urlscan.io logo urlscan.io
SecurityTrails logo

banking.citi.com Open in urlscan Pro
35.190.22.40  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://offer.citibank.com/
Effective URL: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&Pr...
Submission: On August 05 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 26 IPs in 8 countries across 24 domains to perform 91 HTTP transactions. The main IP is 35.190.22.40, located in Mountain View, United States and belongs to GOOGLE, US. The main domain is banking.citi.com.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on February 11th 2020. Valid for: 2 years.
This is the only time banking.citi.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
5 12 35.190.22.40 15169 (GOOGLE)
18 18.197.253.20 16509 (AMAZON-02)
1 3 52.30.191.169 16509 (AMAZON-02)
1 34.250.115.136 16509 (AMAZON-02)
1 3 15.236.9.100 16509 (AMAZON-02)
1 1 66.117.28.86 15224 (OMNITURE)
8 2a00:1450:400... 15169 (GOOGLE)
1 92.123.0.215 16625 (AKAMAI-AS)
2 3 89.207.16.204 25751 (VALUECLICK)
1 1 64.158.223.158 25751 (VALUECLICK)
1 104.103.94.86 16625 (AKAMAI-AS)
1 54.76.99.142 16509 (AMAZON-02)
1 185.31.128.128 54312 (ROCKETFUEL)
2 34.107.138.236 15169 (GOOGLE)
1 185.31.128.129 54312 (ROCKETFUEL)
2 143.204.202.31 16509 (AMAZON-02)
2 151.101.114.133 54113 (FASTLY)
3 2620:1ec:c11:... 8068 (MICROSOFT...)
1 35.244.245.222 15169 (GOOGLE)
4 192.193.200.243 32287 (SOLANA-CI...)
1 23.43.114.84 20940 (AKAMAI-ASN1)
1 216.58.207.66 15169 (GOOGLE)
1 10 2a00:1450:400... 15169 (GOOGLE)
1 10 2a00:1450:400... 15169 (GOOGLE)
10 2a00:1450:400... 15169 (GOOGLE)
1 151.101.113.175 54113 (FASTLY)
1 35.241.45.82 15169 (GOOGLE)
1 2 2a00:1450:400... 15169 (GOOGLE)
1 1 35.176.206.104 16509 (AMAZON-02)
91 26
12    35.190.22.40 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 40.22.190.35.bc.googleusercontent.com
offer.citibank.com
citi.bridgetrack.com
banking.citi.com
18    18.197.253.20 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
nexus.ensighten.com
3    52.30.191.169 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-191-169.eu-west-1.compute.amazonaws.com
dpm.demdex.net
1    34.250.115.136 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-250-115-136.eu-west-1.compute.amazonaws.com
citi.demdex.net
3    15.236.9.100 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-236-9-100.eu-west-3.compute.amazonaws.com
metrics1.citi.com
1    66.117.28.86 (United States)

ASN15224 (OMNITURE, US)
cm.everesttech.net
8    2a00:1450:4001:816::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    92.123.0.215 (France)

ASN16625 (AKAMAI-AS, US)
PTR: a92-123-0-215.deploy.static.akamaitechnologies.com
tags.bkrtx.com
3    89.207.16.204 (Sweden)

ASN25751 (VALUECLICK, US)
login.dotomi.com
1    64.158.223.158 (Amsterdam, Netherlands)

ASN25751 (VALUECLICK, US)
PTR: 158.vip.crm-node2.ams5.cnvr.net
core.conversant.mgr.consensu.org
1    104.103.94.86 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-103-94-86.deploy.static.akamaitechnologies.com
c1.rfihub.net
1    54.76.99.142 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-99-142.eu-west-1.compute.amazonaws.com
citicorpcreditservic.tt.omtrdc.net
1    185.31.128.128 (Netherlands)

ASN54312 (ROCKETFUEL, US)
a.rfihub.com
2    34.107.138.236 (United States)

ASN15169 (GOOGLE, US)
PTR: 236.138.107.34.bc.googleusercontent.com
sec-citi.bridgetrack.com
1    185.31.128.129 (Netherlands)

ASN54312 (ROCKETFUEL, US)
20766699p.rfihub.com
2    143.204.202.31 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-202-31.fra53.r.cloudfront.net
cdn.pbbl.co
2    151.101.114.133 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
resources.digital-cloud-citi.medallia.com
3    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
1    35.244.245.222 (Mountain View, United States)

ASN15169 (GOOGLE, US)
sr.rlcdn.com
4    192.193.200.243 (United States)

ASN32287 (SOLANA-CITIPLEX, US)
prod.report.nacustomerexperience.citi.com
1    23.43.114.84 (Netherlands)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a23-43-114-84.deploy.static.akamaitechnologies.com
stags.bluekai.com
1    216.58.207.66 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: fra16s25-in-f2.1e100.net
www.googleadservices.com
10    2a00:1450:4001:825::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
10    2a00:1450:4001:81d::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
10    2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
1    151.101.113.175 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
nebula-cdn.kampyle.com
1    35.241.45.82 (Ascension Island)

ASN15169 (GOOGLE, US)
PTR: 82.45.241.35.bc.googleusercontent.com
udc-neb.kampyle.com
2    2a00:1450:4001:819::2013 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
px0.pbbl.co
1    35.176.206.104 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
aa.agkn.com
Domain Requested by
18 nexus.ensighten.com banking.citi.com
nexus.ensighten.com
10 www.google.de
10 www.google.com 1 redirects
10 googleads.g.doubleclick.net 1 redirects www.googleadservices.com
8 www.googletagmanager.com nexus.ensighten.com
www.googletagmanager.com
7 banking.citi.com 1 redirects banking.citi.com
4 prod.report.nacustomerexperience.citi.com nexus.ensighten.com
3 bat.bing.com nexus.ensighten.com
3 login.dotomi.com 2 redirects banking.citi.com
3 metrics1.citi.com 1 redirects nexus.ensighten.com
3 dpm.demdex.net 1 redirects banking.citi.com
3 offer.citibank.com 3 redirects
2 px0.pbbl.co 1 redirects
2 resources.digital-cloud-citi.medallia.com nexus.ensighten.com
resources.digital-cloud-citi.medallia.com
2 cdn.pbbl.co nexus.ensighten.com
cdn.pbbl.co
2 sec-citi.bridgetrack.com banking.citi.com
2 citi.bridgetrack.com 1 redirects banking.citi.com
1 aa.agkn.com 1 redirects
1 udc-neb.kampyle.com
1 nebula-cdn.kampyle.com resources.digital-cloud-citi.medallia.com
1 www.googleadservices.com www.googletagmanager.com
1 stags.bluekai.com tags.bkrtx.com
1 sr.rlcdn.com nexus.ensighten.com
1 20766699p.rfihub.com c1.rfihub.net
1 a.rfihub.com c1.rfihub.net
1 citicorpcreditservic.tt.omtrdc.net nexus.ensighten.com
1 c1.rfihub.net nexus.ensighten.com
1 core.conversant.mgr.consensu.org 1 redirects
1 tags.bkrtx.com nexus.ensighten.com
1 cm.everesttech.net 1 redirects
1 citi.demdex.net nexus.ensighten.com
91 31

This site contains no links.

Subject Issuer Validity Valid
banking.citi.com
DigiCert SHA2 Extended Validation Server CA		 2020-02-11 -
2022-04-09		 2 years crt.sh
nexus.ensighten.com
DigiCert SHA2 Secure Server CA		 2019-10-03 -
2020-10-02		 a year crt.sh
*.demdex.net
DigiCert SHA2 High Assurance Server CA		 2018-01-09 -
2021-02-12		 3 years crt.sh
metrics1.citi.com
DigiCert SHA2 Extended Validation Server CA		 2020-07-02 -
2022-08-30		 2 years crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-07-15 -
2020-10-07		 3 months crt.sh
*.bkrtx.com
DigiCert SHA2 Secure Server CA		 2020-02-28 -
2021-05-29		 a year crt.sh
*.dotomi.com
GlobalSign RSA OV SSL CA 2018		 2019-06-19 -
2021-08-31		 2 years crt.sh
*.rfihub.net
DigiCert SHA2 Secure Server CA		 2020-04-01 -
2021-07-01		 a year crt.sh
*.tt.omtrdc.net
DigiCert SHA2 High Assurance Server CA		 2017-10-19 -
2020-11-25		 3 years crt.sh
*.rfihub.com
Sectigo RSA Domain Validation Secure Server CA		 2020-06-18 -
2022-06-18		 2 years crt.sh
citi.bridgetrack.com
Thawte EV RSA CA 2018		 2019-09-11 -
2021-05-10		 2 years crt.sh
*.bridgetrack.com
Thawte RSA CA 2018		 2019-10-25 -
2021-11-21		 2 years crt.sh
*.pbbl.co
Amazon		 2020-01-01 -
2021-02-01		 a year crt.sh
*.digital-cloud-citi.medallia.com
SSL.com DV CA		 2018-11-13 -
2020-11-12		 2 years crt.sh
www.bing.com
Microsoft IT TLS CA 2		 2019-04-30 -
2021-04-30		 2 years crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2020-04-14 -
2021-04-23		 a year crt.sh
prod.report.nacustomerexperience.citi.com
DigiCert SHA2 Extended Validation Server CA		 2020-05-05 -
2022-07-04		 2 years crt.sh
odc-prod-01.oracle.com
DigiCert Secure Site ECC CA-1		 2020-04-14 -
2021-04-10		 a year crt.sh
www.googleadservices.com
GTS CA 1O1		 2020-07-07 -
2020-09-29		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-07-07 -
2020-09-29		 3 months crt.sh
www.google.de
GTS CA 1O1		 2020-07-07 -
2020-09-29		 3 months crt.sh
www.google.com
GTS CA 1O1		 2020-07-07 -
2020-09-29		 3 months crt.sh
j.ssl.fastly.net
GlobalSign Organization Validation CA - SHA256 - G2		 2020-05-18 -
2022-08-21		 2 years crt.sh
*.kampyle.com
RapidSSL RSA CA 2018		 2020-02-11 -
2022-03-06		 2 years crt.sh
px0.pbbl.co
GTS CA 1D2		 2020-06-29 -
2020-09-27		 3 months crt.sh

This page contains 6 frames:

Primary Page: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
Frame ID: 0A15D19CA846572C1B43D345ABF41359
Requests: 86 HTTP requests in this frame

Frame: https://citi.demdex.net/dest5.html?d_nsid=0
Frame ID: 03D43249CB25BE8E991C3F0466BA5AA6
Requests: 1 HTTP requests in this frame

Frame: https://20766699p.rfihub.com/ca.html?rfiidc=1040683386412044409&rfiaid=67acd64eecf749568c562bf2d4e68634&ver=9&ra=85&rb=648&ca=20766699&_o=17169175&_t=2019checkingrewardsoffers&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=2019checkingrewardsoffers&pe=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&pf=&ra=085467147123508
Frame ID: 10381158BC6E2BC61A39FC423CC598E7
Requests: 1 HTTP requests in this frame

Frame: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Frame ID: F4254C61F45BE0D6F88E5BB4325715D3
Requests: 1 HTTP requests in this frame

Frame: https://stags.bluekai.com/site/63068?ret=html&phint=language%3Denglish&phint=product&phint=event&phint=category%3Dlanding%20page&phint=page%3D2019_checking_rewards_offers&phint=section1%3DSapient&phint=section2%3DACQ&phint=section3%3DBANK&phint=section4%3DAffiliate&phint=bankappstatus&phint=productID&phint=__bk_t%3DEnjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&phint=__bk_k%3D&phint=__bk_l%3Dhttps%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&phint=__bk_v%3D3.1.5&limit=10&r=37778479
Frame ID: 012473B6996094161E16C5A53C06244F
Requests: 1 HTTP requests in this frame

Frame: https://cdn.pbbl.co/i/pp.html
Frame ID: 7AD440CF48E7B1356E83C28EFA883E4B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://offer.citibank.com/ HTTP 302
    https://offer.citibank.com/cbol/default.htm HTTP 302
    https://offer.citibank.com/cbol/_spredir.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E HTTP 302
    https://citi.bridgetrack.com/cbol/_spredir.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E HTTP 302
    https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers via /^1\.1 google$/i

