autosalesplazainc.xyz Open in urlscan Pro
178.159.36.182 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://autosalesplazainc.xyz/update_sec.php
Submission: On January 30 via automatic, source openphish (January 30th 2020, 12:10:24 pm UTC)

Summary HTTP 95 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 10 IPs in 6 countries across 5 domains to perform 95 HTTP transactions. The main IP is 178.159.36.182, located in Russian Federation and belongs to AS-MAROSNET Moscow, Russia, RU. The main domain is autosalesplazainc.xyz.

This is the only time autosalesplazainc.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citibank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
3	178.159.36.182 178.159.36.182	48666 (AS-MAROSN...) (AS-MAROSNET Moscow)
52	95.100.73.99 95.100.73.99	16625 (AKAMAI-AS) (AKAMAI-AS)
2	52.129.74.14 52.129.74.14	395492 (IOVATION3) (IOVATION3)
3	23.21.48.239 23.21.48.239	14618 (AMAZON-AES) (AMAZON-AES)
1	104.67.20.40 104.67.20.40	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	66.117.29.4 66.117.29.4	15224 (OMNITURE) (OMNITURE)
1 4	2a00:1450:400... 2a00:1450:4001:806::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:824::200e	15169 (GOOGLE) (GOOGLE)
1 2	35.181.91.36 35.181.91.36	16509 (AMAZON-02) (AMAZON-02)
28	162.252.74.6 162.252.74.6	11054 (LIVEPERSON) (LIVEPERSON)
95	10

3 178.159.36.182 (Russian Federation)

ASN48666 (AS-MAROSNET Moscow, Russia, RU)

autosalesplazainc.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

52 95.100.73.99 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a95-100-73-99.deploy.static.akamaitechnologies.com

online.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.129.74.14 (United States)

ASN395492 (IOVATION3, US)
PTR: mpsnare.iesnare.com

mpsnare.iesnare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.21.48.239 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-21-48-239.compute-1.amazonaws.com

dir.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.67.20.40 (Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a104-67-20-40.deploy.static.akamaitechnologies.com

cdn.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.117.29.4 (United States)

ASN15224 (OMNITURE, US)

citicorpcreditservic.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:806::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:824::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cse.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.181.91.36 (Paris, France) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-181-91-36.eu-west-3.compute.amazonaws.com

metrics.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

28 162.252.74.6 (United States)

ASN11054 (LIVEPERSON, US)

chat.online.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
85	citi.com 1 redirects online.citi.com dir.citi.com metrics.citi.com chat.online.citi.com	765 KB
5	google.com 1 redirects www.google.com cse.google.com	101 KB
3	autosalesplazainc.xyz autosalesplazainc.xyz	91 KB
2	omtrdc.net cdn.tt.omtrdc.net citicorpcreditservic.tt.omtrdc.net	15 KB
2	iesnare.com mpsnare.iesnare.com	14 KB
95	5

	Domain	Requested by
52	online.citi.com	autosalesplazainc.xyz online.citi.com
28	chat.online.citi.com	online.citi.com autosalesplazainc.xyz
4	www.google.com	1 redirects cse.google.com
3	dir.citi.com	autosalesplazainc.xyz dir.citi.com
3	autosalesplazainc.xyz	autosalesplazainc.xyz online.citi.com
2	metrics.citi.com	1 redirects autosalesplazainc.xyz
2	mpsnare.iesnare.com	autosalesplazainc.xyz mpsnare.iesnare.com
1	cse.google.com	autosalesplazainc.xyz
1	citicorpcreditservic.tt.omtrdc.net	online.citi.com
1	cdn.tt.omtrdc.net	online.citi.com
95	10

This site contains links to these domains. Also see Links.

Domain
online.citi.com
online.citibank.com

Subject Issuer	Validity	Valid
online.citibank.com DigiCert SHA2 Extended Validation Server CA	`2018-03-14` - `2020-05-14`	2 years	crt.sh
mpsnare.iesnare.com DigiCert SHA2 High Assurance Server CA	`2019-04-24` - `2020-05-26`	a year	crt.sh
*.google.com GTS CA 1O1	`2020-01-14` - `2020-04-07`	3 months	crt.sh
www.google.com GTS CA 1O1	`2020-01-14` - `2020-04-07`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://autosalesplazainc.xyz/update_sec.php
Frame ID: 4A978AFFE4B4D9AE95318C142C741001
Requests: 95 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

95
Requests

61 %
HTTPS

20 %
IPv6

5
Domains

10
Subdomains

10
IPs

6
Countries

985 kB
Transfer

2937 kB
Size

6
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://online.citi.com/US/JSO/signon/DisplayUsernameSignon.do?JFP_TOKEN=5VEOLJMH
Title: YES

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/Welcome.c

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=TermsDisclaimer
Title: Terms & Conditions

Search URL Search Domain Scan URL

URL: https://online.citibank.com/US/JRS/portal/template.do?ID=Privacy
Title: Privacy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 55

http://www.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu HTTP 302
https://cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu

