tkamulksa.com Open in urlscan Pro
204.93.174.112 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://tkamulksa.com/check/citi/CITIZ/login/
Effective URL:
http://tkamulksa.com/check/citi/CITIZ/login/ses/index
Submission: On April 23 via automatic, source phishtank (April 23rd 2022, 6:11:29 pm UTC) — Scanned from DE

Summary HTTP 72 Redirects Behaviour Indicators

Summary

This website contacted 16 IPs in 4 countries across 16 domains to perform 72 HTTP transactions. The main IP is 204.93.174.112, located in Elgin, United States and belongs to SERVERCENTRAL, US. The main domain is tkamulksa.com.

This is the only time tkamulksa.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citibank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
18	204.93.174.112 204.93.174.112	23352 (SERVERCEN...) (SERVERCENTRAL)
2 5	52.49.221.107 52.49.221.107	16509 (AMAZON-02) (AMAZON-02)
10	18.195.42.228 18.195.42.228	16509 (AMAZON-02) (AMAZON-02)
1	15.188.95.229 15.188.95.229	16509 (AMAZON-02) (AMAZON-02)
1	96.16.135.39 96.16.135.39	16625 (AKAMAI-AS) (AKAMAI-AS)
1	23.216.77.19 23.216.77.19	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 2	54.216.2.121 54.216.2.121	16509 (AMAZON-02) (AMAZON-02)
1	18.202.95.235 18.202.95.235	16509 (AMAZON-02) (AMAZON-02)
2	151.101.66.133 151.101.66.133	54113 (FASTLY) (FASTLY)
1	18.66.2.106 18.66.2.106	16509 (AMAZON-02) (AMAZON-02)
1 9	2a00:1450:400... 2a00:1450:4001:811::2008	15169 (GOOGLE) (GOOGLE)
1	104.89.42.102 104.89.42.102	16625 (AKAMAI-AS) (AKAMAI-AS)
2	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE)
1	35.241.45.82 35.241.45.82	15169 (GOOGLE) (GOOGLE)
1 8	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
1 8	2a00:1450:400... 2a00:1450:4001:811::2004	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
72	16

18 204.93.174.112 (Elgin, United States)

ASN23352 (SERVERCENTRAL, US)
PTR: vps.chatreporter.com

tkamulksa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.49.221.107 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-221-107.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 18.195.42.228 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com

nexus.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.188.95.229 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-188-95-229.eu-west-3.compute.amazonaws.com

metrics.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 96.16.135.39 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a96-16-135-39.deploy.static.akamaitechnologies.com

tags.bkrtx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.216.77.19 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-216-77-19.deploy.static.akamaitechnologies.com

fast.citi.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.216.2.121 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-216-2-121.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.202.95.235 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-202-95-235.eu-west-1.compute.amazonaws.com

citicorpcreditservic.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.66.133 (United States)

ASN54113 (FASTLY, US)

resources.digital-cloud-citi.medallia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.2.106 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-2-106.txl50.r.cloudfront.net

cdn.pbbl.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:811::2008 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.89.42.102 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-89-42-102.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.18.98 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s05-in-f98.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.82 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 82.45.241.35.bc.googleusercontent.com

udc-neb.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:811::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	tkamulksa.com tkamulksa.com	2 MB
10	ensighten.com nexus.ensighten.com — Cisco Umbrella Rank: 2772	79 KB
9	googletagmanager.com 1 redirects www.googletagmanager.com — Cisco Umbrella Rank: 58	331 KB
8	google.de www.google.de — Cisco Umbrella Rank: 6544	1 KB
8	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2	1000 B
8	doubleclick.net 1 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 38	8 KB
6	demdex.net 2 redirects dpm.demdex.net — Cisco Umbrella Rank: 199 fast.citi.demdex.net	7 KB
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 103	30 KB
2	medallia.com resources.digital-cloud-citi.medallia.com — Cisco Umbrella Rank: 26735	89 KB
2	everesttech.net 2 redirects cm.everesttech.net — Cisco Umbrella Rank: 916	772 B
1	kampyle.com udc-neb.kampyle.com — Cisco Umbrella Rank: 2431	317 B
1	bluekai.com stags.bluekai.com — Cisco Umbrella Rank: 467	338 B
1	pbbl.co cdn.pbbl.co — Cisco Umbrella Rank: 8896
1	omtrdc.net citicorpcreditservic.tt.omtrdc.net — Cisco Umbrella Rank: 30587	1 KB
1	bkrtx.com tags.bkrtx.com — Cisco Umbrella Rank: 2879	16 KB
1	citi.com metrics.citi.com	1 KB
72	16

	Domain	Requested by
18	tkamulksa.com	tkamulksa.com
10	nexus.ensighten.com	tkamulksa.com
9	www.googletagmanager.com	1 redirects
8	www.google.de
8	www.google.com	1 redirects
8	googleads.g.doubleclick.net	1 redirects www.googleadservices.com
5	dpm.demdex.net	2 redirects tkamulksa.com
2	www.googleadservices.com	www.googletagmanager.com
2	resources.digital-cloud-citi.medallia.com	nexus.ensighten.com resources.digital-cloud-citi.medallia.com
2	cm.everesttech.net	2 redirects
1	udc-neb.kampyle.com
1	stags.bluekai.com	tags.bkrtx.com
1	cdn.pbbl.co	nexus.ensighten.com
1	citicorpcreditservic.tt.omtrdc.net	tkamulksa.com
1	fast.citi.demdex.net	tkamulksa.com
1	tags.bkrtx.com	nexus.ensighten.com
1	metrics.citi.com	tkamulksa.com
72	17

This site contains no links.

Subject Issuer	Validity	Valid
*.bkrtx.com DigiCert SHA2 Secure Server CA	`2022-02-07` - `2023-02-06`	a year	crt.sh
*.digital-cloud-citi.medallia.com SSL.com RSA SSL subCA	`2021-11-15` - `2022-10-20`	a year	crt.sh
odc-pixel-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2022-02-26` - `2023-03-01`	a year	crt.sh
*.kampyle.com SSL.com RSA SSL subCA	`2022-02-28` - `2023-03-31`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-04-11` - `2022-07-04`	3 months	crt.sh

This page contains 3 frames:

Primary Page: http://tkamulksa.com/check/citi/CITIZ/login/ses/index
Frame ID: 3E3C5C9A7D0D6D691C074355862A8FBA
Requests: 70 HTTP requests in this frame

Frame: http://fast.citi.demdex.net/dest5.html?d_nsid=0
Frame ID: 0F3314ACF06480BC0D631CC7A0385365
Requests: 1 HTTP requests in this frame

Frame: https://stags.bluekai.com/site/63068?ret=html&phint=language&phint=product&phint=event&phint=category&phint=page&phint=section1&phint=section2&phint=section3&phint=section4&phint=bankappstatus&phint=productID&phint=__bk_t%3DSign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&phint=__bk_k%3D&phint=__bk_pr%3Dhttp%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2F&phint=__bk_l%3Dhttp%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2Fses%2Findex&phint=__bk_v%3D3.1.10&limit=10&r=28667476
Frame ID: 23979606BC2DABC502AA42950591F31A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign On to Your Citi Account - Citibank

Page URL History Show full URLs

http://tkamulksa.com/check/citi/CITIZ/login/ Page URL
http://tkamulksa.com/check/citi/CITIZ/login/ses/index Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Ensighten (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

//nexus\.ensighten\.com/

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

72
Requests

35 %
HTTPS

24 %
IPv6

16
Domains

17
Subdomains

16
IPs

4
Countries

3070 kB
Transfer

4333 kB
Size

18
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://tkamulksa.com/check/citi/CITIZ/login/ Page URL
http://tkamulksa.com/check/citi/CITIZ/login/ses/index Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11

http://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1650737481266 HTTP 302
http://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1650737481266

Request Chain 31

http://cm.everesttech.net/cm/dd?d_uuid=00850369446719307651268384363380542163 HTTP 301
https://cm.everesttech.net/cm/dd?d_uuid=00850369446719307651268384363380542163 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YmRBSQAAAJaVVgP7 HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YmRBSQAAAJaVVgP7

Request Chain 36

http://www.googletagmanager.com/gtag/js?id=AW-916451471 HTTP 302
https://www.googletagmanager.com/gtag/js?id=AW-916451471

Request Chain 40

http://www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c HTTP 307
https://www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c

Request Chain 41

http://www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c HTTP 307
https://www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c

Request Chain 42

http://www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c HTTP 307
https://www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c

Request Chain 43

http://www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c HTTP 307
https://www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c

Request Chain 44

http://www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c HTTP 307
https://www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c

Request Chain 45

http://www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c HTTP 307
https://www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c

Request Chain 46

http://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c HTTP 307
https://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c