Page Statistics

91
Requests

100 %
HTTPS

21 %
IPv6

24
Domains

31
Subdomains

26
IPs

8
Countries

873 kB
Transfer

2333 kB
Size

15
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://offer.citibank.com/ HTTP 302
    https://offer.citibank.com/cbol/default.htm HTTP 302
    https://offer.citibank.com/cbol/_spredir.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E HTTP 302
    https://citi.bridgetrack.com/cbol/_spredir.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E HTTP 302
    https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1596639143344 HTTP 302
  • https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1596639143344
Request Chain 18
  • https://cm.everesttech.net/cm/dd?d_uuid=63986766622150018362808522125715477490 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=XyrHpwAAA5nz2S3-
Request Chain 21
  • https://login.dotomi.com/ucm/UCMController?dtm_format=6&dtm_com=29&dtm_cid=62714&dtm_cmagic=7172e7&dtm_fid=101&cli_promo_id=5&pixel=TPCSecure&cb=[timestamp] HTTP 302
  • https://core.conversant.mgr.consensu.org/gdpr/iab/consent/current?rdct_url=https%3A%2F%2Flogin.dotomi.com%2Fucm%2FUCMController%3Fgdpr%3D1%26dtm_format%3D6%26dtm_com%3D29%26dtm_cid%3D62714%26dtm_cmagic%3D7172e7%26dtm_fid%3D101%26cli_promo_id%3D5%26pixel%3DTPCSecure%26cb%3D%255Btimestamp%255D%26dtm_user_ip%3D185.217.171.12%26dtm_user_agent%3DMozilla%252F5.0%2B%2528Macintosh%253B%2BIntel%2BMac%2BOS%2BX%2B10_14_5%2529%2BAppleWebKit%252F537.36%2B%2528KHTML%252C%2Blike%2BGecko%2529%2BChrome%252F83.0.4103.61%2BSafari%252F537.36%26dtm_referrer%3Dhttps%253A%252F%252Fbanking.citi.com%252Fcbol%252Fchecking%252Frewards%252Foffers%252Fdefault.htm%253FBTData%253DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%2526ProspectID%253D3415817C99194698A289F5E666EAC969%26gdpr_consent%3D HTTP 302
  • https://login.dotomi.com/ucm/UCMController?gdpr=1&dtm_format=6&dtm_com=29&dtm_cid=62714&dtm_cmagic=7172e7&dtm_fid=101&cli_promo_id=5&pixel=TPCSecure&cb=%5Btimestamp%5D&dtm_user_ip=185.217.171.12&dtm_user_agent=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F83.0.4103.61+Safari%2F537.36&dtm_referrer=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&gdpr_consent= HTTP 302
  • https://login.dotomi.com/pixel.gif
Request Chain 33
  • https://banking.citi.com/track/?id=62614&r=32156398.41752611 HTTP 302
  • https://citi.bridgetrack.com/track/Default.asp?id=62614&r=32156398.41752611
Request Chain 62
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1596639144125&cv=9&fst=1596639144125&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7v1&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&hn=www.googleadservices.com&async=1 HTTP 302
  • https://www.google.com/pagead/1p-user-list/975701947/?random=1596639144125&cv=9&fst=1596636000000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7v1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&is_vtc=1&random=3134647454&resp=GooglemKTybQhCsO HTTP 302
  • https://www.google.de/pagead/1p-user-list/975701947/?random=1596639144125&cv=9&fst=1596636000000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7v1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&is_vtc=1&random=3134647454&resp=GooglemKTybQhCsO&ipr=y
Request Chain 85
  • https://px0.pbbl.co/ns/__p2.gif?ppid=37312c5b-ef7f-40fc-bcd7-d8d8374595b9&chk=false&brid=1560&brcid=&email=&orderId=&orderValue=&productId=&offerCode=&label=&pageUrl=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&referrerUrl=&targetUrl=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&sessionId=&markerType=seg&rand=x0teCe1Mbgd7Dl7w&iabOptOut=-&jsVer=3.2.1&frVer=1.1&markerId=691731 HTTP 302
  • https://aa.agkn.com/adscores/g.pixel?sid=9212282598&_ppid=37312c5b-ef7f-40fc-bcd7-d8d8374595b9&_segid=99&iid=709ea5db-07de-4392-bbcc-6fd89de6ea2d HTTP 302
  • https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=37312c5b-ef7f-40fc-bcd7-d8d8374595b9&_segid=99&_zip=&hk=&iid=709ea5db-07de-4392-bbcc-6fd89de6ea2d&mt=&bd=
Request Chain 86
  • https://metrics1.citi.com/b/ss/citinaprod/1/JS-2.0.0/s61612133404142?AQB=1&ndh=1&pf=1&t=5%2F7%2F2020%2016%3A52%3A24%203%20-120&fid=7C2C33ED0391CE6F-2AAE5F038CC4B441&ce=UTF-8&pageName=2019_checking_rewards_offers&g=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&c.&visitStart=1&.c&cc=USD&ch=BANKPublic&c1=Sapient&h1=BANKPublic%2FSapient%2FACQ%2FBANK%2FAffiliate&c2=ACQ&c3=BANK&c4=Affiliate&c8=landing%20page&c9=US&v9=no%20call%2C%20no%20cache&c11=english&v22=3415817C99194698A289F5E666EAC969&c26=no%20value&v38=2019_checking_rewards_offers&v52=no%20value&c59=Sapient_cbol_checking_rewards_offers&c61=9&c63=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&c64=10%3A52AM&v64=10%3A52AM&c65=Wednesday&v65=Wednesday&c66=Wednesday%7C10%3A52AM&v67=New&v68=1&c73=354602%2C578278%2C358910%2C624610%2C552021%2C373773%2C490004%2C622672%2C593700%2C495376%2C495377%2C584566%2C495374%2C495375%2C573017%2C522574%2C588511%2C639140%2C542251%2C632449%2C522572%2C490141%2C580663%2C626438%2C515853%2C522576%2C562734%2C551962%2C582775%2C646921%2C492048%2C492049%2C494437%2C507276%2C531459%2C593103%2C600937%2C555592%2C551970%2C571630%2C385436%2C572752%2C565689%2C512346%2C521100%2C578262%2C613371%2C578343%2C569456%2C637871%2C639206%2C609397%2C609396%2C388219%2C606935%2C359218%2C528144%2C488122%2C572750%2C359214%2C486892%2C510670%2C369351&v73=medium%7C1600&v78=Yes&v87=banking.citi.com&v96=cl%7Cbos%3Ana%7Cdsa%3Ana%7Cax%3Ano%20call%7Cdsr%3Ana%7Crf%3A-%7Ccms%3A-&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1 HTTP 302
  • https://metrics1.citi.com/b/ss/citinaprod/1/JS-2.0.0/s61612133404142?AQB=1&pccr=true&vidn=2F9563D40515C941-4000089CFE9BB73B&ndh=1&pf=1&t=5%2F7%2F2020%2016%3A52%3A24%203%20-120&fid=7C2C33ED0391CE6F-2AAE5F038CC4B441&ce=UTF-8&pageName=2019_checking_rewards_offers&g=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&c.&visitStart=1&.c&cc=USD&ch=BANKPublic&c1=Sapient&h1=BANKPublic%2FSapient%2FACQ%2FBANK%2FAffiliate&c2=ACQ&c3=BANK&c4=Affiliate&c8=landing%20page&c9=US&v9=no%20call%2C%20no%20cache&c11=english&v22=3415817C99194698A289F5E666EAC969&c26=no%20value&v38=2019_checking_rewards_offers&v52=no%20value&c59=Sapient_cbol_checking_rewards_offers&c61=9&c63=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&c64=10%3A52AM&v64=10%3A52AM&c65=Wednesday&v65=Wednesday&c66=Wednesday%7C10%3A52AM&v67=New&v68=1&c73=354602%2C578278%2C358910%2C624610%2C552021%2C373773%2C490004%2C622672%2C593700%2C495376%2C495377%2C584566%2C495374%2C495375%2C573017%2C522574%2C588511%2C639140%2C542251%2C632449%2C522572%2C490141%2C580663%2C626438%2C515853%2C522576%2C562734%2C551962%2C582775%2C646921%2C492048%2C492049%2C494437%2C507276%2C531459%2C593103%2C600937%2C555592%2C551970%2C571630%2C385436%2C572752%2C565689%2C512346%2C521100%2C578262%2C613371%2C578343%2C569456%2C637871%2C639206%2C609397%2C609396%2C388219%2C606935%2C359218%2C528144%2C488122%2C572750%2C359214%2C486892%2C510670%2C369351&v73=medium%7C1600&v78=Yes&v87=banking.citi.com&v96=cl%7Cbos%3Ana%7Cdsa%3Ana%7Cax%3Ano%20call%7Cdsr%3Ana%7Crf%3A-%7Ccms%3A-&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1

91 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request default.htm
banking.citi.com/cbol/checking/rewards/offers/
Redirect Chain
  • https://offer.citibank.com/
  • https://offer.citibank.com/cbol/default.htm
  • https://offer.citibank.com/cbol/_spredir.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E
  • https://citi.bridgetrack.com/cbol/_spredir.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E
  • https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
116 KB
49 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.22.40 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
3f30edc23189be51bfe745ae4fc153d95756fbfc9474d73362b1da7f4430f15a
Security Headers
Name Value
X-Frame-Options DENY

Request headers

:method
GET
:authority
banking.citi.com
:scheme
https
:path
/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
cache-control
private
content-type
text/html
content-encoding
gzip
expires
Tue, 04 Aug 2020 14:52:23 GMT
vary
Accept-Encoding
p3p
CP="NON DSP COR DEVa PSAa IVAo CONo OUR IND UNI PUR NAV DEM LOC", policyref="http://citi.bridgetrack.com/w3c/p3p.xml"
x-frame-options
DENY
set-cookie
CitiBTSES=SID=FFF1330AAF454E5A97324337E4831E59; path=/
date
Wed, 05 Aug 2020 14:52:23 GMT
content-length
49624
via
1.1 google
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

status
302
cache-control
private
content-type
text/html
expires
Tue, 04 Aug 2020 14:52:22 GMT
location
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
p3p
CP="NON DSP COR DEVa PSAa IVAo CONo OUR IND UNI PUR NAV DEM LOC", policyref="http://citi.bridgetrack.com/w3c/p3p.xml"
set-cookie
ATC1=38694|TxGfX.B.iAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.C.E; expires=Sat, 31-Jul-2021 14:52:22 GMT; path=/; domain=citi.bridgetrack.com; CitiBT%5F1=SID=3415817C99194698A289F5E666EAC969; expires=Sat, 31-Jul-2021 04:00:00 GMT; domain=citi.bridgetrack.com; path=/ CitiBT=GUID=E926307256F14EEF973DED0941010A01; expires=Sat, 31-Jul-2021 04:00:00 GMT; domain=citi.bridgetrack.com; path=/ CitiBTSES=SID=6C215E32249F4F2D954D6A066EF5A024; domain=citi.bridgetrack.com; path=/
date
Wed, 05 Aug 2020 14:52:22 GMT
content-length
0
via
1.1 google
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Bootstrap.js
nexus.ensighten.com/citi/na_prod/ 		180 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Requested by
Host: banking.citi.com
URL: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
a15d81fafcae2a61fc7c1ce9adaabcd6747bb6b569a067bbf178bc4c0cdb85da

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 05 Aug 2020 14:52:23 GMT
content-encoding
gzip
last-modified
Tue, 04 Aug 2020 18:21:48 GMT
server
nginx
etag
W/"5f29a73c-2d0a0"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
status
200
cache-control
max-age=300
rd
dpm.demdex.net/id/
Redirect Chain
  • https://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1596639143344
  • https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1596639143344
363 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1596639143344
Requested by
Host: banking.citi.com
URL: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.30.191.169 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-30-191-169.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
b86cff804c85b774ad0cdd31a17ff0f9421b2681708890a089c0d4ff443de60a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