Request Chain 56

http://metrics.citi.com/b/ss/citinaprod/1/JS-2.0.0/s26515570626097?AQB=1&ndh=1&pf=1&t=30%2F0%2F2020%2013%3A10%3A8%204%20-60&fid=3CF520328DD5F238-3215324A8A35ACCA&ce=UTF-8&pageName=Enter%20Bank%20Or%20Credit%20Card%20Number%20for%20Registration&g=http%3A%2F%2Fautosalesplazainc.xyz%2Fupdate_sec.php&c.&visitStart=1&.c&cc=USD&ch=BANKRIAWebEnglish&events=event78&c1=Secure&h1=BANKRIAWebEnglish%2FSecure%2FRegistration&c2=Registration&v38=Enter%20Bank%20Or%20Credit%20Card%20Number%20for%20Registration&c59=cbol_sec_usereg_&c63=http%3A%2F%2Fautosalesplazainc.xyz%2Fupdate_sec.php&c64=7%3A10AM&v64=7%3A10AM&c65=Thursday&v65=Thursday&c66=Thursday%7C7%3A10AM&v67=New&v68=1&v69=UnAuth&v70=Credit%20Card%20Online%20Registration&v71=Primary%7CSSN%7CBirthday&c73=null&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1 HTTP 302
http://metrics.citi.com/b/ss/citinaprod/1/JS-2.0.0/s26515570626097?AQB=1&pccr=true&vidn=2F1963D00515C893-4000089AA0A03DD7&ndh=1&pf=1&t=30%2F0%2F2020%2013%3A10%3A8%204%20-60&fid=3CF520328DD5F238-3215324A8A35ACCA&ce=UTF-8&pageName=Enter%20Bank%20Or%20Credit%20Card%20Number%20for%20Registration&g=http%3A%2F%2Fautosalesplazainc.xyz%2Fupdate_sec.php&c.&visitStart=1&.c&cc=USD&ch=BANKRIAWebEnglish&events=event78&c1=Secure&h1=BANKRIAWebEnglish%2FSecure%2FRegistration&c2=Registration&v38=Enter%20Bank%20Or%20Credit%20Card%20Number%20for%20Registration&c59=cbol_sec_usereg_&c63=http%3A%2F%2Fautosalesplazainc.xyz%2Fupdate_sec.php&c64=7%3A10AM&v64=7%3A10AM&c65=Thursday&v65=Thursday&c66=Thursday%7C7%3A10AM&v67=New&v68=1&v69=UnAuth&v70=Credit%20Card%20Online%20Registration&v71=Primary%7CSSN%7CBirthday&c73=null&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1

95 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request update_sec.php Show response
autosalesplazainc.xyz/ 90 KB
91 KB 234ms
211ms Document
text/html 178.159.36.182
AS-MAROSNET Moscow

General

Check archive.org

Show headers Download Go to

Full URL: http://autosalesplazainc.xyz/update_sec.php
Protocol: HTTP/1.1
Server: 178.159.36.182 , Russian Federation, ASN48666 (AS-MAROSNET Moscow, Russia, RU),
Reverse DNS
Software: Apache /
Resource Hash: 4c6b63494c7a23bc8e355b0026479cb601ada5a19f9b200f40d5194f727f29c5

Request headers

Host: autosalesplazainc.xyz
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Thu, 30 Jan 2020 12:10:07 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 404
Not Found amw.js
autosalesplazainc.xyz/JFP/amw/ 0
0 153ms
133ms Script
text/html 178.159.36.182
AS-MAROSNET Moscow

General

Check archive.org

Show headers Download Go to

Full URL: http://autosalesplazainc.xyz/JFP/amw/amw.js
Requested by: Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php
Protocol: HTTP/1.1
Server: 178.159.36.182 , Russian Federation, ASN48666 (AS-MAROSNET Moscow, Russia, RU),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Thu, 30 Jan 2020 12:10:07 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 Citi_Global.css
online.citi.com/CBOL/common/css/ 964 B
857 B 209ms
130ms Stylesheet
text/css 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/common/css/Citi_Global.css

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

b0a8b3c1fc22ff47e5571c481361f32fdbab88f2401f7d9b320e07d9baf440df

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 12 Sep 2017 17:22:45 GMT
x-akamai-citisite: GTDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:07 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: text/css
content-length: 320
expires: Thu, 30 Jan 2020 18:10:07 GMT

GET
H2 200 usereg.min.css
online.citi.com/CBOL/sec/usereg/css/ 19 KB
4 KB 210ms
131ms Stylesheet
text/css 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/sec/usereg/css/usereg.min.css

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

be5fe9705ae56a1e54f0369ff10657aaa2d5e846a4509e06355588eb950e24b1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:07 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: text/css
content-length: 3946
expires: Thu, 30 Jan 2020 18:10:07 GMT

GET
H2 200 jquery-combined.min.js Show response
online.citi.com/CBOL/portal/layout/js/ 318 KB
90 KB 327ms
248ms Script
application/x-javascript 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/portal/layout/js/jquery-combined.min.js

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

1dc4b9ec404fa9b37a9566a19cd59a3ce19c42637375452ab3850fb1086aa18d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Fri, 13 Sep 2019 06:57:28 GMT
x-akamai-citisite: SWDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:08 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: application/x-javascript
content-length: 91619
expires: Thu, 30 Jan 2020 18:10:08 GMT

GET
H2 200 jfp.combined.min.js Show response
online.citi.com/CBOL/common/js/ 479 KB
122 KB 346ms
267ms Script
application/x-javascript 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/common/js/jfp.combined.min.js

