7

102 KB
46 KB

181ms
136ms

Document
text/html

35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

40.22.190.35.bc.googleusercontent.com

Software

Resource Hash

5876ae5fde034fe82d29cd610ae025ffeb6ecbc200f5f3024bc48a9008d03295

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: gzip
content-length: 46431
content-type: text/html
date: Tue, 11 Jul 2023 17:45:56 GMT
expires: Mon, 10 Jul 2023 17:45:57 GMT
p3p: CP="NON DSP COR DEVa PSAa IVAo CONo OUR IND UNI PUR NAV DEM LOC", policyref="http://citi.bridgetrack.com/w3c/p3p.xml"
vary: Accept-Encoding
via: 1.1 google
x-frame-options: DENY

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html
date: Tue, 11 Jul 2023 17:45:56 GMT
expires: Mon, 10 Jul 2023 17:45:56 GMT
location: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
p3p: CP="NON DSP COR DEVa PSAa IVAo CONo OUR IND UNI PUR NAV DEM LOC", policyref="http://citi.bridgetrack.com/w3c/p3p.xml"
via: 1.1 google

GET
H2 200 1567.js Show response
script.crazyegg.com/pages/scripts/0090/ 6 KB
2 KB 67ms
20ms Script
text/javascript 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/scripts/0090/1567.js
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 94bad9954c9dc33d05273f541c9f4ad8b7622eba628719cf61ff5969c3656b4f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:57 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 6582
cf-polished: origSize=6063
ce-version: 11.5.100
cf-bgj: minify
last-modified: Tue, 11 Jul 2023 15:56:15 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
cf-ray: 7e52dcf44e53365a-FRA

GET
H2 200 Bootstrap.js Show response
nexus.ensighten.com/citi/na_prod/ 612 KB
160 KB 62ms
13ms Script
application/javascript 13.32.110.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.110.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-110-125.vie50.r.cloudfront.net
Software: CloudFront /
Resource Hash: f10adae49adfa818062a6eceb50629a68614fb3fc25b59b2f1d77d8850bfd7c8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 15:49:03 GMT
x-amz-version-id: T6oAT_f8G7Qoll54xuX0m31Qyk_NNISj
content-encoding: gzip
via: 1.1 ed5d8b8e3a8c20eaabbb29c087f04c66.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
age: 525414
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Wed, 05 Jul 2023 15:48:08 GMT
server: CloudFront
etag: W/"409dcdb02169e3668021846b3af7e6c0"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=300
x-amz-cf-id: _wMlHU6eWOGvqhlDEcP2YsH5JVJzJEXVQuR2hRVVgvkzVb7aUGgaTw==

GET
H2 200 /
citi.bridgetrack.com/track/ 43 B
404 B 121ms
121ms Image
image/gif 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citi.bridgetrack.com/track/?id=65345&random=6.27499285635369E+16
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 63b98a0c8568c08fd01a6946a147bca65eff26c8085f1ccb5330aafe0f0dcd15

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:56 GMT
via: 1.1 google
content-type: image/GIF
p3p: CP="NON DSP COR DEVa PSAa IVAo CONo OUR IND UNI PUR NAV DEM LOC", policyref="http://citi.bridgetrack.com/w3c/p3p.xml"
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 10 Jul 2023 17:45:57 GMT

GET
H2 200 citicards.citi.com.json Show response
script.crazyegg.com/pages/data-scripts/0090/1567/site/ 9 KB
2 KB 36ms
19ms XHR
application/json 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/data-scripts/0090/1567/site/citicards.citi.com.json?t=1
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0090/1567.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dcc98ed15ff1c1615e63087bbc63be6986c64db729204db4c320c8cc709d39e2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:57 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 6795
ce-version: 11.5.100
content-length: 2143
last-modified: Tue, 11 Jul 2023 15:52:42 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7e52dcf478504d6a-FRA

GET
H/1.1

200
OK

rd Show response
dpm.demdex.net/id/
Redirect Chain

https://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1689097557223
https://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1689097557223

363 B
1 KB

34ms
34ms

XHR
application/json

52.208.156.123
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1689097557223

Requested by

Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7

Protocol

HTTP/1.1

Server

52.208.156.123 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-208-156-123.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7c4f0fcc5980b660a231964d5984a9aaec67b55959cab8ab33693a739662bcbb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v050-06ae758f2.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: dZT2OapHRWg=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://citicards.citi.com
Content-Type: application/json;charset=utf-8
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 305
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-2-v050-080b06e04.edge-irl1.demdex.com 0 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: GVam8nusQCw=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://citicards.citi.com
Location: https://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1689097557223
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 430d3e594a046cfc3276d6d4dacdf0fedf24fd788d52bffb3582954a08025f07 Show response
tagmanager1.citi.com/one/v1/profiles/ 583 B
647 B 80ms
37ms XHR
application/json 3.124.173.63
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagmanager1.citi.com/one/v1/profiles/430d3e594a046cfc3276d6d4dacdf0fedf24fd788d52bffb3582954a08025f07
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.124.173.63 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-173-63.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e4dda841c731d19974cdfa6ad5694ac6d20e9c10817574afd354413a634981f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:57 GMT
content-encoding: gzip
server: nginx
x-ens-one-is-anonymous: true
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: *
access-control-allow-headers: *
x-ens-one-ttl: 1695627671
apigw-requestid: H6RFZhb8liAEPww=

GET
H2 200 61f2689d95e94c6ef599202edd32401c.js Show response
script.crazyegg.com/pages/versioned/common-scripts/ 77 KB
27 KB 18ms
17ms Script
text/javascript 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/versioned/common-scripts/61f2689d95e94c6ef599202edd32401c.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: db2ccc051fd7633008012ea29d2598c95d84c9a9c985db4359eb1982bd6f2b8b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:57 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 30 Jun 2023 09:34:40 GMT
server: cloudflare
age: 7413
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7e52dcf648d2365a-FRA
content-length: 27037

GET
H2 200 serverComponent.php Show response
nexus.ensighten.com/citi/na_prod/ 2 KB
1 KB 48ms
48ms Script
text/javascript 13.32.110.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Wed%20Jul%2005%2015:48:04%20GMT%202023&ClientID=1129&PageID=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D27F68BAF5D13409B8ED9C27580B980F7
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.110.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-110-125.vie50.r.cloudfront.net
Software: CloudFront /
Resource Hash: 3f43972904354945d6d4956c6646d4cd51b50365a02613b82fba7b357408f36c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:57 GMT
content-encoding: gzip
via: 1.1 ed5d8b8e3a8c20eaabbb29c087f04c66.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: VIE50-C2
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/javascript
cache-control: no-cache, no-store
x-amz-cf-id: TMWqrPJpaQTsqOUO3yiFr6iGtQkQLo1mriag4mtRlBP0tyvuOAjLnQ==
expires: Tue, 11 Jul 2023 17:45:56 GMT

GET
H2 200 851.bundle.js Show response
citicards.citi.com/cbol/fraudprevention/js/ 48 KB
12 KB 118ms
117ms Script
application/javascript 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://citicards.citi.com/cbol/fraudprevention/js/851.bundle.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 4bd2e97ff103e4087829ada73ed0a4f97639bd1cf5fe57744dbb1504e6217d2f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:57 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Mon, 17 Apr 2023 18:57:32 GMT
etag: "036e9765e71d91:0"
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12354

GET
H2 204 r.rnc
data.privacy.ensighten.com/privacy/v1/b/ 0
106 B 27ms
8ms Image
text/plain 3.124.173.63
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.privacy.ensighten.com/privacy/v1/b/r.rnc?n=0&c=1129&i=4jonfo&p=na_prod&s=354&d=8HB7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNjExIiwiY2xpZW50SWQiOjExMjksInB1Ymxpc2hQYXRoIjoibmFfcHJvZCIsImluc3RhbmNlSWQiOiI0am9uZm8iLCJwYWNrZXQiOjAsIm1vZGUiOiJlbmZvcmNlWgDwCG9va2llcyI6eyJCQU5ORVJfTE9BREVEkQDyJyJ9LCJlbnZpcm9ubWVudCI6IkNCT0wgUHJpdmFjeSIsInJlcXVlc3RzIjpbeyJkZXN0aW5hdM4A8BkiLCJ0eXBlIjoiYmlsbGluZyIsInN0YXJ0IjoxNjg5MDk3NTU3NTQyYgDAZCI6LTEsInNvdXJjMgACKwBhdHVzIjoiZgBAYXNvbmUA1F0sImRhdGFQYXR0ZXISALBsaXN0IjpbXSwiaSAB8AA2ODkwOTc1NTc1NDJ9XX0
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.124.173.63 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-173-63.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:57 GMT
cache-control: no-cache, no-store
server: nginx
expires: Tue, 11 Jul 2023 17:45:56 GMT

GET
H2 200 interstate-light.woff
cdn.digitalmarketing.citibankonline.com/fonts/ 17 KB
17 KB 83ms
9ms Font
application/x-woff 34.107.138.236
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.digitalmarketing.citibankonline.com/fonts/interstate-light.woff

Requested by

Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.107.138.236 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

236.138.107.34.bc.googleusercontent.com

Software

Resource Hash

0a747978746092df6f18fe90ef23b9896959f6a9bb0b58cbab2cbc851793e023

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://citicards.citi.com/
Origin: https://citicards.citi.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 19:19:25 GMT
via: 1.1 google
x-content-type-options: nosniff
last-modified: Mon, 10 Feb 2020 17:54:41 GMT
cross-origin-opener-policy: same-origin
age: 2327192
content-type: application/x-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17596
x-xss-protection: 0

GET
H2 204 r.rnc
data.privacy.ensighten.com/privacy/v1/c/ 0
107 B 20ms
8ms Image
text/plain 3.124.173.63
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.privacy.ensighten.com/privacy/v1/c/r.rnc?n=0&c=1129&i=6fkxst&p=na_prod&s=381&d=9Cd7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNjExIiwiY2xpZW50SWQiOjExMjkQAPAaTmFtZSI6ImNpdGkiLCJwdWJsaXNoUGF0aCI6Im5hX3Byb2QiLCJtb2QmAJBibGFja2xpc3RPAPAfb29raWVzIjp7IkNJVElfRU5TSUdIVEVOX1BSSVZBQ1lfQkFOTkVSX0xPQURFRJ0A8Q8ifSwiZHQiOjE2ODkwOTc1NTc1NDksInNldHRpbmdLAPEqbW9kYWwiOiJlbnRlcnByaXNlIiwiZW52aXJvbm1lbnQiOiJDQk9MIFByaXZhY3kiLCJkZWZhdWx0PgD0CFBlcmZvcm1hbmNlLUFuYWx5dGljcyBDqgD5CDEsIkVzc2VudGlhbC1GdW5jdGlvbmFsIQDwAkFkdmVydGlzaW5nLVRhcmdlmwAHIgDwAH19LCJldmVudHMiOltdfQ
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.124.173.63 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-173-63.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:57 GMT
cache-control: no-cache, no-store
server: nginx
expires: Tue, 11 Jul 2023 17:45:56 GMT

GET
H/1.1 200
OK dest5.html Show response
citi.demdex.net/ Frame 52F7 7 KB
3 KB 159ms
34ms Document
text/html 52.48.127.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://citi.demdex.net/dest5.html?d_nsid=0

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.48.127.113 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-48-127-113.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://citicards.citi.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 2791
Content-Type: text/html;charset=UTF-8
DCS: dcs-prod-irl1-1-v050-0a2868ca3.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: H31ksW4iQjg=
content-encoding: gzip
date: Tue, 11 Jul 2023 17:45:57 GMT
last-modified: Wed, 28 Jun 2023 11:16:40 GMT
vary: accept-encoding

GET
H2 200 id Show response
metrics1.citi.com/ 48 B
463 B 77ms
22ms XHR
application/x-javascript 63.140.62.135
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics1.citi.com/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&mid=91223644104505066563628119440067965349&ts=1689097557556

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.62.135 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

ip-63-140-62-135.data.adobedc.net

Software

jag /

Resource Hash

33fa52dffe53dbab622b16aefb8e126f4c46551cda6ee3e91b2232a4379cf4a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citicards.citi.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 11 Jul 2023 17:45:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: https://citicards.citi.com
p3p: CP="This is not a P3P policy"
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-length: 48
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=ZK2VVQAAAHeomwOJ
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=85913860889323299874321821020008384518
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZK2VVQAAAHeomwOJ

42 B
942 B

32ms
31ms

Image
image/gif

52.208.156.123
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZK2VVQAAAHeomwOJ

Requested by

Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7

Protocol

HTTP/1.1

Server

52.208.156.123 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-208-156-123.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v050-0d4b97179.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: LZWjfyPGQ48=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZK2VVQAAAHeomwOJ
Date: Tue, 11 Jul 2023 17:45:57 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H2 200 citicards.citi.com.json Show response
script.crazyegg.com/pages/data-scripts/0090/1567/sampling/ Frame F730 152 B
236 B 23ms
23ms XHR
application/json 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/data-scripts/0090/1567/sampling/citicards.citi.com.json?t=469193
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/61f2689d95e94c6ef599202edd32401c.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1fa281e4dcbd2331514f3e107d332989ffb078ccf119b31dcd9b809ba809fbe6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:57 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 6794
ce-version: 11.5.100
content-length: 144
last-modified: Tue, 11 Jul 2023 15:52:43 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7e52dcf6db284d6a-FRA

GET
H2 200 93935a4096516447172d9d3f1d23710d.js Show response
nexus.ensighten.com/citi/na_prod/code/ 1 KB
1 KB 16ms
15ms Script
application/javascript 13.32.110.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/93935a4096516447172d9d3f1d23710d.js?conditionId0=433072
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.110.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-110-125.vie50.r.cloudfront.net
Software: CloudFront /
Resource Hash: f071110e088267097a0946520a2a08bd589f971f3ce4cb989feda1415026ac49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 20 May 2023 02:11:16 GMT
x-amz-version-id: .9Yu1fA6u9LpETfeDT0_cOHllcbsIoL2
content-encoding: gzip
via: 1.1 ed5d8b8e3a8c20eaabbb29c087f04c66.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
age: 4548882
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Jul 2021 20:01:11 GMT
server: CloudFront
etag: W/"22035994ea9f0b167d391afd37705f26"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: gvCwfoIufXPyxYhM1iidUv7V008RL6hdKypSXtNFuCQjaHxJCDBz7w==

GET
H2 200 7c8ae1f9c206930028672949c6703f6d.js Show response
nexus.ensighten.com/citi/na_prod/code/ 2 KB
2 KB 16ms
15ms Script
application/javascript 13.32.110.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/7c8ae1f9c206930028672949c6703f6d.js?conditionId0=4849963
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.110.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-110-125.vie50.r.cloudfront.net
Software: CloudFront /
Resource Hash: 9a74546a8f511f31b5252f115d2db7aa69370ca5eeaf6828f60abb197f35a169

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 04:38:37 GMT
x-amz-version-id: fn0OQIG24n9jjHSfN2OozphT08M6eW_x
content-encoding: gzip
via: 1.1 ed5d8b8e3a8c20eaabbb29c087f04c66.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
age: 14562441
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 18 Oct 2022 17:52:59 GMT
server: CloudFront
etag: W/"7df0440e45009010a99db868682aafb3"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: ULDngL-WSF5yuv8jRoBdvDoRMVJTWq12jV59o4ZZn6g7XEcR2R-KqQ==

GET
H2 200 a8e6e75645a478743701a0de29db4661.js Show response
nexus.ensighten.com/citi/na_prod/code/ 5 KB
2 KB 17ms
16ms Script
application/javascript 13.32.110.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/a8e6e75645a478743701a0de29db4661.js?conditionId0=4897099
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.110.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-110-125.vie50.r.cloudfront.net
Software: CloudFront /
Resource Hash: d107585e5668bdc16163e383fd78e7a418f1eeb8a1093391dd69d7fd4f14450e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 01 May 2023 19:24:26 GMT
x-amz-version-id: wws6KB118wQQBLdhwHWaGrumLswtioTa
content-encoding: gzip
via: 1.1 ed5d8b8e3a8c20eaabbb29c087f04c66.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
age: 6128492
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Mon, 01 May 2023 19:21:07 GMT
server: CloudFront
etag: W/"b7b279129c64359bf0c1d6935957974f"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: gRYIMJ5JYZXg5PupKZFijDx7loi8HdqWeum4_ItImj8Z6PugccI4xQ==

GET
H2 200 c65a3609e1beed72955b88afac8cd31d.js Show response
nexus.ensighten.com/citi/na_prod/code/ 2 KB
1 KB 17ms
16ms Script
application/javascript 13.32.110.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/c65a3609e1beed72955b88afac8cd31d.js?conditionId0=480881
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.110.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-110-125.vie50.r.cloudfront.net
Software: CloudFront /
Resource Hash: 686eb5d7c927dd741ef72adda5c719b478d36f1e29520ee16d5121854c174b10

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 18 Jan 2023 08:13:47 GMT
x-amz-version-id: wXRQEmBG4QJsg2TZDdHUFOaVLJIZHKhf
content-encoding: gzip
via: 1.1 ed5d8b8e3a8c20eaabbb29c087f04c66.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
age: 15067931
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 15 Dec 2022 04:55:25 GMT
server: CloudFront
etag: W/"e9bda8e342fda2a02ffa59c9064942d8"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: pOL4JTFhm492GFEgMY7Dy-UkBQ7z2F1YzWs_A3fETL_5Rnya4fZDVw==

GET
H2 200 d795417d12c8f126e64e0009e16abb55.js Show response
nexus.ensighten.com/citi/na_prod/code/ 337 KB
45 KB 18ms
17ms Script
application/javascript 13.32.110.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/d795417d12c8f126e64e0009e16abb55.js?conditionId0=421908
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.110.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-110-125.vie50.r.cloudfront.net
Software: CloudFront /
Resource Hash: 57708901f47a20f3fbe1aafedc530fbe49f01fb88714c9b4685426b94759f732