DCS
dcs-prod-irl1-v078-09c4546f7.edge-irl1.demdex.com 5.76.0.20200805085924 7ms (+1ms)
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-TID
IZ6TxEbSSMs=
Vary
Origin, Accept-Encoding, User-Agent
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://banking.citi.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
301
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Access-Control-Allow-Origin
https://banking.citi.com
X-TID
OGLfq/5AQ7I=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1596639143344
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
e.gif
nexus.ensighten.com/error/ 		0
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nexus.ensighten.com/error/e.gif?msg=_dl%20is%20not%20defined&lnn=-1&fn=&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError
Requested by
Host: banking.citi.com
URL: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
204
date
Wed, 05 Aug 2020 14:52:23 GMT
cache-control
no-cache, no-store
server
nginx
expires
Wed, 05 Aug 2020 14:52:22 GMT
12.bundle.js
banking.citi.com/cbol/checking/rewards/offers/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://banking.citi.com/cbol/checking/rewards/offers/js/12.bundle.js
Requested by
Host: banking.citi.com
URL: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.22.40 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
87539853e3f4c49824fa46f864a4e5628ed9a36ffa6cb3c09163ddeca8af04e4

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 05 Aug 2020 14:52:23 GMT
content-encoding
gzip
last-modified
Thu, 11 Jun 2020 05:26:21 GMT
etag
"80fc1fd7b03fd61:0"
vary
Accept-Encoding
content-type
application/javascript
status
200
accept-ranges
bytes
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1060
via
1.1 google
serverComponent.php
nexus.ensighten.com/citi/na_prod/ 		2 KB
818 B 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/citi/na_prod/serverComponent.php?r=6458213.325143547&ClientID=1129&PageID=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
cd95fb43e0039c9df88f8a7a0475188130b9da6464cec79a3889d20b0b9531c0

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 05 Aug 2020 14:52:23 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
no-cache, no-store
expires
Wed, 05 Aug 2020 14:52:22 GMT
c1a82ac98e4d4e503dc1bf30d0ee425e.js
nexus.ensighten.com/citi/na_prod/code/ 		2 KB
861 B 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/citi/na_prod/code/c1a82ac98e4d4e503dc1bf30d0ee425e.js?conditionId0=480881
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
ef72134da48ff0f5dcc948bd13ab14e28d4d1c8322e71fa2a4796168284b0aef

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 05 Aug 2020 14:52:23 GMT
content-encoding
gzip
last-modified
Tue, 30 Jun 2020 19:30:27 GMT
server
nginx
etag
W/"5efb92d3-631"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
status
200
cache-control
max-age=315360000
8637af7c210f4e79436bc39f71b49bfa.js
nexus.ensighten.com/citi/na_prod/code/ 		1 KB
737 B 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/citi/na_prod/code/8637af7c210f4e79436bc39f71b49bfa.js?conditionId0=4854904
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
06dfb367edf9bbff810def9f75f8695b3ccfbcb2813306609fc6e18fcacfc17e

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 05 Aug 2020 14:52:23 GMT
content-encoding
gzip
last-modified
Wed, 10 Jul 2019 12:57:13 GMT
server
nginx
etag
W/"5d25e0a9-412"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
status
200
cache-control
max-age=315360000
fb58f376a544bdc454633c90826b2cce.js
nexus.ensighten.com/citi/na_prod/code/ 		98 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/citi/na_prod/code/fb58f376a544bdc454633c90826b2cce.js?conditionId0=421908
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e5d7f23805ab84bea5118791dd209b79603285f9f7df31eec3210e077f076ae4

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 05 Aug 2020 14:52:23 GMT
content-encoding
gzip
last-modified
Tue, 28 Jul 2020 21:07:25 GMT
server
nginx
etag
W/"5f20938d-186fe"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
status
200
cache-control
max-age=315360000
1258f9eda6826d732a9259e3ce1b0f02.js
nexus.ensighten.com/citi/na_prod/code/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/citi/na_prod/code/1258f9eda6826d732a9259e3ce1b0f02.js?conditionId0=4854834
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
2408491e940c2db403d7984cea318e87244b90366452ef36f6fe25234be0a2f7

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 05 Aug 2020 14:52:23 GMT
content-encoding
gzip
last-modified
Tue, 28 Jul 2020 21:07:25 GMT
server
nginx
etag
W/"5f20938d-e61"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
status
200
cache-control
max-age=315360000
93935a4096516447172d9d3f1d23710d.js
nexus.ensighten.com/citi/na_prod/code/ 		1 KB
739 B 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/citi/na_prod/code/93935a4096516447172d9d3f1d23710d.js?conditionId0=433072
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
f071110e088267097a0946520a2a08bd589f971f3ce4cb989feda1415026ac49

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 05 Aug 2020 14:52:23 GMT
content-encoding
gzip
last-modified
Tue, 02 Jul 2019 16:42:08 GMT
server
nginx
etag
W/"5d1b8960-5c7"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
status
200
cache-control
max-age=315360000
fdf45a7c15c1cee06bb71e10dac4e26e.js
nexus.ensighten.com/citi/na_prod/code/ 		989 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
7df13706eaab8ce9a3dcd2a501f60bc66987c83834d07dfaf07ae56ef814c110

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 05 Aug 2020 14:52:23 GMT
last-modified
Tue, 14 May 2019 17:01:42 GMT
server
nginx
etag
"5cdaf476-3dd"
content-type
application/javascript; charset=utf-8
status
200
cache-control
max-age=315360000
accept-ranges
bytes
content-length
989
8e513f40a6a94c1b8d2b96c1462699cd.js
nexus.ensighten.com/citi/na_prod/code/ 		116 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/citi/na_prod/code/8e513f40a6a94c1b8d2b96c1462699cd.js?conditionId0=486757
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
2f2a131cf435e4a866009173df06f5a6b7f0f96ce8d457e4e5a2b19d5299eea8

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 05 Aug 2020 14:52:23 GMT
content-encoding
gzip
last-modified
Tue, 21 Jul 2020 20:11:19 GMT
server
nginx
etag
W/"5f174be7-1d013"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
status
200
cache-control
max-age=315360000
d68fd72b57e591b277084f8622774245.js
nexus.ensighten.com/citi/na_prod/code/ 		19 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/citi/na_prod/code/d68fd72b57e591b277084f8622774245.js?conditionId0=467299
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
7c45a19dbbc672ac107be9dde3aafa0f96b10bf82b8178fec12d0194adb44c72

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 05 Aug 2020 14:52:23 GMT
content-encoding
gzip
last-modified
Tue, 28 Jul 2020 21:07:25 GMT
server
nginx
etag
W/"5f20938d-4c3f"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
status
200
cache-control
max-age=315360000
8637af7c210f4e79436bc39f71b49bfa.js
nexus.ensighten.com/citi/na_prod/code/ 		1 KB
737 B 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/citi/na_prod/code/8637af7c210f4e79436bc39f71b49bfa.js?conditionId0=4827153
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
06dfb367edf9bbff810def9f75f8695b3ccfbcb2813306609fc6e18fcacfc17e

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 05 Aug 2020 14:52:23 GMT
content-encoding
gzip
last-modified
Wed, 10 Jul 2019 12:57:13 GMT
server
nginx
etag
W/"5d25e0a9-412"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
status
200
cache-control
max-age=315360000
c6e9fcb6de829f81daf5335f64e45287.js
nexus.ensighten.com/citi/na_prod/code/ 		302 KB
94 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/citi/na_prod/code/c6e9fcb6de829f81daf5335f64e45287.js?conditionId0=3013337
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
97358551b1605c44ead13067c8dcccd6e82e71a385e7fe0f0b0dc0ee0f8e30d1

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 05 Aug 2020 14:52:23 GMT
content-encoding
gzip
last-modified
Tue, 28 Jul 2020 21:07:25 GMT
server
nginx
etag
W/"5f20938d-4b8f5"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
status
200
cache-control
max-age=315360000
557566dc60916e3de69e006bef252459.js
nexus.ensighten.com/citi/na_prod/code/ 		2 KB
961 B 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
31b00ff4929696dfca06885da68e58c3e09f6ecb4ae0fe1ae287e99a3fd1f716

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 05 Aug 2020 14:52:23 GMT
content-encoding
gzip
last-modified
Tue, 27 Aug 2019 16:59:12 GMT
server
nginx
etag
W/"5d656160-887"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
status
200
cache-control
max-age=315360000
Cookie set dest5.html
citi.demdex.net/ Frame 03D4 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://citi.demdex.net/dest5.html?d_nsid=0
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.250.115.136 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-250-115-136.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Host
citi.demdex.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
demdex=63986766622150018362808522125715477490
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=21600
Content-Encoding
gzip
Content-Type
text/html
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified
Wed, 05 Aug 2020 13:14:05 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Set-Cookie
demdex=63986766622150018362808522125715477490;Path=/;Domain=.demdex.net;Expires=Mon, 01-Feb-2021 14:52:23 GMT;Max-Age=15552000;Secure;SameSite=None
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding, User-Agent
X-TID
icqfsMHVS80=
Content-Length
2785
Connection
keep-alive
id
metrics1.citi.com/ 		48 B
479 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://metrics1.citi.com/id?d_visid_ver=3.1.2&d_fieldgroup=A&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&mid=58679624252513646873412116391313189457&ts=1596639143505
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.236.9.100 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-236-9-100.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
25f64751bcdc3f27e8b80784ad4a669e49e1a23609a7852f76fa5dd60882f3d1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

status
200
date
Wed, 05 Aug 2020 14:52:23 GMT
x-content-type-options
nosniff
server
jag
xserver
anedge-7447d85976-xwhdt
vary
Origin
x-c
master-1315.Ia06625.M0-426
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://banking.citi.com
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
content-type
application/x-javascript;charset=utf-8
content-length
48
x-xss-protection
1; mode=block
ibs:dpid=411&dpuuid=XyrHpwAAA5nz2S3-
dpm.demdex.net/
Redirect Chain
  • https://cm.everesttech.net/cm/dd?d_uuid=63986766622150018362808522125715477490
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=XyrHpwAAA5nz2S3-
42 B
915 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=411&dpuuid=XyrHpwAAA5nz2S3-
Requested by
Host: banking.citi.com
URL: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.30.191.169 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-30-191-169.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

DCS
dcs-prod-irl1-v078-0949dffe9.edge-irl1.demdex.com 5.76.0.20200805085924 0ms (+2ms)
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
X-TID
ZATXU2r4R08=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
42
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date
Wed, 05 Aug 2020 14:52:22 GMT
Server
AMO-cookiemap/1.1
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Location
https://dpm.demdex.net/ibs:dpid=411&dpuuid=XyrHpwAAA5nz2S3-
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=15,max=100
Content-Length
0
js
www.googletagmanager.com/gtag/ 		87 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-6260004
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f1e89f1ee22f64fcbfe1467b4e3fb880d7f7ff489ff0e1f21cc709b11ad057f4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 05 Aug 2020 14:52:23 GMT
content-encoding
br
vary
Accept-Encoding
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34834
x-xss-protection
0
last-modified
Wed, 05 Aug 2020 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 05 Aug 2020 14:52:23 GMT
bk-coretag.js
tags.bkrtx.com/js/ 		30 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.bkrtx.com/js/bk-coretag.js
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/fb58f376a544bdc454633c90826b2cce.js?conditionId0=421908
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
92.123.0.215 , France, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-123-0-215.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
1fc90ca7cad373bbb2464bc5cf020c039a70652527015c24a61f1da4c0e9d11a
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security
max-age=15724800; includeSubDomains
Content-Encoding
gzip
Last-Modified
Tue, 16 Jun 2020 22:42:47 GMT
Server
nginx/1.15.8
ETag
W/"5ee94ae7-784f"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=604800
Date
Wed, 05 Aug 2020 14:52:23 GMT
Connection
keep-alive
Content-Length
10653
Expires
Wed, 12 Aug 2020 14:52:23 GMT
pixel.gif
login.dotomi.com/
Redirect Chain
  • https://login.dotomi.com/ucm/UCMController?dtm_format=6&dtm_com=29&dtm_cid=62714&dtm_cmagic=7172e7&dtm_fid=101&cli_promo_id=5&pixel=TPCSecure&cb=[timestamp]
  • https://core.conversant.mgr.consensu.org/gdpr/iab/consent/current?rdct_url=https%3A%2F%2Flogin.dotomi.com%2Fucm%2FUCMController%3Fgdpr%3D1%26dtm_format%3D6%26dtm_com%3D29%26dtm_cid%3D62714%26dtm_cm...
  • https://login.dotomi.com/ucm/UCMController?gdpr=1&dtm_format=6&dtm_com=29&dtm_cid=62714&dtm_cmagic=7172e7&dtm_fid=101&cli_promo_id=5&pixel=TPCSecure&cb=%5Btimestamp%5D&dtm_user_ip=185.217.171.12&dt...
  • https://login.dotomi.com/pixel.gif
43 B
129 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://login.dotomi.com/pixel.gif
Requested by
Host: banking.citi.com
URL: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
89.207.16.204 , Sweden, ASN25751 (VALUECLICK, US),
Reverse DNS
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Wed, 05 Aug 2020 14:52:23 GMT
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
server
nginx
content-length
43
content-type
image/gif