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

f1aa1bf61decaaec4aba9bb3ec596f7a06d4a9faedaea9999d9c9ab2ac558139

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Mon, 20 Jan 2020 19:26:26 GMT
x-akamai-citisite: SWDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:08 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: application/x-javascript
content-length: 123692
expires: Thu, 30 Jan 2020 18:10:08 GMT

GET
H2 200 Citi_Global.min.js Show response
online.citi.com/CBOL/common/js/ 50 KB
14 KB 260ms
182ms Script
application/x-javascript 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/common/js/Citi_Global.min.js

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

2e199e27eb18214cf22161a9353bfd91a87e7f74f55f3e1fdf9cccf2e3b9bc02

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:07 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: application/x-javascript
content-length: 13499
expires: Thu, 30 Jan 2020 18:10:07 GMT

GET
H2 200 usereg.min.js Show response
online.citi.com/CBOL/sec/usereg/js/ 45 KB
10 KB 313ms
234ms Script
application/x-javascript 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/sec/usereg/js/usereg.min.js

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

e56aec6835117af53235c90983d26026ade2bc114d07429ed215d2200caa1ce7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:08 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: application/x-javascript
content-length: 9243
expires: Thu, 30 Jan 2020 18:10:08 GMT

GET
H2 200 RDSoverlay.css
online.citi.com/JRS/css/common/ 3 KB
1 KB 236ms
158ms Stylesheet
text/css 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JRS/css/common/RDSoverlay.css

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

b7b30ac023f5c53ce801b8886ce0f2802ee7ca5751ea7f98b9c0318496271ed9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 12 Sep 2017 17:24:52 GMT
x-akamai-citisite: GTDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:07 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: text/css
content-length: 947
expires: Thu, 30 Jan 2020 18:10:07 GMT

GET
H2 200 CitiEasyDeals.css
online.citi.com/NCCS/rewards/css/ 7 KB
3 KB 283ms
204ms Stylesheet
text/css 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/NCCS/rewards/css/CitiEasyDeals.css

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

6975145b0d8bd5a952b4dfd4f4da82182c7488f67415a8012af227fcb95c3666

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:08 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: text/css
content-length: 2052
expires: Thu, 30 Jan 2020 18:10:08 GMT

GET
H2 200 regionHeadInc.css
online.citi.com/GFC/performance/css/ 300 B
737 B 295ms
217ms Stylesheet
text/css 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/GFC/performance/css/regionHeadInc.css

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

10c3dcc82c867fd3821f8b6c3d8eacce8cbab5dbab2c721034282974d091c02c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:08 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: text/css
content-length: 198
expires: Thu, 30 Jan 2020 18:10:08 GMT

GET
H/1.1 200
OK snare.js Show response
mpsnare.iesnare.com/ 38 KB
13 KB 109ms
51ms Script
text/javascript 52.129.74.14
IOVATION3

General

Check archive.org

Show headers Download Go to

Full URL

https://mpsnare.iesnare.com/snare.js

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.129.74.14 , United States, ASN395492 (IOVATION3, US),

Reverse DNS

mpsnare.iesnare.com

Software

nginx /

Resource Hash

6c82954445979202566e1d38b5e9ad78e9d57cba071eb3116dc78482f1f362fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Jan 2020 12:10:07 GMT
Content-Encoding: gzip
Server: nginx
Strict-Transport-Security: max-age=15552000; includeSubDomains
p3p: CP="NON DSP COR CURa"
Cache-Control: no-cache, private
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Expires: 0

GET
H2 200 fp.js Show response
online.citi.com/JSO/js/ 30 KB
8 KB 326ms
248ms Script
application/x-javascript 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JSO/js/fp.js

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

fd1ef7bbb200c5931e5e7e342b68939c874b32d041e6fd7529c5af2261f93818

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 10 Jul 2018 12:14:02 GMT
x-akamai-citisite: SWDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:08 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: application/x-javascript
content-length: 7952
expires: Thu, 30 Jan 2020 18:10:08 GMT

GET
H2 200 BkDmp.js Show response
online.citi.com/DMP/ 5 KB
2 KB 345ms
267ms Script
application/x-javascript 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/DMP/BkDmp.js

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

66f4efff67c8da6b84e2259405f3ff4db59b8617b9622b6d0f9ccdf8ffbe557b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:08 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: application/x-javascript
content-length: 1542
expires: Thu, 30 Jan 2020 18:10:08 GMT

GET
H/1.1 200
OK channel.js Show response
dir.citi.com/127893/ 48 KB
22 KB 201ms
180ms Script
application/x-javascript 23.21.48.239
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://dir.citi.com/127893/channel.js
Requested by: Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php
Protocol: HTTP/1.1
Server: 23.21.48.239 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-21-48-239.compute-1.amazonaws.com
Software: haile /
Resource Hash: 631e9979562e92225dbfdd1c6ed7bf7b6aadb9a7c555c609109a92117dcf9c4f

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Jan 2020 12:10:07 GMT
Content-Encoding: gzip
Server: haile
transfer-encoding: chunked
Access-Control-Allow-Methods: GET, OPTIONS
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/x-javascript
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Expires: 0