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 15:48:18 GMT
x-amz-version-id: xOcKYVNnwrtun1_P7HDELL7Ss9aSv6o7
content-encoding: br
via: 1.1 ed5d8b8e3a8c20eaabbb29c087f04c66.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
age: 525460
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Wed, 05 Jul 2023 15:48:08 GMT
server: CloudFront
etag: W/"6720564da36815a78cd072df37ce9d59"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: 6b1WUYyMjrpajidSyhvaLJb4x8x0vR0BezrZCCWnfx_FNhqpleT4oA==

GET
H2 200 b169b5211abcb59597c2a50d0834dad6.js Show response
nexus.ensighten.com/citi/na_prod/code/ 1 KB
1 KB 18ms
17ms Script
application/javascript 13.32.110.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/b169b5211abcb59597c2a50d0834dad6.js?conditionId0=4854834
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.110.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-110-125.vie50.r.cloudfront.net
Software: CloudFront /
Resource Hash: bfeb1411c94f38006c7a7c93992bfd348f825b5914c94ba2688060e77bd5f630

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 27 May 2023 10:42:44 GMT
x-amz-version-id: _QsuTAI24qIEiqD9TkI.fzr0FP874P0F
content-encoding: gzip
via: 1.1 ed5d8b8e3a8c20eaabbb29c087f04c66.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
age: 3913394
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 16 Aug 2022 21:43:05 GMT
server: CloudFront
etag: W/"b251770ce4b6edc0b43f8a7659567774"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: 9YAqA3Fax_e-vecytHEgMnKccQ9TCrbAD76ANpvVfEd6In4re_s0tg==

GET
H2 200 93bd1173e004c5f14c8c312774a177d6.js Show response
nexus.ensighten.com/citi/na_prod/code/ 1 KB
1 KB 18ms
18ms Script
application/javascript 13.32.110.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/93bd1173e004c5f14c8c312774a177d6.js?conditionId0=4936631
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.110.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-110-125.vie50.r.cloudfront.net
Software: CloudFront /
Resource Hash: 07f6baeb3a16d7474a408bd4f6ae6bfe8c2538c41ba342f2431ddc64264b4fcf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 06 Dec 2022 08:24:26 GMT
x-amz-version-id: nLZ6xTlu1iMFXeMTTYN4VPX3Tv1cDtk4
content-encoding: gzip
via: 1.1 ed5d8b8e3a8c20eaabbb29c087f04c66.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
age: 18782492
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 04 Oct 2022 17:38:26 GMT
server: CloudFront
etag: W/"1a018458600589c4b560bd7be94993f2"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: oenRdkY2aGWILB668mCHUeGkRHd1EsSWCrWAOO8oSmLMenIvFeOYKA==

GET
H2 200 f9112c4f4cc2da7bc760957da1d0a476.js Show response
nexus.ensighten.com/citi/na_prod/code/ 27 KB
6 KB 17ms
17ms Script
application/javascript 13.32.110.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/f9112c4f4cc2da7bc760957da1d0a476.js?conditionId0=486757
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.110.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-110-125.vie50.r.cloudfront.net
Software: CloudFront /
Resource Hash: 18fe0fbfef31b4ef603a5827ac377792d1a68b93710d285e88623a79ea0e6870

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Apr 2023 15:25:13 GMT
x-amz-version-id: _EGaJ0JRqXa7HXWsIS89V3k4kvtsyejg
content-encoding: gzip
via: 1.1 ed5d8b8e3a8c20eaabbb29c087f04c66.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
age: 7957245
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 16 Feb 2023 18:50:31 GMT
server: CloudFront
etag: W/"341b188f6c2fe2107f63f9a2f998bb29"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: Imilum_WOkPYTPYLdnpx-FNyGPULgUGM75tWjnOniP2xXa0ST6WPzw==

GET
H2 200 9d9a7667eda16421b759d3e4ae34d25f.js Show response
nexus.ensighten.com/citi/na_prod/code/ 27 KB
7 KB 17ms
16ms Script
application/javascript 13.32.110.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/9d9a7667eda16421b759d3e4ae34d25f.js?conditionId0=467299
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.110.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-110-125.vie50.r.cloudfront.net
Software: CloudFront /
Resource Hash: 696482c2e2d088086d19d0fc4406632415e35b741ecc23151a75a39b8766a5d5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 09 May 2023 07:04:08 GMT
x-amz-version-id: iCANwNDAYzzLjFfP7PabUgezx4DdR6XE
content-encoding: gzip
via: 1.1 ed5d8b8e3a8c20eaabbb29c087f04c66.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
age: 5481710
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 16 Feb 2023 18:50:31 GMT
server: CloudFront
etag: W/"d7a7f92dbb8927a61cb31e29eea41b11"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: _eLZkI1y9wY_vqqD-Lvj45wBEXmOyrn6KjL1t-Kl1IqGAAd7FkY5PA==

GET
H2 200 ccb910f3b286651d23766cb6ef3edc43.js Show response
nexus.ensighten.com/citi/na_prod/code/ 396 KB
120 KB 18ms
18ms Script
application/javascript 13.32.110.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/ccb910f3b286651d23766cb6ef3edc43.js?conditionId0=3013337
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.110.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-110-125.vie50.r.cloudfront.net
Software: CloudFront /
Resource Hash: 040d3398f360907cc7ca1b942e2213e6f360d39bac4a5fa9140e3ae82731c747

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 27 May 2023 00:11:27 GMT
x-amz-version-id: 0bluFTYuI52H0CFwnZwsOCw1MVHJt6q6
content-encoding: gzip
via: 1.1 ed5d8b8e3a8c20eaabbb29c087f04c66.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
age: 3951271
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 16 May 2023 16:05:00 GMT
server: CloudFront
etag: W/"4a011f25eec2f5bd4ab48351fa9a1e43"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: qv9wFtQhNdjwWT7qfy7eKAcI4aiCslHtCcMU0FLbwBQxBg7HBPRSWw==

GET
H2 200 f79ae745264b43f3faaab87bf3cdb75b.js Show response
nexus.ensighten.com/citi/na_prod/code/ 3 KB
1 KB 25ms
25ms Script
application/javascript 13.32.110.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/f79ae745264b43f3faaab87bf3cdb75b.js?conditionId0=455897
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.110.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-110-125.vie50.r.cloudfront.net
Software: CloudFront /
Resource Hash: 40cefd284724286ec23670e16cc7b354c2cee0527edda1ae49eea62b8301bff4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Apr 2023 00:14:49 GMT
x-amz-version-id: 8CcfzS7DteGxKg7ZkR_HfOT6Gn8m3nM1
content-encoding: gzip
via: 1.1 ed5d8b8e3a8c20eaabbb29c087f04c66.cloudfront.net (CloudFront)
x-amz-cf-pop: VIE50-C2
age: 8443868
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 21 Mar 2023 17:54:28 GMT
server: CloudFront
etag: W/"e2e34f527a64b278bef126c9ab6f0955"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: pqLUf4tlgVZ9MaIFDMuNohg03pspMAciOOysEKRLELxJWAz_o7FLRQ==

GET
H2 200 tc.min.js Show response
c1.rfihub.net/js/ 19 KB
6 KB 90ms
8ms Script
application/x-javascript 2600:9000:214f:f200:1:76cf:fe80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.rfihub.net/js/tc.min.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:f200:1:76cf:fe80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Jetty(9.4.51.v20230217) /
Resource Hash: 7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:07:54 GMT
content-encoding: gzip
via: 1.1 15d3b4db3728feaae1780610a1bac86e.cloudfront.net (CloudFront)
last-modified: Tue, 11 Jul 2023 17:07:44 GMT
server: Jetty(9.4.51.v20230217)
x-amz-cf-pop: FRA53-C1
age: 2283
x-cache: Hit from cloudfront
content-type: application/x-javascript
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: public, max-age=3600
content-length: 6162
x-amz-cf-id: 1ejQ_a9r_Y2jjGGJpV-jXwWE1b6qcUKRhHHR9YSTsLgzMFewcklusQ==
expires: Tue, 11 Jul 2023 18:07:54 GMT

GET
H2 200 healthcheck Show response
pagestates-tracking.crazyegg.com/ Frame F730 19 B
461 B 47ms
7ms XHR
application/json 18.66.97.4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pagestates-tracking.crazyegg.com/healthcheck
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/61f2689d95e94c6ef599202edd32401c.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-4.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Apr 2023 11:18:30 GMT
via: 1.1 4a502b22092e94faddf9a5b056e273ae.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 8317648
x-cache: Hit from cloudfront
content-length: 19
last-modified: Fri, 08 Jul 2022 22:25:51 GMT
server: AmazonS3
etag: "d06f04fccf68d0b228a5923187ce1afd"
access-control-max-age: 31536000
access-control-allow-methods: GET, HEAD
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
accept-ranges: bytes
x-amz-cf-id: xFJ6N7xhyWMuy1jkSxabV9bU3jiVlB-ryF6u5yLtQurGuull73a3LQ==

GET
H2 200 healthcheck Show response
assets-tracking.crazyegg.com/ Frame F730 19 B
388 B 65ms
8ms XHR
application/json 18.66.122.45
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets-tracking.crazyegg.com/healthcheck
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/61f2689d95e94c6ef599202edd32401c.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.122.45 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-122-45.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 05 Nov 2022 03:10:02 GMT
via: 1.1 da4de4427d18bee1d3254f1bbdad25f2.cloudfront.net (CloudFront)
last-modified: Fri, 08 Jul 2022 22:25:51 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P2
age: 21479756
etag: "d06f04fccf68d0b228a5923187ce1afd"
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: *
accept-ranges: bytes
content-length: 19
x-amz-cf-id: BxVsJXkH7yr4nS4UvWLhzS5DHeS0Tl_eo15DaCX857n0cJu315CObQ==

GET
BLOB 200
OK 185a263d-6509-4986-892f-9c7ee340d0c2
https://citicards.citi.com/ 45 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://citicards.citi.com/185a263d-6509-4986-892f-9c7ee340d0c2
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 86551808dbfbf8bc9b23ab3d0725794c2e1f2b4265c96715f2945638160edc2b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Length: 45
Content-Type: text/javascript

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 127 KB
49 KB 50ms
22ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6260004

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

13a4ca010c140545ef73acefd2e75ec8c1f2f5ff24a0173a3cd1cf9d45c80ef5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:57 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50048
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 17:23:07 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jul 2023 17:45:57 GMT

POST
H2 200 delivery Show response
citicorpcreditservic.tt.omtrdc.net/rest/v1/ 363 B
1 KB 133ms
42ms XHR
application/json 66.235.152.115
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL

https://citicorpcreditservic.tt.omtrdc.net/rest/v1/delivery?client=citicorpcreditservic&sessionId=1784dfc378454b47af6a1b5e47be6880&version=2.10.0

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.235.152.115 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

ip-66-235-152-115.data.adobedc.net

Software

jag /

Resource Hash

91bdaca97a48f744ecd5ffe4decc15929dbe4cbc0da9b0e43ee2636091512bb9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citicards.citi.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 11 Jul 2023 17:45:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
p3p: CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
x-xss-protection: 1; mode=block
x-request-id: d1725670-8a5b-430e-8dfd-9f85a9e3e81b
referrer-policy: strict-origin-when-cross-origin
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List
server: jag
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://citicards.citi.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
timing-allow-origin: *

GET
H2 200 clock Show response
tracking.crazyegg.com/ Frame F730 29 B
136 B 210ms
125ms XHR
text/plain 34.253.91.174
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.crazyegg.com/clock?t=1689097557702&tk=3353697c62395c48c0b0030a6d85efcd&s=340498&p=%2Fcbol%2Ffraudprevention%2Fdefault.htm&u=901567&v=e7b2c6123ffca6a6e15135b455712bcf7453a433&f=citicards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm&ul=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D27F68BAF5D13409B8ED9C27580B980F7
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/61f2689d95e94c6ef599202edd32401c.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.91.174 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-253-91-174.eu-west-1.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash: a9eee2593f18562b0cc7fe8e53fdc1ec91d43a29996ed66888d5a2f699ca1da9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 11 Jul 2023 17:45:57 GMT
cache-control: no-store
server: awselb/2.0
content-length: 29
content-type: text/plain

GET
H3 200 225.bundle.js Show response
citicards.citi.com/cbol/fraudprevention/js/ 203 KB
77 KB 138ms
138ms Script
application/javascript 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://citicards.citi.com/cbol/fraudprevention/js/225.bundle.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: a8027ee9180a5a26fc10c906f300390608b2e6505153ea80390ae15bbe986732

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:57 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:52 GMT
etag: "078bbc7c65dd91:0"
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3 200 283.bundle.js Show response
citicards.citi.com/cbol/fraudprevention/js/ 125 KB
26 KB 114ms
113ms Script
application/javascript 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://citicards.citi.com/cbol/fraudprevention/js/283.bundle.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 1cc998148cc12663c81cd4638e2dab2e75a52568104f426ab305c6773b4ec4ff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:57 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Mon, 17 Apr 2023 18:57:32 GMT
etag: "036e9765e71d91:0"
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26601

GET
H/1.1 200
OK ca.html Show response
20766699p.rfihub.com/ Frame 7908 118 B
684 B 119ms
16ms Document
text/html 193.0.160.131
ROCKETFUEL

General

Check archive.org

Show headers Download Go to

Full URL: https://20766699p.rfihub.com/ca.html?ver=9&ra=296&rb=648&ca=20766699&_o=17169175&_t=citifraudpreventionlp&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=citifraudpreventionlp&pe=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0%21.SEOz.eGI.lYg.xG%21.Bj.SX.0f.E%26ProspectID%3D27F68BAF5D13409B8ED9C27580B980F7&pf=&ra=024443515395646376
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 193.0.160.131 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.4.51.v20230217) /
Resource Hash: c437eb764a99e6cd5172d63c3fae564bbc51eda4981058d5edebd2bf0700eb76

Request headers

Referer: https://citicards.citi.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache
Content-Length: 118
Content-Type: text/html;charset=utf-8
Date: Tue, 11 Jul 2023 17:45:57 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server: Jetty(9.4.51.v20230217)

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 127 KB
49 KB 20ms
19ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6269322&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

24645a1628120462f09c3276e50f9d0dde6caf441ab1670aa2eb5f8db09be321

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:57 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50105
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 16:32:58 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jul 2023 17:45:57 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 127 KB
49 KB 23ms
22ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6256710&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

303e00d9d0713dbe04d62a577c682cfe9044c4918f6629938bd0aa49ba40286c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:57 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50103
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 17:23:07 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jul 2023 17:45:57 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 127 KB
49 KB 27ms
27ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6415812&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e19a5744362cdb848eacb5a0fad98f6a4ff6acf198282e30f965d3cb0f586ebb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:57 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50101
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 16:32:58 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jul 2023 17:45:57 GMT

GET
BLOB 200
OK ee8f0189-89ea-41a7-9807-2ec14c3f1f14
https://citicards.citi.com/ 241 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://citicards.citi.com/ee8f0189-89ea-41a7-9807-2ec14c3f1f14
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a4feacf07f26856360c14267fa1d8edd0459996feb8ad471da273cbf7510e4cb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Length: 241
Content-Type: text/javascript

GET
H3 200 fraud-hero-tab.jpg
citicards.citi.com/cbol/fraudprevention/images/ 81 KB
81 KB 127ms
127ms Image
image/jpeg 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/fraud-hero-tab.jpg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: fd6d62f4d67e7fda1a1402702346bc50fd7c172c18393a4e0210257b2adbe62d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:57 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/jpeg
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 82608

GET
H3 200 slide-0-mob.jpg
citicards.citi.com/cbol/fraudprevention/images/ 10 KB
10 KB 126ms
126ms Image
image/jpeg 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/slide-0-mob.jpg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 7b699b93e69fda495eb30c70f72207299c8f949accd7b1e8a935948d59d9af44

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:57 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:10 GMT
etag: "099d9375cfbd81:0"
content-type: image/jpeg
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10704

GET
H3 200 slide-1-mob.jpg
citicards.citi.com/cbol/fraudprevention/images/ 11 KB
11 KB 126ms
125ms Image
image/jpeg 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/slide-1-mob.jpg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: c55531a41c4e531e807f3b8bf2239d470626738ff131c50df61dee9d11779efd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:57 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:10 GMT
etag: "099d9375cfbd81:0"
content-type: image/jpeg
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11088

GET
H3 200 slide-2-mob.jpg
citicards.citi.com/cbol/fraudprevention/images/ 10 KB
10 KB 115ms
114ms Image
image/jpeg 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/slide-2-mob.jpg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 169497aeb22981c6c521fc664347e3d61bfa45949950fece4d1b094543bb64f9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:57 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:10 GMT
etag: "099d9375cfbd81:0"
content-type: image/jpeg
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10584

GET
H3 200 slide-3-mob.jpg
citicards.citi.com/cbol/fraudprevention/images/ 9 KB
9 KB 114ms
113ms Image
image/jpeg 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/slide-3-mob.jpg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 6424b26e1c9ad15f0ed6d53c59c7fc52b8265ae94a4f6ccbc65657a8ab6693b4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:57 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:10 GMT
etag: "099d9375cfbd81:0"
content-type: image/jpeg
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9250

GET
H3 200 slide-4-mob.jpg
citicards.citi.com/cbol/fraudprevention/images/ 8 KB
8 KB 115ms
114ms Image
image/jpeg 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/slide-4-mob.jpg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: b4574a5464bce4c31ea7e1ad1df26cc530c9aec80c6e9589bad98b2c490f53c3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:57 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:10 GMT
etag: "099d9375cfbd81:0"
content-type: image/jpeg
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8197

GET
H3 200 slide-5-mob.jpg
citicards.citi.com/cbol/fraudprevention/images/ 9 KB
9 KB 126ms
124ms Image
image/jpeg 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/slide-5-mob.jpg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 7e00d5a424ff85e9c4c39a0341813e09d662e1f61f128790a5abe1caefb46f92