Redirect headers

pragma
no-cache
date
Wed, 05 Aug 2020 14:52:23 GMT
server
nginx
status
302
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
location
https://login.dotomi.com/pixel.gif
cache-control
no-cache, private, max-age=0, no-store
content-length
0
expires
0
tc.min.js
c1.rfihub.net/js/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c1.rfihub.net/js/tc.min.js
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/d68fd72b57e591b277084f8622774245.js?conditionId0=467299
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.103.94.86 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-103-94-86.deploy.static.akamaitechnologies.com
Software
Jetty(9.0.6.v20130930) /
Resource Hash
cb2bb21705b9cce9781d02c9223f3344a65bd5314027d11c5a8518ad4bd84e84

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 05 Aug 2020 14:52:23 GMT
Content-Encoding
gzip
Last-Modified
Tue, 04 Aug 2020 15:41:19 GMT
Server
Jetty(9.0.6.v20130930)
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control
public, max-age=3600
Connection
keep-alive
Content-Type
application/x-javascript
Content-Length
6375
Expires
Wed, 05 Aug 2020 15:52:23 GMT
1.bundle.js
banking.citi.com/cbol/checking/rewards/offers/js/ 		23 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://banking.citi.com/cbol/checking/rewards/offers/js/1.bundle.js
Requested by
Host: banking.citi.com
URL: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.22.40 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
95de6008b2fdb7aacba063f8004d3ef8765ec3b8f63c4179bf739f4f302c26d6

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 05 Aug 2020 14:52:23 GMT
content-encoding
gzip
last-modified
Thu, 11 Jun 2020 05:26:21 GMT
etag
"80fc1fd7b03fd61:0"
vary
Accept-Encoding
content-type
application/javascript
status
200
accept-ranges
bytes
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9803
via
1.1 google
0.bundle.js
banking.citi.com/cbol/checking/rewards/offers/js/ 		45 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://banking.citi.com/cbol/checking/rewards/offers/js/0.bundle.js
Requested by
Host: banking.citi.com
URL: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.22.40 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
f4a8acdd1c55d7efc5a2925d24bbea9381091aa2c2755afd540653a14559f109

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 05 Aug 2020 14:52:23 GMT
content-encoding
gzip
last-modified
Fri, 26 Jun 2020 21:42:42 GMT
etag
"07551b824cd61:0"
vary
Accept-Encoding
content-type
application/javascript
status
200
accept-ranges
bytes
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13019
via
1.1 google
6.bundle.js
banking.citi.com/cbol/checking/rewards/offers/js/ 		26 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://banking.citi.com/cbol/checking/rewards/offers/js/6.bundle.js
Requested by
Host: banking.citi.com
URL: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.22.40 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
3a6fb7a713f971263ab963077cba86233d92f47fc6bddf50645938295366a511

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 05 Aug 2020 14:52:23 GMT
content-encoding
gzip
last-modified
Fri, 26 Jun 2020 21:42:42 GMT
etag
"07551b824cd61:0"
vary
Accept-Encoding
content-type
application/javascript
status
200
accept-ranges
bytes
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7970
via
1.1 google
e.gif
nexus.ensighten.com/error/ 		0
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nexus.ensighten.com/error/e.gif?msg=%24%20is%20not%20defined&lnn=-1&fn=&cid=1129&client=citi&publishPath=na_prod&rid=2532573&did=551970&errorName=ReferenceError
Requested by
Host: banking.citi.com
URL: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
204
date
Wed, 05 Aug 2020 14:52:23 GMT
cache-control
no-cache, no-store
server
nginx
expires
Wed, 05 Aug 2020 14:52:22 GMT
e.gif
nexus.ensighten.com/error/ 		0
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nexus.ensighten.com/error/e.gif?msg=jQuery%20is%20not%20defined&lnn=-1&fn=&cid=1129&client=citi&publishPath=na_prod&rid=2670712&did=571630&errorName=ReferenceError
Requested by
Host: banking.citi.com
URL: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
204
date
Wed, 05 Aug 2020 14:52:23 GMT
cache-control
no-cache, no-store
server
nginx
expires
Wed, 05 Aug 2020 14:52:22 GMT
e.gif
nexus.ensighten.com/error/ 		0
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nexus.ensighten.com/error/e.gif?msg=%24%20is%20not%20defined&lnn=-1&fn=&cid=1129&client=citi&publishPath=na_prod&rid=2670634&did=572752&errorName=ReferenceError
Requested by
Host: banking.citi.com
URL: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
204
date
Wed, 05 Aug 2020 14:52:23 GMT
cache-control
no-cache, no-store
server
nginx
expires
Wed, 05 Aug 2020 14:52:22 GMT
js
www.googletagmanager.com/gtag/ 		87 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-6269322&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
9cecf169326fda36eb5502d7e7bb4ca80382edda95861608654816c81fab8b00
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 05 Aug 2020 14:52:23 GMT
content-encoding
br
vary
Accept-Encoding
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34825
x-xss-protection
0
last-modified
Wed, 05 Aug 2020 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 05 Aug 2020 14:52:23 GMT
js
www.googletagmanager.com/gtag/ 		87 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-6256710&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
638cc8613f745a28844178790513728475457a33c901949ef9bae066985dc635
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 05 Aug 2020 14:52:23 GMT
content-encoding
br
vary
Accept-Encoding
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34824
x-xss-protection
0
last-modified
Wed, 05 Aug 2020 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 05 Aug 2020 14:52:23 GMT
json
citicorpcreditservic.tt.omtrdc.net/m2/citicorpcreditservic/mbox/ 		537 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://citicorpcreditservic.tt.omtrdc.net/m2/citicorpcreditservic/mbox/json?mbox=target-global-mbox&mboxSession=e097105625db49b4bb07f075200e9dc1&mboxPC=&mboxPage=feb32f5ac07446f985a82ee0884dbb18&mboxRid=0ecef298f2c04b6a844c9bf5d082beba&mboxVersion=1.7.0&mboxCount=1&mboxTime=1596646343382&mboxHost=banking.citi.com&mboxURL=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&mboxReferrer=&mboxXDomain=enabled&browserHeight=1200&browserWidth=1600&browserTimeOffset=120&screenHeight=1200&screenWidth=1600&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&at_property=7909c194-8b09-4624-7629-d14accdbfb7c&pageDef=Sapient_cbol_checking_rewards_offers&pageLanguage=english&pageLang=en-US&mboxMCSDID=7EEBEC2A0ADF37C4-3376824306CD05A1&vst.trk=metrics.citi.com&vst.trks=metrics1.citi.com&mboxMCGVID=58679624252513646873412116391313189457&mboxAAMB=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&mboxMCGLH=6
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/c6e9fcb6de829f81daf5335f64e45287.js?conditionId0=3013337
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.76.99.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-76-99-142.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
0f4de6bdc80c01b61a185dc570921b4b1101064175efb531c8fdf522dfeaa69d

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 05 Aug 2020 14:52:23 GMT
content-encoding
gzip
content-type
application/json;charset=UTF-8
status
200
vary
Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p
CP="NOI DSP CURa OUR STP COM"
access-control-allow-origin
https://banking.citi.com
cache-control
no-cache
access-control-allow-credentials
true
timing-allow-origin
*
x-request-id
0ecef298f2c04b6a844c9bf5d082beba
idr.js
a.rfihub.com/ 		83 B
686 B 		Script
General
Check archive.org
Download Go to
Full URL
https://a.rfihub.com/idr.js?_callback=window.RocketfuelBCP.jsonpCallbacks.request_cmZpSWRJbkNhY2hl
Requested by
Host: c1.rfihub.net
URL: https://c1.rfihub.net/js/tc.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
185.31.128.128 , Netherlands, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software
Jetty(9.0.6.v20130930) /
Resource Hash
c8abee6328a45df6617f4b8a6c65791ffd22bdf4188b474164ee5823670fc1d2

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Cache-Control
public, max-age=33696000
Content-Type
application/javascript
Server
Jetty(9.0.6.v20130930)
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length
83
Expires
Mon, 30 Aug 2021 14:52:23 GMT
Default.asp
citi.bridgetrack.com/track/
Redirect Chain
  • https://banking.citi.com/track/?id=62614&r=32156398.41752611
  • https://citi.bridgetrack.com/track/Default.asp?id=62614&r=32156398.41752611
43 B
403 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://citi.bridgetrack.com/track/Default.asp?id=62614&r=32156398.41752611
Requested by
Host: banking.citi.com
URL: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.22.40 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
63b98a0c8568c08fd01a6946a147bca65eff26c8085f1ccb5330aafe0f0dcd15

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 05 Aug 2020 14:52:23 GMT
via
1.1 google
p3p
CP="NON DSP COR DEVa PSAa IVAo CONo OUR IND UNI PUR NAV DEM LOC", policyref="http://citi.bridgetrack.com/w3c/p3p.xml"
status
200
cache-control
private
content-type
image/GIF
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43
expires
Tue, 04 Aug 2020 14:52:23 GMT

Redirect headers

date
Wed, 05 Aug 2020 14:52:23 GMT
via
1.1 google
status
302
p3p
CP="NON DSP COR DEVa PSAa IVAo CONo OUR IND UNI PUR NAV DEM LOC", policyref="http://citi.bridgetrack.com/w3c/p3p.xml"
location
https://citi.bridgetrack.com/track/Default.asp?id=62614&r=32156398.41752611
cache-control
private
content-type
text/html
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Tue, 04 Aug 2020 14:52:23 GMT
hero_w_form-dog_dsk.jpg
banking.citi.com/cbol/checking/rewards/offers/images/ 		122 KB
122 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://banking.citi.com/cbol/checking/rewards/offers/images/hero_w_form-dog_dsk.jpg
Requested by
Host: banking.citi.com
URL: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.22.40 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
47dd8dbaac8bea74b43cbb3bdba6334832df62de6f43e9cb0fe836116f1cbeec

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 05 Aug 2020 14:52:23 GMT
via
1.1 google
last-modified
Mon, 10 Feb 2020 17:40:40 GMT
etag
"05cf03539e0d51:0"
content-type
image/jpeg
status
200
accept-ranges
bytes
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
124598
interstate-light.woff
sec-citi.bridgetrack.com/fonts/ 		17 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://sec-citi.bridgetrack.com/fonts/interstate-light.woff
Requested by
Host: banking.citi.com
URL: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.138.236 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
236.138.107.34.bc.googleusercontent.com
Software
/
Resource Hash
0a747978746092df6f18fe90ef23b9896959f6a9bb0b58cbab2cbc851793e023

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
Origin
https://banking.citi.com