GET
H2 200 US-Regional.css
online.citi.com/JRS/css/ 48 KB
10 KB 231ms
159ms Stylesheet
text/css 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JRS/css/US-Regional.css

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

b256194e43343f5c19794cdc252cab31e88d6abada730497248e3f4dd3d6ebbc

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 12 Mar 2019 06:19:08 GMT
x-akamai-citisite: GTDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:07 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: text/css
content-length: 9944
expires: Thu, 30 Jan 2020 18:10:07 GMT

GET
H2 200 SitecatCampaigns.js Show response
online.citi.com/JPS/portal/js/ 5 KB
2 KB 220ms
148ms Script
application/x-javascript 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JPS/portal/js/SitecatCampaigns.js

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

3365c6707b11af11e075eb8fc391bc5112836047b278191d10ab568a9bf65172

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 12 Sep 2017 17:20:58 GMT
x-akamai-citisite: GTDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:07 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: application/x-javascript
content-length: 1678
expires: Thu, 30 Jan 2020 18:10:07 GMT

GET
H2 200 citi_Common.js Show response
online.citi.com/GFC/common/js/ 278 KB
52 KB 271ms
199ms Script
application/x-javascript 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/GFC/common/js/citi_Common.js

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

18e8793d86b704d55e31f29ebe6b27907ecf5c5b7495996049d45cfd664fe72b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 02 Apr 2019 05:38:48 GMT
x-akamai-citisite: GTDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:07 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: application/x-javascript
content-length: 52571
expires: Thu, 30 Jan 2020 18:10:07 GMT

GET
H2 200 jquery.autocomplete.js Show response
online.citi.com/JFP/js/jquery/plugins/ 17 KB
6 KB 252ms
180ms Script
application/x-javascript 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JFP/js/jquery/plugins/jquery.autocomplete.js

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

b63dce0094ea3c2b03d2dc0205507faaa364d2b686cf32d7090f80d87e9cccf9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 10 Jul 2018 12:14:02 GMT
x-akamai-citisite: GTDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:07 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: application/x-javascript
content-length: 5196
expires: Thu, 30 Jan 2020 18:10:07 GMT

GET
H2 200 JFPNav.js Show response
online.citi.com/JPS/portal/js/ 21 KB
6 KB 296ms
224ms Script
application/x-javascript 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JPS/portal/js/JFPNav.js

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

345059a341cdf6fb013751ba01a3810ce3f42697157616174fc75c02fcb49c6b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:08 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: application/x-javascript
content-length: 5305
expires: Thu, 30 Jan 2020 18:10:08 GMT

GET
H2 200 branding_main.css
online.citi.com/GFC/branding/css/ 115 KB
18 KB 226ms
159ms Stylesheet
text/css 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/GFC/branding/css/branding_main.css

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

c06421fc9106509698ec603e84b6b0e6f6b5f8513311ea5418d0626260ac1fc1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Thu, 19 Sep 2019 19:18:07 GMT
x-akamai-citisite: SWDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:07 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: text/css
content-length: 17388
expires: Thu, 30 Jan 2020 18:10:07 GMT

GET
H2 200 regionalBrandingResponsivePatch.css
online.citi.com/JRS/ 2 KB
1 KB 215ms
148ms Stylesheet
text/css 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JRS/regionalBrandingResponsivePatch.css

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

1a1d7795e2fa34d6a9ae37358f8aea2bf8e60f19726078a0185a05035a7f8925

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: GTDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:07 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: text/css
content-length: 791
expires: Thu, 30 Jan 2020 18:10:07 GMT

GET
H2 200 s_code.js Show response
online.citi.com/JRS/js/ 89 KB
26 KB 267ms
200ms Script
application/x-javascript 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JRS/js/s_code.js

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

38fc9d43e39598220446850e09fffb5ed1959aa78de4bd95764a7c7282508dec

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Fri, 08 Feb 2019 13:30:51 GMT
x-akamai-citisite: GTDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:07 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: application/x-javascript
content-length: 25647
expires: Thu, 30 Jan 2020 18:10:07 GMT

GET
H2 200 dp.min.js Show response
online.citi.com/CBOL/sec/rba/js/ 10 KB
3 KB 214ms
148ms Script
application/x-javascript 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/sec/rba/js/dp.min.js

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

04fb7eaf02233833dd072f7e5c1535e51901676bd0102b1a0e628a69a6e6d8de

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 15 Jan 2019 05:53:02 GMT
x-akamai-citisite: SWDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:07 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: application/x-javascript
content-length: 2892
expires: Thu, 30 Jan 2020 18:10:07 GMT

GET
H2 200 mbox.js Show response
online.citi.com/JRS/js/ 45 KB
13 KB 238ms
222ms Script
application/x-javascript 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JRS/js/mbox.js

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

39c0e17dfddea21b1d2adacff83bb9498309fe3588cae2dd4a32ef491b713009

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Wed, 25 Apr 2018 19:08:48 GMT
x-akamai-citisite: GTDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:08 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: application/x-javascript
content-length: 13062
expires: Thu, 30 Jan 2020 18:10:08 GMT

GET
H2 200 appendToken.js Show response
online.citi.com/JSE/token/ 1 KB
834 B 298ms
283ms Script
application/x-javascript 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JSE/token/appendToken.js