Request Chain 58

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1650737487083&cv=9&fst=1650737487083&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4k0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2Fses%2Findex&ref=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1 HTTP 302
https://www.google.com/pagead/1p-user-list/819500023/?random=1650737487083&cv=9&fst=1650736800000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4k0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2Fses%2Findex&ref=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&is_vtc=1&random=2341704505&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-user-list/819500023/?random=1650737487083&cv=9&fst=1650736800000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4k0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2Fses%2Findex&ref=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&is_vtc=1&random=2341704505&resp=GooglemKTybQhCsO&ipr=y

72 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK /
tkamulksa.com/check/citi/CITIZ/login/ 53 B
326 B 2257ms
1843ms Document
text/html 204.93.174.112
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL

http://tkamulksa.com/check/citi/CITIZ/login/

Protocol

HTTP/1.1

Server

204.93.174.112 Elgin, United States, ASN23352 (SERVERCENTRAL, US),

Reverse DNS

vps.chatreporter.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Sat, 23 Apr 2022 18:11:15 GMT
Keep-Alive: timeout=5, max=100
Server: Apache
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Primary Request index Show response
tkamulksa.com/check/citi/CITIZ/login/ses/ 371 KB
371 KB 1180ms
1180ms Document
text/html 204.93.174.112
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL

http://tkamulksa.com/check/citi/CITIZ/login/ses/index

Requested by

Host: tkamulksa.com
URL: http://tkamulksa.com/check/citi/CITIZ/login/

Protocol

HTTP/1.1

Server

204.93.174.112 Elgin, United States, ASN23352 (SERVERCENTRAL, US),

Reverse DNS

vps.chatreporter.com

Software

Apache /

Resource Hash

be7f7c26bf389d3d3ad17a098c4b865438a6581e8d92ea517c20a804c259577a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://tkamulksa.com/check/citi/CITIZ/login/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Sat, 23 Apr 2022 18:11:17 GMT
Keep-Alive: timeout=5, max=99
Server: Apache
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Bootstrap.js Show response
tkamulksa.com/check/citi/CITIZ/login/ses/js/ 280 KB
280 KB 1997ms
1892ms Script
application/javascript 204.93.174.112
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL

http://tkamulksa.com/check/citi/CITIZ/login/ses/js/Bootstrap.js

Requested by

Host: tkamulksa.com
URL: http://tkamulksa.com/check/citi/CITIZ/login/ses/index

Protocol

HTTP/1.1

Server

204.93.174.112 Elgin, United States, ASN23352 (SERVERCENTRAL, US),

Reverse DNS

vps.chatreporter.com

Software

Apache /

Resource Hash

c73e69a929ce513e05bba4a3359296cf41064aaff3355d900b971ca39175a935

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/check/citi/CITIZ/login/ses/index
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Sat, 23 Apr 2022 18:11:19 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 10 Jun 2021 04:44:56 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 286351
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Interstate-Light.woff
tkamulksa.com/check/citi/CITIZ/login/ses/css/ 74 KB
74 KB 1741ms
1638ms Font
font/woff 204.93.174.112
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL

http://tkamulksa.com/check/citi/CITIZ/login/ses/css/Interstate-Light.woff

Requested by

Host: tkamulksa.com
URL: http://tkamulksa.com/check/citi/CITIZ/login/ses/index

Protocol

HTTP/1.1

Server

204.93.174.112 Elgin, United States, ASN23352 (SERVERCENTRAL, US),

Reverse DNS

vps.chatreporter.com

Software

Apache /

Resource Hash

f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://tkamulksa.com/check/citi/CITIZ/login/ses/index
Origin: http://tkamulksa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Sat, 23 Apr 2022 18:11:19 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 10 Jun 2021 04:29:36 GMT
Server: Apache
Content-Type: font/woff
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 75538
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Interstate-Bold.woff
tkamulksa.com/check/citi/CITIZ/login/ses/css/ 70 KB
70 KB 1853ms
1749ms Font
font/woff 204.93.174.112
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL

http://tkamulksa.com/check/citi/CITIZ/login/ses/css/Interstate-Bold.woff

Requested by

Host: tkamulksa.com
URL: http://tkamulksa.com/check/citi/CITIZ/login/ses/index

Protocol

HTTP/1.1

Server

204.93.174.112 Elgin, United States, ASN23352 (SERVERCENTRAL, US),

Reverse DNS

vps.chatreporter.com

Software

Apache /

Resource Hash

e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://tkamulksa.com/check/citi/CITIZ/login/ses/index
Origin: http://tkamulksa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Sat, 23 Apr 2022 18:11:19 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 10 Jun 2021 04:29:34 GMT
Server: Apache
Content-Type: font/woff
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 71874
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Interstate-Regular.woff
tkamulksa.com/check/citi/CITIZ/login/ses/css/ 77 KB
77 KB 1831ms
1727ms Font
font/woff 204.93.174.112
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL

http://tkamulksa.com/check/citi/CITIZ/login/ses/css/Interstate-Regular.woff

Requested by

Host: tkamulksa.com
URL: http://tkamulksa.com/check/citi/CITIZ/login/ses/index

Protocol

HTTP/1.1

Server

204.93.174.112 Elgin, United States, ASN23352 (SERVERCENTRAL, US),

Reverse DNS

vps.chatreporter.com

Software

Apache /

Resource Hash

045cd226594cb32ddf9d4db8ee45611f4d0788675ae50180b68da975e66fe1fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://tkamulksa.com/check/citi/CITIZ/login/ses/index
Origin: http://tkamulksa.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Sat, 23 Apr 2022 18:11:19 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 10 Jun 2021 04:29:38 GMT
Server: Apache
Content-Type: font/woff
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 78762
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK styles.css
tkamulksa.com/check/citi/CITIZ/login/ses/css/ 1 MB
1 MB 1831ms
1728ms Stylesheet
text/css 204.93.174.112
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL

http://tkamulksa.com/check/citi/CITIZ/login/ses/css/styles.css

Requested by

Host: tkamulksa.com
URL: http://tkamulksa.com/check/citi/CITIZ/login/ses/index

Protocol

HTTP/1.1

Server

204.93.174.112 Elgin, United States, ASN23352 (SERVERCENTRAL, US),

Reverse DNS

vps.chatreporter.com

Software

Apache /

Resource Hash

70f3cacfaa80a9d270cf98ce26fef532b1004bc471a20611f35bc70cd6d8d899

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/check/citi/CITIZ/login/ses/index
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Sat, 23 Apr 2022 18:11:18 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sun, 13 Jun 2021 22:04:20 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1388422
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK citipridelogo.jpg
tkamulksa.com/check/citi/CITIZ/login/ses/css/ 3 KB
3 KB 1915ms
1915ms Image
image/jpeg 204.93.174.112
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://tkamulksa.com/check/citi/CITIZ/login/ses/css/citipridelogo.jpg

Requested by

Host: tkamulksa.com
URL: http://tkamulksa.com/check/citi/CITIZ/login/ses/index

Protocol

HTTP/1.1

Server

204.93.174.112 Elgin, United States, ASN23352 (SERVERCENTRAL, US),

Reverse DNS

vps.chatreporter.com

Software

Apache /

Resource Hash

f94cb7cab7413f3e828c469111e3f9ee7bf21ac163cea343be2cdef866160d40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/check/citi/CITIZ/login/ses/index
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Sat, 23 Apr 2022 18:11:21 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 10 Jun 2021 04:03:50 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 2658
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK 050-location@2x.svg
tkamulksa.com/check/citi/CITIZ/login/ses/css/ 2 KB
2 KB 1764ms
1763ms Image
image/svg+xml 204.93.174.112
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://tkamulksa.com/check/citi/CITIZ/login/ses/css/050-location@2x.svg

Requested by

Host: tkamulksa.com
URL: http://tkamulksa.com/check/citi/CITIZ/login/ses/index

Protocol

HTTP/1.1

Server

204.93.174.112 Elgin, United States, ASN23352 (SERVERCENTRAL, US),

Reverse DNS

vps.chatreporter.com

Software

Apache /

Resource Hash

6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/check/citi/CITIZ/login/ses/index
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Sat, 23 Apr 2022 18:11:21 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 10 Jun 2021 04:29:00 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 1752
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK icon_globe_med-grey@2x.svg
tkamulksa.com/check/citi/CITIZ/login/ses/css/ 3 KB
4 KB 1873ms
1872ms Image
image/svg+xml 204.93.174.112
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://tkamulksa.com/check/citi/CITIZ/login/ses/css/icon_globe_med-grey@2x.svg