Response headers

date
Wed, 05 Aug 2020 13:17:55 GMT
via
1.1 google
last-modified
Thu, 20 Oct 2016 17:59:03 GMT
age
5668
status
200
content-type
application/x-woff
access-control-allow-origin
*
cache-control
public,s-maxage=604800
accept-ranges
bytes
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17596
interstate-bold.woff
sec-citi.bridgetrack.com/fonts/ 		17 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://sec-citi.bridgetrack.com/fonts/interstate-bold.woff
Requested by
Host: banking.citi.com
URL: https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.138.236 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
236.138.107.34.bc.googleusercontent.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
28ced8a7cb30e6f747ad8116dcd11d3dbf5848c2d49a9babbd7d8c94e0a29cf7

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
Origin
https://banking.citi.com

Response headers

date
Sun, 02 Aug 2020 06:26:53 GMT
via
1.1 google
last-modified
Thu, 20 Oct 2016 17:59:03 GMT
server
Microsoft-IIS/10.0
age
289530
x-powered-by
ASP.NET
status
200
content-type
application/x-woff
access-control-allow-origin
*
cache-control
public,s-maxage=604800
accept-ranges
bytes
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17500
Cookie set ca.html
20766699p.rfihub.com/ Frame 1038 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://20766699p.rfihub.com/ca.html?rfiidc=1040683386412044409&rfiaid=67acd64eecf749568c562bf2d4e68634&ver=9&ra=85&rb=648&ca=20766699&_o=17169175&_t=2019checkingrewardsoffers&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=2019checkingrewardsoffers&pe=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&pf=&ra=085467147123508
Requested by
Host: c1.rfihub.net
URL: https://c1.rfihub.net/js/tc.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
185.31.128.129 , Netherlands, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software
Jetty(9.0.6.v20130930) /
Resource Hash

Request headers

Host
20766699p.rfihub.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
ruds=H4sIAAAAAAAAAOMSNjQwMTCzMDa2MDMxNDIwMTExsBTiM9StTHNzTPHyKy0uqXACAEqzjLwlAAAA; rud=H4sIAAAAAAAAAOMSNjQwMTCzMDa2MDMxNDIwMTExsBTiM9StTHNzTPHyKy0uqXCS4jU0tTQzM7Y0NDE2tzAEAEC8AeQ0AAAA
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969

Response headers

P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie
ruds=H4sIAAAAAAAAAOMSNjQwMTCzMDa2MDMxNDIwMTExsBTiM9StTHNzTPHyKy0uqXACAEqzjLwlAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None rud=H4sIAAAAAAAAAOMSNjQwMTCzMDa2MDMxNDIwMTExsBTiM9StTHNzTPHyKy0uqXCS4jU0tTQzM7Y0NDE2tzAEAEC8AeQ0AAAA; Path=/; Domain=.rfihub.com; Expires=Mon, 30 Aug 2021 14:52:23 GMT; Secure; SameSite=None
Cache-Control
no-cache
Content-Type
text/html
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Transfer-Encoding
chunked
Server
Jetty(9.0.6.v20130930)
1560.js
cdn.pbbl.co/r/ 		29 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.pbbl.co/r/1560.js
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/8637af7c210f4e79436bc39f71b49bfa.js?conditionId0=4854904
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.202.31 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-202-31.fra53.r.cloudfront.net
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
991e345e20633c4160fda63ea07e2c462466cf95305bb93daffe715e694631cf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 05 Aug 2020 14:52:24 GMT
content-encoding
gzip
vary
Accept-Encoding
x-amz-cf-pop
FRA53-C1
x-cache
Miss from cloudfront
status
200
x-xss-protection
1
last-modified
Tue, 04 Aug 2020 20:07:25 GMT
server
nginx/1.10.3 (Ubuntu)
etag
W/"5f29bffd-74ac"
strict-transport-security
max-age=31536000
content-type
application/javascript
via
1.1 89cb19c6f2c9ed0983294d3b12e80e43.cloudfront.net (CloudFront)
cache-control
max-age=1800, public
x-amz-cf-id
vkP_CNkDp8yNGA2pHHNzh59hmN9hxlKDMx_cWXVlcj5oNmi00cYvUw==
expires
Wed, 05 Aug 2020 15:22:24 GMT
embed.js
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bdccae2f9ff3360fa85ef91ba4e613bd06c80da2a5136cde9fb135fd3119a22d

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
WafUCgxt1rSSjeddkg6RQECc764OKzjg
content-encoding
gzip
etag
"d4b75994a7f506aab962bd9dfbc6dbad"
age
7
via
1.1 varnish
x-cache
HIT
status
200
content-length
675
x-amz-id-2
MWNkfFV5Kbf4Rx69D89jWrHzzMLn//X9cSHpp71BaI0JjWAD7aIX03nqGzZbCEzwiQQJVjLYS2c=
x-served-by
cache-hhn4024-HHN
last-modified
Wed, 05 Aug 2020 11:55:38 GMT
server
AmazonS3
x-timer
S1596639144.121839,VS0,VE1
date
Wed, 05 Aug 2020 14:52:24 GMT
vary
Accept-Encoding
x-amz-request-id
AD507F1A2F422EE1
access-control-allow-origin
*
cache-control
max-age=0,must-revalidate
accept-ranges
bytes
content-type
application/javascript
x-cache-hits
1
js
www.googletagmanager.com/gtag/ 		87 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
0277436d29ba61e39381de677e72896466a090184160904d9245d1bb30e1453f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 05 Aug 2020 14:52:24 GMT
content-encoding
br
vary
Accept-Encoding
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34825
x-xss-protection
0
last-modified
Wed, 05 Aug 2020 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 05 Aug 2020 14:52:24 GMT
js
www.googletagmanager.com/gtag/ 		87 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-916451471&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
8c6e9e6bb050a1ed6ff4ad8102541c563b38acf8c0bc4f9de757a913136231f2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 05 Aug 2020 14:52:24 GMT
content-encoding
br
vary
Accept-Encoding
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34823
x-xss-protection
0
last-modified
Wed, 05 Aug 2020 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 05 Aug 2020 14:52:24 GMT
js
www.googletagmanager.com/gtag/ 		87 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e3ce2f23717ff4506961be47668810e4c16c95a67d1bf5a618242017aa00025e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 05 Aug 2020 14:52:24 GMT
content-encoding
br
vary
Accept-Encoding
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34825
x-xss-protection
0
last-modified
Wed, 05 Aug 2020 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 05 Aug 2020 14:52:24 GMT
js
www.googletagmanager.com/gtag/ 		87 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
fa1a1d3c224bfa45ac0af4de0eb5c99e867266393a88edca0c6137d1d728a106
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 05 Aug 2020 14:52:24 GMT
content-encoding
br
vary
Accept-Encoding
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34823
x-xss-protection
0
last-modified
Wed, 05 Aug 2020 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 05 Aug 2020 14:52:24 GMT
js
www.googletagmanager.com/gtag/ 		87 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-677332377&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
2d57f9fbe231ce73b3751443eb9c6b4a2c252e4a538b4aa0bf5b2b0d789d0de9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 05 Aug 2020 14:52:24 GMT
content-encoding
br
vary
Accept-Encoding
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34825
x-xss-protection
0
last-modified
Wed, 05 Aug 2020 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 05 Aug 2020 14:52:24 GMT
bat.js
bat.bing.com/ 		26 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
5c622f5433cbb6ea1df5c0dd8671e55ef7d1464366074730473c453de50a579b

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 05 Aug 2020 14:52:23 GMT
content-encoding
gzip
last-modified
Thu, 16 Jul 2020 20:00:00 GMT
x-msedge-ref
Ref A: 9A8335B97C614FB7AF25934EDAD4F7AC Ref B: FRAEDGE1217 Ref C: 2020-08-05T14:52:24Z
status
200
etag
"0e0bdafab5bd61:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
8022
425466.html
sr.rlcdn.com/ Frame F425 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/d68fd72b57e591b277084f8622774245.js?conditionId0=467299
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.245.222 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

:method
GET
:authority
sr.rlcdn.com
:scheme
https
:path
/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969

Response headers

status
451
date
Wed, 05 Aug 2020 14:52:24 GMT
content-length
0
via
1.1 google
alt-svc
clear
e.gif
nexus.ensighten.com/error/ 		0
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nexus.ensighten.com/error/e.gif?msg=%24%20is%20not%20defined&lnn=-1&fn=&cid=1129&client=citi&publishPath=na_prod&rid=2680754&did=572750&errorName=ReferenceError
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
204
date
Wed, 05 Aug 2020 14:52:24 GMT
cache-control
no-cache, no-store
server
nginx
expires
Wed, 05 Aug 2020 14:52:23 GMT
cls_report
prod.report.nacustomerexperience.citi.com/glassbox/reporting/ 		0
661 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prod.report.nacustomerexperience.citi.com/glassbox/reporting/cls_report?_cls_s=4af5ecf9-60a9-481e-b2f2-fd68021256f9%3A0&_cls_v=1b0e4ccb-ee6b-46fe-82e0-b16150b49ce6
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/c6e9fcb6de829f81daf5335f64e45287.js?conditionId0=3013337
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.193.200.243 , United States, ASN32287 (SOLANA-CITIPLEX, US),
Reverse DNS
Software
GlassBox Cligate /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 05 Aug 2020 14:52:24 GMT
Strict-Transport-Security
max-age=63072000; includeSubdomains;
vary
origin
Server
GlassBox Cligate
X-Akamai-CITISITE
SWDC
X-Frame-Options
SAMEORIGIN
Content-Type
text/plain; charset=utf-8
access-control-allow-origin
https://banking.citi.com
access-control-allow-credentials
true
Connection
close
Content-Length
0
63068
stags.bluekai.com/site/ Frame 0124 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://stags.bluekai.com/site/63068?ret=html&phint=language%3Denglish&phint=product&phint=event&phint=category%3Dlanding%20page&phint=page%3D2019_checking_rewards_offers&phint=section1%3DSapient&phint=section2%3DACQ&phint=section3%3DBANK&phint=section4%3DAffiliate&phint=bankappstatus&phint=productID&phint=__bk_t%3DEnjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&phint=__bk_k%3D&phint=__bk_l%3Dhttps%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&phint=__bk_v%3D3.1.5&limit=10&r=37778479
Requested by
Host: tags.bkrtx.com
URL: https://tags.bkrtx.com/js/bk-coretag.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.43.114.84 , Netherlands, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a23-43-114-84.deploy.static.akamaitechnologies.com
Software
/
Resource Hash