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

21d2189e79df5ec48de5c8fd1dd504df4be74b9f8f37dba4b6231409299ddb70

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 12 Sep 2017 17:16:57 GMT
x-akamai-citisite: GTDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:08 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: application/x-javascript
content-length: 284
expires: Thu, 30 Jan 2020 18:10:08 GMT

GET
H2 200 MFAOverlay.js Show response
online.citi.com/JPS/portal/js/ 2 KB
1 KB 255ms
255ms Script
application/x-javascript 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JPS/portal/js/MFAOverlay.js

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

65980d692a75b30a18de261f85398dd5e3b9ecca2b8c3e6943c6c45b77a57567

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:08 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: application/x-javascript
content-length: 770
expires: Thu, 30 Jan 2020 18:10:08 GMT

GET
H2 200 citilogo.png
online.citi.com/CBOL/common/print/images/ 851 B
1 KB 114ms
113ms Image
image/png 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/CBOL/common/print/images/citilogo.png

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

bd101b62409fe1888c1719c7ef78c18af101bbce3b498629049178c44c1f1a38

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
date: Thu, 30 Jan 2020 12:10:08 GMT
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/png
content-length: 851
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 citilogo_branding_60x35.png
online.citi.com/GFC/branding/img/ 3 KB
3 KB 115ms
114ms Image
image/png 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/GFC/branding/img/citilogo_branding_60x35.png

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

f1c635c4782fce1eef7290194a81f790b0dc0655c6eafdc43eb1498fd6b10295

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
date: Thu, 30 Jan 2020 12:10:08 GMT
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/png
content-length: 2618
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 spacer.gif
online.citi.com/JFP/images/ 43 B
472 B 122ms
122ms Image
image/gif 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JFP/images/spacer.gif

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
date: Thu, 30 Jan 2020 12:10:08 GMT
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/gif
content-length: 43
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 useregRWD.js Show response
online.citi.com/CBOL/sec/usereg/js/ 12 KB
3 KB 266ms
266ms Script
application/x-javascript 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/sec/usereg/js/useregRWD.js

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

29cc88988b84a6992a305341b7760e59fdaae58fa65bf9bc5c262c53ed0586d4

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:08 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: application/x-javascript
content-length: 2236
expires: Thu, 30 Jan 2020 18:10:08 GMT

GET
H2 200 CBOL.mask.min.js Show response
online.citi.com/CBOL/common/js/ 7 KB
3 KB 187ms
187ms Script
application/x-javascript 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/common/js/CBOL.mask.min.js

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

836a9dc9745f521737ff9486334424a348479f0eef1f96732e159cf947a96931

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:08 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: application/x-javascript
content-length: 2247
expires: Thu, 30 Jan 2020 18:10:08 GMT

GET
H2 200 citi-logo.png
online.citi.com/JRS/images/ 2 KB
2 KB 123ms
122ms Image
image/png 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/images/citi-logo.png

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

b39de1ad9f63b9a490c2d7f636866aff31eace4d7376ec1e7ef464a44f136c28

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
last-modified: Tue, 12 Sep 2017 17:12:06 GMT
x-akamai-citisite: GTDC
date: Thu, 30 Jan 2020 12:10:08 GMT
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/png
content-length: 1729
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 tealeaf.test.3.1.0.1520.W3C.Sizzle.js Show response
online.citi.com/TeaLeaf/js/ 134 KB
41 KB 84ms
83ms Script
application/x-javascript 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/TeaLeaf/js/tealeaf.test.3.1.0.1520.W3C.Sizzle.js

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

d7f753898b34f8c5b7838b693561be358fac28891b99a5fb260c844a9dd520d7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 10 Jul 2018 12:14:02 GMT
x-akamai-citisite: SWDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:08 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: application/x-javascript
content-length: 41668
expires: Thu, 30 Jan 2020 18:10:08 GMT

GET
H2 200 branding_universal_megaMenu.js Show response
online.citi.com/GFC/branding/js/ 75 KB
17 KB 84ms
83ms Script
application/x-javascript 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/GFC/branding/js/branding_universal_megaMenu.js

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

2f843b3db1023806d56cb580f86984e1c3785f06c8fe5234beec505f17ade6b2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 12 Sep 2017 17:22:45 GMT
x-akamai-citisite: GTDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:08 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: application/x-javascript
content-length: 17222
expires: Thu, 30 Jan 2020 18:10:08 GMT

GET
H2 200 btAdServe.js Show response
online.citi.com/JRS/js/ 1 KB
1 KB 103ms
102ms Script
application/x-javascript 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JRS/js/btAdServe.js

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

4d09cfb5ba7471be2d35405a0510a67a3a6825e1e0337aca7dd94256e6c107d8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:08 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: application/x-javascript
content-length: 580
expires: Thu, 30 Jan 2020 18:10:08 GMT

GET
H2 200 mtagconfig.js Show response
online.citi.com/JRS/js/chat/ 3 KB
2 KB 104ms
103ms Script
application/x-javascript 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JRS/js/chat/mtagconfig.js

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

87ef9646b850959ef73cd8e62696423f79daf0c9ec885771d9d6224d10654d72

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 12 Sep 2017 17:16:57 GMT
x-akamai-citisite: GTDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:08 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: application/x-javascript
content-length: 1172
expires: Thu, 30 Jan 2020 18:10:08 GMT