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:57 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:10 GMT
etag: "099d9375cfbd81:0"
content-type: image/jpeg
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9495

GET
H3 200 phone-dsk.png
citicards.citi.com/cbol/fraudprevention/images/ 11 KB
11 KB 114ms
112ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/phone-dsk.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 372b67a92ab446419a50836bef8d4cb1e67c3c453635802b8e76851f97506a6a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:57 GMT
via: 1.1 google
last-modified: Tue, 06 Dec 2022 15:57:16 GMT
etag: "0968b698b9d91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11197

GET
H3 200 quicklock-icon.svg
citicards.citi.com/cbol/fraudprevention/images/ 1 KB
1 KB 116ms
114ms Image
image/svg+xml 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/quicklock-icon.svg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: c0fb20eb7da599c08ef260ec8603add33ea00a752146ebb8dcb1610c126ec746

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:57 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:08 GMT
etag: "06ca8365cfbd81:0"
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1415

GET
H3 200 authentication-icon.svg
citicards.citi.com/cbol/fraudprevention/images/ 1 KB
1 KB 121ms
120ms Image
image/svg+xml 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/authentication-icon.svg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: c63de0488dd3407907555cfe3e116489a04cb99057b5133442fb20be704d2876

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:57 GMT
via: 1.1 google
last-modified: Thu, 23 Jun 2022 22:00:24 GMT
etag: "0ca2a34c87d81:0"
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1351

GET
H3 200 warning-icon.svg
citicards.citi.com/cbol/fraudprevention/images/ 1 KB
1 KB 115ms
113ms Image
image/svg+xml 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/warning-icon.svg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 41d6ee7d6834807df0b1c075d37e868b03c8f6474f3d41971cdc660cf36790af

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:57 GMT
via: 1.1 google
last-modified: Thu, 23 Jun 2022 22:00:24 GMT
etag: "0ca2a34c87d81:0"
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1364

GET
H3 200 wallet-icon.svg
citicards.citi.com/cbol/fraudprevention/images/ 848 B
865 B 115ms
113ms Image
image/svg+xml 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/wallet-icon.svg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 5b67ef142e18bfb86f4dac4a466758f51db4171863f56925eb6ae2c242b416ff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:57 GMT
via: 1.1 google
last-modified: Thu, 23 Jun 2022 22:00:24 GMT
etag: "0ca2a34c87d81:0"
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 848

GET
H3 200 alert-icon.svg
citicards.citi.com/cbol/fraudprevention/images/ 2 KB
2 KB 118ms
116ms Image
image/svg+xml 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/alert-icon.svg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: b20679c2b5ac8bf42dcd693e1c324b1c7b7f597c9a54c3c6f5609a73c6f08916

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:57 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:08 GMT
etag: "06ca8365cfbd81:0"
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2039

GET
H3 200 sms-icon.svg
citicards.citi.com/cbol/fraudprevention/images/ 858 B
875 B 116ms
114ms Image
image/svg+xml 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/sms-icon.svg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 9b61a38abc0e343f9cdeb049ded0608b26d80ac51673dc59113c661e11b405f8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:57 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:08 GMT
etag: "06ca8365cfbd81:0"
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 858

GET
H3 200 phone-icon.svg
citicards.citi.com/cbol/fraudprevention/images/ 850 B
867 B 155ms
153ms Image
image/svg+xml 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/phone-icon.svg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: a3e459748cea4644f18f82a58e89526526ff2e4aa862f4013ef89240a728b9c0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:57 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:08 GMT
etag: "06ca8365cfbd81:0"
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 850

GET
H3 200 security-icon.svg
citicards.citi.com/cbol/fraudprevention/images/ 1 KB
1 KB 220ms
218ms Image
image/svg+xml 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/security-icon.svg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 61d1bb42616337c62614385e8a3045e00d5724568b0cbe1701e45b2c80eb5bc6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:58 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:08 GMT
etag: "06ca8365cfbd81:0"
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1463

GET
H3 200 pin-icon.svg
citicards.citi.com/cbol/fraudprevention/images/ 2 KB
2 KB 299ms
297ms Image
image/svg+xml 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/pin-icon.svg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 6038d7791fbab95f51c10c0c28a125aeffeca7474d5a8e03f77ad48ef69d2c2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:58 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:52 GMT
etag: "078bbc7c65dd91:0"
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1877

GET
H3 200 article-0-dsk.jpg
citicards.citi.com/cbol/fraudprevention/images/ 44 KB
44 KB 217ms
215ms Image
image/jpeg 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/article-0-dsk.jpg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: c090ca35fa296ca439f61d5a139459b3be5bb7c729086bdf268cdf27f236f7d6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:58 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:10 GMT
etag: "099d9375cfbd81:0"
content-type: image/jpeg
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44958

GET
H3 200 article-1-dsk.jpg
citicards.citi.com/cbol/fraudprevention/images/ 44 KB
44 KB 230ms
228ms Image
image/jpeg 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/article-1-dsk.jpg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 6790995e96e099f5fcb8e62a1c0bd602f44ddfd8189dd6ff6a0e1449eeb39978

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:58 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:10 GMT
etag: "099d9375cfbd81:0"
content-type: image/jpeg
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 45322

GET
H3 200 article-2-mob.jpg
citicards.citi.com/cbol/fraudprevention/images/ 28 KB
28 KB 218ms
216ms Image
image/jpeg 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/article-2-mob.jpg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 18e4bd3ec81538c19da48add5f6bcabe99cabf7279806624e3bdf630537e9447

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:58 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:08 GMT
etag: "06ca8365cfbd81:0"
content-type: image/jpeg
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28352

GET
H3 200 article-3-mob.jpg
citicards.citi.com/cbol/fraudprevention/images/ 41 KB
41 KB 341ms
339ms Image
image/jpeg 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/article-3-mob.jpg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: dcfe7c5333c1446a6d4b0b3d9cf9fdb5d6d4ad57c604b647475f6e315cfb2e23

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:58 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:08 GMT
etag: "06ca8365cfbd81:0"
content-type: image/jpeg
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42073

GET
H3 200 article-4-mob.jpg
citicards.citi.com/cbol/fraudprevention/images/ 8 KB
8 KB 243ms
241ms Image
image/jpeg 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/article-4-mob.jpg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 94d185b092eb12a399becc1cf4fbd11ca29ee301156b298cbb16408b8f924702

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:58 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:10 GMT
etag: "099d9375cfbd81:0"
content-type: image/jpeg
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8135

GET
H2 200 interstate-bold.woff
cdn.digitalmarketing.citibankonline.com/fonts/ 17 KB
17 KB 13ms
11ms Font
application/x-woff 34.107.138.236
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.digitalmarketing.citibankonline.com/fonts/interstate-bold.woff

Requested by

Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.107.138.236 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

236.138.107.34.bc.googleusercontent.com

Software

Resource Hash

28ced8a7cb30e6f747ad8116dcd11d3dbf5848c2d49a9babbd7d8c94e0a29cf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://citicards.citi.com/
Origin: https://citicards.citi.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 19:19:25 GMT
via: 1.1 google
x-content-type-options: nosniff
last-modified: Mon, 10 Feb 2020 17:54:07 GMT
cross-origin-opener-policy: same-origin
age: 2327193
content-type: application/x-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17500
x-xss-protection: 0

GET
H2 200 interstate-regular.woff
cdn.digitalmarketing.citibankonline.com/fonts/ 17 KB
17 KB 11ms
9ms Font
application/x-woff 34.107.138.236
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.digitalmarketing.citibankonline.com/fonts/interstate-regular.woff

Requested by

Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.107.138.236 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

236.138.107.34.bc.googleusercontent.com

Software

Resource Hash

6896c70fd430a1ffe69dc778926e1866ca52a12bd341170522ad6278aafd7bcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://citicards.citi.com/
Origin: https://citicards.citi.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 14 Jun 2023 19:19:25 GMT
via: 1.1 google
x-content-type-options: nosniff
last-modified: Mon, 10 Feb 2020 17:54:07 GMT
cross-origin-opener-policy: same-origin
age: 2327193
content-type: application/x-woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17592
x-xss-protection: 0

GET
H3 200 ajax-loader.gif
citicards.citi.com/cbol/fraudprevention/images/ 4 KB
4 KB 508ms
508ms Image
image/gif 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/ajax-loader.gif
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: e7b44c86b050fca766a96ddac2d0932af0126da6f2305280342d909168dcce6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:57 GMT
via: 1.1 google
last-modified: Thu, 23 Jun 2022 22:00:24 GMT
etag: "0ca2a34c87d81:0"
content-type: image/gif
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4178

GET
H3 200 carousel-arrow.svg
citicards.citi.com/cbol/fraudprevention/images/ 375 B
392 B 192ms
192ms Image
image/svg+xml 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/carousel-arrow.svg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 0692d8f575c2522bf66816e9190859e9a1135ced06f09a9d4145c146abeaf46b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:58 GMT
via: 1.1 google
last-modified: Thu, 23 Jun 2022 22:00:24 GMT
etag: "0ca2a34c87d81:0"
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 375

GET
H3 200 slick.woff
citicards.citi.com/cbol/fraudprevention/images/ 1 KB
1 KB 195ms
194ms Font
application/x-woff 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/slick.woff
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 56500ab0cde6f2d4378a2b105d7f48f729f23b0b5186c2ae3fc80ab57b1e43b6

Request headers

Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Origin: https://citicards.citi.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:58 GMT
via: 1.1 google
last-modified: Thu, 23 Jun 2022 22:00:24 GMT
etag: "0ca2a34c87d81:0"
content-type: application/x-woff
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1356

GET
H3 200 close.svg
citicards.citi.com/cbol/fraudprevention/images/ 444 B
461 B 188ms
187ms Image
image/svg+xml 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/close.svg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: c115f10444ec77e06c3a78d333dcc36d1d9996c24ce7086c8cf39caed0dbbc9a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:58 GMT
via: 1.1 google
last-modified: Thu, 23 Jun 2022 22:00:24 GMT
etag: "0ca2a34c87d81:0"
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 444

GET
H3 200 header-citi-logo-dark.svg
citicards.citi.com/cbol/fraudprevention/images/ 4 KB
4 KB 156ms
153ms Image
image/svg+xml 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/header-citi-logo-dark.svg
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 798d2817849805518cc159e3194bf87db2de912b5fb65d271d6ad35220b523e6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:58 GMT
via: 1.1 google
last-modified: Thu, 23 Jun 2022 22:00:24 GMT
etag: "0ca2a34c87d81:0"
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4067

GET
H3 200 icon-animation.gif
citicards.citi.com/cbol/fraudprevention/images/ 196 KB
196 KB 157ms
153ms Image
image/gif 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/icon-animation.gif
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 0155792b9a2663cd6b988cf1c1f79d8cacb5a412f37030d3b3dd310e41e80be6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:58 GMT
via: 1.1 google
last-modified: Fri, 18 Nov 2022 14:44:10 GMT
etag: "099d9375cfbd81:0"
content-type: image/gif
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 200242

GET
H3 200 spoof-screen-dsk.png
citicards.citi.com/cbol/fraudprevention/images/ 61 KB
61 KB 190ms
185ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/spoof-screen-dsk.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 70cfee2273cff08adc1de934c7ba4c26ef37c552c0265a619f7aaae84b366082

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:58 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62004

GET
H3 200 spoof-numbers-screen-dsk.png
citicards.citi.com/cbol/fraudprevention/images/ 69 KB
69 KB 213ms
208ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/spoof-numbers-screen-dsk.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: e2032422cf97795d878d7e8f6c5680b61003a0e7426d090ad76414416d5e109b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:57 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 71061

GET
H3 200 half-screen-dsk.png
citicards.citi.com/cbol/fraudprevention/images/ 19 KB
19 KB 221ms
216ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/half-screen-dsk.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 3563b6e04f40fe3731855ce09dfd2e5f9e2352a3fe1107ca4bd7be199be7a466

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:57 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19680

GET
H3 200 pin.png
citicards.citi.com/cbol/fraudprevention/images/ 2 KB
2 KB 218ms
213ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/pin.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: d3c368636acfbc1ad3110ecd7e83cd91201a25035eefb869f0ba53fc80556ae5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:58 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1973

GET
H3 200 zelle.png
citicards.citi.com/cbol/fraudprevention/images/ 1 KB
1 KB 251ms
246ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/zelle.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 9e99b16368b8c1087c20b7cfcd4d347ad8d9ad87e2f12c02bde98d77fb0f4aa3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:57 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1366

GET
H3 200 remote.png
citicards.citi.com/cbol/fraudprevention/images/ 669 B
685 B 229ms
224ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/remote.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 5bc08566dd8013e3cd19dfd6f84bfdd4158f10ccf58fcfb79d70a251a00f6244

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:57 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 669

GET
H3 200 personal-info.png
citicards.citi.com/cbol/fraudprevention/images/ 2 KB
2 KB 221ms
216ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/personal-info.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: d7e512037d471d67911554862fb8b410aefdefda17c8e82f8eb07d2416363d1f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:58 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1937

GET
H3 200 bank.png
citicards.citi.com/cbol/fraudprevention/images/ 654 B
670 B 223ms
218ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/bank.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 2584c6004529409e7de7c99038212f52c80abd0ea8433e69bae062fb2fbeeaf3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:58 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 654

GET
H3 200 fundraiser.png
citicards.citi.com/cbol/fraudprevention/images/ 1 KB
1 KB 224ms
219ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/fundraiser.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 676e54cdee3f1e714af561b2de2074adc44558f0af9228f6a6549591b77ee06d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:58 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1436

GET
H3 200 email.png
citicards.citi.com/cbol/fraudprevention/images/ 1 KB
1 KB 457ms
452ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/email.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: c239243e04a137032106c293cb8cfb93057add704fa7a1c6a6e6c577c400b7fa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:57 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1476

GET
H3 200 romance.png
citicards.citi.com/cbol/fraudprevention/images/ 2 KB
2 KB 251ms
246ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/romance.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: a4d1700a5722627ab817f154047da828c8eab3153daf0251fd4ec06e4a86acea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:58 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1819

GET
H3 200 mobile.png
citicards.citi.com/cbol/fraudprevention/images/ 2 KB
2 KB 223ms
218ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/mobile.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 25d29d4c6e744e54c9e16f2f27a9cea3d936047813399376dcc5bd852b506a38

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:58 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1893

GET
H3 200 grandparents.png
citicards.citi.com/cbol/fraudprevention/images/ 2 KB
2 KB 225ms
220ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/grandparents.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 8f1b37fd8027cd3572e65d86ff4abc177632d7a232bccfb149801e25412950df

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:57 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2309

GET
H3 200 surprise.png
citicards.citi.com/cbol/fraudprevention/images/ 3 KB
3 KB 221ms
216ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/surprise.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: d126d27ad49023fbb9eee98910b70ff75515eedb4c471a20a3d895e8bf160b43

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:58 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2723

GET
H3 200 irs.png
citicards.citi.com/cbol/fraudprevention/images/ 1 KB
1 KB 236ms
231ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/irs.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef30ea175304f6c549c4780d5bf6fd45c3ec79e1ec5dccbd54644231d5a30b88

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:58 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1401

GET
H3 200 security.png
citicards.citi.com/cbol/fraudprevention/images/ 4 KB
4 KB 470ms
465ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/security.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 1189d926238344b283108b3493cf0469d4fd851d185f22fd9366a225c44d3e7a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:58 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4077

GET
H3 200 data-compromise.png
citicards.citi.com/cbol/fraudprevention/images/ 3 KB
3 KB 224ms
219ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/data-compromise.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: 465f3efefba82cfd554d95f93205978eeb3c075f3f56e790615ede3e0611411e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:57 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2882

GET
H3 200 text.png
citicards.citi.com/cbol/fraudprevention/images/ 733 B
749 B 228ms
223ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/text.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: d72fcc31881c8545b5d0a716d9b66404dfed56c11ec7f7304a50d94e3b80858a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:57 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 733

GET
H3 200 phone.png
citicards.citi.com/cbol/fraudprevention/images/ 2 KB
2 KB 253ms
248ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/phone.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: c892e3f2d2a1431a8ebae99542926bfedf2d7ece6652b04e556d6136cabd8295

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:58 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2373

GET
H3 200 lottery.png
citicards.citi.com/cbol/fraudprevention/images/ 3 KB
3 KB 250ms
244ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/lottery.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: d3032ff7e71a938ab86456c60267b219f399ee6e17588690b26707ac4ab33682

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:58 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2611

GET
H3 200 gimmick.png
citicards.citi.com/cbol/fraudprevention/images/ 2 KB
2 KB 476ms
471ms Image
image/png 35.190.22.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citicards.citi.com/cbol/fraudprevention/images/gimmick.png
Requested by: Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 40.22.190.35.bc.googleusercontent.com
Software: /
Resource Hash: d908e0bbf3a80aa1e4108a7847f6a61c1acfb6dd43f7c2e997f9fdc107391577

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=27F68BAF5D13409B8ED9C27580B980F7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:58 GMT
via: 1.1 google
last-modified: Thu, 23 Mar 2023 20:33:54 GMT
etag: "0a5ecc8c65dd91:0"
content-type: image/png
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2150

GET
H2 200 / Show response
zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com/SIE/ 8 KB
4 KB 85ms
27ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_3VI8kkudS0JJRFc

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

04ce45e70778ae8ff4eb970e620665a7e48552a96ddc99e92b8bf1c08592d985

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 66271
cf-polished: origSize=9073
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"2371-plMc4Vf+CGoqroHiYCmsJkLyNy0"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7e52dcfd5cba9a3b-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin: *

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 189 KB
69 KB 21ms
20ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-916451471

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

db33e62f7b7a89f7a12cdee3d87c98ea896c2c403a825901cbeadf4a680fc688

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 70283
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 17:23:07 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jul 2023 17:45:58 GMT

GET
H2 451 425466.html Show response
sr.rlcdn.com/ Frame 69CE 0
98 B 170ms
119ms Document
text/plain 35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://citicards.citi.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Tue, 11 Jul 2023 17:45:58 GMT
via: 1.1 google