Request headers

Host
stags.bluekai.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969

Response headers

Content-Type
text/html
Content-Length
71
P3P
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
BK-Server
f85e
Date
Wed, 05 Aug 2020 14:52:24 GMT
Connection
keep-alive
X-N
S
0
bat.bing.com/action/ 		0
94 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=16003743&Ver=2&mid=cbc6daa6-27f9-4537-6589-4daf910e500b&sid=89d460ab2d809ac123e46347d7212df8&vid=43f613bb9dcf0534970c189aea0b5e5f&vids=1&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&p=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&r=&lt=2289&evt=pageLoad&msclkid=N&sv=1&rn=387085
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
204
pragma
no-cache
date
Wed, 05 Aug 2020 14:52:23 GMT
cache-control
no-cache, must-revalidate
x-msedge-ref
Ref A: FE72B1729D474FDAB36036BBCE9E03BB Ref B: FRAEDGE1217 Ref C: 2020-08-05T14:52:24Z
access-control-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
0
bat.bing.com/action/ 		0
93 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=16003743&Ver=2&mid=cbc6daa6-27f9-4537-6589-4daf910e500b&sid=89d460ab2d809ac123e46347d7212df8&vid=43f613bb9dcf0534970c189aea0b5e5f&vids=0&ec=2019_checking_rewards_offers&evt=custom&msclkid=N&rn=289982
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
204
pragma
no-cache
date
Wed, 05 Aug 2020 14:52:23 GMT
cache-control
no-cache, must-revalidate
x-msedge-ref
Ref A: 1BDE10A955D541259A361D101EC5DBE5 Ref B: FRAEDGE1217 Ref C: 2020-08-05T14:52:24Z
access-control-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
conversion_async.js
www.googleadservices.com/pagead/ 		29 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s25-in-f2.1e100.net
Software
cafe /
Resource Hash
71aa66e3c94df617c70a1b9530acaa18c9f049d6d29dbaa6d0efe84d7104805a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 05 Aug 2020 14:52:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
11323
x-xss-protection
0
server
cafe
etag
17153042000983114910
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Wed, 05 Aug 2020 14:52:24 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1596639144114&cv=9&fst=1596639144114&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7v1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
163337c14f42890592bb07c575b7ccaf1720ae8e2b901a00e2663959f1e51146
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 05 Aug 2020 14:52:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1167
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1596639144116&cv=9&fst=1596639144116&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7v1&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7937eef6fb8a901d26004848f63d5441dc95ed65bda4d48c545752bd25505731
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 05 Aug 2020 14:52:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1166
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1596639144119&cv=9&fst=1596639144119&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7v1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b54d2f5c151c9f56323a5385e187fa8a05fc60a0ff86aadb0ee70b9b7abec06c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 05 Aug 2020 14:52:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1167
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1596639144120&cv=9&fst=1596639144120&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7v1&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d1b1fe3ddd084baf873a80d09d396c59b9bb5047feae5591de97c101872b193b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 05 Aug 2020 14:52:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1165
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/677332377/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/677332377/?random=1596639144121&cv=9&fst=1596639144121&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7v1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
41875f81f0e36727f0bec6833c935d6471831d38a343e5d6789f445c6c829414
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 05 Aug 2020 14:52:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1167
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/677332377/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/677332377/?random=1596639144122&cv=9&fst=1596639144122&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7v1&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3b31093aaa35f10e52e1b3a0c6d5a32b69ce814d866d49f71d48bba30de8ea29
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 05 Aug 2020 14:52:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1163
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1596639144123&cv=9&fst=1596639144123&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7v1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c77f723363367fced786bb6f2dd1cf5d9da35ee00b049fa08377c54a0e1a15a2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 05 Aug 2020 14:52:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1168
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1596639144124&cv=9&fst=1596639144124&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7v1&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
05ba97f31f54c6b4dd3ba9307c331408fa6a1a4eee283e385e553fd451cfba62
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 05 Aug 2020 14:52:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1166
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1596639144125&cv=9&fst=1596639144125&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7v1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
998c32bcf8afc57295920ee7070f286a425d0ab99638c03bbb23a65c4e6c07b9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 05 Aug 2020 14:52:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1168
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/975701947/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1596639144125&cv=9&fst=1596639144125&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=12...
  • https://www.google.com/pagead/1p-user-list/975701947/?random=1596639144125&cv=9&fst=1596636000000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java...
  • https://www.google.de/pagead/1p-user-list/975701947/?random=1596639144125&cv=9&fst=1596636000000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=...
42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/975701947/?random=1596639144125&cv=9&fst=1596636000000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7v1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&is_vtc=1&random=3134647454&resp=GooglemKTybQhCsO&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 05 Aug 2020 14:52:24 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 05 Aug 2020 14:52:24 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
content-type
image/gif
location
https://www.google.de/pagead/1p-user-list/975701947/?random=1596639144125&cv=9&fst=1596636000000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7v1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&is_vtc=1&random=3134647454&resp=GooglemKTybQhCsO&ipr=y
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
generic1596628536838.js
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ 		337 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1596628536838.js
Requested by
Host: resources.digital-cloud-citi.medallia.com
URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3b78332563eba031fd419560a023215580682ca7b6b238abaaba4b8824038b8b

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
7L5fwst6JaTqaLyp5KtZIhPHAmhbBMQx
content-encoding
gzip
etag
"367745570f9161525443672c934b4d36"
age
2
via
1.1 varnish
x-cache
HIT
status
200
content-length
63340
x-amz-id-2
qBaDmQtbe/zDBsmr5Rj0yDwdlPgJOqgxGT5xEF5Sqqp9L1459vm76fj5yx0+dD3NEOVF7LvHLT4=
x-served-by
cache-hhn4024-HHN
last-modified
Wed, 05 Aug 2020 11:55:37 GMT
server
AmazonS3
x-timer
S1596639144.142995,VS0,VE1
date
Wed, 05 Aug 2020 14:52:24 GMT
vary
Accept-Encoding
x-amz-request-id
B0AAB0BB100215B5
access-control-allow-origin
*
cache-control
max-age=0,must-revalidate
accept-ranges
bytes
content-type
application/javascript
x-cache-hits
1
/
www.google.com/pagead/1p-user-list/916451471/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/916451471/?random=1596639144114&cv=9&fst=1596636000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7v1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=1800271231&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 05 Aug 2020 14:52:24 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/916451471/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/916451471/?random=1596639144114&cv=9&fst=1596636000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7v1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=1800271231&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 05 Aug 2020 14:52:24 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/916451471/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/916451471/?random=1596639144116&cv=9&fst=1596636000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7v1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=1684367329&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 05 Aug 2020 14:52:24 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/916451471/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/916451471/?random=1596639144116&cv=9&fst=1596636000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7v1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=1684367329&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 05 Aug 2020 14:52:24 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/819500023/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/819500023/?random=1596639144119&cv=9&fst=1596636000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7v1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=875693796&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 05 Aug 2020 14:52:24 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/819500023/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/819500023/?random=1596639144119&cv=9&fst=1596636000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7v1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=875693796&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 05 Aug 2020 14:52:24 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/677332377/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/677332377/?random=1596639144121&cv=9&fst=1596636000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7v1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2032449201&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 05 Aug 2020 14:52:24 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/677332377/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/677332377/?random=1596639144121&cv=9&fst=1596636000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7v1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2032449201&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 05 Aug 2020 14:52:24 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/819500023/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/819500023/?random=1596639144120&cv=9&fst=1596636000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7v1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=4194915900&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 05 Aug 2020 14:52:24 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/819500023/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/819500023/?random=1596639144120&cv=9&fst=1596636000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7v1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=4194915900&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 05 Aug 2020 14:52:24 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/677332377/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/677332377/?random=1596639144122&cv=9&fst=1596636000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7v1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3909309367&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 05 Aug 2020 14:52:24 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/677332377/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/677332377/?random=1596639144122&cv=9&fst=1596636000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7v1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3909309367&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 05 Aug 2020 14:52:24 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/959299794/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/959299794/?random=1596639144123&cv=9&fst=1596636000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7v1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3801333957&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 05 Aug 2020 14:52:24 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/959299794/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/959299794/?random=1596639144123&cv=9&fst=1596636000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7v1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3801333957&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 05 Aug 2020 14:52:24 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/959299794/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/959299794/?random=1596639144124&cv=9&fst=1596636000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7v1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3828665071&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 05 Aug 2020 14:52:24 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/959299794/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/959299794/?random=1596639144124&cv=9&fst=1596636000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7v1&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3828665071&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 05 Aug 2020 14:52:24 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/975701947/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/975701947/?random=1596639144125&cv=9&fst=1596636000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7v1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2425879135&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 05 Aug 2020 14:52:24 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/975701947/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/975701947/?random=1596639144125&cv=9&fst=1596636000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7v1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&tiba=Enjoy%20the%20benefits%20of%20banking%20with%20us.%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2425879135&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 05 Aug 2020 14:52:24 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cool-2.1.15.min.js
nebula-cdn.kampyle.com/resources/onsite/js/ 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
Requested by
Host: resources.digital-cloud-citi.medallia.com
URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1596628536838.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.113.175 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 05 Aug 2020 14:52:24 GMT
content-encoding
gzip
age
0
accept-ranges
bytes
x-cache
HIT, HIT, HIT
status
200
x-amz-request-id
9951A5F978E3F1C8
x-amz-id-2
XqVaKHOURU7MwBcpCCMUctvOEFoT/DWescBxrAjf4sZMYSxmxYYg9yZGPXef3JTIqggebmjHsaM=
x-served-by
cache-iad2137-IAD, cache-dca17724-DCA, cache-hhn4068-HHN
access-control-allow-origin
*
last-modified
Tue, 17 Mar 2020 11:10:17 GMT
server
AmazonS3
x-timer
S1596639144.280911,VS0,VE0
etag
"80dd5e3be5152c5c72d552c6a26ef6ff"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish, 1.1 varnish, 1.1 varnish
cache-control
max-age=31536000
content-length
5197
x-cache-hits
5, 291295, 159557
__cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 		0
318 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKE1hY2ludG9zaDsgSW50ZWwgTWFjIE9TIFggMTBfMTRfNSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzgzLjAuNDEwMy42MSBTYWZhcmkvNTM3LjM2Iiwic2Vzc2lvbl9wbGF0Zm9ybSI6ICJMaW51eCB4ODZfNjQiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjEuMTUiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTU5NjYzOTE0NDI5NyIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDIsInVzZXJfaWQiOiAiMTczYmYxYmU5NjdkNC0wYzMxNzNlZTZmNjk4NC0xYjM5NjI1Ni0xZDRjMDAtMTczYmYxYmU5Njg2MTMiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cHM6Ly9iYW5raW5nLmNpdGkuY29tL2Nib2wvY2hlY2tpbmcvcmV3YXJkcy9vZmZlcnMvZGVmYXVsdC5odG0/QlREYXRhPVBXVy5CLmdBQjRmLkIuQnZoLlNERWIuZGlVLmszUi53WkEuQmouU0wuMFQuRSZQcm9zcGVjdElEPTM0MTU4MTdDOTkxOTQ2OThBMjg5RjVFNjY2RUFDOTY5Iiwid2Vic2l0ZUlkIjogNTAsImZlZWRiYWNrX3V1aWQiOiBudWxsLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICI2NTcwLTZhZGQtZmM1ZS02MDE0LWFmYWEtOTI3My03Y2I1LWNjZDkiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTU5NjYzOTE0NDIxMCIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiAxMTk5LCJrYW1weWxlX3ZlcnNpb24iOiAiMi4zMy4xIiwib25zaXRlX3ZlcnNpb24iOiAiMi4zMy4xIiwiaGlzdG9yeV9sZW5ndGgiOiAyLCJldmVudF9sb2NhbF90aW1lc3RhbXAiOiAxNTk2NjM5MTQ0MjE1LCJwb3NpdGlvbiI6IG51bGwsImlzVXNlcklkZW50aWZpZWQiOiBmYWxzZX0KXX0=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.45.82 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS
82.45.241.35.bc.googleusercontent.com
Software
Jetty(9.2.11.v20150529) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-me
prod-instance-gatewayservice-green-c3w5
date
Wed, 05 Aug 2020 14:52:24 GMT
via
1.1 google
server
Jetty(9.2.11.v20150529)
access-control-allow-headers
X-Requested-With, Origin, Content-Type, Accept
status
200
access-control-max-age
1800
access-control-allow-methods
GET, POST, PUT, DELETE
content-type
image/gif; charset=UTF-8
access-control-allow-origin
*
access-control-allow-credentials
true
alt-svc
clear
content-length
0
x-application-context
application:9090
pp.html
cdn.pbbl.co/i/ Frame 7AD4 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.pbbl.co/i/pp.html
Requested by
Host: cdn.pbbl.co
URL: https://cdn.pbbl.co/r/1560.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
143.204.202.31 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-202-31.fra53.r.cloudfront.net
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash

Request headers

:method
GET
:authority
cdn.pbbl.co
:scheme
https
:path
/i/pp.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969