GET
H2 200 JPPWidget.css
online.citi.com/JFP/css/common/ 194 KB
26 KB 151ms
150ms Stylesheet
text/css 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JFP/css/common/JPPWidget.css

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

b8ef6eced1896d4ee78298bf8e536e59f84f5c61409bde48b01f70eba464d506

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Mon, 20 Jan 2020 19:26:26 GMT
x-akamai-citisite: GTDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:08 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: text/css
content-length: 25741
expires: Thu, 30 Jan 2020 18:10:08 GMT

GET
H2 200 citiBase.css
online.citi.com/CBOL/common/css/ 3 KB
2 KB 183ms
182ms Stylesheet
text/css 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/common/css/citiBase.css

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

cfa087aa39bf15b9f8aec628e221917a021add875151e17130efc34a4ef344ae

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:08 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: text/css
content-length: 1151
expires: Thu, 30 Jan 2020 18:10:08 GMT

GET
H2 200 citiReset.css
online.citi.com/CBOL/common/css/ 904 B
952 B 186ms
184ms Stylesheet
text/css 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/common/css/citiReset.css

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

49b7bc7bb698cd7293046cfe91336fc40c90932db34241f90011d3e2238618a0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 12 Sep 2017 17:16:57 GMT
x-akamai-citisite: GTDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:08 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: text/css
content-length: 473
expires: Thu, 30 Jan 2020 18:10:08 GMT

GET
H2 200 citiMain.css
online.citi.com/CBOL/common/css/ 104 KB
21 KB 198ms
197ms Stylesheet
text/css 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/common/css/citiMain.css

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

4013050b3d2cca84a894f23db3fdaa49095cb0b83f1cb39dc2550fc79db488ac

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:08 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: text/css
content-length: 20515
expires: Thu, 30 Jan 2020 18:10:08 GMT

GET
H2 200 QuickTasks_v1.5.css
online.citi.com/CBOL/common/css/ 41 B
539 B 200ms
198ms Stylesheet
text/css 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/common/css/QuickTasks_v1.5.css

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

cc0203eb97f1a57ce94c0fd1adb2bef5b19a008911f99db6f699caa85f64b106

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:08 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: text/css
content-length: 61
expires: Thu, 30 Jan 2020 18:10:08 GMT

GET
H2 200 OTP_v1.5.css
online.citi.com/CBOL/common/css/ 359 B
730 B 218ms
217ms Stylesheet
text/css 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/common/css/OTP_v1.5.css

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

b10445bea0b965ac55a567e0ed5db2775dc5705d592f0e3160a0eb4eb4cedf08

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: GTDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:08 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: text/css
content-length: 252
expires: Thu, 30 Jan 2020 18:10:08 GMT

GET
H2 200 SelectWidget_1.5.css
online.citi.com/CBOL/common/css/ 4 KB
2 KB 219ms
218ms Stylesheet
text/css 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/common/css/SelectWidget_1.5.css

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

569c41cd0c7b6284552c7f28f4fa659de6057efb2a9020af1807b99110206fdd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:08 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: text/css
content-length: 1145
expires: Thu, 30 Jan 2020 18:10:08 GMT

GET
H2 200 PnT_Overlay.css
online.citi.com/CBOL/common/css/ 7 KB
2 KB 243ms
242ms Stylesheet
text/css 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/common/css/PnT_Overlay.css

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

830e59c7cfd09604ed40610071ac283f781fdeca71563f72577545024ffbf4dc

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 12 Sep 2017 17:24:53 GMT
x-akamai-citisite: GTDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:08 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: text/css
content-length: 1991
expires: Thu, 30 Jan 2020 18:10:08 GMT

GET
H2 200 PrintRecord.css
online.citi.com/CBOL/common/css/ 7 KB
2 KB 243ms
242ms Stylesheet
text/css 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/common/css/PrintRecord.css

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

9ad61679bb45660a4e38f76254102d4930df256a686f4ad81ab4d099cb2f9208

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 03 Oct 2017 07:05:16 GMT
x-akamai-citisite: GTDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:08 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: text/css
content-length: 1769
expires: Thu, 30 Jan 2020 18:10:08 GMT

GET
H2 200 Overlay.css
online.citi.com/CBOL/common/css/ 38 KB
7 KB 275ms
274ms Stylesheet
text/css 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/common/css/Overlay.css

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

b282d252baec51337f69bcd03a3cc46956f56e9a460dd5c4bc443e6765f0e957

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:08 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: text/css
content-length: 6465
expires: Thu, 30 Jan 2020 18:10:08 GMT

GET
H2 200 SearchBox.css
online.citi.com/CBOL/common/css/ 7 KB
2 KB 296ms
296ms Stylesheet
text/css 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/common/css/SearchBox.css

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

9798e3cb57ea3a45cb89e382802a32840fa7a19d3089adf5c860027319b468f4

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 12 Sep 2017 17:24:53 GMT
x-akamai-citisite: GTDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:08 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: text/css
content-length: 1894
expires: Thu, 30 Jan 2020 18:10:08 GMT

GET
H2 200 DEOB.css
online.citi.com/CBOL/common/css/ 20 KB
4 KB 297ms
296ms Stylesheet
text/css 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/common/css/DEOB.css