GET
H2 200 bat.js Show response
bat.bing.com/ 40 KB
12 KB 70ms
32ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

679804e244b4127b7ecd99a513b57d6a4f91866410e16da69ce02f98f534051d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Tue, 11 Jul 2023 17:45:58 GMT
last-modified: Thu, 11 May 2023 18:08:27 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A0B04BF5B4F5473CACDFACBDF1EA0930 Ref B: FRA31EDGE0219 Ref C: 2023-07-11T17:45:58Z
etag: "80df77953384d91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 12183

GET
H2 200 dpm_pixel_min.js Show response
c.tvpixel.com/js/current/ 103 KB
32 KB 77ms
19ms Script
application/javascript 2600:9000:218e:9c00:1d:bf0a:0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.tvpixel.com/js/current/dpm_pixel_min.js?aid=citi-d4f85824-1351-4554-91ff-fdb56f962c5c&comscore=true
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:218e:9c00:1d:bf0a:0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 61d8137d275f12306e177bc726c2b3e072f9efa4743a0ace6ecbcf7a0932fd07

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: oMk5SFqHXboEDRm2.vDWImtx_4ARYxEl
content-encoding: gzip
via: 1.1 32a3d8b90281de379fa6ae275a2021bc.cloudfront.net (CloudFront)
date: Tue, 11 Jul 2023 12:32:55 GMT
last-modified: Thu, 16 Sep 2021 18:14:59 GMT
server: AmazonS3
x-amz-cf-pop: CDG52-P1
age: 63281
etag: W/"08e770c8a17bf087d50cec01af0892c2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: lqcLVIdx09frigQW7enEiz81-pKu-fpE7oZGTPjrPUsclmuiDFoiGw==

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 4 KB
2 KB 44ms
7ms Script
application/x-javascript 108.138.15.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.15.119 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-15-119.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Tue, 11 Jul 2023 09:05:50 GMT
Content-Encoding: gzip
Via: 1.1 85ca8c4198fb707d10ecc2a784a315be.cloudfront.net (CloudFront)
Last-Modified: Thu, 24 Sep 2020 15:15:34 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA56-P7
Age: 36320
ETag: W/"98d98b3499058b76d58073cf8ede2f10"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/x-javascript
X-Cache: Hit from cloudfront
Connection: keep-alive
X-Amz-Cf-Id: dR9Pn-hJ8ly1JcmfcjwP6zMB2DbL0fuytcjP62l9QoAEe--blIvipw==

GET
H/1.1

200
OK

iu3
s.amazon-adsystem.com/
Redirect Chain

https://s.amazon-adsystem.com/iu3?pid=c3702eea-109e-48b0-9ef4-c856bdd405e2&event=PageView
https://s.amazon-adsystem.com/iu3?pid=c3702eea-109e-48b0-9ef4-c856bdd405e2&event=PageView&dcc=t

0
0

115ms
115ms

Image
text/html

52.46.143.56
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.amazon-adsystem.com/iu3?pid=c3702eea-109e-48b0-9ef4-c856bdd405e2&event=PageView&dcc=t
Protocol: HTTP/1.1
Server: 52.46.143.56 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Redirect headers

Pragma: no-cache
Date: Tue, 11 Jul 2023 17:45:58 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: ZA25DYJW8H4W6FPNZSHY
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/iu3?pid=c3702eea-109e-48b0-9ef4-c856bdd405e2&event=PageView&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 204 e.gif
nexus.ensighten.com/error/ 0
251 B 13ms
13ms Image
text/plain 13.32.110.125
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nexus.ensighten.com/error/e.gif?msg=%24%20is%20not%20defined&lnn=-1&fn=&cid=1129&client=citi&publishPath=na_prod&rid=2680754&did=572750&errorName=ReferenceError
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.110.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-110-125.vie50.r.cloudfront.net
Software: CloudFront /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 05:41:03 GMT
via: 1.1 ed5d8b8e3a8c20eaabbb29c087f04c66.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: VIE50-C2
age: 43495
x-cache: Hit from cloudfront
cache-control: no-cache, no-store
x-amz-cf-id: lDHtEKxwDNbjVXfbEcy5JRz-E2gXs4-H7z9Ys-Q6xsGtyHdLFjZSJg==

GET
H/1.1 200
OK cls_report Show response
prod.report.nacustomerexperience.citi.com/glassbox/reporting/798b2f12-9162-4a94-91ee-805d883ca266/ 5 KB
2 KB 444ms
92ms XHR
application/json 34.226.6.56
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://prod.report.nacustomerexperience.citi.com/glassbox/reporting/798b2f12-9162-4a94-91ee-805d883ca266/cls_report?_cls_s=877185eb-7baf-4ac4-985e-f472f4128f7a%3A0&_cls_v=ceaa58fe-341f-47e2-bd95-bf15fc591110&pv=2&f_cls_s=true

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.226.6.56 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-226-6-56.compute-1.amazonaws.com

Software

GlassBox Cligate /

Resource Hash

cd46b81c67658cf41cda7f15ebae3ca2cff11e7ffa482352fd3582c7355b05d8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Tue, 11 Jul 2023 17:45:58 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
Content-Security-Policy: default-src 'self';
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 1188
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Server: GlassBox Cligate
X-Frame-Options: SAMEORIGIN
vary: origin
Content-Type: application/json
access-control-allow-origin: https://citicards.citi.com
access-control-allow-credentials: true
GB-Server: g5085
X-Robots-Tag: noindex

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/ 3 KB
2 KB 78ms
52ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1689097558601&cv=11&fst=1689097558601&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D27F68BAF5D13409B8ED9C27580B980F7&hn=www.googleadservices.com&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&auid=605298279.1689097558&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ebd30481275ed2efaec548910e3cd90cdcbcd27fcc94d4e30695429c5ef6eb8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1441
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 189 KB
69 KB 30ms
30ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f518ab8c88559ec19c13febebcf7ab741b08a744682a3062b8ec46423f7fca66

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 70299
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 17:23:07 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jul 2023 17:45:58 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 141 KB
54 KB 16ms
16ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3206ebacd5412487690b2ffd3827ed76494371dc86c3d98686a5f8256763f6f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55344
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 16:32:58 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jul 2023 17:45:58 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 141 KB
54 KB 24ms
24ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9e111db6cfdacf87c7e7ec3f4f226222985997b4288e6add4bc1b7a23047f242

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55155
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 17:23:07 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jul 2023 17:45:58 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 202 KB
72 KB 31ms
31ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2f081177d80bf5cffe4bffeec6ac04429ab25f126b1f26c03c5a84b9dad96247

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 73519
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 16:32:58 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jul 2023 17:45:58 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 141 KB
54 KB 20ms
20ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

da04c4f96527adfc917fdeedc72e31284a96ca5d7b4afe544f148bdf77b79dcc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55209
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 17:23:07 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jul 2023 17:45:58 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 192 KB
69 KB 34ms
33ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

23f9b203df9708cc87f9003357c49ac2830ff4da1c1d004b824daa6dd87281d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 70844
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 17:23:07 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jul 2023 17:45:58 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 141 KB
54 KB 23ms
23ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

76a55cd62af40958e22bfdf1cfc8d219316b5b87adee9a0295f838ea23f737ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55206
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 16:32:58 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jul 2023 17:45:58 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 189 KB
69 KB 24ms
24ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a9a993bbf626a619aea1f7a0c7a91f8900bdea1e85e4881d5bbf3953fff6eec3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 70295
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 17:23:07 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 11 Jul 2023 17:45:58 GMT

GET
H2 200 up Show response
insight.adsrvr.org/track/ Frame 26F2 0
182 B 111ms
35ms Document
text/html 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=1jw5cvl&ref=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D27F68BAF5D13409B8ED9C27580B980F7&upid=hqgowpz&upv=1.1.0&id=ttdUniversalPixelTag1689097558560&td1=Sapient_cbol_citi_fraud_prevention_lp
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://citicards.citi.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private,no-cache, must-revalidate
content-type: text/html
date: Tue, 11 Jul 2023 17:45:58 GMT
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/ 3 KB
2 KB 48ms
48ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1689097558641&cv=11&fst=1689097558641&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D27F68BAF5D13409B8ED9C27580B980F7&hn=www.googleadservices.com&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&auid=605298279.1689097558&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

82d8b874a720813a2eee51512acb32ae162e58ca8bd8819a7f35f02924fe49b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1441
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 16001692.js Show response
bat.bing.com/p/action/ 0
118 B 105ms
105ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/16001692.js

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Tue, 11 Jul 2023 17:45:58 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4C44085E15CA4872912E4B2CF763C683 Ref B: FRA31EDGE0219 Ref C: 2023-07-11T17:45:58Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
231 B 81ms
80ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=16001692&Ver=2&mid=fea6b712-1142-495d-b9c2-400adc9845ce&sid=cb4184b0201211ee978e11c4a8c7d58f&vid=cb41af00201211ee9ae457fc891cf142&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Fraud%20Prevention%20%7C%20Citi.com&p=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D27F68BAF5D13409B8ED9C27580B980F7&r=&lt=2213&evt=pageLoad&sv=1&rn=460696

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 11 Jul 2023 17:45:58 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 47F9CC0DFC254CB3A6AAACEDDF9601DF Ref B: FRA31EDGE0219 Ref C: 2023-07-11T17:45:58Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 0
bat.bing.com/action/ 0
286 B 31ms
30ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=16001692&Ver=2&mid=fea6b712-1142-495d-b9c2-400adc9845ce&sid=cb4184b0201211ee978e11c4a8c7d58f&vid=cb41af00201211ee9ae457fc891cf142&vids=0&msclkid=N&ec=Sapient_cbol_citi_fraud_prevention_lp&ea=Application&p=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm&sw=1600&sh=1200&sc=24&evt=custom&rn=163416

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 11 Jul 2023 17:45:58 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8513D913F9F048AD84CEEA6A715AAAA0 Ref B: FRA31EDGE0219 Ref C: 2023-07-11T17:45:58Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 16003743.js Show response
bat.bing.com/p/action/ 0
118 B 111ms
111ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/16003743.js

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Tue, 11 Jul 2023 17:45:58 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: AFE5254B184C41FCAD1A295943B56026 Ref B: FRA31EDGE0219 Ref C: 2023-07-11T17:45:58Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
231 B 77ms
77ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=16003743&Ver=2&mid=5e70095d-3531-4dcf-b7f5-5670baf56421&sid=cb4184b0201211ee978e11c4a8c7d58f&vid=cb41af00201211ee9ae457fc891cf142&vids=0&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Fraud%20Prevention%20%7C%20Citi.com&p=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D27F68BAF5D13409B8ED9C27580B980F7&r=&lt=2213&evt=pageLoad&sv=1&rn=950868

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 11 Jul 2023 17:45:58 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FE686503604849518E21B7ACD281230F Ref B: FRA31EDGE0219 Ref C: 2023-07-11T17:45:58Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 0
bat.bing.com/action/ 0
231 B 76ms
76ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=16003743&Ver=2&mid=5e70095d-3531-4dcf-b7f5-5670baf56421&sid=cb4184b0201211ee978e11c4a8c7d58f&vid=cb41af00201211ee9ae457fc891cf142&vids=0&msclkid=N&ec=Sapient_cbol_citi_fraud_prevention_lp&ea=Application&p=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm&sw=1600&sh=1200&sc=24&evt=custom&rn=509442

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 11 Jul 2023 17:45:58 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DEB4439989EF4C76A8A0D333F8964E56 Ref B: FRA31EDGE0219 Ref C: 2023-07-11T17:45:58Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/ 3 KB
2 KB 50ms
50ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1689097558677&cv=11&fst=1689097558677&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D27F68BAF5D13409B8ED9C27580B980F7&hn=www.googleadservices.com&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&auid=605298279.1689097558&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c15aa18f3e0f3f59efadb5241ac16214c5ad16275063bb0127796201c4c52894

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1430
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 12.ab92b717dec244c92313.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 68 KB
21 KB 26ms
25ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/12.ab92b717dec244c92313.chunk.js?Q_CLIENTVERSION=1.95.0&Q_CLIENTTYPE=web&Q_BRANDID=citicards.citi.com

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1aa2b97a967263d27c2f5591098fdae938891217f7288d1bf03b800963c3d270

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 85065
cf-polished: origSize=70533
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 29 Jun 2023 19:16:39 GMT
cf-bgj: minify
server: cloudflare
etag: W/"11385-18908960dd8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7e52dcfdcd5a9a3b-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin: *

OPTIONS
H2 200 tp2
p.tvpixel.com/com.snowplowanalytics.snowplow/ Frame 0
0 289ms
91ms Preflight 34.206.177.80
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://p.tvpixel.com/com.snowplowanalytics.snowplow/tp2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.206.177.80 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-206-177-80.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://citicards.citi.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, SP-Anonymous
access-control-allow-origin: https://citicards.citi.com
access-control-max-age: 600
content-length: 0
date: Tue, 11 Jul 2023 17:45:58 GMT
server: nginx

POST
H2 200 tp2 Show response
p.tvpixel.com/com.snowplowanalytics.snowplow/ 2 B
330 B 274ms
93ms XHR
text/plain 34.206.177.80
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://p.tvpixel.com/com.snowplowanalytics.snowplow/tp2
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.206.177.80 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-206-177-80.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://citicards.citi.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

access-control-allow-origin: https://citicards.citi.com
date: Tue, 11 Jul 2023 17:45:59 GMT
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
server: nginx
content-length: 2
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"

GET
H2 200 p
sb.scorecardresearch.com/ 43 B
298 B 80ms
25ms Image
image/gif 52.222.169.27
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/p?c1=2&c2=34402982&ns_type=hidden&ns_event=page_view&c6=citi-d4f85824-1351-4554-91ff-fdb56f962c5c&c7=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D27F68BAF5D13409B8ED9C27580B980F7&c8=Fraud%20Prevention%20%7C%20Citi.com&c9=&rn=1689097558688
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.169.27 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-169-27.cdg52.r.cloudfront.net
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:58 GMT
via: 1.1 16a28c0e67da18fa2960e2e414084d76.cloudfront.net (CloudFront)
accept-ch: UA, Platform, Arch, Model, Mobile
x-amz-cf-pop: CDG52-P2
x-cache: Miss from cloudfront
content-type: image/gif
content-length: 43
x-amz-cf-id: qIloid-Pvrr_iqg0kWZ-eQ5w1gtRN3zSfo86Q0lwHBcMdcOG8BOOoQ==

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/ 3 KB
2 KB 52ms
52ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1689097558705&cv=11&fst=1689097558705&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D27F68BAF5D13409B8ED9C27580B980F7&hn=www.googleadservices.com&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&auid=605298279.1689097558&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8b6fdc430f575d137081d0fcfb972fe22cfcb02b7ad17ad7547b84d884f7d277

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1441
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/ 3 KB
2 KB 51ms
51ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1689097558719&cv=11&fst=1689097558719&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D27F68BAF5D13409B8ED9C27580B980F7&hn=www.googleadservices.com&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&auid=605298279.1689097558&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9add447cfdd02f84f5df5bdacbc5ec5309e45a809ffe76a94cd1648c84fcb28f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1439
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/ 3 KB
1 KB 52ms
51ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/?random=1689097558735&cv=11&fst=1689097558735&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D27F68BAF5D13409B8ED9C27580B980F7&hn=www.googleadservices.com&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&auid=605298279.1689097558&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

32e078eaf9ab12df31c74acecfbfd38337dbd6a222a99a7c70bb35364b74ca5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1443
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/ 3 KB
1 KB 55ms
55ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1689097558752&cv=11&fst=1689097558752&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D27F68BAF5D13409B8ED9C27580B980F7&hn=www.googleadservices.com&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&auid=605298279.1689097558&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f68795878b6b2f2e12d7a5e44c73561c3f58327dd587e56e8e88dfb742c9647c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1442
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/ 3 KB
1 KB 51ms
51ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1689097558772&cv=11&fst=1689097558772&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D27F68BAF5D13409B8ED9C27580B980F7&hn=www.googleadservices.com&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&auid=605298279.1689097558&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5e7589d97b30470896e35939fc5e7716858909423e208c29548c4971ebb95996

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1441
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/ 3 KB
1 KB 51ms
50ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1689097558791&cv=11&fst=1689097558791&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D27F68BAF5D13409B8ED9C27580B980F7&hn=www.googleadservices.com&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&auid=605298279.1689097558&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

790b0753a3a6032c5027e38e87dd9eee0a51545875426747b10de55e66a5c8e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1437
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/916451471/ 42 B
455 B 44ms
20ms Image
image/gif 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/916451471/?random=1689097558601&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D27F68BAF5D13409B8ED9C27580B980F7&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2808895006&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:58 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/916451471/ 42 B
108 B 43ms
20ms Image
image/gif 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/916451471/?random=1689097558601&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D27F68BAF5D13409B8ED9C27580B980F7&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2808895006&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:58 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/644574043/ 42 B
108 B 43ms
20ms Image
image/gif 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/644574043/?random=1689097558641&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D27F68BAF5D13409B8ED9C27580B980F7&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3418221752&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:58 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/644574043/ 42 B
455 B 42ms
19ms Image
image/gif 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/644574043/?random=1689097558641&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D27F68BAF5D13409B8ED9C27580B980F7&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3418221752&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:58 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 Targeting.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 9 KB
2 KB 154ms
153ms XHR
application/json 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_3VI8kkudS0JJRFc&Q_CLIENTVERSION=1.95.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7207b8bd9fd7ebbe1adb59018aa049221ac062bc181ea46a1061107441784668

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://citicards.citi.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Tue, 11 Jul 2023 17:45:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://citicards.citi.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
permissions-policy: camera=(), geolocation=(), microphone=()
trace-id: 7d0fb3073758842a
cf-ray: 7e52dcfeae639a3b-FRA
timing-allow-origin: *