Requested by

Host: tkamulksa.com
URL: http://tkamulksa.com/check/citi/CITIZ/login/ses/index

Protocol

HTTP/1.1

Server

204.93.174.112 Elgin, United States, ASN23352 (SERVERCENTRAL, US),

Reverse DNS

vps.chatreporter.com

Software

Apache /

Resource Hash

a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/check/citi/CITIZ/login/ses/index
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Sat, 23 Apr 2022 18:11:21 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 10 Jun 2021 04:29:14 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 3523
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK 320_Citi-PLT@3x.png
tkamulksa.com/check/citi/CITIZ/login/ses/css/ 11 KB
12 KB 1033ms
1032ms Image
image/png 204.93.174.112
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://tkamulksa.com/check/citi/CITIZ/login/ses/css/320_Citi-PLT@3x.png

Requested by

Host: tkamulksa.com
URL: http://tkamulksa.com/check/citi/CITIZ/login/ses/index

Protocol

HTTP/1.1

Server

204.93.174.112 Elgin, United States, ASN23352 (SERVERCENTRAL, US),

Reverse DNS

vps.chatreporter.com

Software

Apache /

Resource Hash

f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/check/citi/CITIZ/login/ses/index
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Sat, 23 Apr 2022 18:11:21 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 10 Jun 2021 04:03:40 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 11562
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK 1440_Citi-PLT@3x.png
tkamulksa.com/check/citi/CITIZ/login/ses/css/ 27 KB
28 KB 1041ms
1040ms Image
image/png 204.93.174.112
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://tkamulksa.com/check/citi/CITIZ/login/ses/css/1440_Citi-PLT@3x.png

Requested by

Host: tkamulksa.com
URL: http://tkamulksa.com/check/citi/CITIZ/login/ses/index

Protocol

HTTP/1.1

Server

204.93.174.112 Elgin, United States, ASN23352 (SERVERCENTRAL, US),

Reverse DNS

vps.chatreporter.com

Software

Apache /

Resource Hash

6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/check/citi/CITIZ/login/ses/index
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Sat, 23 Apr 2022 18:11:21 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 10 Jun 2021 04:03:34 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 28149
X-XSS-Protection: 1; mode=block

GET
H/1.1

200
OK

rd Show response
dpm.demdex.net/id/
Redirect Chain

http://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1650737481266
http://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1650737481266

110 B
719 B

31ms
31ms

XHR
application/json

52.49.221.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1650737481266
Requested by: Host: tkamulksa.com
URL: http://tkamulksa.com/check/citi/CITIZ/login/ses/index
Protocol: HTTP/1.1
Server: 52.49.221.107 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-49-221-107.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: a56e82f34c03b1bed67b86e8b09d36303d6204eeb04b968f8fe38077753606ca

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v031-0551b7b46.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
content-encoding: gzip
X-Error: 172
X-TID: ynuGXJ4rQBo=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: http://tkamulksa.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 124
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-1-v031-0f70629dd.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Access-Control-Allow-Origin: http://tkamulksa.com
X-TID: oQTnXEWWSNU=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: http://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1650737481266
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1 204
No Content e.gif
nexus.ensighten.com/error/ 0
193 B 24ms
8ms Image
text/plain 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://nexus.ensighten.com/error/e.gif?msg=_dl%20is%20not%20defined&lnn=-1&fn=&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError
Requested by: Host: tkamulksa.com
URL: http://tkamulksa.com/check/citi/CITIZ/login/ses/index
Protocol: HTTP/1.1
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Sat, 23 Apr 2022 18:11:21 GMT
Cache-Control: no-cache, no-store
Server: nginx
Connection: keep-alive
Expires: Sat, 23 Apr 2022 18:11:20 GMT

GET
H/1.1 200
OK serverComponent.php Show response
nexus.ensighten.com/citi/na_prod/ 1 KB
857 B 47ms
23ms Script
text/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nexus.ensighten.com/citi/na_prod/serverComponent.php?r=169.67439102213277&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2Fses%2Findex
Requested by: Host: tkamulksa.com
URL: http://tkamulksa.com/check/citi/CITIZ/login/ses/js/Bootstrap.js
Protocol: HTTP/1.1
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 0e1b84757e70fbddd3cab1ded0d1ae025ef443596c180ba6d7b0e874ce49c8c0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Sat, 23 Apr 2022 18:11:21 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: no-cache, no-store
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Sat, 23 Apr 2022 18:11:20 GMT

GET
H/1.1 200
OK LSO_4959.jpg
tkamulksa.com/check/citi/CITIZ/login/ses/css/ 171 KB
171 KB 1845ms
1845ms Image
image/jpeg 204.93.174.112
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://tkamulksa.com/check/citi/CITIZ/login/ses/css/LSO_4959.jpg

Requested by

Host: tkamulksa.com
URL: http://tkamulksa.com/check/citi/CITIZ/login/ses/index

Protocol

HTTP/1.1

Server

204.93.174.112 Elgin, United States, ASN23352 (SERVERCENTRAL, US),

Reverse DNS

vps.chatreporter.com

Software

Apache /

Resource Hash

48e89b7e40e096b89d864a5c8ee340ce44ca60fe9675310ef2f3f40a53a7d593

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/check/citi/CITIZ/login/ses/index
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Sat, 23 Apr 2022 18:11:21 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sat, 12 Jun 2021 05:22:08 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 174933
X-XSS-Protection: 1; mode=block

GET
H/1.1 404
Not Found Citi-Branding-Sprite.png
tkamulksa.com/check/citi/CITIZ/login/ses/img/ 9 KB
9 KB 5412ms
3647ms Image
text/html 204.93.174.112
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://tkamulksa.com/check/citi/CITIZ/login/ses/img/Citi-Branding-Sprite.png
Requested by: Host: tkamulksa.com
URL: http://tkamulksa.com/check/citi/CITIZ/login/ses/index
Protocol: HTTP/1.1
Server: 204.93.174.112 Elgin, United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS: vps.chatreporter.com
Software: Apache /
Resource Hash: 5ff431b827f60ecee2c355311eb764112793665f0952cefcb37d97d35602368b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/check/citi/CITIZ/login/ses/index
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Sat, 23 Apr 2022 18:11:23 GMT
Server: Apache
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, must-revalidate, max-age=0
Connection: Keep-Alive
Link: <https://tkamulksa.com/wp-json/>; rel="https://api.w.org/"
Keep-Alive: timeout=5, max=98
Expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H/1.1 200
OK Appstore-Googleplay-JDPower-Sprite.png
tkamulksa.com/check/citi/CITIZ/login/ses/css/ 44 KB
44 KB 2871ms
1189ms Image
image/png 204.93.174.112
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://tkamulksa.com/check/citi/CITIZ/login/ses/css/Appstore-Googleplay-JDPower-Sprite.png

Requested by

Host: tkamulksa.com
URL: http://tkamulksa.com/check/citi/CITIZ/login/ses/index

Protocol

HTTP/1.1

Server

204.93.174.112 Elgin, United States, ASN23352 (SERVERCENTRAL, US),

Reverse DNS

vps.chatreporter.com

Software

Apache /

Resource Hash

b8e446605f92c29a178dd6494688103ac268004592afe06643df46f4bff68577

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/check/citi/CITIZ/login/ses/index
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Sat, 23 Apr 2022 18:11:23 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 10 Jun 2021 04:03:44 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 44996
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK social-media_facebook@3x.png
tkamulksa.com/check/citi/CITIZ/login/ses/css/ 445 B
752 B 2777ms
1712ms Image
image/png 204.93.174.112
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://tkamulksa.com/check/citi/CITIZ/login/ses/css/social-media_facebook@3x.png

Requested by

Host: tkamulksa.com
URL: http://tkamulksa.com/check/citi/CITIZ/login/ses/index

Protocol

HTTP/1.1

Server

204.93.174.112 Elgin, United States, ASN23352 (SERVERCENTRAL, US),

Reverse DNS

vps.chatreporter.com

Software

Apache /

Resource Hash

695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/check/citi/CITIZ/login/ses/index
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Sat, 23 Apr 2022 18:11:22 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 10 Jun 2021 04:03:54 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 445
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK social-media_twitter@3x.png
tkamulksa.com/check/citi/CITIZ/login/ses/css/ 1 KB
2 KB 2690ms
1737ms Image
image/png 204.93.174.112
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://tkamulksa.com/check/citi/CITIZ/login/ses/css/social-media_twitter@3x.png

Requested by

Host: tkamulksa.com
URL: http://tkamulksa.com/check/citi/CITIZ/login/ses/index

Protocol

HTTP/1.1

Server

204.93.174.112 Elgin, United States, ASN23352 (SERVERCENTRAL, US),

Reverse DNS

vps.chatreporter.com

Software

Apache /

Resource Hash

5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/check/citi/CITIZ/login/ses/index
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Sat, 23 Apr 2022 18:11:22 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 10 Jun 2021 04:03:56 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 1277
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK social-media_youtube@3x.png
tkamulksa.com/check/citi/CITIZ/login/ses/css/ 1 KB
1 KB 3005ms
1213ms Image
image/png 204.93.174.112
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://tkamulksa.com/check/citi/CITIZ/login/ses/css/social-media_youtube@3x.png