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

64eceeb1c64ba3e773f8440491ff4e4fe1429b2c96d1f41569f3ec63ae25a798

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: GTDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:08 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: text/css
content-length: 3899
expires: Thu, 30 Jan 2020 18:10:08 GMT

GET
H2 200 CommonQuestions_v1.5.css
online.citi.com/CBOL/common/css/ 1 KB
1 KB 320ms
320ms Stylesheet
text/css 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/common/css/CommonQuestions_v1.5.css

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

5f39b42ac942b572b4ac4729cad2042346ece5e4468f96c2f15306aa7f3a39d8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 12 Sep 2017 17:12:06 GMT
x-akamai-citisite: GTDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:08 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: text/css
content-length: 554
expires: Thu, 30 Jan 2020 18:10:08 GMT

GET
H2 200 BookEPP.css
online.citi.com/CBOL/common/css/ 25 KB
4 KB 326ms
325ms Stylesheet
text/css 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/common/css/BookEPP.css

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

a043d33adc240e1730b67c1699f5f25e51f368b9b224f319ab70854a3c1d3129

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 12 Sep 2017 17:22:45 GMT
x-akamai-citisite: GTDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:08 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: text/css
content-length: 3938
expires: Thu, 30 Jan 2020 18:10:08 GMT

GET
H2 200 headerPrintLinks.css
online.citi.com/CBOL/common/css/ 995 B
947 B 326ms
326ms Stylesheet
text/css 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/common/css/headerPrintLinks.css

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

a9580ab8a87427c4c06fc84436dab782f6837345348ecbda0098b0735f78c103

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:08 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: text/css
content-length: 468
expires: Thu, 30 Jan 2020 18:10:08 GMT

GET
H2 200 tileLayout.css
online.citi.com/CBOL/portal/layout/css/ 6 KB
2 KB 337ms
337ms Stylesheet
text/css 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/portal/layout/css/tileLayout.css

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

95ee7bbc9667c17f58a25a0d8c22f0f717c31e41bef004b4910a4e0b6cc09623

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Thu, 30 Jan 2020 12:10:08 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: text/css
content-length: 1752
expires: Thu, 30 Jan 2020 18:10:08 GMT

GET
H/1.1 200
OK logo.js Show response
mpsnare.iesnare.com/script/ 96 B
514 B 34ms
34ms Script
text/javascript 52.129.74.14
IOVATION3

General

Check archive.org

Show headers Download Go to

Full URL

https://mpsnare.iesnare.com/script/logo.js

Requested by

Host: mpsnare.iesnare.com
URL: https://mpsnare.iesnare.com/snare.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.129.74.14 , United States, ASN395492 (IOVATION3, US),

Reverse DNS

mpsnare.iesnare.com

Software

nginx /

Resource Hash

31f845b831402f1db5d81a7a1465b4e1c738e619b2b263c942846e16618b7444

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Thu, 30 Jan 2020 12:10:08 GMT
Content-Encoding: gzip
Last-Modified: Tue, 06 May 2014 00:01:40 GMT
Server: nginx
Strict-Transport-Security: max-age=15552000; includeSubDomains
p3p: CP="NON DSP COR CURa"
Cache-Control: private
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Expires: Fri, 29 Jan 2021 12:10:08 GMT

GET
H/1.1 200
OK target.js Show response
cdn.tt.omtrdc.net/cdn/ 43 KB
14 KB 49ms
27ms Script
text/javascript 104.67.20.40
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: http://cdn.tt.omtrdc.net/cdn/target.js
Requested by: Host: online.citi.com
URL: https://online.citi.com/JRS/js/mbox.js
Protocol: HTTP/1.1
Server: 104.67.20.40 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a104-67-20-40.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7ecf3bf86151cd72036fb67feb8fcbd8c80359e0ca871e1aeb955428ed43c26d

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Thu, 30 Jan 2020 12:10:08 GMT
Content-Encoding: gzip
Last-Modified: Tue, 01 Oct 2019 05:03:00 GMT
Server: Apache
ETag: "4400c2-aa3e-593d24434121e"
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: must-revalidate, max-age=2037
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 14200

GET
H/1.1 200 ajax Show response
citicorpcreditservic.tt.omtrdc.net/m2/citicorpcreditservic/mbox/ 142 B
841 B 96ms
76ms Script
text/javascript 66.117.29.4
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: http://citicorpcreditservic.tt.omtrdc.net/m2/citicorpcreditservic/mbox/ajax?mboxHost=autosalesplazainc.xyz&mboxPage=ba0957f5f8fb4d99805d1bdec42f6d48&screenHeight=1200&screenWidth=1600&browserWidth=1600&browserHeight=1200&browserTimeOffset=60&colorDepth=24&mboxSession=ba0957f5f8fb4d99805d1bdec42f6d48&mboxXDomain=enabled&mboxCount=1&mboxTime=1580389808387&pageDef=jcbol_sec_usereg_CardInformation&mbox=target-global-mbox&mboxId=0&mboxURL=http%3A%2F%2Fautosalesplazainc.xyz%2Fupdate_sec.php&mboxReferrer=&mboxVersion=63
Requested by: Host: online.citi.com
URL: https://online.citi.com/JRS/js/mbox.js
Protocol: HTTP/1.1
Server: 66.117.29.4 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: /
Resource Hash: dd256ae72a5f42f07046db6419e33dca617fe970ccb3844663a4fef8c23875e2