GET
H2 200 /
www.google.com/pagead/1p-user-list/695231162/ 42 B
108 B 40ms
21ms Image
image/gif 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/695231162/?random=1689097558677&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D27F68BAF5D13409B8ED9C27580B980F7&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4079311078&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:58 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/695231162/ 42 B
108 B 40ms
21ms Image
image/gif 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/695231162/?random=1689097558677&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D27F68BAF5D13409B8ED9C27580B980F7&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=4079311078&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:58 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/960621875/ 42 B
108 B 42ms
23ms Image
image/gif 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/960621875/?random=1689097558752&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D27F68BAF5D13409B8ED9C27580B980F7&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=596750951&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:58 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/960621875/ 42 B
108 B 41ms
23ms Image
image/gif 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/960621875/?random=1689097558752&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D27F68BAF5D13409B8ED9C27580B980F7&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=596750951&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:58 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/975701947/ 42 B
108 B 39ms
21ms Image
image/gif 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/975701947/?random=1689097558705&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D27F68BAF5D13409B8ED9C27580B980F7&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3599275797&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:58 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/975701947/ 42 B
108 B 23ms
22ms Image
image/gif 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/975701947/?random=1689097558705&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D27F68BAF5D13409B8ED9C27580B980F7&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3599275797&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:58 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/959299794/ 42 B
108 B 22ms
21ms Image
image/gif 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/959299794/?random=1689097558719&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D27F68BAF5D13409B8ED9C27580B980F7&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2991057999&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:58 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/959299794/ 42 B
108 B 28ms
27ms Image
image/gif 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/959299794/?random=1689097558719&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D27F68BAF5D13409B8ED9C27580B980F7&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2991057999&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:58 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/10955006959/ 42 B
108 B 22ms
21ms Image
image/gif 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10955006959/?random=1689097558735&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D27F68BAF5D13409B8ED9C27580B980F7&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=983717342&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:58 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/10955006959/ 42 B
108 B 23ms
22ms Image
image/gif 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/10955006959/?random=1689097558735&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D27F68BAF5D13409B8ED9C27580B980F7&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=983717342&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:58 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/830907969/ 42 B
108 B 21ms
20ms Image
image/gif 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/830907969/?random=1689097558772&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D27F68BAF5D13409B8ED9C27580B980F7&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1754380501&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:58 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/830907969/ 42 B
108 B 23ms
22ms Image
image/gif 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/830907969/?random=1689097558772&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D27F68BAF5D13409B8ED9C27580B980F7&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1754380501&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:58 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/819500023/ 42 B
108 B 21ms
21ms Image
image/gif 2a00:1450:4001:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/819500023/?random=1689097558791&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D27F68BAF5D13409B8ED9C27580B980F7&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2704890408&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:58 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/819500023/ 42 B
108 B 23ms
22ms Image
image/gif 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/819500023/?random=1689097558791&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D27F68BAF5D13409B8ED9C27580B980F7&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2704890408&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 17:45:58 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 CoreModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 102 KB
32 KB 29ms
29ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.95.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b9265f44392cf6867327d090d6553738c6ce2223ffa70dd3bf82885f6b2d7be6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 85066
cf-polished: origSize=105216
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 29 Jun 2023 19:16:39 GMT
cf-bgj: minify
server: cloudflare
etag: W/"19b00-18908960dd8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7e52dcffafad9a3b-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin: *

GET
H2 200 7.cff97ca457c7bcbf778b.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 2 KB
910 B 26ms
26ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/7.cff97ca457c7bcbf778b.chunk.js?Q_CLIENTVERSION=1.95.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f2f6e980489a52d69fd72e2bc3c3eeb96bf851d0df449fc865637d63ee4775ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 85060
cf-polished: origSize=2522
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 29 Jun 2023 19:16:39 GMT
cf-bgj: minify
server: cloudflare
etag: W/"9da-18908960dd8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7e52dcffeffa9a3b-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin: *

GET
H2 200 1.0c5a57685cec0137b83a.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 28 KB
7 KB 29ms
28ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/1.0c5a57685cec0137b83a.chunk.js?Q_CLIENTVERSION=1.95.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2bab576a1654b30cbc8ea7514784fe81dd0d35450205e30f0a66498faf577757

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 85060
cf-polished: origSize=29374
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 29 Jun 2023 19:16:39 GMT
cf-bgj: minify
server: cloudflare
etag: W/"72be-18908960dd8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7e52dcffeffc9a3b-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin: *

GET
H2 200 FeedbackButtonModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 63 KB
23 KB 28ms
28ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/FeedbackButtonModule.js?Q_CLIENTVERSION=1.95.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b24c5b325810b01a60487c8a42151b8f6ac44d1173722ec526c54fe7c4b7c762

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 85055
cf-polished: origSize=65177
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 29 Jun 2023 19:16:39 GMT
cf-bgj: minify
server: cloudflare
etag: W/"fe99-18908960dd8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7e52dcffefff9a3b-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin: *

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 5 KB
2 KB 38ms
19ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_0AioryRkl8bxHM2&Version=21&Q_ORIGIN=https://citicards.citi.com&Q_CLIENTVERSION=1.95.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25ca4a79f782688bb53814c6f6d6a4c97838c77c6629837c873571f0b511253e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

servershortname
date: Tue, 11 Jul 2023 17:45:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 44571
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 11 Jul 2023 05:23:08 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7e52dd0008ac9030-FRA
expires: Fri, 08 Jul 2033 05:23:08 GMT

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 2 KB
754 B 40ms
22ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_6sPqDX4wKQujPO6&Version=1&Q_InterceptID=SI_0AioryRkl8bxHM2&Q_ORIGIN=https://citicards.citi.com&Q_CLIENTVERSION=1.95.0&Q_CLIENTTYPE=web

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d606706bc014b445cce648ddb3b4a05c10e012317100eb36ef6080580515a0bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

servershortname
date: Tue, 11 Jul 2023 17:45:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 49169
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 11 Jul 2023 04:06:30 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 7e52dd0008af9030-FRA
expires: Fri, 08 Jul 2033 04:06:29 GMT

GET
H2 200 Graphic.php
iad1.qualtrics.com/WRQualtricsSiteIntercept/ 2 KB
3 KB 58ms
16ms Image
image/png 95.101.149.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://iad1.qualtrics.com/WRQualtricsSiteIntercept/Graphic.php?IM=IM_2ghDuHHjeSOirNc

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.149.99 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-101-149-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

25f4eeb23f67fe1d74534ed37230ecd54ab4f57524276970dcbeaaf3b0fc64f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy-report-only: report-uri https://sjc1.qualtrics.com/csp-report
content-disposition: inline; filename=feedback.png
content-length: 2196
x-request-id: fc891558-1f10-4ab0-b181-ff81a30b9c1c
referrer-policy: strict-origin-when-cross-origin
etag: "e6ed675f115fb1568bb1aabc00aa3f30"
content-type: image/png
access-control-allow-origin: *
x-transaction-id: 70acd2c9-7609-4879-825b-795b352bb100
cache-control: public, max-age=33
permissions-policy: camera=(), geolocation=(), microphone=()
x-robots-tag: noindex
expires: Tue, 11 Jul 2023 17:46:32 GMT

POST
H2 200 / Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 45 B
217 B 29ms
28ms XHR
text/plain 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_Impress=1&Q_CID=CR_6sPqDX4wKQujPO6&Q_SIID=SI_0AioryRkl8bxHM2&Q_ASID=AS_etUBT4QUD9Btyf4&Q_CLIENTVERSION=1.95.0&Q_CLIENTTYPE=web&r=1689097559134

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f47f21063dfdcbdeffed3d97689b45efae7a52401cd7fc5b8d07c42d2f232ab9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://citicards.citi.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Tue, 11 Jul 2023 17:45:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: strict-origin-when-cross-origin
cf-cache-status: DYNAMIC
content-encoding: br
x-content-type-options: nosniff
server: cloudflare
vary: Accept-Encoding
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://citicards.citi.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
permissions-policy: camera=(), geolocation=(), microphone=()
trace-id: 5e56f0b1297b9e32
cf-ray: 7e52dd0099629030-FRA

GET
H2 200 wr-dialog-close-btn-white.png
siteintercept.qualtrics.com/WRQualtricsShared/Graphics/siteintercept/ 254 B
547 B 24ms
23ms Image
image/png 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://siteintercept.qualtrics.com/WRQualtricsShared/Graphics/siteintercept/wr-dialog-close-btn-white.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cd5496f75a7c1029bc681f639794b83f034d5ecd884e8514ae12b13eee9eec70

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

servershortname
date: Tue, 11 Jul 2023 17:45:59 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 47748128
cf-polished: origSize=759
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
x-envoy-upstream-service-time: 4
content-length: 254
last-modified: Fri, 24 Sep 2021 19:50:52 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=315360000, public
accept-ranges: bytes
cf-ray: 7e52dd0098ce9a3b-FRA
trace-id: 235c58a2d918c179
expires: Sat, 03 Jan 2032 02:23:51 GMT

GET
H2 204 r.rnc
data.privacy.ensighten.com/privacy/v1/b/ 0
106 B 10ms
10ms Image
text/plain 3.124.173.63
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.privacy.ensighten.com/privacy/v1/b/r.rnc?n=1&c=1129&i=4jonfo&p=na_prod&s=15688&d=8HB7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNjExIiwiY2xpZW50SWQiOjExMjksInB1Ymxpc2hQYXRoIjoibmFfcHJvZCIsImluc3RhbmNlSWQiOiI0am9uZm8iLCJwYWNrZXQiOjEsIm1vZGUiOiJlbmZvcmNlWgDwCG9va2llcyI6eyJCQU5ORVJfTE9BREVEkQDyJyJ9LCJlbnZpcm9ubWVudCI6IkNCT0wgUHJpdmFjeSIsInJlcXVlc3RzIjpbeyJkZXN0aW5hdM4A8Q5odHRwczovL2NpdGkuYnJpZGdldHJhY2suY29tLwoA8CsvP2lkPTY1MzQ1JnJhbmRvbT02LjI3NDk5Mjg1NjM1MzY5RSsxNiIsInR5cGUiOiJpbWciLCJzdGFyywDANjg5MDk3NTU3NTQwpgAAGwEHFACAMSwic291cmM5ADFtdXSWAKJPYnNlcnZlckNMSAChdHVzIjoibG9hZMsAQGFzb27KANRdLCJkYXRhUGF0dGVyEgCxbGlzdCI6W10sImlqAN85MDg1OTE3MzE2MX0s_AAFkW1ldHJpY3MxLgUBAPkA8BppZD9kX3Zpc2lkX3Zlcj00LjQuMCZkX2ZpZWxkZ3JvdXA9QSZtY29yZxsB9UQxODM0RDlCNTIyOEE3NDMwQTQ5MEQ0NSU0MEFkb2JlT3JnJm1pZD05MTIyMzY0NDEwNDUwNTA2NjU2MzYyODExOTQ0MDA2Nzk2NTM0OSZ0cz0xNjUBFzVZATJ4aHIRAQtZAS41NlkBABQABVkBslhIUl9NQU5BR0VSQQACUgFvYWxsb3dlVQEgMDg3MBACTzA3MTdVAf9d8QBzY3JpcHQuY3JhenllZ2elA2NwYWdlcy-gBKJlZC9jb21tb24tKwD2FnMvNjFmMjY4OWQ5NWU5NGM2ZWY1OTkyMDJlZGQzMjQwMWMuanO8AwI1AAIlAgpmAj40ODdmAic3OL8Dwmluc2VydEJlZm9yZUIAAmcCD7kDI784ODMwMDY0MDg2OWQCBwKvAA8PAWMfOA8BDA_OBEEFFQEvNzAVAQfxAG5leHVzLmVuc2lnaHRlbiQCANkEIi9ufwYTL14F8BZvbXBvbmVudC5waHA_bmFtZXNwYWNlPUJvb3RzdHJhcHBlciZzkgUwY0pzwQYfPVkADmNjb2RlLyb0BvIeZWRPbj1XZWQlMjBKdWwlMjAwNSUyMDE1OjQ4OjA0JTIwR01UJTIwMjAyMyZDNwcgRD02B4EmUGFnZUlEPZoGkCUzQSUyRiUyRsIAVWNhcmRzpQUAFQDwAmJvbCUyRmZyYXVkcHJldmVu1gb_aCUyRmRlZmF1bHQuaHRtJTNGQlREYXRhJTNERUZlLkIuZ0FCNGYuQi5CMCEuU0VPei5lR0kubFlnLnhHIS5Cai5TWC4wZi5FJTI2UHJvc3BlY3RJRCUzRDI3RjY4QkFGNUQxMzQwOUI4RUQ5QzI3NTgwQjk4MEY3RgMRPjUxMjcCJzg0RgMPNwJCnzcwOTY4NTUyMTcCKQHeAfAaOTM5MzVhNDA5NjUxNjQ0NzE3MmQ5ZDNmMWQyMzcxMGQuanM_Y29uZGmJAa9JZDA9NDMzMDcyHAESLjgxHAEfOWIESK83ODUwMzgyMDM0TQMoDxYBTx8zFgEMDzICQwQcAR82HAEt_xA3YzhhZTFmOWMyMDY5MzAwMjg2NzI5NDljNjcwM2Y2MgIAbzg0OTk2MzMCJxc5TwMPlQY8IDkx-go_MjAwTgoIDycFEw8XAUsPNAIBCBcBDzQCQgUdAR8zNAIt_xBjNjVhMzYwOWUxYmVlZDcyOTU1Yjg4YWZhYzhjZDMxNAIBMDA4OIENA4QMAhkIAoYICsgILjU4ggU_NjAwMwJHrzc4NDI1NjE1OTgWAYodNGYEChYBDzICQgMcAS82MJgGLv4RYThlNmU3NTY0NWE0Nzg3NDM3MDFhMGRlMjlkYjQ2NjGYBm84OTcwOTlmBCUoNjC6Dg9mBDyfNzk0MzYxODQwSQMuDxcBSw5mBAoXAQ80AkMEHQEfNVADLf8RYjE2OWI1MjExYWJjYjU5NTk3YzJhNTBkMDgzNGRhZDY0AgBfNTQ4MzQ0AhMPZwQBHzJnBEZwOTExMjg2OVAQDxcBiw9oBAEIFwEPNAJBBh0BD1EDLv8POTNiZDExNzNlMDA0YzVmMTRjOGMzMTI3NzRhMTc3NAIBXzkzNjYzmwYoCB0BD2gEPY81MDc1MjI2NQELMA8XAUkPNAJhJDg3HQEPAgsu_hE5ZDlhNzY2N2VkYTE2NDIxYjc1OWQzZTRhZTM0ZDI1ZmgEACILD5sGFA-EBQAfMzMCSK84MjQ5NTQ5MjYyZwQtDxYBSg8yAgAJFgEPZgRBFTgcAQ9mBC4QZrIE_wtjNGY0Y2MyZGE3YmM3NjA5NTdkYTFkMGE0N5oGAU82NzU3mQYmCRwBD2UEPJ85NzYyNTYyODlIAy4PFgFKDzICYgUcAQ8cDC7-EWY3OWFlNzQ1MjY0YjQzZjNmYWFhYjg3YmYzY2RiNzViZARPNTU4OTICFA9kBFyfNzY0MDE1NzY14gkuDxYBSg8yAgEXM-EJD2QEQgUcAQ9OAy7wB2Q3OTU0MTdkMTJjOGYxMjZlNjRlMDB0D242YWJiNTUyAl8yMTkwOGQEJh81ZA9JjzAyNzMyODM0yQguDxYBSg8yAgAJFgEPMgJDBBwBDzICCAFdF5BvcnBjcmVkaXQgGPITaWMudHQub210cmRjLm5ldC9yZXN0L3YxL2RlbGl2ZXJ5P-seHz07AAFAJnNlcy0f8xVJZD0xNzg0ZGZjMzc4NDU0YjQ3YWY2YTFiNWU0N2JlNjg4MCa4GkI9Mi4xVx8DwhEP7RwELjY3JRYBFAAP7RxIjzY2OTIzMzc47RwIDwYBAQ9BAf8bDzUVE-FjY2I5MTBmM2IyODY2NXQY3TY2Y2I2ZWYzZWRjNDO0BG8zMDEzMzPnBicPfxhIrzkxMTc2OTUzODWZAwgPFwFxD7YEAAkXAQ-2BEEGHQEPdQMNCRMcay9jYm9sLw8c7y9qcy84NTEuYnVuZGxl7x4UPTUzOREVNzcwNd8HACEdYG5kQ2hpbEIhACkdD6ciKK84OTE3MjE0MzQ4WA0IAWUED_AARQ-eIwAK8AAP5wFBBvcADzMNCJFjMS5yZmlodWKIBp9qcy90Yy5taW7JARQBxhYhZW4NJARWIy83MFYcSJ85NTE2MzM0OTW6AgkP0wAsDgQHCtMAD6wBQwTZAA-tDAjxBXd3dy5nb29nbGV0YWdtYW5hZ2VygSBwZ3RhZy9qc0smn0RDLTYyNjAwMEkVEi82M-0AACcyNokDD7AOPI83NjE2MjkxMdwkCQ_nAEEOMBYZN-cAD9QBQgXtAA_UAQgAdwRxLmRlbWRleIIDAEAoEDVaIb9sP2RfbnNpZD0wI6whDQY2DFNpZnJhbSAkC5obHjVoDig3M6oDD3MFO584MTY3NzcwNDKABwgP_ABXDk8kCvwAD_8BQgQDAR8zzx4ID-wCF3A5MzIyJmw9lSmmTGF5ZXImY3g9Y_oBD5QdBz43MjVtBxg2TA8P5AM7nzkwMzg4ODg5McYUCQ_4AFIOuikZN_gAD_YBQQb-AA91BwgP_gAWXzU2NzEw9gE3AN8NBcsND_YBO684ODcwMTI0NTA5-ABtD_YBAAn4AA_2AUEG_gAPJBEID_YBFV80MTU4MewDJQ_-AAEPnCJOnzgxMzg3NDQ3N-0FDApjKA9QDAY_MjgzUAwbLjcwRw0oODKpGQ_1AUKfNzcyNTkwNzEy4AcIlDIwNzY2Njk5cGcLAAEvImNh4gcA_i70BDkmcmE9Mjk2JnJiPTY0OCZjYT00APEAJl9vPTE3MTY5MTc1Jl90DhILfw3AbHAmX3Jldj0xJl9wLScACQDxBW9yZGVyaWQ9MSZzc3ZfY3V1aWQ9CwDCcGFja2FnZT1udWxsEQAwcm9k1C8HEgAwYWdlrioPbAAEL3BlOSpRPCUyMTsqABMADz0qJ0AmcGY9ZwH3AjAyNDQ0MzUxNTM5NTY0NjM3ADAPOwkHLjcwnS0vODMlC0kwMjYw2CkPTwMJBCQCD1gC_6sOlwoKWAIPtgRDBF4CD0MPCT9pdGmtBRUvMjWtBS4_ODA5rQVPjzY1MjQ3NTM5BBIwIWltFjJwaGVhZGVyLccM0C1sb2dvLWRhcmsuc3aiNQNpFw-vNQMuODCOLSA4MhUTBZ4JD_sBQo84NTYxNDQyNi4eCQDOAA_7AREDBAFQc3Bvb2YPM69lZW4tbW9iLnBu_wARDacIRzgyNzd3EA__AEKfNzAyOTA1MzI3owoID_8AHD9waW7yABQN7AM_ODI5mQlNrzkxMDkzNTIyMDWDDggP8gBGD-QBAA_yAFcfNNk0CA_yAB3PZXJzb25hbC1pbmZv7gEUDvwALzMw4wROEDkIJU82MDUx_ABrDdwXHzj8AFgfMt8FN49zdXJwcmlzZfMBEx05gTsgODOXDA_SBUvQOTU4NDA3MTkwN31dfQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.124.173.63 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-173-63.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:59 GMT
cache-control: no-cache, no-store
server: nginx
expires: Tue, 11 Jul 2023 17:45:58 GMT