Requested by

Host: tkamulksa.com
URL: http://tkamulksa.com/check/citi/CITIZ/login/ses/index

Protocol

HTTP/1.1

Server

204.93.174.112 Elgin, United States, ASN23352 (SERVERCENTRAL, US),

Reverse DNS

vps.chatreporter.com

Software

Apache /

Resource Hash

be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/check/citi/CITIZ/login/ses/index
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Sat, 23 Apr 2022 18:11:23 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 10 Jun 2021 04:03:58 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 1175
X-XSS-Protection: 1; mode=block

GET
H/1.1 204
No Content perf.rnc
nexus.ensighten.com/citi/na_prod/ 0
193 B 7ms
7ms Image
text/plain 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://nexus.ensighten.com/citi/na_prod/perf.rnc?cid=1129&ns=1650737477639&ce=1&cs=1&dc=0&dclee=3695&dcles=3695&di=3695&dl=1184&dle=1&dls=1&fs=1&lee=0&les=0&rede=0&reds=0&reqs=1&resps=1181&respe=1613&scs=0&ues=1183&uee=1183
Requested by: Host: tkamulksa.com
URL: http://tkamulksa.com/check/citi/CITIZ/login/ses/index
Protocol: HTTP/1.1
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Sat, 23 Apr 2022 18:11:21 GMT
Cache-Control: no-cache, no-store
Server: nginx
Connection: keep-alive
Expires: Sat, 23 Apr 2022 18:11:20 GMT

GET
H/1.1 200
OK fdf45a7c15c1cee06bb71e10dac4e26e.js Show response
nexus.ensighten.com/citi/na_prod/code/ 989 B
1 KB 8ms
7ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963
Requested by: Host: tkamulksa.com
URL: http://tkamulksa.com/check/citi/CITIZ/login/ses/js/Bootstrap.js
Protocol: HTTP/1.1
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 7df13706eaab8ce9a3dcd2a501f60bc66987c83834d07dfaf07ae56ef814c110

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Sat, 23 Apr 2022 18:11:21 GMT
Last-Modified: Tue, 14 May 2019 17:01:42 GMT
Server: nginx
ETag: "5cdaf476-3dd"
Content-Type: application/javascript; charset=utf-8
cache-control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 989

GET
H/1.1 200
OK da6191c2b2959a15b37bb1f025a35ecd.js Show response
nexus.ensighten.com/citi/na_prod/code/ 5 KB
2 KB 16ms
8ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nexus.ensighten.com/citi/na_prod/code/da6191c2b2959a15b37bb1f025a35ecd.js?conditionId0=4897099
Requested by: Host: tkamulksa.com
URL: http://tkamulksa.com/check/citi/CITIZ/login/ses/js/Bootstrap.js
Protocol: HTTP/1.1
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 5cbb5852d6dd001b4defb3f6ace7f8beb88d0f19d20d00ebfd086a24c31988db

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Sat, 23 Apr 2022 18:11:21 GMT
Content-Encoding: gzip
Last-Modified: Tue, 01 Mar 2022 18:19:28 GMT
Server: nginx
ETag: W/"621e63b0-12ea"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
cache-control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK 557566dc60916e3de69e006bef252459.js Show response
nexus.ensighten.com/citi/na_prod/code/ 2 KB
1 KB 14ms
7ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nexus.ensighten.com/citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456
Requested by: Host: tkamulksa.com
URL: http://tkamulksa.com/check/citi/CITIZ/login/ses/js/Bootstrap.js
Protocol: HTTP/1.1
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 31b00ff4929696dfca06885da68e58c3e09f6ecb4ae0fe1ae287e99a3fd1f716

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Sat, 23 Apr 2022 18:11:21 GMT
Content-Encoding: gzip
Last-Modified: Tue, 27 Aug 2019 16:59:12 GMT
Server: nginx
ETag: W/"5d656160-887"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
cache-control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK f21cacf863be4d08be1919c31c663fb2.js Show response
nexus.ensighten.com/citi/na_prod/code/ 157 KB
35 KB 17ms
10ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nexus.ensighten.com/citi/na_prod/code/f21cacf863be4d08be1919c31c663fb2.js?conditionId0=421908
Requested by: Host: tkamulksa.com
URL: http://tkamulksa.com/check/citi/CITIZ/login/ses/js/Bootstrap.js
Protocol: HTTP/1.1
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 2a606181ce3e676fd43d0ac59e85d5c54712206b5c0b0c601a4c2d1b805591b6

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Sat, 23 Apr 2022 18:11:21 GMT
Content-Encoding: gzip
Last-Modified: Wed, 30 Mar 2022 15:47:14 GMT
Server: nginx
ETag: W/"62447b82-275e6"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
cache-control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK 51aba9f62787efbaa13e53a8d1ae3892.js Show response
nexus.ensighten.com/citi/na_prod/code/ 1 KB
988 B 14ms
7ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153
Requested by: Host: tkamulksa.com
URL: http://tkamulksa.com/check/citi/CITIZ/login/ses/js/Bootstrap.js
Protocol: HTTP/1.1
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: bf8892a953595eb96b9ca68c5756849d404115dcf2ee9bf87e8b4e7b3cf8e650

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Sat, 23 Apr 2022 18:11:21 GMT
Content-Encoding: gzip
Last-Modified: Tue, 31 Aug 2021 17:19:01 GMT
Server: nginx
ETag: W/"612e6485-52a"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
cache-control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK 97f151a55ab83884e065fc2981f95b45.js Show response
nexus.ensighten.com/citi/na_prod/code/ 137 KB
38 KB 229ms
222ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://nexus.ensighten.com/citi/na_prod/code/97f151a55ab83884e065fc2981f95b45.js?conditionId0=486757
Requested by: Host: tkamulksa.com
URL: http://tkamulksa.com/check/citi/CITIZ/login/ses/js/Bootstrap.js
Protocol: HTTP/1.1
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: f9fbde0b84952eac454f8630061c044338c6de9804c9deceedd280138ef52dcf

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Sat, 23 Apr 2022 18:11:21 GMT
Content-Encoding: gzip
Last-Modified: Thu, 14 Apr 2022 18:44:34 GMT
Server: nginx
ETag: W/"62586b92-22583"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
cache-control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK id Show response
metrics.citi.com/ 89 B
1 KB 60ms
16ms XHR
application/x-javascript 15.188.95.229
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

http://metrics.citi.com/id?d_visid_ver=3.1.2&d_fieldgroup=MC&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&ts=1650737481444

Requested by

Host: tkamulksa.com
URL: http://tkamulksa.com/check/citi/CITIZ/login/ses/js/Bootstrap.js

Protocol

HTTP/1.1

Server

15.188.95.229 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-95-229.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

8c752cc2de29fb510229a51d6fa40f8f73b625d21895173d424b6f51f8fb27fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://tkamulksa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sat, 23 Apr 2022 18:11:21 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-7b6f4bb9f7-zjrqd
vary: Origin
x-c: main-1637.I660130.M0-562
p3p: CP="This is not a P3P policy"
access-control-allow-origin: http://tkamulksa.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-type: application/x-javascript;charset=utf-8
content-length: 89
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK bk-coretag.js Show response
tags.bkrtx.com/js/ 51 KB
16 KB 60ms
15ms Script
application/javascript 96.16.135.39
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://tags.bkrtx.com/js/bk-coretag.js

Requested by

Host: nexus.ensighten.com
URL: http://nexus.ensighten.com/citi/na_prod/code/f21cacf863be4d08be1919c31c663fb2.js?conditionId0=421908

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

96.16.135.39 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a96-16-135-39.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

88cd43c3f5453f7b4db2cbe884b47db3c8317860a2ce6e9b2bc934ff4b8e32eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15724800; includeSubDomains
Content-Encoding: gzip
Last-Modified: Fri, 21 May 2021 19:14:21 GMT
Server: nginx/1.15.8
ETag: W/"60a8068d-cbc2"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=604800
Date: Sat, 23 Apr 2022 18:11:21 GMT
Connection: keep-alive
Content-Length: 16078
Expires: Sat, 30 Apr 2022 18:11:21 GMT