Response headers

status
200
content-type
text/html
server
nginx/1.10.3 (Ubuntu)
date
Wed, 05 Aug 2020 14:52:24 GMT
last-modified
Thu, 30 Jan 2020 18:07:58 GMT
etag
W/"5e331b7e-6cd"
content-encoding
gzip
vary
Accept-Encoding
x-cache
Miss from cloudfront
via
1.1 89cb19c6f2c9ed0983294d3b12e80e43.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
QUVayDbeHicotZBygdST3_6r83vOlcnxKcuCQEDopGD2S7rUkakq8A==
adadvisor.gif
px0.pbbl.co/
Redirect Chain
  • https://px0.pbbl.co/ns/__p2.gif?ppid=37312c5b-ef7f-40fc-bcd7-d8d8374595b9&chk=false&brid=1560&brcid=&email=&orderId=&orderValue=&productId=&offerCode=&label=&pageUrl=https%3A%2F%2Fbanking.citi.com%...
  • https://aa.agkn.com/adscores/g.pixel?sid=9212282598&_ppid=37312c5b-ef7f-40fc-bcd7-d8d8374595b9&_segid=99&iid=709ea5db-07de-4392-bbcc-6fd89de6ea2d
  • https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=37312c5b-ef7f-40fc-bcd7-d8d8374595b9&_segid=99&_zip=&hk=&iid=709ea5db-07de-4392-bbcc-6fd89de6ea2d&mt=&bd=
42 B
132 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=37312c5b-ef7f-40fc-bcd7-d8d8374595b9&_segid=99&_zip=&hk=&iid=709ea5db-07de-4392-bbcc-6fd89de6ea2d&mt=&bd=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 05 Aug 2020 14:52:24 GMT
x-content-type-options
nosniff
server
Google Frontend
content-type
image/gif
status
200
x-cloud-trace-context
c491af1010b9ff56fceb25991fa0efe8
cache-control
must-revalidate, no-cache, no-store
content-length
42
x-xss-protection
1
expires
0

Redirect headers

pragma
no-cache
date
Wed, 05 Aug 2020 14:52:24 GMT
server
AAWebServer
status
302
p3p
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location
https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=37312c5b-ef7f-40fc-bcd7-d8d8374595b9&_segid=99&_zip=&hk=&iid=709ea5db-07de-4392-bbcc-6fd89de6ea2d&mt=&bd=
cache-control
no-cache, no-store, must-revalidate
content-length
0
expires
0
s61612133404142
metrics1.citi.com/b/ss/citinaprod/1/JS-2.0.0/
Redirect Chain
  • https://metrics1.citi.com/b/ss/citinaprod/1/JS-2.0.0/s61612133404142?AQB=1&ndh=1&pf=1&t=5%2F7%2F2020%2016%3A52%3A24%203%20-120&fid=7C2C33ED0391CE6F-2AAE5F038CC4B441&ce=UTF-8&pageName=2019_checking_...
  • https://metrics1.citi.com/b/ss/citinaprod/1/JS-2.0.0/s61612133404142?AQB=1&pccr=true&vidn=2F9563D40515C941-4000089CFE9BB73B&ndh=1&pf=1&t=5%2F7%2F2020%2016%3A52%3A24%203%20-120&fid=7C2C33ED0391CE6F-...
43 B
247 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://metrics1.citi.com/b/ss/citinaprod/1/JS-2.0.0/s61612133404142?AQB=1&pccr=true&vidn=2F9563D40515C941-4000089CFE9BB73B&ndh=1&pf=1&t=5%2F7%2F2020%2016%3A52%3A24%203%20-120&fid=7C2C33ED0391CE6F-2AAE5F038CC4B441&ce=UTF-8&pageName=2019_checking_rewards_offers&g=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&c.&visitStart=1&.c&cc=USD&ch=BANKPublic&c1=Sapient&h1=BANKPublic%2FSapient%2FACQ%2FBANK%2FAffiliate&c2=ACQ&c3=BANK&c4=Affiliate&c8=landing%20page&c9=US&v9=no%20call%2C%20no%20cache&c11=english&v22=3415817C99194698A289F5E666EAC969&c26=no%20value&v38=2019_checking_rewards_offers&v52=no%20value&c59=Sapient_cbol_checking_rewards_offers&c61=9&c63=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&c64=10%3A52AM&v64=10%3A52AM&c65=Wednesday&v65=Wednesday&c66=Wednesday%7C10%3A52AM&v67=New&v68=1&c73=354602%2C578278%2C358910%2C624610%2C552021%2C373773%2C490004%2C622672%2C593700%2C495376%2C495377%2C584566%2C495374%2C495375%2C573017%2C522574%2C588511%2C639140%2C542251%2C632449%2C522572%2C490141%2C580663%2C626438%2C515853%2C522576%2C562734%2C551962%2C582775%2C646921%2C492048%2C492049%2C494437%2C507276%2C531459%2C593103%2C600937%2C555592%2C551970%2C571630%2C385436%2C572752%2C565689%2C512346%2C521100%2C578262%2C613371%2C578343%2C569456%2C637871%2C639206%2C609397%2C609396%2C388219%2C606935%2C359218%2C528144%2C488122%2C572750%2C359214%2C486892%2C510670%2C369351&v73=medium%7C1600&v78=Yes&v87=banking.citi.com&v96=cl%7Cbos%3Ana%7Cdsa%3Ana%7Cax%3Ano%20call%7Cdsr%3Ana%7Crf%3A-%7Ccms%3A-&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.236.9.100 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-236-9-100.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 05 Aug 2020 14:52:24 GMT
x-content-type-options
nosniff
x-c
master-1315.Ia06625.M0-426
p3p
CP="This is not a P3P policy"
status
200
content-length
43
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Thu, 06 Aug 2020 14:52:24 GMT
server
jag
xserver
anedge-7447d85976-xwhdt
etag
3428756453582012416-4614263815901071236
vary
*
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, no-transform, private
expires
Tue, 04 Aug 2020 14:52:24 GMT

Redirect headers

date
Wed, 05 Aug 2020 14:52:24 GMT
x-content-type-options
nosniff
access-control-allow-origin
*
x-c
master-1315.Ia06625.M0-426
p3p
CP="This is not a P3P policy"
status
302
content-length
0
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Thu, 06 Aug 2020 14:52:24 GMT
server
jag
xserver
anedge-7447d85976-lz5zz
content-type
text/plain;charset=utf-8
location
https://metrics1.citi.com/b/ss/citinaprod/1/JS-2.0.0/s61612133404142?AQB=1&pccr=true&vidn=2F9563D40515C941-4000089CFE9BB73B&ndh=1&pf=1&t=5%2F7%2F2020%2016%3A52%3A24%203%20-120&fid=7C2C33ED0391CE6F-2AAE5F038CC4B441&ce=UTF-8&pageName=2019_checking_rewards_offers&g=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&c.&visitStart=1&.c&cc=USD&ch=BANKPublic&c1=Sapient&h1=BANKPublic%2FSapient%2FACQ%2FBANK%2FAffiliate&c2=ACQ&c3=BANK&c4=Affiliate&c8=landing%20page&c9=US&v9=no%20call%2C%20no%20cache&c11=english&v22=3415817C99194698A289F5E666EAC969&c26=no%20value&v38=2019_checking_rewards_offers&v52=no%20value&c59=Sapient_cbol_checking_rewards_offers&c61=9&c63=https%3A%2F%2Fbanking.citi.com%2Fcbol%2Fchecking%2Frewards%2Foffers%2Fdefault.htm%3FBTData%3DPWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E%26ProspectID%3D3415817C99194698A289F5E666EAC969&c64=10%3A52AM&v64=10%3A52AM&c65=Wednesday&v65=Wednesday&c66=Wednesday%7C10%3A52AM&v67=New&v68=1&c73=354602%2C578278%2C358910%2C624610%2C552021%2C373773%2C490004%2C622672%2C593700%2C495376%2C495377%2C584566%2C495374%2C495375%2C573017%2C522574%2C588511%2C639140%2C542251%2C632449%2C522572%2C490141%2C580663%2C626438%2C515853%2C522576%2C562734%2C551962%2C582775%2C646921%2C492048%2C492049%2C494437%2C507276%2C531459%2C593103%2C600937%2C555592%2C551970%2C571630%2C385436%2C572752%2C565689%2C512346%2C521100%2C578262%2C613371%2C578343%2C569456%2C637871%2C639206%2C609397%2C609396%2C388219%2C606935%2C359218%2C528144%2C488122%2C572750%2C359214%2C486892%2C510670%2C369351&v73=medium%7C1600&v78=Yes&v87=banking.citi.com&v96=cl%7Cbos%3Ana%7Cdsa%3Ana%7Cax%3Ano%20call%7Cdsr%3Ana%7Crf%3A-%7Ccms%3A-&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
cache-control
no-cache, no-store, max-age=0, no-transform, private
expires
Tue, 04 Aug 2020 14:52:24 GMT
cls_report
prod.report.nacustomerexperience.citi.com/glassbox/reporting/ 		11 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://prod.report.nacustomerexperience.citi.com/glassbox/reporting/cls_report?clsjsv=6.3.98B112&_cls_s=4af5ecf9-60a9-481e-b2f2-fd68021256f9:0&_cls_v=1b0e4ccb-ee6b-46fe-82e0-b16150b49ce6&pid=9f817fed-6abd-42bf-9e99-0254f95a962a&sn=1&aid=
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/c6e9fcb6de829f81daf5335f64e45287.js?conditionId0=3013337
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.193.200.243 , United States, ASN32287 (SOLANA-CITIPLEX, US),
Reverse DNS
Software
GlassBox Cligate /
Resource Hash
6ac9ab0f5a1d720b89c50ca18a96e094e6125dbcec4e0f773a1c89ab4fa3a17b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Date
Wed, 05 Aug 2020 14:52:35 GMT
content-encoding
gzip
vary
origin
Server
GlassBox Cligate
X-Akamai-CITISITE
SWDC
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000; includeSubdomains;
Content-Type
application/json
access-control-allow-origin
https://banking.citi.com
access-control-allow-credentials
true
Connection
close
content-length
2075
cls_report
prod.report.nacustomerexperience.citi.com/glassbox/reporting/ 		11 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://prod.report.nacustomerexperience.citi.com/glassbox/reporting/cls_report?clsjsv=6.3.98B112&_cls_s=4af5ecf9-60a9-481e-b2f2-fd68021256f9:0&_cls_v=1b0e4ccb-ee6b-46fe-82e0-b16150b49ce6&pid=9f817fed-6abd-42bf-9e99-0254f95a962a&sn=2&aid=
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/c6e9fcb6de829f81daf5335f64e45287.js?conditionId0=3013337
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.193.200.243 , United States, ASN32287 (SOLANA-CITIPLEX, US),
Reverse DNS
Software
GlassBox Cligate /
Resource Hash
6ac9ab0f5a1d720b89c50ca18a96e094e6125dbcec4e0f773a1c89ab4fa3a17b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Date
Wed, 05 Aug 2020 14:52:35 GMT
content-encoding
gzip
vary
origin
Server
GlassBox Cligate
X-Akamai-CITISITE
SWDC
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000; includeSubdomains;
Content-Type
application/json
access-control-allow-origin
https://banking.citi.com
access-control-allow-credentials
true
Connection
close
content-length
2075
cls_report
prod.report.nacustomerexperience.citi.com/glassbox/reporting/ 		11 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://prod.report.nacustomerexperience.citi.com/glassbox/reporting/cls_report?clsjsv=6.3.98B112&_cls_s=4af5ecf9-60a9-481e-b2f2-fd68021256f9:0&_cls_v=1b0e4ccb-ee6b-46fe-82e0-b16150b49ce6&pid=9f817fed-6abd-42bf-9e99-0254f95a962a&sn=3&aid=
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/c6e9fcb6de829f81daf5335f64e45287.js?conditionId0=3013337
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.193.200.243 , United States, ASN32287 (SOLANA-CITIPLEX, US),
Reverse DNS
Software
GlassBox Cligate /
Resource Hash
6ac9ab0f5a1d720b89c50ca18a96e094e6125dbcec4e0f773a1c89ab4fa3a17b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://banking.citi.com/cbol/checking/rewards/offers/default.htm?BTData=PWW.B.gAB4f.B.Bvh.SDEb.diU.k3R.wZA.Bj.SL.0T.E&ProspectID=3415817C99194698A289F5E666EAC969
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Date
Wed, 05 Aug 2020 14:52:35 GMT
content-encoding
gzip
vary
origin
Server
GlassBox Cligate
X-Akamai-CITISITE
SWDC
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000; includeSubdomains;
Content-Type
application/json
access-control-allow-origin
https://banking.citi.com
access-control-allow-credentials
true
Connection
close
content-length
2075