GET
H2 204 r.rnc
data.privacy.ensighten.com/privacy/v1/b/ 0
106 B 9ms
9ms Image
text/plain 3.124.173.63
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.privacy.ensighten.com/privacy/v1/b/r.rnc?n=2&c=1129&i=4jonfo&p=na_prod&s=15676&d=8HB7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNjExIiwiY2xpZW50SWQiOjExMjksInB1Ymxpc2hQYXRoIjoibmFfcHJvZCIsImluc3RhbmNlSWQiOiI0am9uZm8iLCJwYWNrZXQiOjEsIm1vZGUiOiJlbmZvcmNlWgDwCG9va2llcyI6eyJCQU5ORVJfTE9BREVEkQDyJyJ9LCJlbnZpcm9ubWVudCI6IkNCT0wgUHJpdmFjeSIsInJlcXVlc3RzIjpbeyJkZXN0aW5hdM4A8ANodHRwczovL2NpdGljYXJkcy4KAPAGLmNvbS9jYm9sL2ZyYXVkcHJldmVuMgDwES9pbWFnZXMvc3VycHJpc2UucG5nIiwidHlwZSI6ImltDQBAc3RhcsYAwDY4OTA5NzU1ODA4N6EAABYBBRQAoDMwNCwic291cmM5ADFtdXSRAPELT2JzZXJ2ZXJDTCIsInN0YXR1cyI6ImxvYWTGAEBhc29uxQDUXSwiZGF0YVBhdHRlchIAs2xpc3QiOltdLCJpagC_NTg0MDcxOTA0fSz3ADRfbW9iaWz1ACkfNfUATL85MDkyNzI4OTE3N_UAYx856gEAD_UAVx859QA2_wBoYWxmLXNjcmVlbi1tb2LoAhQfNv4AYL84ODMyNDA1ODcyNf4ANk9iYW5r8wAUD_EBYa84OTQ2MjY2NjU08QE3D_MAGA_OBAEP5AJNBvMAD9kDN69mdW5kcmFpc2Vy7AEUD_kAYq84NDgxNjgyNjI23wI2D_kAHg_lAmIF-QAfOPkANgA2B48tY29tcHJvbb4HFi85MNYEYZ85OTAzMTA2NznwAjcP_gAiLzg4_gBqD9QFN89ncmFuZHBhcmVudHPwAxQP9wIBHzbCCEy_ODczOTQ2MDkxNDL3AjYP-wAgD-sEAQ_7AFcfMPsANl9yZW1vdLIKFQ_wAQAvMTDwAU2vOTc5NDU2MjMwM_UAYw-0CQAP9QBYD-oBN090ZXh02AMTD9EFAQ_zAE4AzwVvODEzMjEz0wQ3D_MAFw_GBQEP8wBYD9sCNy9pcr0FFA_lAQIfN80DTo80MzgyNDM1NK0JNw_yABYPZhABHzHyAFcP5AE3P3plbGUQFg-eCAAvMzHmAU2fODA4MDUwOTgzowc3D_QAGQ-yBQAP9ABYD7IFNyBsb8ASH3m1BScvMzLqAU2fOTgyNTE1NDIz3gI3D_YAGg-4BQEP9gBYHzGTCDdfb21hbmOJCSgP9gBPnzc1OTY2OTI4N3AONx9y9gAaD3QLAA_2AFgPsgY3T3Bob27qARUPwAUBD0wSTp84MzMzNDUxMDP0AGIPmggBHzP0AFcP3gI3kWljb24tYW5pbbwYTy5naWYLGRAeMk8QHzWxB02vOTAxMDk0Njc1MU0RN99zcG9vZi1udW1iZXJzKhcxPzQxM84GTo85ODcyOTczNMQHN19lbWFpbMIHEw-gCgA_NTM49ABNjzcxODc4OTk5ERo4D_QAGQ5TEA_0AFkPHxg3f3NlY3VyaXStCScvNTWtCU2vOTA4MTc5ODcwMJcLNw_3ABsPrgkAD_cAWQ_WAzdvZ2ltbWljAxsUD9AGAD81NTnYA0yvOTA2NjQyNDcyM6QKNw_2ABoeOIYND_YAWB8yyQY3D_YAGw6wCQ_2AFkP0AQIAFoi8AoucmVwb3J0Lm5hY3VzdG9tZXJleHBlcmllegwF2CGSZ2xhc3Nib3gvLgDyHmluZy83OThiMmYxMi05MTYyLTRhOTQtOTFlZS04MDVkODgzY2EyNjYvY2xzXzMAID9fDADxHHM9ODc3MTg1ZWItN2JhZi00YWM0LTk4NWUtZjQ3MmY0MTI4ZjdhJTNBMCYwAPEedj1jZWFhNThmZS0zNDFmLTQ3ZTItYmQ5NS1iZjE1ZmM1OTExMTAmcHY9MiZmMgBmcz10cnVlVQkyeGhyGCIKYCIvNTaMAgAAFAAFYCKyWEhSX01BTkFHRVJBAAJZIm9hbGxvd2VcIiKPMTczODYzNDJrBQgPkgH_gPEFd3d3Lmdvb2dsZXRhZ21hbmFnZXLrJNBndGFnL2pzP2lkPUFXBQNQNDUxNDfSJQPaJGJzY3JpcHQ8Agx9Ag4fHRk2ywqwaW5zZXJ0QmVmb3LMAg_XJCyfOTExMDY5NzA1-QUJD-kAQx01uwwK6QAPxiVBBu8AD6wOCPEdaW5zaWdodC5hZHNydnIub3JnL3RyYWNrL3VwP2Fkdj0xanc1Y3ZsJnJlZj3xJpAlM0ElMkYlMkYVBQr3JgAVAGtib2wlMkb7JvWYJTJGZGVmYXVsdC5odG0lM0ZCVERhdGElM0RFRmUuQi5nQUI0Zi5CLkIwIS5TRU96LmVHSS5sWWcueEchLkJqLlNYLjBmLkUlMjZQcm9zcGVjdElEJTNEMjdGNjhCQUY1RDEzNDA5QjhFRDlDMjc1ODBCOTgwRjcmdXBpZD1ocWdvd3B6JnVwdj0xLjEuMCZpZD10dGRVbml2ZXJzYWxQaXhlbFRhZzFiJ7A1NjAmdGQxPVNhcJUoEF_PJxBf8AARX9kAFl_VJzZfbHBkBVNpZnJhbagCCuoCLzYxAQIBCLkP8ghIVE1MSUZSQU1FX1NFVEFUVFJJQlVURTcDD3MFLRA3JBxPMDQxMosUCChqcwQCMHVwXzsoMWVyLjMBNi5qc-cAD9EDCR806AIACOcAD9EDO684NzEzOTQzNzk4GRsID9kAMw_AAQ0PwQNBBt8AD8EDCA-wBBTANjQ0NTc0MDQzJmw9zSGvTGF5ZXImY3g9Y9kBET42MTHZAR812QFInzg5OTIwNzE2OZkMCA_6AFQfM_oADA_6AUIFAAEPJQkIgWJhdC5iaW5nhwchYWNkLPGiMD90aT0xNjAwMTY5MiZWZXI9MiZtaWQ9ZmVhNmI3MTItMTE0Mi00OTVkLWI5YzItNDAwYWRjOTg0NWNlJnNpZD1jYjQxODRiMDIwMTIxMWVlOTc4ZTExYzRhOGM3ZDU4ZiZ2aWQ9Y2I0MWFmMDAyMDEyMTFlZTlhZTQ1N2ZjODkxY2YxNDImdmlkcz0xJm1zY2xraWQ9TiZwaT0xMjAwMTAxNTI1JmxnPWVuLVVTJnN3rQBAJnNoPR8AsCZzYz0yNCZ0bD1GPC1FJTIwUD8t0CUyMCU3QyUyMENpdGnzAC8mcJEGn_YXcj0mbHQ9MjIxMyZldnQ9cGFnZUxvYWQmc3Y9MSZybj00NjA2OTaSAw8WLgQvNjZoBQAAFAAFtgsBTwYAcC4PTgY_cDkwMDU2MDJHKg_jGQcPnAKNFzCcAi9lY-kHE6EmZWE9QXBwbGljtRYPgAI3HyYHAwMAIgICjQ4AGwJfMTYzNDEbAhEO0Q0ZNtENDxsCSK84ODU2MjIxODAwtwUICRsCAA0AD1wIFQ-JBQAYNqQgD1wIPI84OTQ0MjAxNhwuCQC_AAWDBQANAA_MABUPTwgACcwAD1UGRAPSAA8CEggAxQAF0gAMVQZHMzc0M1UGUDVlNzAwSwb_DDM1MzEtNGRjZi1iN2Y1LTU2NzBiYWY1NjQyMVUGPQi5Ax9wVQb_FG85NTA4NjhVBg8fN44PAAAUAA9VBlEgODmKMU8wMDg0ZBwID5wCmQ9VBpMgNTDlBA8bAhAP_wsAGDd7HQ9VBkmfNzM3NTkxNDY5jTYICRsCAA0AD4kFFQ9JCQAJ2QAPVQZFD9INMI85NTIzMTE2MtINJA5OHy82ONINSJ85ODEyMTM2MTerDwgP0g0VD_oALA9JCAAJ-gAPfQdCBQABD_oBCPADem4zdmk4a2t1ZHMwampyZmMtdRLwEWZlZWRiYWNrLnNpdGVpbnRlcmNlcHQucXVhbHRyaWNzDQ3xAy9TSUUvP1FfWklEPVpOXzNWSUcAb1MwSkpSRuMPEi81Nv8FAACWHAX_BaBhcHBlbmRDaGls9xcPjBUsQDg3OTWsMB80WCEJDxABaw8bBAAJEAEPJwJC0Dc5NTQ2MDk0MjF9XX0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.124.173.63 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-173-63.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:59 GMT
cache-control: no-cache, no-store
server: nginx
expires: Tue, 11 Jul 2023 17:45:58 GMT

GET
H2 204 r.rnc
data.privacy.ensighten.com/privacy/v1/b/ 0
106 B 10ms
10ms Image
text/plain 3.124.173.63
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.privacy.ensighten.com/privacy/v1/b/r.rnc?n=3&c=1129&i=4jonfo&p=na_prod&s=14818&d=8HB7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNjExIiwiY2xpZW50SWQiOjExMjksInB1Ymxpc2hQYXRoIjoibmFfcHJvZCIsImluc3RhbmNlSWQiOiI0am9uZm8iLCJwYWNrZXQiOjEsIm1vZGUiOiJlbmZvcmNlWgDwCG9va2llcyI6eyJCQU5ORVJfTE9BREVEkQDyJyJ9LCJlbnZpcm9ubWVudCI6IkNCT0wgUHJpdmFjeSIsInJlcXVlc3RzIjpbeyJkZXN0aW5hdM4A9RxodHRwczovL3AudHZwaXhlbC5jb20vY29tLnNub3dwbG93YW5hbHl0aWNzEgDwCS90cDIiLCJ0eXBlIjoieGhyIiwic3RhcrsAwDY4OTA5NzU1ODY5OJYAAAsBChQAUHNvdXJjOQCyWEhSX01BTkFHRVJBANF0dXMiOiJhbGxvd2VktwBAYXNvbrYA1F0sImRhdGFQYXR0ZXISALJsaXN0IjpbXSwiaWYAzzcxODU3OTQzMjl9LOgA7Rlj0AHxAGpzL2N1cnJlbnQvZHBtX-kB9jRfbWluLmpzP2FpZD1jaXRpLWQ0Zjg1ODI0LTEzNTEtNDU1NC05MWZmLWZkYjU2Zjk2MmM1YyZjb21zY29yZT10cnVlBQJic2NyaXB0xwEKCAI_NTY0CAIARDksInMIAsJpbnNlcnRCZWZvcmVCAAIJAj9sb2EGAiC_OTA0MjI4MjcyOTQGAgcPHgF4HzUeAQwxbXV0rAOvT2JzZXJ2ZXJDTCQBOR81JAEH8QV3d3cuZ29vZ2xldGFnbWFuYWdlch0E8AtndGFnL2pzP2lkPUFXLTk3NTcwMTk0NyZsPaQDr0xheWVyJmN4PWMeAhE9NjExAAE_NzEzHgJHrzEyNDA2NTkxMzj6AG4fM_oADA_6AUIEAAEvNDAAAS-PNTkyOTk3OTT6ASQeMgABLzI3-gFGrzg5MDE3OTA0NDQeBggP9AIVD_oALA_6AQAJ-gAP-gFBBQABHzX6AS-_MTA5NTUwMDY5NTn8ASQPAgEAJzQ0_AEPAgFDnzM0OTk2NDQ0NvwCL482MDYyMTg3NQABJB4w_AInNjEAAQ8UBzuvODgyMDE1Nzg1MBQHCA_8AhUP-gAsD_oBAAn6AA_6AUIFAAEfN_oBLo84MzA5MDc5NvoCJQ_wBgAvODL6AUevNzA0MzE1NDU3MvoAbg_6AQAJ-gAP-gFCBQABD_oCL584MTk1MDAwMjP0AyQO8AY_ODAw-gFHnzg1ODU4MDMyMPoBMA_6ACwO-gEK-gAP-gFCBQABHzP6AgeBYmF0LmJpbmfYCiBhYxQP8DAvMD90aT0xNjAwMTY5MiZWZXI9MiZtaWQ9ZmVhNmI3MTItMTE0Mi00OTVkLWI5YzItNDAwYWRjOTg0NWNlJnNNDfMSYjQxODRiMDIwMTIxMWVlOTc4ZTExYzRhOGM3ZDU4ZiZ2JQA2YWYwJQDwAGFlNDU3ZmM4OTFjZjE0MiUA8AVzPTAmbXNjbGtpZD1OJmVjPVNhcGAQYF9jYm9sX7QN0F9mcmF1ZF9wcmV2ZW6-ANFfbHAmZWE9QXBwbGljOAwxJnA95A-QJTNBJTJGJTJGOABgY2FyZHMuCgAA-gAAFQBhYm9sJTJGTwAGTgDxAiUyRmRlZmF1bHQuaHRtJnN3GAH2FCZzaD0xMjAwJnNjPTI0JmV2dD1jdXN0b20mcm49MTYzNDE2-wsyaW1nsAwKFg49NjY2AgcoODICBwwUAhJBRwACGw5AZXJyb3YQL3JlIhAbnzg1NjIyMTgwMAQJCP8caW5zaWdodC5hZHNydnIub3JnL3RyYWNrL3VwP2Fkdj0xanc1Y3ZsJnJlZloBNfCCJTNGQlREYXRhJTNERUZlLkIuZ0FCNGYuQi5CMCEuU0VPei5lR0kubFlnLnhHIS5Cai5TWC4wZi5FJTI2UHJvc3BlY3RJRCUzRDI3RjY4QkFGNUQxMzQwOUI4RUQ5QzI3NTgwQjk4MEY3JnVwaWQ9aHFnb3dweiZ1cHY9MS4xLjAmaWQ9dHRkVW5pdmVyc2FsUAkSRVRhZzG6EX81NjAmdGQxggITB_4BQ2ZyYW3VDwsBAh4x-Q4PAQILD_kOMa84NzYyMzAwNDEyFQQIgHNyLnJsY2RuGwNwLzQyNTQ2Nv8C_yZsP2VzPTgwNjc2JnU9ZGEzOWEzZWU1ZTZiNGIwZDMyNTViZmVmOTU2MDE4OTBhZmQ4MDcwOQsBERA1AAkiZW7EEgM-Eyg4MhQIoGFwcGVuZENoaWwRETJzdGEGAw8hESOvODg4MTI5MTM1NP0PCA8EAV8PDwIBCAQBDBAEDw8CMgULAQ8UDggPJAaNFzEkBiFwaZoF_wAxMDE1MjUmbGc9ZW4tVVO5BQRAdGw9Rj8GRSUyMFBBBtAlMjAlN0MlMjBDaXRpAgMPQAY3D-YEV6FyPSZsdD0yMjEzngbQcGFnZUxvYWQmc3Y9MaUGXzQ2MDY5pQYlFzOzCQyVAg-lBjGvOTAwNTYwMjQ2MqMSCA-VAgpHMzc0M7kIUDVlNzAwrwj_DDM1MzEtNGRjZi1iN2Y1LTU2NzBiYWY1NjQyMbkI71c1MDk0NNcYD7kIBR43wQ0vODIUAk2fODczNzU5MTQ21RYJDxQCmQ-pBP8VZzk1MDg2OEUID04LBA-VAmOPOTMyNDAwMDhSFQkCQhjwB2Fkcy5nLmRvdWJsZWNsaWNrLm5ldC-YBfMCYWQvdmlld3Rocm91Z2hjb25pHfYELzkxNjQ1MTQ3MS8_cmFuZG9tPY4K2zYwMSZjdj0xMSZmc3QYAEFiZz1mAQDzESZndWlkPU9OJmFzeW5jPTEmZ3RtPTQ1YmUzN2EwJnVfzQwjdV_ODD91cmzQC582aG49uBMgYWQjGkFpY2VzuQevZnJtPTAmdGliYegHEhBhLwGmNjA1Mjk4Mjc5Lm4B4CZ1YW1iPTAmdWF3PTAm5BkRPW8OMCUzRAsa8AAuY29uZmlnJnJmbXQ9MyYGABY0sgIPGRwHLjYxBRUoODIFFg_3CjqfOTEwMjk4MTIxChMJD64C__8LD8USAAmuAgwMCg-hDDEGtQIPrA0ID7UCJp82NDQ1NzQwNDNjBQEfNGMFBD80MSZjBf-YHjV8ITc4MjXBDA9jBTqvODg3NzE0NzM4Oa4C__8mDwQSAQiuAg9jBUEGtQIPFh4I8AVzaXRlaW50ZXJjZXB0LnF1YWx0chInACwndFdSU2l0ZUkeANBFbmdpbmUvVGFyZ2V0Wxj1J3BocD9RX1pvbmVJRD1aTl8zVkk4a2t1ZFMwSkpSRmMmUV9DTElFTlRWRVJTSU9OPTEuOTUuMBcAhlRZUEU9d2ViUwkPcScEEDhDIA1HFAhRIQ9xJz6fOTA4NzQxNDY2ThUJDzsB_0TwGWR4anNtb2R1bGUvMTIuYWI5MmI3MTdkZWMyNDRjOTIzMTMuY2h1bmviJw9iAhShJlFfQlJBTkRJRBAoCiQaBn8CD9ILCB448ykBlgIF6ycPwQNCnzcwMzYyNTAxNeMdCA8kCSePOTUyMzExNjIkCQEvNzeHDgMvNzckCf-ZHzgkCQEfOCQJSH8wOTQxMTMwNAUID64C__8LDyQJAQiuAg9jBUIjODe1Ag9jBQgJfxYjcC9OIQRJIT8uanNDBhIPDB0CCOAAD7IMOgAtLm84MjA5MDSOAwgP2QA0D_EgAQjZAA-5AUEG4AAPTBoVCbkBAEkaD7kBFh850SEACOAAD7kBOp84NzkzMjI5MDT1BwkPuQEHD9kAGQ9cFwII2QAPuQFBBuAAD5YMCA8nBiYUOcQpD9UIAD83NTLVCAIAGAAP-RH_ly83NlwXAQh1Mw-OAzsgOTToBT82OTYgBggPrgL__wsPVB8BCK4CD2MFQtA5NDE2MDA2OTY1fV19
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.124.173.63 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-173-63.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:45:59 GMT
cache-control: no-cache, no-store
server: nginx
expires: Tue, 11 Jul 2023 17:45:58 GMT