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 358 B
1 KB 35ms
35ms XHR
application/json 52.49.221.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&d_mid=06162967422229709261745618616712115056&d_cid_ic=AVID%01313220A4BA1171C3-40001317EE280617&ts=1650737481507
Requested by: Host: tkamulksa.com
URL: http://tkamulksa.com/check/citi/CITIZ/login/ses/js/Bootstrap.js
Protocol: HTTP/1.1
Server: 52.49.221.107 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-49-221-107.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 19351b47f5684f515e8faed64de3dc173ba00bb49332f65908dec52e1506ff0f

Request headers

Referer: http://tkamulksa.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-2-v031-0d1e39784.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
content-encoding: gzip
X-TID: FcTMgq0NSao=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: http://tkamulksa.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 300
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1 200
OK dest5.html Show response
fast.citi.demdex.net/ Frame 0F33 7 KB
3 KB 76ms
14ms Document
text/html 23.216.77.19
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: http://fast.citi.demdex.net/dest5.html?d_nsid=0
Requested by: Host: tkamulksa.com
URL: http://tkamulksa.com/check/citi/CITIZ/login/ses/js/Bootstrap.js
Protocol: HTTP/1.1
Server: 23.216.77.19 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-216-77-19.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Request headers

Referer: http://tkamulksa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=21600
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 2785
Content-Type: text/html
Date: Sat, 23 Apr 2022 18:11:21 GMT
ETag: "2c9c2ee145ee280b85a217ad7045fae5:1580750826.437238"
Last-Modified: Mon, 03 Feb 2020 17:27:06 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Server: AkamaiNetStorage
Vary: Accept-Encoding

GET
H/1.1

200
OK

demconf.jpg
dpm.demdex.net/
Redirect Chain

http://cm.everesttech.net/cm/dd?d_uuid=00850369446719307651268384363380542163
https://cm.everesttech.net/cm/dd?d_uuid=00850369446719307651268384363380542163
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YmRBSQAAAJaVVgP7
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YmRBSQAAAJaVVgP7

42 B
945 B

33ms
33ms

Image
image/gif

52.49.221.107
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YmRBSQAAAJaVVgP7

Requested by

Host: tkamulksa.com
URL: http://tkamulksa.com/check/citi/CITIZ/login/ses/index

Protocol

HTTP/1.1

Server

52.49.221.107 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-49-221-107.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v031-0c116e345.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: MYQHgnwdQa8=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-1-v031-0865c8281.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: vMuXEtNPQFI=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=YmRBSQAAAJaVVgP7
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1 200 json Show response
citicorpcreditservic.tt.omtrdc.net/m2/citicorpcreditservic/mbox/ 142 B
1 KB 81ms
30ms XHR
application/json 18.202.95.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://citicorpcreditservic.tt.omtrdc.net/m2/citicorpcreditservic/mbox/json?mbox=target-global-mbox&mboxSession=2e932b9698c44188b48069fdf783643e&mboxPC=&mboxPage=5a57750c8ce04250ab302cfda00021b4&mboxRid=5deb0171a95541d585e9e5578342fa78&mboxVersion=1.7.0&mboxCount=1&mboxTime=1650737481309&mboxHost=tkamulksa.com&mboxURL=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2Fses%2Findex&mboxReferrer=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2F&mboxXDomain=enabled&browserHeight=1200&browserWidth=1600&browserTimeOffset=0&screenHeight=1200&screenWidth=1600&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&webGLRenderer=Intel%20Iris%20OpenGL%20Engine&mboxMCSDID=1EBD98C12B95593A-14E87A0439017917&vst.trk=metrics.citi.com&vst.trks=metrics1.citi.com&mboxMCGVID=06162967422229709261745618616712115056&mboxMCAVID=313220A4BA1171C3-40001317EE280617&mboxAAMB=j8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI&mboxMCGLH=6
Requested by: Host: tkamulksa.com
URL: http://tkamulksa.com/check/citi/CITIZ/login/ses/js/Bootstrap.js
Protocol: HTTP/1.1
Server: 18.202.95.235 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-202-95-235.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: df8540bcf7738b951aacd1ab8cabd4b212eeed29e11386c37adb2552329f5c23

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 23 Apr 2022 18:11:21 GMT
Timing-Allow-Origin: *
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
P3P: CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: http://tkamulksa.com
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=UTF-8
Content-Length: 142
X-Request-ID: 5deb0171a95541d585e9e5578342fa78

GET
H/1.1 204
No Content TagAuditBeacon.rnc
nexus.ensighten.com/citi/na_prod/ 0
193 B 7ms
7ms Image
text/plain 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://nexus.ensighten.com/citi/na_prod/TagAuditBeacon.rnc?cid=1129&data=[-1|-1|1;358910|3277348|1;-1|-1|1;-1|-1|1;552021|3526353|1;677895|3486390|1;354602|1124213|1;578278|3039001|1;373773|1482837|1;490004|2776545|1;622672|3092996|1;624610|3486388|1;569456|2878472|0;606935|2975859|0;565689|3580754|0;662152|3601337|0;609396|3669945|0;652314|3352749|1;593700|2834829|1;-1|-1|1;510670|2923227|0;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;495376|2108794|1;-1|-1|1;-1|-1|1;495377|2108795|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;512346|2923041|0;-1|-1|1;-1|-1|0;-1|-1|1;-1|-1|1;692686|3586910|0;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;697723|3622406|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;693686|3595701|0;-1|-1|1;-1|-1|1;578262|3628390|0;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;663315|3399158|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;692920|3591912|0;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;692917|3586912|0;695962|3608094|0;521100|2431984|0;-1|-1|1;-1|-1|1;584566|2776548|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;669327|3454233|0;593103|3553059|0;495374|2108797|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;669381|3454234|0;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;495375|2108796|1;573017|2670646|1;-1|-1|1;-1|-1|1;522574|2923043|1;669322|3430989|0;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;588511|2801138|1;692919|3586914|0;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;542251|3183206|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;670807|3446797|1;632449|3161673|1;663310|3399161|1;522572|2923042|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;490141|2904126|1;-1|-1|1;-1|-1|1;580663|2734578|1;692801|3586911|0;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;692933|3608072|0;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;626438|3111536|1;-1|-1|1;-1|-1|1;663313|3399160|1;515853|2923044|1;528144|2923045|0;-1|-1|1;-1|-1|1;-1|-1|1;666421|3525612|0;696250|3608071|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;522576|2923046|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;562734|2742762|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;551962|2532572|1;693696|3608093|1;582775|3283873|1;-1|-1|1;-1|-1|1;578343|2836703|0;707461|3681433|1;-1|-1|1;-1|-1|1;704091|3657212|0;-1|-1|1;-1|-1|1;689979|3578215|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;486892|2929498|0;531459|3486389|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;599415|3672881|0;600937|2897286|1;706463|3688076|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;609397|3697692|0;632249|3648773|1]&idx=0&r=169.67439102213277
Requested by: Host: tkamulksa.com
URL: http://tkamulksa.com/check/citi/CITIZ/login/ses/index
Protocol: HTTP/1.1
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Date: Sat, 23 Apr 2022 18:11:24 GMT
Cache-Control: no-cache, no-store
Server: nginx
Connection: keep-alive
Expires: Sat, 23 Apr 2022 18:11:23 GMT

GET
H2 200 embed.js Show response
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ 2 KB
1 KB 49ms
7ms Script
application/javascript 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
Requested by: Host: nexus.ensighten.com
URL: http://nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fdc090e14d275f27b46db8dcee67a7e2ded87b85d7ed00f9625c8f378e0a908d

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-amz-version-id: LPdoNZR14zXY8teRgs3ps5bZGV8MweE8
content-encoding: gzip
etag: "363e689ee9d78a36f5a3067f0b5f80de"
age: 167745
via: 1.1 varnish
x-cache: HIT
content-length: 675
x-amz-id-2: zbm7a8/7bAim1N8TWZKKvyzdjSITBwYiy0hvITNoLupZP1Wxs9Xylflkr6VmRJ7b4r+QYYn1yAY=
x-served-by: cache-hhn4059-HHN
last-modified: Thu, 21 Apr 2022 19:35:30 GMT
server: AmazonS3
x-timer: S1650737487.869810,VS0,VE0
date: Sat, 23 Apr 2022 18:11:26 GMT
vary: Accept-Encoding
x-amz-request-id: FSJWYZA51CY38GG3
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 2

GET
H/1.1 403
Forbidden 1560.js
cdn.pbbl.co/r/ 0
0 67ms
18ms Script
text/html 18.66.2.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.pbbl.co/r/1560.js
Requested by: Host: nexus.ensighten.com
URL: http://nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153
Protocol: HTTP/1.1
Server: 18.66.2.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-2-106.txl50.r.cloudfront.net
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

GET
H2

200

js Show response
www.googletagmanager.com/gtag/
Redirect Chain

http://www.googletagmanager.com/gtag/js?id=AW-916451471
https://www.googletagmanager.com/gtag/js?id=AW-916451471