Verdicts & Comments Add Verdict or Comment

113 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| btVars function| TrackPixel object| citiData object| ensBootstraps object| Bootstrapper function| Visitor object| s_c_il number| s_c_in object| adobe_visitor function| targetPageParams object| adobe object| ___target_traces function| mboxCreate function| mboxDefine function| mboxUpdate object| webpackJsonp object| __core-js_shared__ object| core object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill object| dataLayer function| gtag function| bk_async object| val function| _rfi function| AppMeasurement number| s_objectID number| s_giq string| rsidAry object| s_tms object| _cls_config object| _detector object| google_tag_manager object| google_tag_data object| tags object| BKTAG function| bk_addUserCtx function| bk_addPageCtx function| bk_addEmailHash function| bk_addPhoneHash function| bk_doJSTag function| bk_doJSTag2 function| bk_doCarsJSTag function| bk_doPartnerAltTag function| bk_doCallbackTag function| bk_doCallbackTagWithTimeOut boolean| bk_use_multiple_iframes boolean| bk_allow_multiple_calls function| extend function| RocketfuelBCPInclude function| RocketfuelBCPClass function| RocketfuelUtils object| RocketfuelBCP string| szPixSrcURL object| ttMETA function| ttMBX object| _pp function| _trackAnalytics undefined| CCSID undefined| citiLocale boolean| citiNGA undefined| pageID object| local_params object| uetq string| sName function| s_getLoadTime function| s_gi function| s_pgicq function| c_r function| c_rspers function| c_w object| s number| s_loadT function| UET function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO object| KAMPYLE_EMBED object| MDIGITAL object| KAMPYLE_CONSTANT object| KAMPYLE_FUNC object| KAMPYLE_DATA object| KAMPYLE_TARGETING object| KAMPYLE_ANIMATION object| KAMPYLE_VIEW object| KAMPYLE_MESSAGE object| KAMPYLE_UTILS object| KAMPYLE_EVENT_DISPATCHER object| MDIGITAL_OnPrem object| KAMPYLE_COOLADATA object| KAMPYLE_COMMON object| KAMPYLE_THERMO_TEALEAF_FUNC object| KAMPYLE_ADOBE_ANALYTICS object| KAMPYLE_CLICKTALE_FUNC object| KAMPYLE_SESSIONCAM object| KAMPYLE_ONSITE_SDK undefined| KAMPYLE_POLYFILLS object| KAMPYLE_INTEGRATION object| cooladata object| rs string| r object| rx number| d object| eo number| y string| s_tnt object| s_i_citinaprod

15 Cookies

Domain/Path Name / Value
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAAAOMSNjQwMTCzMDa2MDMxNDIwMTExsBTiM9StTHNzTPHyKy0uqXACAEqzjLwlAAAA
banking.citi.com/ Name: CitiBT
Value: GUID=2FBA27346F514531987E3D637DE021F4
.citi.com/ Name: mboxEdgeCluster
Value: 37
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAAAOMSNjQwMTCzMDa2MDMxNDIwMTExsBTiM9StTHNzTPHyKy0uqXCS4jU0tTQzM7Y0NDE2tzAEAEC8AeQ0AAAA
.citi.com/ Name: mbox
Value: session#e097105625db49b4bb07f075200e9dc1#1596641004|PC#e097105625db49b4bb07f075200e9dc1.37_0#1659883944
.citi.com/ Name: AMCV_61834D9B5228A7430A490D45%40AdobeOrg
Value: -330454231%7CMCIDTS%7C18480%7CMCMID%7C58679624252513646873412116391313189457%7CMCAAMLH-1597243943%7C6%7CMCAAMB-1597243943%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1596646343s%7CNONE%7CMCSYNCSOP%7C411-18487%7CMCAID%7CNONE%7CvVersion%7C3.1.2
.citi.com/ Name: _gcl_au
Value: 1.1.1025242241.1596639144
.citi.com/ Name: check
Value: true
.citi.com/ Name: _cls_s
Value: 4af5ecf9-60a9-481e-b2f2-fd68021256f9:0
.citi.com/ Name: AMCVS_61834D9B5228A7430A490D45%40AdobeOrg
Value: 1
banking.citi.com/ Name: 7830
Value: error
.citi.com/ Name: s_ecid
Value: MCMID%7C58679624252513646873412116391313189457
banking.citi.com/ Name: 7018
Value:
.citi.com/ Name: _cls_v
Value: 1b0e4ccb-ee6b-46fe-82e0-b16150b49ce6
banking.citi.com/ Name: CitiBTSES
Value: SID=FFF1330AAF454E5A97324337E4831E59

4 Console Messages

Source Level URL
Text
console-api log URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js(Line 130)
Message:
Loading at.js
console-api log URL: https://nexus.ensighten.com/citi/na_prod/code/c6e9fcb6de829f81daf5335f64e45287.js?conditionId0=3013337(Line 79)
Message:
Cookies effective TLD determined: .citi.com
console-api log URL: https://nexus.ensighten.com/citi/na_prod/code/c6e9fcb6de829f81daf5335f64e45287.js?conditionId0=3013337(Line 576)
Message:
[object HTMLDivElement]
console-api log (Line 11)
Message:
test 12

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

20766699p.rfihub.com
a.rfihub.com
aa.agkn.com
banking.citi.com
bat.bing.com
c1.rfihub.net
cdn.pbbl.co
citi.bridgetrack.com
citi.demdex.net
citicorpcreditservic.tt.omtrdc.net
cm.everesttech.net
core.conversant.mgr.consensu.org
dpm.demdex.net
googleads.g.doubleclick.net
login.dotomi.com
metrics1.citi.com
nebula-cdn.kampyle.com
nexus.ensighten.com
offer.citibank.com
prod.report.nacustomerexperience.citi.com
px0.pbbl.co
resources.digital-cloud-citi.medallia.com
sec-citi.bridgetrack.com
sr.rlcdn.com
stags.bluekai.com
tags.bkrtx.com
udc-neb.kampyle.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
104.103.94.86
143.204.202.31
15.236.9.100
151.101.113.175
151.101.114.133
18.197.253.20
185.31.128.128
185.31.128.129
192.193.200.243
216.58.207.66
23.43.114.84
2620:1ec:c11::200
2a00:1450:4001:80b::2003
2a00:1450:4001:816::2008
2a00:1450:4001:819::2013
2a00:1450:4001:81d::2004
2a00:1450:4001:825::2002
34.107.138.236
34.250.115.136
35.176.206.104
35.190.22.40
35.241.45.82
35.244.245.222
52.30.191.169
54.76.99.142
64.158.223.158
66.117.28.86
89.207.16.204
92.123.0.215
0277436d29ba61e39381de677e72896466a090184160904d9245d1bb30e1453f
05ba97f31f54c6b4dd3ba9307c331408fa6a1a4eee283e385e553fd451cfba62
06dfb367edf9bbff810def9f75f8695b3ccfbcb2813306609fc6e18fcacfc17e
0a747978746092df6f18fe90ef23b9896959f6a9bb0b58cbab2cbc851793e023
0f4de6bdc80c01b61a185dc570921b4b1101064175efb531c8fdf522dfeaa69d
163337c14f42890592bb07c575b7ccaf1720ae8e2b901a00e2663959f1e51146
1fc90ca7cad373bbb2464bc5cf020c039a70652527015c24a61f1da4c0e9d11a
2408491e940c2db403d7984cea318e87244b90366452ef36f6fe25234be0a2f7
25f64751bcdc3f27e8b80784ad4a669e49e1a23609a7852f76fa5dd60882f3d1
28ced8a7cb30e6f747ad8116dcd11d3dbf5848c2d49a9babbd7d8c94e0a29cf7
2d57f9fbe231ce73b3751443eb9c6b4a2c252e4a538b4aa0bf5b2b0d789d0de9
2f2a131cf435e4a866009173df06f5a6b7f0f96ce8d457e4e5a2b19d5299eea8
31b00ff4929696dfca06885da68e58c3e09f6ecb4ae0fe1ae287e99a3fd1f716
3a6fb7a713f971263ab963077cba86233d92f47fc6bddf50645938295366a511
3b31093aaa35f10e52e1b3a0c6d5a32b69ce814d866d49f71d48bba30de8ea29
3b78332563eba031fd419560a023215580682ca7b6b238abaaba4b8824038b8b
3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1
3f30edc23189be51bfe745ae4fc153d95756fbfc9474d73362b1da7f4430f15a
41875f81f0e36727f0bec6833c935d6471831d38a343e5d6789f445c6c829414
47dd8dbaac8bea74b43cbb3bdba6334832df62de6f43e9cb0fe836116f1cbeec
5c622f5433cbb6ea1df5c0dd8671e55ef7d1464366074730473c453de50a579b
638cc8613f745a28844178790513728475457a33c901949ef9bae066985dc635
63b98a0c8568c08fd01a6946a147bca65eff26c8085f1ccb5330aafe0f0dcd15
6ac9ab0f5a1d720b89c50ca18a96e094e6125dbcec4e0f773a1c89ab4fa3a17b
71aa66e3c94df617c70a1b9530acaa18c9f049d6d29dbaa6d0efe84d7104805a
7937eef6fb8a901d26004848f63d5441dc95ed65bda4d48c545752bd25505731
7c45a19dbbc672ac107be9dde3aafa0f96b10bf82b8178fec12d0194adb44c72
7df13706eaab8ce9a3dcd2a501f60bc66987c83834d07dfaf07ae56ef814c110
87539853e3f4c49824fa46f864a4e5628ed9a36ffa6cb3c09163ddeca8af04e4
8c6e9e6bb050a1ed6ff4ad8102541c563b38acf8c0bc4f9de757a913136231f2
95de6008b2fdb7aacba063f8004d3ef8765ec3b8f63c4179bf739f4f302c26d6
97358551b1605c44ead13067c8dcccd6e82e71a385e7fe0f0b0dc0ee0f8e30d1
991e345e20633c4160fda63ea07e2c462466cf95305bb93daffe715e694631cf
998c32bcf8afc57295920ee7070f286a425d0ab99638c03bbb23a65c4e6c07b9
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9cecf169326fda36eb5502d7e7bb4ca80382edda95861608654816c81fab8b00
a15d81fafcae2a61fc7c1ce9adaabcd6747bb6b569a067bbf178bc4c0cdb85da
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
b54d2f5c151c9f56323a5385e187fa8a05fc60a0ff86aadb0ee70b9b7abec06c
b86cff804c85b774ad0cdd31a17ff0f9421b2681708890a089c0d4ff443de60a
bdccae2f9ff3360fa85ef91ba4e613bd06c80da2a5136cde9fb135fd3119a22d
c77f723363367fced786bb6f2dd1cf5d9da35ee00b049fa08377c54a0e1a15a2
c8abee6328a45df6617f4b8a6c65791ffd22bdf4188b474164ee5823670fc1d2
cb2bb21705b9cce9781d02c9223f3344a65bd5314027d11c5a8518ad4bd84e84
cd95fb43e0039c9df88f8a7a0475188130b9da6464cec79a3889d20b0b9531c0
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d1b1fe3ddd084baf873a80d09d396c59b9bb5047feae5591de97c101872b193b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3ce2f23717ff4506961be47668810e4c16c95a67d1bf5a618242017aa00025e
e5d7f23805ab84bea5118791dd209b79603285f9f7df31eec3210e077f076ae4
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef72134da48ff0f5dcc948bd13ab14e28d4d1c8322e71fa2a4796168284b0aef
f071110e088267097a0946520a2a08bd589f971f3ce4cb989feda1415026ac49
f1e89f1ee22f64fcbfe1467b4e3fb880d7f7ff489ff0e1f21cc709b11ad057f4
f4a8acdd1c55d7efc5a2925d24bbea9381091aa2c2755afd540653a14559f109
fa1a1d3c224bfa45ac0af4de0eb5c99e867266393a88edca0c6137d1d728a106