GET
H2 204 r.rnc
data.privacy.ensighten.com/privacy/v1/b/ 0
106 B 1129ms
1128ms Image
text/plain 3.124.173.63
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.privacy.ensighten.com/privacy/v1/b/r.rnc?n=4&c=1129&i=4jonfo&p=na_prod&s=10795&d=8HB7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNjExIiwiY2xpZW50SWQiOjExMjksInB1Ymxpc2hQYXRoIjoibmFfcHJvZCIsImluc3RhbmNlSWQiOiI0am9uZm8iLCJwYWNrZXQiOjEsIm1vZGUiOiJlbmZvcmNlWgDwCG9va2llcyI6eyJCQU5ORVJfTE9BREVEkQDyJyJ9LCJlbnZpcm9ubWVudCI6IkNCT0wgUHJpdmFjeSIsInJlcXVlc3RzIjpbeyJkZXN0aW5hdM4A8ypodHRwczovL2dvb2dsZWFkcy5nLmRvdWJsZWNsaWNrLm5ldC9wYWdlYWQvdmlld3Rocm91Z2hjb24RAfsbLzk3NTcwMTk0Ny8_cmFuZG9tPTE2ODkwOTc1NTg3MDUmY3Y9MTEmZnN0GABBYmc9ZgEA8BYmZ3VpZD1PTiZhc3luYz0xJmd0bT00NWJlMzdhMCZ1X3c9MTYwCQBAaD0xMgkAMXJsPbYA8AQlM0ElMkYlMkZjaXRpY2FyZHMuCgBALmNvbRUA8AJib2wlMkZmcmF1ZHByZXZlbvIA9XAlMkZkZWZhdWx0Lmh0bSUzRkJURGF0YSUzREVGZS5CLmdBQjRmLkIuQjAhLlNFT3ouZUdJLmxZZy54RyEuQmouU1guMGYuRSUyNlByb3NwZWN0SUQlM0QyN0Y2OEJBRjVEMTM0MDlCOEVEOUMyNzU4MEI5ODBGNyZobj13d3cuZgFwZXJ2aWNlc6wA0CZmcm09MCZ0aWJhPUauAEclMjBQsQCxMCU3QyUyMENpdGkvABBhLwGmNjA1Mjk4Mjc5Lm4B8QQmdWFtYj0wJnVhdz0wJmRhdGE99wDwByUzRGd0YWcuY29uZmlnJnJmbXQ9MyYGAPAJNCIsInR5cGUiOiJzY3JpcHQiLCJzdGFyhAIGxQEgMTJfAgDUAgUUABA43QJQc291cmM8ALJhcHBlbmRDaGlsZEEAkHR1cyI6ImxvYRAAYHJlYXNvbnwCMF0sIpYAZFBhdHRlchIAsmxpc3QiOltdLCJpYwDPNzk1Mzc0NTAxOX0srgL__yMfM64CDDFtdXT9BK9PYnNlcnZlckNMtQI4LzIwtQJBjzU5Mjk5Nzk0YwUBLzE5YwUDPzE5JmMF_5guMja1Ak8zMCwiYwVFjzI0ODE2OTQ4YwVCD64C_9AfN64CDA9jBUMDtQIfOWMFQb8xMDk1NTAwNjk1OWUFAR8zyAoELzM1ZQX_mR80GggAD2UFR785MDM0ODUzMTgzNBMIQA-wAv_THzRnBWAGtwIfNbcCQI84MzA5MDc5NmUFAi83MsoKAy83MmUF_5kvODG1AgAfNcoKRb85MDkyNzcxOTc3OK4C__8lD9sSABgzrgIPygpBBrUCD38NQZ84MTk1MDAwMjPICgEvOTFjBQMvOTFjBf-YPjgwMGMFJzUzYwUPtQJBrzg4MTY0NTA4NjlqBQjxB3NpdGVpbnRlcmNlcHQucXVhbHRyaWPmFvECL2R4anNtb2R1bGUvQ29yZU0LAPQMLmpzP1FfQ0xJRU5UVkVSU0lPTj0xLjk1LjAmFwDwBFRZUEU9d2ViJlFfQlJBTkRJRD3mF49mZWVkYmFja8IWES05OPoLRzkwMjIyAQ_CFjqvOTExNDE4MTM4OfoLCA8rAYYNdQoLKwEPXQJBBjIBD3UKCA8yAQl0V1JTaXRlSXsC8gJFbmdpbmUvQXNzZXQucGhwP24C8gY9U0lfMEFpb3J5UmtsOGJ4SE0yJlbYG8I9MjEmUV9PUklHSU5eGjA6Ly9oAgpYGgWWAg-tAgwGlgIyeGhyXxYJVRlMOTAyOMUDAhQABfITslhIUl9NQU5BR0VSQQACVRlvYWxsb3dlWBkhnzkzNjM1ODIzNmQB_7D1A0NSXzZzUHFEWDR3S1F1alBPNsgCAMcCBQgDL0lE8wIBD-gCy685MDI1NDcwMzE2qQYkD0wEFA-EAf9LBy0I_w03LmNmZjk3Y2E0NTdjN2JjYmY3NzhiLmNodW5rPwhSPTkwMvAWTzkwNTQ_CEW_ODc5MDY1MjU5MTHUDgcPDQcJDz0BfB456QYJPQEPUQhBBkQBHzNEAS7_BzEuMGM1YTU3Njg1Y2VjMDEzN2I4M2GBAm8fOIECRp85NDA0MzkwNjg9AbMPgQIBCD0BD4ECQgVEAQ9uCSQHxQMTRusMYkJ1dHRvbssKD_oEaC82NnkCR385NDU3ODM1OQ0wDzUBaQ9xAgAJNQEPcQJDBDwBHzbyBCMP9wgDsD9RX0ltcHJlc3M9WgpPQ0lEPfkIAE9RX1NJbAoF_whBU0lEPUFTX2V0VUJUNFFVRDlCdHlmNEoNFSYmcjgoNzkxM7ImD1oNBC4xM8IOARQAD1oNRuA5MDUzNjkxNDkwMn1dfQ
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.124.173.63 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-173-63.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:46:03 GMT
cache-control: no-cache, no-store
server: nginx
expires: Tue, 11 Jul 2023 17:46:02 GMT

GET
H2 204 r.rnc
data.privacy.ensighten.com/privacy/v1/b/ 0
106 B 1127ms
1126ms Image
text/plain 3.124.173.63
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.privacy.ensighten.com/privacy/v1/b/r.rnc?n=5&c=1129&i=4jonfo&p=na_prod&s=1147&d=8HB7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNjExIiwiY2xpZW50SWQiOjExMjksInB1Ymxpc2hQYXRoIjoibmFfcHJvZCIsImluc3RhbmNlSWQiOiI0am9uZm8iLCJwYWNrZXQiOjQsIm1vZGUiOiJlbmZvcmNlWgDwCG9va2llcyI6eyJCQU5ORVJfTE9BREVEkQDyJyJ9LCJlbnZpcm9ubWVudCI6IkNCT0wgUHJpdmFjeSIsInJlcXVlc3RzIjpbeyJkZXN0aW5hdM4A9BxodHRwczovL3NpdGVpbnRlcmNlcHQucXVhbHRyaWNzLmNvbS9XUlNpdGVJHgDwaEVuZ2luZS8_UV9JbXByZXNzPTEmUV9DSUQ9Q1JfNnNQcURYNHdLUXVqUE82JlFfU0lJRD1TSV8wQWlvcnlSa2w4YnhITTImUV9BU0lEPUFTX2V0VUJUNFFVRDlCdHlmNCZRX0NMSUVOVFZFUlNJT049MS45NS4wZAAQTBcA-CBUWVBFPXdlYiZyPTE2ODkwOTc1NTkxMzQiLCJ0eXBlIjoieGhyIiwic3RhcnQiOiQAEDUpAQCeAQc4AIA1LCJzb3VyYzkAslhIUl9NQU5BR0VSQQDRdHVzIjoiYWxsb3dlZEoBQGFzb25JAdRdLCJkYXRhUGF0dGVyEgCxbGlzdCI6W10sImlmAN85MDUzNjkxNDkwM30sewEjFFGLAfoAU2hhcmVkL0dyYXBoaWNzsgH2Dy93ci1kaWFsb2ctY2xvc2UtYnRuLXdoaXRlLnBuZxoBIGltDQAPGgEAHjQaASc2MBoBoGFwcGVuZENoaWwHATJzdGEaATBsb2EQAC9yZRcBGr84Njk4NzY1NzQwNBcBjA8xAgAJFwExbXV0SgOoT2JzZXJ2ZXJDTDgCDx4BJcA5ODc2NTc0MDV9XX0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.124.173.63 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-124-173-63.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://citicards.citi.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 17:46:03 GMT
cache-control: no-cache, no-store
server: nginx
expires: Tue, 11 Jul 2023 17:46:02 GMT

Verdicts & Comments Add Verdict or Comment

86 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

48 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
prod.report.nacustomerexperience.citi.com/glassbox/reporting/798b2f12-9162-4a94-91ee-805d883ca266	1969-12-31 23:59:59	Name: _cls_cfgver Value: 5a59ddc9
prod.report.nacustomerexperience.citi.com/glassbox/reporting/798b2f12-9162-4a94-91ee-805d883ca266	1969-12-31 23:59:59	Name: _cls_v Value: ceaa58fe-341f-47e2-bd95-bf15fc591110
prod.report.nacustomerexperience.citi.com/glassbox/reporting/798b2f12-9162-4a94-91ee-805d883ca266	1969-12-31 23:59:59	Name: _cls_s Value: 877185eb-7baf-4ac4-985e-f472f4128f7a:0
.citi.com/	1970-01-20 13:11:44	Name: ak_bmsc Value: C2206048B4768172CA38A86E22D708F3~000000000000000000000000000000~YAAQovAQAmV8xkOJAQAAslIPRhQ4RLzl4ETPacdDwFN8J2bLy0mZu0NPiXELjbOUpufRh7sbnXGGUhdq7NWZVkE68E6ZykHjUQTcTl4cChOD8auQRprhlD9F4JhpGPj5Q/P12bq20sy21TlJt1DZcQsrK18J67qh/UceGks+VcJ11FobSESdJpAAyUVqru30UkDvotKnKtHqP78mer/VC8NvT8z/UVZTNL6/ztmRZsW3a19D2tJHHee8BBoHEWvaVmsIDq+IUg7BHwBaXnMKMKLn5dP0JwC+7ecyBkRm5G+P/5ddJ3dArvd2IRQkIlv0MYA5nw==
.citi.bridgetrack.com/	1970-01-20 21:50:01	Name: ATC1 Value: 53458\|ZRzWF.B.iAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.C.E
.citi.bridgetrack.com/	1970-01-20 21:49:12	Name: CitiBT Value: GUID=F2EEEF7F30E94FE29528C219569782E2
.citi.bridgetrack.com/	1969-12-31 23:59:59	Name: CitiBTSES Value: SID=62C121476E604059A098EB3BD73C7876
citicards.citi.com/	1969-12-31 23:59:59	Name: CitiBTSES Value: SID=7365C64FA07E4A2BAB623DC312ACF817
.citi.com/	1970-01-20 13:11:44	Name: ensighten_conentSync_timestamp Value: 1
.citi.bridgetrack.com/	1970-01-20 21:49:12	Name: CitiBT%5F1 Value: GUID=F2EEEF7F30E94FE29528C219569782E2&SID=27F68BAF5D13409B8ED9C27580B980F7
.demdex.net/	1970-01-20 17:30:49	Name: demdex Value: 85913860889323299874321821020008384518
.citi.com/	1970-01-20 21:57:13	Name: CITI_ENSIGHTEN_PRIVACY_BANNER_LOADED Value: 1
.citi.com/	1969-12-31 23:59:59	Name: CITI_ENSIGHTEN_CC_SYNC Value: 0
.citi.com/	1969-12-31 23:59:59	Name: at_check Value: true
.citi.com/	1969-12-31 23:59:59	Name: AMCVS_61834D9B5228A7430A490D45%40AdobeOrg Value: 1
.citi.com/	1969-12-31 23:59:59	Name: cebs Value: 1
.citi.com/	1970-01-20 22:47:37	Name: s_ecid Value: MCMID%7C91223644104505066563628119440067965349
citicards.citi.com/	1970-01-20 13:11:39	Name: 7830 Value: error
citicards.citi.com/	1970-01-20 13:11:39	Name: 7018 Value:
citicards.citi.com/	1970-01-20 15:21:13	Name: 64072 Value:
.everesttech.net/	1970-01-20 21:57:13	Name: everest_g_v2 Value: g_surferid~ZK2VVQAAAHeomwOJ
.citi.com/	1970-01-20 22:47:37	Name: _cls_v Value: ceaa58fe-341f-47e2-bd95-bf15fc591110
.citi.com/	1969-12-31 23:59:59	Name: _cls_s Value: 877185eb-7baf-4ac4-985e-f472f4128f7a:0
.citi.com/	1970-01-20 13:13:03	Name: _ce.clock_event Value: 1
.citi.com/	1970-01-20 15:21:13	Name: _gcl_au Value: 1.1.605298279.1689097558
.dpm.demdex.net/	1970-01-20 17:30:49	Name: dpm Value: 85913860889323299874321821020008384518
.citi.com/	1970-01-20 22:47:37	Name: AMCV_61834D9B5228A7430A490D45%40AdobeOrg Value: 1585540135%7CMCIDTS%7C19550%7CMCMID%7C91223644104505066563628119440067965349%7CMCAAMLH-1689702357%7C6%7CMCAAMB-1689702357%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1689104757s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19557%7CvVersion%7C4.4.0
.citicorpcreditservic.tt.omtrdc.net/	1970-01-20 13:11:39	Name: citicorpcreditservic!mboxSession Value: 1784dfc378454b47af6a1b5e47be6880
.citicorpcreditservic.tt.omtrdc.net/	1970-01-20 22:47:37	Name: citicorpcreditservic!mboxPC Value: 1784dfc378454b47af6a1b5e47be6880.37_0
.citi.com/	1970-01-20 22:47:37	Name: mbox Value: session#1784dfc378454b47af6a1b5e47be6880#1689099418\|PC#1784dfc378454b47af6a1b5e47be6880.37_0#1752342358
.citi.com/	1970-01-20 13:11:39	Name: mboxEdgeCluster Value: 37
.rfihub.com/	1970-01-20 22:33:13	Name: rud Value: H4sIAAAAAAAA_-MSNjU0MTCwMLE0MjOwMDY1NjG2tBDiM9RNzgo10vXNyvEqTikAAN1CGbwlAAAA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAA_-MSNjU0MTCwMLE0MjOwMDY1NjG2tBDiM9RNzgo10vXNyvEqTikAAN1CGbwlAAAA
.citi.com/	1970-01-20 13:13:03	Name: _ce.clock_data Value: 136%2C80.255.10.199%2C1%2Cdc0a08e416cd7f8471c71ad711523ca3
.citi.com/	1969-12-31 23:59:59	Name: cebsp_ Value: 1
.citi.com/	1970-01-20 21:57:13	Name: _ce.s Value: v~e7b2c6123ffca6a6e15135b455712bcf7453a433~lcw~1689097557617~vpv~0~v11.rlc~1689097557953~lcw~1689097557954
.citi.com/	1970-01-20 13:13:03	Name: _uetsid Value: cb4184b0201211ee978e11c4a8c7d58f
.citi.com/	1970-01-20 22:33:13	Name: _uetvid Value: cb41af00201211ee9ae457fc891cf142
.citi.com/	1970-01-20 13:11:39	Name: _dpm_ses.d03c Value: *
.citi.com/	1970-01-20 21:57:13	Name: _dpm_id.d03c Value: 769097af-05e7-4952-914d-a2538251ed6b.1689097559.1.1689097559.1689097559.ee8b605c-d4e9-415b-a831-d40ddd5ae6ec
.bing.com/	1970-01-20 22:33:13	Name: MUID Value: 38F6B3BBDD746C972194A0F0DCFF6DC1
.doubleclick.net/	1970-01-20 22:33:13	Name: IDE Value: AHWqTUlOiWb3i-yt0mgPd7iIXHAh3azHHrC9KG60T5o53RtxxgC1cvSj_hCyewnQ
prod.report.nacustomerexperience.citi.com/	1970-01-20 13:21:42	Name: AWSALB Value: jE9lD5gMN3pTMpK1/bFPHEJtFve9OH26q8kY0bo6tE7poXXD6VkRHyqvvWfY+GIgk7JSucm4r7O0DDpF6tmyXhun2mOhGKHZoCPw+Tm6QqUqQwTFYqAh6mCFQaam
prod.report.nacustomerexperience.citi.com/	1970-01-20 13:21:42	Name: AWSALBCORS Value: jE9lD5gMN3pTMpK1/bFPHEJtFve9OH26q8kY0bo6tE7poXXD6VkRHyqvvWfY+GIgk7JSucm4r7O0DDpF6tmyXhun2mOhGKHZoCPw+Tm6QqUqQwTFYqAh6mCFQaam
prod.report.nacustomerexperience.citi.com/	1969-12-31 23:59:59	Name: ROUTEID Value: .cligate1
.amazon-adsystem.com/	1970-01-20 19:33:13	Name: ad-id Value: A0iZ5Hik1USrtYpzZr46_PE
.amazon-adsystem.com/	1970-01-20 22:47:37	Name: ad-privacy Value: 0
.tvpixel.com/	1970-01-20 21:57:13	Name: sp Value: 720efe67-99d5-4083-85a8-1a0148f317b4