105 KB
42 KB

39ms
17ms

Script
application/javascript

2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-916451471

Protocol

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

43c96da819de1919c31ed6b60042a067386d155d79b7671535a143545f2c63a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sat, 23 Apr 2022 18:11:26 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42218
x-xss-protection: 0
expires: Sat, 23 Apr 2022 18:11:26 GMT

Redirect headers

Location: https://www.googletagmanager.com/gtag/js?id=AW-916451471
Date: Sat, 23 Apr 2022 18:11:26 GMT
Cross-Origin-Resource-Policy: cross-origin
Server: Google Tag Manager
Content-Length: 253
X-XSS-Protection: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK 63068 Show response
stags.bluekai.com/site/ Frame 2397 71 B
338 B 289ms
198ms Document
text/html 104.89.42.102
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://stags.bluekai.com/site/63068?ret=html&phint=language&phint=product&phint=event&phint=category&phint=page&phint=section1&phint=section2&phint=section3&phint=section4&phint=bankappstatus&phint=productID&phint=__bk_t%3DSign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&phint=__bk_k%3D&phint=__bk_pr%3Dhttp%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2F&phint=__bk_l%3Dhttp%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2Fses%2Findex&phint=__bk_v%3D3.1.10&limit=10&r=28667476
Requested by: Host: tags.bkrtx.com
URL: https://tags.bkrtx.com/js/bk-coretag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.89.42.102 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-89-42-102.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 53350525edba0b889e87ea52a16ed843a928a2557e9f8d6747acd7ff991c95c3

Request headers

Referer: http://tkamulksa.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

BK-Server: 7a4c
Connection: keep-alive
Content-Length: 71
Content-Type: text/html
Date: Sat, 23 Apr 2022 18:11:27 GMT
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
X-N: S

GET
H/1.1 200
OK generic1650569729320.js Show response
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ 533 KB
88 KB 32ms
16ms Script
application/javascript 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1650569729320.js
Requested by: Host: resources.digital-cloud-citi.medallia.com
URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
Protocol: HTTP/1.1
Server: 151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f76cdb16127b68bd04c3d62fa3246efe79d6508093b0f5f7bd97a4e0fb7a3152

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-amz-version-id: 9VT2L76bvSnzVidDhxOaGhVGpjnvtDm.
Content-Encoding: gzip
ETag: "66f073454d7350dcb97bc472581e57f0"
Age: 167684
Via: 1.1 varnish
X-Cache: HIT
Connection: keep-alive
Content-Length: 89605
x-amz-id-2: ZOSyKnQaNneLejMzB3MCQOtew/DURmvji6VTCmpb4JasRTdn8s+DVOCUMfVoZ0l8k0AyeS9dbX0=
X-Served-By: cache-cdg20730-CDG
Last-Modified: Thu, 21 Apr 2022 19:35:30 GMT
Server: AmazonS3
X-Timer: S1650737487.898677,VS0,VE0
Date: Sat, 23 Apr 2022 18:11:26 GMT
Vary: Accept-Encoding
x-amz-request-id: RXHTT80YRP13EV8V
Access-Control-Allow-Origin: *
Cache-Control: max-age=0,must-revalidate
Accept-Ranges: bytes
Content-Type: application/javascript
X-Cache-Hits: 2

GET
H/1.1 200
OK conversion_async.js Show response
www.googleadservices.com/pagead/ 39 KB
15 KB 25ms
18ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: http://www.googletagmanager.com/gtag/js?id=AW-916451471

Protocol

HTTP/1.1

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

b9dff679ff9931afbbb8019d522a7d03d7787a7d7818037d48f3a502c652e2b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Timing-Allow-Origin: *
Date: Sat, 23 Apr 2022 18:11:26 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: cafe
ETag: 4605403730725282575
Vary: Accept-Encoding
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control: private, max-age=3600
Cross-Origin-Resource-Policy: cross-origin
Content-Disposition: attachment; filename="f.txt"
Content-Type: text/javascript; charset=UTF-8
Content-Length: 14892
X-XSS-Protection: 0
Expires: Sat, 23 Apr 2022 18:11:26 GMT

GET
H2

200

js Show response
www.googletagmanager.com/gtag/
Redirect Chain

http://www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c
https://www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c

105 KB
41 KB

19ms
18ms

Script
application/javascript

2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c

Protocol

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

fc005e2bc8f617f4df462c99a4135d3847f24256e2a79dc77a2ece7751f6f6bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sat, 23 Apr 2022 18:11:26 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42238
x-xss-protection: 0
expires: Sat, 23 Apr 2022 18:11:26 GMT

Redirect headers

Location: https://www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

GET
H2

200

js Show response
www.googletagmanager.com/gtag/
Redirect Chain

http://www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c
https://www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c

105 KB
41 KB

27ms
26ms

Script
application/javascript

2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c

Protocol

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9ff7e53de4781c6810c8c85f7d4d4cd7b1715d82e0b18a47024a0365f514484e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sat, 23 Apr 2022 18:11:26 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42264
x-xss-protection: 0
expires: Sat, 23 Apr 2022 18:11:26 GMT

Redirect headers

Location: https://www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

GET
H2

200

js Show response
www.googletagmanager.com/gtag/
Redirect Chain

http://www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c
https://www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c

105 KB
41 KB

17ms
16ms

Script
application/javascript

2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c

Protocol

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f636484061aa113b1901d0312a539999c35ae0785344fc28690c0fde78d66db3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sat, 23 Apr 2022 18:11:26 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42238
x-xss-protection: 0
expires: Sat, 23 Apr 2022 18:11:26 GMT

Redirect headers

Location: https://www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

GET
H2

200

js Show response
www.googletagmanager.com/gtag/
Redirect Chain

http://www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c
https://www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c

105 KB
41 KB

29ms
28ms

Script
application/javascript

2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c

Protocol

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4bbc1eba342e32cceef325dd97d2170b187da323223947cb2fd45e870ecca72b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sat, 23 Apr 2022 18:11:26 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42136
x-xss-protection: 0
expires: Sat, 23 Apr 2022 18:11:26 GMT

Redirect headers

Location: https://www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

GET
H2

200

js Show response
www.googletagmanager.com/gtag/
Redirect Chain

http://www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c
https://www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c

105 KB
41 KB

18ms
17ms

Script
application/javascript

2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c

Protocol

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3a550cd4106563a47de395ed6dfc1fad28d9cadc87f92da63f8febcbfde4c602

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sat, 23 Apr 2022 18:11:26 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42239
x-xss-protection: 0
expires: Sat, 23 Apr 2022 18:11:26 GMT

Redirect headers

Location: https://www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

GET
H2

200

js Show response
www.googletagmanager.com/gtag/
Redirect Chain

http://www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c
https://www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c

105 KB
41 KB

29ms
29ms

Script
application/javascript

2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c

Protocol

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e7ab1ec5993ce5b78ae3768e2d03241c7efc96906d76006df1dee0dca158feef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sat, 23 Apr 2022 18:11:26 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42134
x-xss-protection: 0
expires: Sat, 23 Apr 2022 18:11:26 GMT

Redirect headers

Location: https://www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

GET
H3

200

js Show response
www.googletagmanager.com/gtag/
Redirect Chain

http://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c
https://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c

105 KB
41 KB

21ms
21ms

Script
application/javascript

2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c

Protocol

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f880912e7aaea99c2ed5cbe0a70ab9198f92802e4cf08dbc8602ce9901e77bd0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date: Sat, 23 Apr 2022 18:11:27 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42136
x-xss-protection: 0
expires: Sat, 23 Apr 2022 18:11:27 GMT

Redirect headers

Location: https://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
317 B 124ms
100ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEwMC4wLjQ4OTYuMTI3IFNhZmFyaS81MzcuMzYiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInJlZmVycmluZ191cmwiOiAiaHR0cDovL3RrYW11bGtzYS5jb20vY2hlY2svY2l0aS9DSVRJWi9sb2dpbi8iLCJyZWZlcnJpbmdfZG9tYWluIjogInRrYW11bGtzYS5jb20iLCJwYWdlX3RpdGxlIjogIlNpZ24gT24gdG8gWW91ciBDaXRpIEFjY291bnQgLSBDaXRpYmFuayIsInBhZ2VfdXJsIjogImh0dHA6Ly90a2FtdWxrc2EuY29tL2NoZWNrL2NpdGkvQ0lUSVovbG9naW4vc2VzL2luZGV4IiwidHJhY2tlcl90eXBlIjogImphdmFzY3JpcHQiLCJ0cmFja2VyX3ZlcnNpb24iOiAiMi4yLjIzIiwiZXZlbnRfbmFtZSI6ICJuZWJ1bGFfcGFnZV92aWV3IiwiZXZlbnRfdGltZXN0YW1wX2Vwb2NoIjogIjE2NTA3Mzc0ODY5NjkiLCJldmVudF90aW1lem9uZV9vZmZzZXQiOiAwLCJ1c2VyX2lkIjogIjE4MDU3OWYxYzZmN2ZhLTBhZjE2NzZhZDJmZWZlLTZiM2U1NTViLTFkNGMwMC0xODA1NzlmMWM3MGYwYyIsImVudmlyb21lbnQiOiAiZGlnaXRhbC1jbG91ZC11cy1jaXRpIiwiYWNjb3VudElkIjogNDksInVybCI6ICJodHRwOi8vdGthbXVsa3NhLmNvbS9jaGVjay9jaXRpL0NJVElaL2xvZ2luL3Nlcy9pbmRleCIsIndlYnNpdGVJZCI6IDUwLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICJhYmQ1LWI2NDMtN2JiNy03OWY1LWQyZTMtNDYwMC1lNDUwLTFkZDEiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTY1MDczNzQ4Njk2NiIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA4ODQsImthbXB5bGVfdmVyc2lvbiI6ICIyLjQ0LjAiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQ0LjAiLCJoaXN0b3J5X2xlbmd0aCI6IDIsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2NTA3Mzc0ODY5NjksInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

x-me: prod-instance-gatewayservice-blue-3q47
date: Sat, 23 Apr 2022 18:11:27 GMT
via: 1.1 google
server: Jetty(9.2.11.v20150529)
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-application-context: application:9090

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/ 2 KB
2 KB 44ms
21ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1650737486991&cv=9&fst=1650737486991&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4k0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2Fses%2Findex&ref=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: http://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8e620d2d034dbed2a70f77df244cd0f3421b45d04be9520fcdc61f39bf4c0f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 23 Apr 2022 18:11:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1082
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK conversion_async.js Show response
www.googleadservices.com/pagead/ 39 KB
15 KB 18ms
17ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: http://www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c

Protocol

HTTP/1.1

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

b9dff679ff9931afbbb8019d522a7d03d7787a7d7818037d48f3a502c652e2b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

Timing-Allow-Origin: *
Date: Sat, 23 Apr 2022 18:11:27 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: cafe
ETag: 4605403730725282575
Vary: Accept-Encoding
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control: private, max-age=3600
Cross-Origin-Resource-Policy: cross-origin
Content-Disposition: attachment; filename="f.txt"
Content-Type: text/javascript; charset=UTF-8
Content-Length: 14892
X-XSS-Protection: 0
Expires: Sat, 23 Apr 2022 18:11:27 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/916451471/ 42 B
548 B 42ms
20ms Image
image/gif 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/916451471/?random=1650737486991&cv=9&fst=1650736800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4k0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2Fses%2Findex&ref=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1169573372&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 23 Apr 2022 18:11:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/916451471/ 42 B
548 B 47ms
19ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/916451471/?random=1650737486991&cv=9&fst=1650736800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4k0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2Fses%2Findex&ref=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1169573372&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 23 Apr 2022 18:11:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/ 2 KB
1 KB 76ms
61ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1650737487078&cv=9&fst=1650737487078&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4k0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2Fses%2Findex&ref=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: http://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7d9a31ddb2a2046ec0c03fa310b2f4a757985755d38694891c1ead2311f57339

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 23 Apr 2022 18:11:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1080
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/ 2 KB
1 KB 68ms
54ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1650737487079&cv=9&fst=1650737487079&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4k0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2Fses%2Findex&ref=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: http://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d05c16332aecfbaaeff96f051b5ca03782a4c138c567b8a052f2f5544c409d1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 23 Apr 2022 18:11:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1080
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/ 2 KB
1 KB 68ms
55ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1650737487080&cv=9&fst=1650737487080&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4k0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2Fses%2Findex&ref=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: http://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a66b9fa5274c79ae6d8d5c76033fa2aedc07f9f46689779d26408b046082f891

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 23 Apr 2022 18:11:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1081
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/ 2 KB
1 KB 35ms
23ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1650737487081&cv=9&fst=1650737487081&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4k0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2Fses%2Findex&ref=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: http://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

60c301d185935655e2cd0bf931d48f3ab76946b0543f606a86bd0237176ad557

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 23 Apr 2022 18:11:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1080
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/ 2 KB
1 KB 35ms
24ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1650737487082&cv=9&fst=1650737487082&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4k0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2Fses%2Findex&ref=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: http://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fba7261c3b0bb62491062bfb5e0094d69c047434156ce113b9527b10d7493df9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 23 Apr 2022 18:11:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1080
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/ 2 KB
1 KB 33ms
23ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1650737487083&cv=9&fst=1650737487083&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4k0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2Fses%2Findex&ref=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: http://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

04c6ae2c22784cb2da2deaaa70581b5e7d7860997f8a84809d1b4975a4fe61c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 23 Apr 2022 18:11:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1082
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

/
www.google.de/pagead/1p-user-list/819500023/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1650737487083&cv=9&fst=1650737487083&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=12...
https://www.google.com/pagead/1p-user-list/819500023/?random=1650737487083&cv=9&fst=1650736800000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=f...
https://www.google.de/pagead/1p-user-list/819500023/?random=1650737487083&cv=9&fst=1650736800000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=fa...

42 B
64 B

21ms
21ms

Image
image/gif

2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/819500023/?random=1650737487083&cv=9&fst=1650736800000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4k0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2Fses%2Findex&ref=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&is_vtc=1&random=2341704505&resp=GooglemKTybQhCsO&ipr=y

Protocol

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 23 Apr 2022 18:11:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 23 Apr 2022 18:11:27 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/gif
location: https://www.google.de/pagead/1p-user-list/819500023/?random=1650737487083&cv=9&fst=1650736800000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4k0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2Fses%2Findex&ref=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&is_vtc=1&random=2341704505&resp=GooglemKTybQhCsO&ipr=y
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/830907969/ 42 B
108 B 19ms
19ms Image
image/gif 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/830907969/?random=1650737487083&cv=9&fst=1650736800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4k0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2Fses%2Findex&ref=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=4129020813&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 23 Apr 2022 18:11:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/830907969/ 42 B
108 B 22ms
22ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/830907969/?random=1650737487083&cv=9&fst=1650736800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4k0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2Fses%2Findex&ref=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=4129020813&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 23 Apr 2022 18:11:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/975701947/ 42 B
64 B 43ms
21ms Image
image/gif 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/975701947/?random=1650737487081&cv=9&fst=1650736800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4k0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2Fses%2Findex&ref=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=720302697&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 23 Apr 2022 18:11:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/975701947/ 42 B
108 B 37ms
36ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/975701947/?random=1650737487081&cv=9&fst=1650736800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4k0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2Fses%2Findex&ref=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=720302697&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 23 Apr 2022 18:11:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/695231162/ 42 B
64 B 41ms
19ms Image
image/gif 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/695231162/?random=1650737487082&cv=9&fst=1650736800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4k0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2Fses%2Findex&ref=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=739335350&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 23 Apr 2022 18:11:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/695231162/ 42 B
108 B 37ms
36ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/695231162/?random=1650737487082&cv=9&fst=1650736800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4k0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2Fses%2Findex&ref=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=739335350&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 23 Apr 2022 18:11:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/644574043/ 42 B
64 B 20ms
19ms Image
image/gif 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/644574043/?random=1650737487079&cv=9&fst=1650736800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4k0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2Fses%2Findex&ref=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3335504896&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 23 Apr 2022 18:11:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/644574043/ 42 B
64 B 40ms
22ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/644574043/?random=1650737487079&cv=9&fst=1650736800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4k0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2Fses%2Findex&ref=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=3335504896&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 23 Apr 2022 18:11:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/959299794/ 42 B
64 B 22ms
22ms Image
image/gif 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/959299794/?random=1650737487080&cv=9&fst=1650736800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4k0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2Fses%2Findex&ref=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1776366079&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 23 Apr 2022 18:11:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/959299794/ 42 B
64 B 40ms
22ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/959299794/?random=1650737487080&cv=9&fst=1650736800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4k0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2Fses%2Findex&ref=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=1776366079&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 23 Apr 2022 18:11:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/960621875/ 42 B
64 B 20ms
19ms Image
image/gif 2a00:1450:4001:811::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/960621875/?random=1650737487078&cv=9&fst=1650736800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4k0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2Fses%2Findex&ref=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=771711733&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 23 Apr 2022 18:11:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/960621875/ 42 B
64 B 35ms
23ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/960621875/?random=1650737487078&cv=9&fst=1650736800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa4k0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2Fses%2Findex&ref=http%3A%2F%2Ftkamulksa.com%2Fcheck%2Fciti%2FCITIZ%2Flogin%2F&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&async=1&fmt=3&is_vtc=1&random=771711733&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://tkamulksa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 23 Apr 2022 18:11:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citibank (Banking)