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709 Message: Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

20766699p.rfihub.com
assets-tracking.crazyegg.com
bat.bing.com
c.tvpixel.com
c1.rfihub.net
cdn.digitalmarketing.citibankonline.com
citi.bridgetrack.com
citi.demdex.net
citicards.citi.com
citicorpcreditservic.tt.omtrdc.net
cm.everesttech.net
data.privacy.ensighten.com
dpm.demdex.net
googleads.g.doubleclick.net
iad1.qualtrics.com
insight.adsrvr.org
js.adsrvr.org
metrics1.citi.com
nexus.ensighten.com
p.tvpixel.com
pagestates-tracking.crazyegg.com
prod.report.nacustomerexperience.citi.com
s.amazon-adsystem.com
sb.scorecardresearch.com
script.crazyegg.com
siteintercept.qualtrics.com
sr.rlcdn.com
tagmanager1.citi.com
tracking.crazyegg.com
www.citi.com
www.google.com
www.google.de
www.googletagmanager.com
zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com
104.102.55.191
104.17.208.240
104.17.209.240
108.138.15.119
13.32.110.125
18.66.122.45
18.66.97.4
193.0.160.131
2600:9000:214f:f200:1:76cf:fe80:93a1
2600:9000:218e:9c00:1d:bf0a:0:93a1
2606:4700::6813:9308
2620:1ec:c11::200
2a00:1450:4001:80b::2008
2a00:1450:4001:80f::2004
2a00:1450:4001:829::2003
2a00:1450:4001:82f::2002
3.124.173.63
3.33.220.150
34.107.138.236
34.206.177.80
34.226.6.56
34.251.46.32
34.253.91.174
35.190.22.40
35.190.60.146
52.208.156.123
52.222.169.27
52.46.143.56
52.48.127.113
63.140.62.135
66.235.152.115
95.101.149.99
0155792b9a2663cd6b988cf1c1f79d8cacb5a412f37030d3b3dd310e41e80be6
040d3398f360907cc7ca1b942e2213e6f360d39bac4a5fa9140e3ae82731c747
04ce45e70778ae8ff4eb970e620665a7e48552a96ddc99e92b8bf1c08592d985
0692d8f575c2522bf66816e9190859e9a1135ced06f09a9d4145c146abeaf46b
07f6baeb3a16d7474a408bd4f6ae6bfe8c2538c41ba342f2431ddc64264b4fcf
0a747978746092df6f18fe90ef23b9896959f6a9bb0b58cbab2cbc851793e023
0ebd30481275ed2efaec548910e3cd90cdcbcd27fcc94d4e30695429c5ef6eb8
1189d926238344b283108b3493cf0469d4fd851d185f22fd9366a225c44d3e7a
13a4ca010c140545ef73acefd2e75ec8c1f2f5ff24a0173a3cd1cf9d45c80ef5
169497aeb22981c6c521fc664347e3d61bfa45949950fece4d1b094543bb64f9
18e4bd3ec81538c19da48add5f6bcabe99cabf7279806624e3bdf630537e9447
18fe0fbfef31b4ef603a5827ac377792d1a68b93710d285e88623a79ea0e6870
1aa2b97a967263d27c2f5591098fdae938891217f7288d1bf03b800963c3d270
1cc998148cc12663c81cd4638e2dab2e75a52568104f426ab305c6773b4ec4ff
1fa281e4dcbd2331514f3e107d332989ffb078ccf119b31dcd9b809ba809fbe6
23f9b203df9708cc87f9003357c49ac2830ff4da1c1d004b824daa6dd87281d5
24645a1628120462f09c3276e50f9d0dde6caf441ab1670aa2eb5f8db09be321
2584c6004529409e7de7c99038212f52c80abd0ea8433e69bae062fb2fbeeaf3
25ca4a79f782688bb53814c6f6d6a4c97838c77c6629837c873571f0b511253e
25d29d4c6e744e54c9e16f2f27a9cea3d936047813399376dcc5bd852b506a38
25f4eeb23f67fe1d74534ed37230ecd54ab4f57524276970dcbeaaf3b0fc64f9
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
28ced8a7cb30e6f747ad8116dcd11d3dbf5848c2d49a9babbd7d8c94e0a29cf7
2bab576a1654b30cbc8ea7514784fe81dd0d35450205e30f0a66498faf577757
2f081177d80bf5cffe4bffeec6ac04429ab25f126b1f26c03c5a84b9dad96247
303e00d9d0713dbe04d62a577c682cfe9044c4918f6629938bd0aa49ba40286c
3206ebacd5412487690b2ffd3827ed76494371dc86c3d98686a5f8256763f6f0
32e078eaf9ab12df31c74acecfbfd38337dbd6a222a99a7c70bb35364b74ca5d
33fa52dffe53dbab622b16aefb8e126f4c46551cda6ee3e91b2232a4379cf4a4
3563b6e04f40fe3731855ce09dfd2e5f9e2352a3fe1107ca4bd7be199be7a466
372b67a92ab446419a50836bef8d4cb1e67c3c453635802b8e76851f97506a6a
3f43972904354945d6d4956c6646d4cd51b50365a02613b82fba7b357408f36c
40cefd284724286ec23670e16cc7b354c2cee0527edda1ae49eea62b8301bff4
41d6ee7d6834807df0b1c075d37e868b03c8f6474f3d41971cdc660cf36790af
465f3efefba82cfd554d95f93205978eeb3c075f3f56e790615ede3e0611411e
4bd2e97ff103e4087829ada73ed0a4f97639bd1cf5fe57744dbb1504e6217d2f
56500ab0cde6f2d4378a2b105d7f48f729f23b0b5186c2ae3fc80ab57b1e43b6
57708901f47a20f3fbe1aafedc530fbe49f01fb88714c9b4685426b94759f732
5876ae5fde034fe82d29cd610ae025ffeb6ecbc200f5f3024bc48a9008d03295
5b67ef142e18bfb86f4dac4a466758f51db4171863f56925eb6ae2c242b416ff
5bc08566dd8013e3cd19dfd6f84bfdd4158f10ccf58fcfb79d70a251a00f6244
5e7589d97b30470896e35939fc5e7716858909423e208c29548c4971ebb95996
6038d7791fbab95f51c10c0c28a125aeffeca7474d5a8e03f77ad48ef69d2c2a
61d1bb42616337c62614385e8a3045e00d5724568b0cbe1701e45b2c80eb5bc6
61d8137d275f12306e177bc726c2b3e072f9efa4743a0ace6ecbcf7a0932fd07
63b98a0c8568c08fd01a6946a147bca65eff26c8085f1ccb5330aafe0f0dcd15
6424b26e1c9ad15f0ed6d53c59c7fc52b8265ae94a4f6ccbc65657a8ab6693b4
676e54cdee3f1e714af561b2de2074adc44558f0af9228f6a6549591b77ee06d
6790995e96e099f5fcb8e62a1c0bd602f44ddfd8189dd6ff6a0e1449eeb39978
679804e244b4127b7ecd99a513b57d6a4f91866410e16da69ce02f98f534051d
686eb5d7c927dd741ef72adda5c719b478d36f1e29520ee16d5121854c174b10
6896c70fd430a1ffe69dc778926e1866ca52a12bd341170522ad6278aafd7bcf
696482c2e2d088086d19d0fc4406632415e35b741ecc23151a75a39b8766a5d5
70cfee2273cff08adc1de934c7ba4c26ef37c552c0265a619f7aaae84b366082
7207b8bd9fd7ebbe1adb59018aa049221ac062bc181ea46a1061107441784668
76a55cd62af40958e22bfdf1cfc8d219316b5b87adee9a0295f838ea23f737ed
790b0753a3a6032c5027e38e87dd9eee0a51545875426747b10de55e66a5c8e1
798d2817849805518cc159e3194bf87db2de912b5fb65d271d6ad35220b523e6
7b699b93e69fda495eb30c70f72207299c8f949accd7b1e8a935948d59d9af44
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7c4f0fcc5980b660a231964d5984a9aaec67b55959cab8ab33693a739662bcbb
7e00d5a424ff85e9c4c39a0341813e09d662e1f61f128790a5abe1caefb46f92
7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f
82d8b874a720813a2eee51512acb32ae162e58ca8bd8819a7f35f02924fe49b9
830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375
86551808dbfbf8bc9b23ab3d0725794c2e1f2b4265c96715f2945638160edc2b
8b6fdc430f575d137081d0fcfb972fe22cfcb02b7ad17ad7547b84d884f7d277
8f1b37fd8027cd3572e65d86ff4abc177632d7a232bccfb149801e25412950df
91bdaca97a48f744ecd5ffe4decc15929dbe4cbc0da9b0e43ee2636091512bb9
94bad9954c9dc33d05273f541c9f4ad8b7622eba628719cf61ff5969c3656b4f
94d185b092eb12a399becc1cf4fbd11ca29ee301156b298cbb16408b8f924702
9a74546a8f511f31b5252f115d2db7aa69370ca5eeaf6828f60abb197f35a169
9add447cfdd02f84f5df5bdacbc5ec5309e45a809ffe76a94cd1648c84fcb28f
9b61a38abc0e343f9cdeb049ded0608b26d80ac51673dc59113c661e11b405f8
9e111db6cfdacf87c7e7ec3f4f226222985997b4288e6add4bc1b7a23047f242
9e99b16368b8c1087c20b7cfcd4d347ad8d9ad87e2f12c02bde98d77fb0f4aa3
a3e459748cea4644f18f82a58e89526526ff2e4aa862f4013ef89240a728b9c0
a4d1700a5722627ab817f154047da828c8eab3153daf0251fd4ec06e4a86acea
a4feacf07f26856360c14267fa1d8edd0459996feb8ad471da273cbf7510e4cb
a8027ee9180a5a26fc10c906f300390608b2e6505153ea80390ae15bbe986732
a9a993bbf626a619aea1f7a0c7a91f8900bdea1e85e4881d5bbf3953fff6eec3
a9eee2593f18562b0cc7fe8e53fdc1ec91d43a29996ed66888d5a2f699ca1da9
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b20679c2b5ac8bf42dcd693e1c324b1c7b7f597c9a54c3c6f5609a73c6f08916
b24c5b325810b01a60487c8a42151b8f6ac44d1173722ec526c54fe7c4b7c762
b4574a5464bce4c31ea7e1ad1df26cc530c9aec80c6e9589bad98b2c490f53c3
b9265f44392cf6867327d090d6553738c6ce2223ffa70dd3bf82885f6b2d7be6
bfeb1411c94f38006c7a7c93992bfd348f825b5914c94ba2688060e77bd5f630
c090ca35fa296ca439f61d5a139459b3be5bb7c729086bdf268cdf27f236f7d6
c0fb20eb7da599c08ef260ec8603add33ea00a752146ebb8dcb1610c126ec746
c115f10444ec77e06c3a78d333dcc36d1d9996c24ce7086c8cf39caed0dbbc9a
c15aa18f3e0f3f59efadb5241ac16214c5ad16275063bb0127796201c4c52894
c239243e04a137032106c293cb8cfb93057add704fa7a1c6a6e6c577c400b7fa
c437eb764a99e6cd5172d63c3fae564bbc51eda4981058d5edebd2bf0700eb76
c55531a41c4e531e807f3b8bf2239d470626738ff131c50df61dee9d11779efd
c63de0488dd3407907555cfe3e116489a04cb99057b5133442fb20be704d2876
c892e3f2d2a1431a8ebae99542926bfedf2d7ece6652b04e556d6136cabd8295
cd46b81c67658cf41cda7f15ebae3ca2cff11e7ffa482352fd3582c7355b05d8
cd5496f75a7c1029bc681f639794b83f034d5ecd884e8514ae12b13eee9eec70
d107585e5668bdc16163e383fd78e7a418f1eeb8a1093391dd69d7fd4f14450e
d126d27ad49023fbb9eee98910b70ff75515eedb4c471a20a3d895e8bf160b43
d3032ff7e71a938ab86456c60267b219f399ee6e17588690b26707ac4ab33682
d3c368636acfbc1ad3110ecd7e83cd91201a25035eefb869f0ba53fc80556ae5
d606706bc014b445cce648ddb3b4a05c10e012317100eb36ef6080580515a0bc
d72fcc31881c8545b5d0a716d9b66404dfed56c11ec7f7304a50d94e3b80858a
d7e512037d471d67911554862fb8b410aefdefda17c8e82f8eb07d2416363d1f
d908e0bbf3a80aa1e4108a7847f6a61c1acfb6dd43f7c2e997f9fdc107391577
da04c4f96527adfc917fdeedc72e31284a96ca5d7b4afe544f148bdf77b79dcc
db2ccc051fd7633008012ea29d2598c95d84c9a9c985db4359eb1982bd6f2b8b
db33e62f7b7a89f7a12cdee3d87c98ea896c2c403a825901cbeadf4a680fc688
dcc98ed15ff1c1615e63087bbc63be6986c64db729204db4c320c8cc709d39e2
dcfe7c5333c1446a6d4b0b3d9cf9fdb5d6d4ad57c604b647475f6e315cfb2e23
e19a5744362cdb848eacb5a0fad98f6a4ff6acf198282e30f965d3cb0f586ebb
e2032422cf97795d878d7e8f6c5680b61003a0e7426d090ad76414416d5e109b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4dda841c731d19974cdfa6ad5694ac6d20e9c10817574afd354413a634981f2
e7b44c86b050fca766a96ddac2d0932af0126da6f2305280342d909168dcce6b
ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef30ea175304f6c549c4780d5bf6fd45c3ec79e1ec5dccbd54644231d5a30b88
f071110e088267097a0946520a2a08bd589f971f3ce4cb989feda1415026ac49
f10adae49adfa818062a6eceb50629a68614fb3fc25b59b2f1d77d8850bfd7c8
f2f6e980489a52d69fd72e2bc3c3eeb96bf851d0df449fc865637d63ee4775ae
f47f21063dfdcbdeffed3d97689b45efae7a52401cd7fc5b8d07c42d2f232ab9
f518ab8c88559ec19c13febebcf7ab741b08a744682a3062b8ec46423f7fca66
f68795878b6b2f2e12d7a5e44c73561c3f58327dd587e56e8e88dfb742c9647c
fd6d62f4d67e7fda1a1402702346bc50fd7c172c18393a4e0210257b2adbe62d

citicards.citi.com Open in urlscan Pro 35.190.22.40 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

163 Requests

97 %HTTPS

25 %IPv6

21 Domains

34 Subdomains

31 IPs

4 Countries

2248 kBTransfer

5283 kBSize

48 Cookies

17 Outgoing links

Page URL History

Redirected requests

163 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

citicards.citi.com Open in urlscan Pro
35.190.22.40 Public Scan

Screenshot
Live screenshot

Full Image

163
Requests

97 %
HTTPS

25 %
IPv6

21
Domains

34
Subdomains

31
IPs

4
Countries

2248 kB
Transfer

5283 kB
Size

48
Cookies

163 HTTP transactions
0 data transactions