73 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

18 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.tkamulksa.com/	1969-12-31 23:59:59	Name: check Value: true
tkamulksa.com/	1970-01-20 02:32:19	Name: 7830 Value: error
tkamulksa.com/	1970-01-20 02:32:19	Name: 7018 Value:
tkamulksa.com/	1970-01-20 04:41:53	Name: 64072 Value:
tkamulksa.com/	1969-12-31 23:59:59	Name: AMCVS_61834D9B5228A7430A490D45%40AdobeOrg Value: 1
.tkamulksa.com/	1970-01-20 20:06:22	Name: mbox Value: session#2e932b9698c44188b48069fdf783643e#1650739342\|PC#2e932b9698c44188b48069fdf783643e.37_0#1713982282
.tkamulksa.com/	1970-01-20 02:32:19	Name: mboxEdgeCluster Value: 37
.everesttech.net/	1970-01-20 11:17:53	Name: everest_g_v2 Value: g_surferid~YmRBSQAAAJaVVgP7
.demdex.net/	1970-01-20 06:51:29	Name: demdex Value: 23471518769268848591642025447908138179
.dpm.demdex.net/	1970-01-20 06:51:29	Name: dpm Value: 23471518769268848591642025447908138179
tkamulksa.com/	1970-01-20 20:04:55	Name: AMCV_61834D9B5228A7430A490D45%40AdobeOrg Value: -330454231%7CMCIDTS%7C19106%7CMCMID%7C06162967422229709261745618616712115056%7CMCAID%7C313220A4BA1171C3-40001317EE280617%7CMCOPTOUT-1650744681s%7CNONE%7CMCAAMLH-1651342281%7C6%7CMCAAMB-1651342281%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CMCSYNCSOP%7C411-19113%7CvVersion%7C3.1.2
.tkamulksa.com/	1970-01-20 04:41:53	Name: _gcl_au Value: 1.1.2139964652.1650737487
tkamulksa.com/	1970-01-20 11:17:53	Name: mdLogger Value: false
tkamulksa.com/	1970-01-20 11:17:53	Name: kampyle_userid Value: abd5-b643-7bb7-79f5-d2e3-4600-e450-1dd1
tkamulksa.com/	1970-01-20 11:17:53	Name: kampyleUserSession Value: 1650737486966
tkamulksa.com/	1970-01-20 11:17:53	Name: kampyleUserSessionsCount Value: 1
tkamulksa.com/	1970-01-20 11:17:53	Name: kampyleSessionPageCounter Value: 1
.doubleclick.net/	1970-01-20 11:53:53	Name: IDE Value: AHWqTUlB3jVn-YGq5JX4CPLNh_yTUIYFOlmQZ5eAg-Cl2Z7DFnHgj4yuGJmWeIqM

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://tkamulksa.com/check/citi/CITIZ/login/ses/img/Citi-Branding-Sprite.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://cdn.pbbl.co/r/1560.js Message: Failed to load resource: the server responded with a status of 403 (Forbidden)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.pbbl.co
citicorpcreditservic.tt.omtrdc.net
cm.everesttech.net
dpm.demdex.net
fast.citi.demdex.net
googleads.g.doubleclick.net
metrics.citi.com
nexus.ensighten.com
resources.digital-cloud-citi.medallia.com
stags.bluekai.com
tags.bkrtx.com
tkamulksa.com
udc-neb.kampyle.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
104.89.42.102
15.188.95.229
151.101.66.133
172.217.18.98
18.195.42.228
18.202.95.235
18.66.2.106
204.93.174.112
23.216.77.19
2a00:1450:4001:810::2002
2a00:1450:4001:811::2004
2a00:1450:4001:811::2008
2a00:1450:4001:827::2003
35.241.45.82
52.49.221.107
54.216.2.121
96.16.135.39
045cd226594cb32ddf9d4db8ee45611f4d0788675ae50180b68da975e66fe1fe
04c6ae2c22784cb2da2deaaa70581b5e7d7860997f8a84809d1b4975a4fe61c9
0e1b84757e70fbddd3cab1ded0d1ae025ef443596c180ba6d7b0e874ce49c8c0
19351b47f5684f515e8faed64de3dc173ba00bb49332f65908dec52e1506ff0f
2a606181ce3e676fd43d0ac59e85d5c54712206b5c0b0c601a4c2d1b805591b6
31b00ff4929696dfca06885da68e58c3e09f6ecb4ae0fe1ae287e99a3fd1f716
3a550cd4106563a47de395ed6dfc1fad28d9cadc87f92da63f8febcbfde4c602
43c96da819de1919c31ed6b60042a067386d155d79b7671535a143545f2c63a4
48e89b7e40e096b89d864a5c8ee340ce44ca60fe9675310ef2f3f40a53a7d593
4bbc1eba342e32cceef325dd97d2170b187da323223947cb2fd45e870ecca72b
53350525edba0b889e87ea52a16ed843a928a2557e9f8d6747acd7ff991c95c3
5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837
5cbb5852d6dd001b4defb3f6ace7f8beb88d0f19d20d00ebfd086a24c31988db
5ff431b827f60ecee2c355311eb764112793665f0952cefcb37d97d35602368b
60c301d185935655e2cd0bf931d48f3ab76946b0543f606a86bd0237176ad557
6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452
70f3cacfaa80a9d270cf98ce26fef532b1004bc471a20611f35bc70cd6d8d899
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7d9a31ddb2a2046ec0c03fa310b2f4a757985755d38694891c1ead2311f57339
7df13706eaab8ce9a3dcd2a501f60bc66987c83834d07dfaf07ae56ef814c110
88cd43c3f5453f7b4db2cbe884b47db3c8317860a2ce6e9b2bc934ff4b8e32eb
8c752cc2de29fb510229a51d6fa40f8f73b625d21895173d424b6f51f8fb27fb
8e620d2d034dbed2a70f77df244cd0f3421b45d04be9520fcdc61f39bf4c0f4f
9ff7e53de4781c6810c8c85f7d4d4cd7b1715d82e0b18a47024a0365f514484e
a56e82f34c03b1bed67b86e8b09d36303d6204eeb04b968f8fe38077753606ca
a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f
a66b9fa5274c79ae6d8d5c76033fa2aedc07f9f46689779d26408b046082f891
b8e446605f92c29a178dd6494688103ac268004592afe06643df46f4bff68577
b9dff679ff9931afbbb8019d522a7d03d7787a7d7818037d48f3a502c652e2b6
be7f7c26bf389d3d3ad17a098c4b865438a6581e8d92ea517c20a804c259577a
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8
bf8892a953595eb96b9ca68c5756849d404115dcf2ee9bf87e8b4e7b3cf8e650
c73e69a929ce513e05bba4a3359296cf41064aaff3355d900b971ca39175a935
d05c16332aecfbaaeff96f051b5ca03782a4c138c567b8a052f2f5544c409d1d
df8540bcf7738b951aacd1ab8cabd4b212eeed29e11386c37adb2552329f5c23
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7ab1ec5993ce5b78ae3768e2d03241c7efc96906d76006df1dee0dca158feef
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296
f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631
f636484061aa113b1901d0312a539999c35ae0785344fc28690c0fde78d66db3
f76cdb16127b68bd04c3d62fa3246efe79d6508093b0f5f7bd97a4e0fb7a3152
f880912e7aaea99c2ed5cbe0a70ab9198f92802e4cf08dbc8602ce9901e77bd0
f94cb7cab7413f3e828c469111e3f9ee7bf21ac163cea343be2cdef866160d40
f9fbde0b84952eac454f8630061c044338c6de9804c9deceedd280138ef52dcf
fba7261c3b0bb62491062bfb5e0094d69c047434156ce113b9527b10d7493df9
fc005e2bc8f617f4df462c99a4135d3847f24256e2a79dc77a2ece7751f6f6bd
fdc090e14d275f27b46db8dcee67a7e2ded87b85d7ed00f9625c8f378e0a908d

tkamulksa.com Open in urlscan Pro 204.93.174.112 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

72 Requests

35 %HTTPS

24 %IPv6

16 Domains

17 Subdomains

16 IPs

4 Countries

3070 kBTransfer

4333 kBSize

18 Cookies

0 Outgoing links

Page URL History

Redirected requests

72 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

tkamulksa.com Open in urlscan Pro
204.93.174.112 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

72
Requests

35 %
HTTPS

24 %
IPv6

16
Domains

17
Subdomains

16
IPs

4
Countries

3070 kB
Transfer

4333 kB
Size

18
Cookies

72 HTTP transactions
0 data transactions