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma: no-cache
Date: Thu, 30 Jan 2020 12:10:08 GMT
Content-Type: text/javascript;charset=utf-8
P3P: CP="NOI DSP CURa OUR STP COM"
Cache-Control: no-cache
Timing-Allow-Origin: *
Content-Length: 142
X-Request-ID: 4044b348-c359-4e37-be1d-1eeb1ab3b13f

GET
H2

200

cse.js Show response
cse.google.com/cse/
Redirect Chain

http://www.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu
https://cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu

11 KB
4 KB

62ms
43ms

Script
text/javascript

2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gws /

Resource Hash

fcec578b9490c2f4f254527544585f2a3686c8c943b8a8761a8cfab5e9606c74

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 30 Jan 2020 12:10:08 GMT
content-encoding: br
server: gws
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
status: 200
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 3475
x-xss-protection: 0
expires: Thu, 30 Jan 2020 12:10:08 GMT

Redirect headers

Date: Thu, 30 Jan 2020 12:10:08 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Type: text/html; charset=UTF-8
Location: https://cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu
Cache-Control: private
Content-Length: 267
X-XSS-Protection: 0

GET
H/1.1

200
OK

s26515570626097
metrics.citi.com/b/ss/citinaprod/1/JS-2.0.0/
Redirect Chain

http://metrics.citi.com/b/ss/citinaprod/1/JS-2.0.0/s26515570626097?AQB=1&ndh=1&pf=1&t=30%2F0%2F2020%2013%3A10%3A8%204%20-60&fid=3CF520328DD5F238-3215324A8A35ACCA&ce=UTF-8&pageName=Enter%20Bank%20Or...
http://metrics.citi.com/b/ss/citinaprod/1/JS-2.0.0/s26515570626097?AQB=1&pccr=true&vidn=2F1963D00515C893-4000089AA0A03DD7&ndh=1&pf=1&t=30%2F0%2F2020%2013%3A10%3A8%204%20-60&fid=3CF520328DD5F238-321...

43 B
748 B

33ms
33ms

Image
image/gif

35.181.91.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://metrics.citi.com/b/ss/citinaprod/1/JS-2.0.0/s26515570626097?AQB=1&pccr=true&vidn=2F1963D00515C893-4000089AA0A03DD7&ndh=1&pf=1&t=30%2F0%2F2020%2013%3A10%3A8%204%20-60&fid=3CF520328DD5F238-3215324A8A35ACCA&ce=UTF-8&pageName=Enter%20Bank%20Or%20Credit%20Card%20Number%20for%20Registration&g=http%3A%2F%2Fautosalesplazainc.xyz%2Fupdate_sec.php&c.&visitStart=1&.c&cc=USD&ch=BANKRIAWebEnglish&events=event78&c1=Secure&h1=BANKRIAWebEnglish%2FSecure%2FRegistration&c2=Registration&v38=Enter%20Bank%20Or%20Credit%20Card%20Number%20for%20Registration&c59=cbol_sec_usereg_&c63=http%3A%2F%2Fautosalesplazainc.xyz%2Fupdate_sec.php&c64=7%3A10AM&v64=7%3A10AM&c65=Thursday&v65=Thursday&c66=Thursday%7C7%3A10AM&v67=New&v68=1&v69=UnAuth&v70=Credit%20Card%20Online%20Registration&v71=Primary%7CSSN%7CBirthday&c73=null&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1

Requested by

Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php

Protocol

HTTP/1.1

Server

35.181.91.36 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-181-91-36.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 30 Jan 2020 12:10:08 GMT
x-content-type-options: nosniff
x-c: master-1118.I6e092d.M0-329
p3p: CP="This is not a P3P policy"
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Fri, 31 Jan 2020 12:10:08 GMT
server: jag
xserver: anedge-67d6675784-jplhc
etag: 3393853539290021888-4618133857418510257
vary: *
content-type: image/gif;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Wed, 29 Jan 2020 12:10:08 GMT

Redirect headers

pragma: no-cache
date: Thu, 30 Jan 2020 12:10:08 GMT
x-content-type-options: nosniff
last-modified: Fri, 31 Jan 2020 12:10:08 GMT
server: jag
xserver: anedge-67d6675784-9nd7x
location: http://metrics.citi.com/b/ss/citinaprod/1/JS-2.0.0/s26515570626097?AQB=1&pccr=true&vidn=2F1963D00515C893-4000089AA0A03DD7&ndh=1&pf=1&t=30%2F0%2F2020%2013%3A10%3A8%204%20-60&fid=3CF520328DD5F238-3215324A8A35ACCA&ce=UTF-8&pageName=Enter%20Bank%20Or%20Credit%20Card%20Number%20for%20Registration&g=http%3A%2F%2Fautosalesplazainc.xyz%2Fupdate_sec.php&c.&visitStart=1&.c&cc=USD&ch=BANKRIAWebEnglish&events=event78&c1=Secure&h1=BANKRIAWebEnglish%2FSecure%2FRegistration&c2=Registration&v38=Enter%20Bank%20Or%20Credit%20Card%20Number%20for%20Registration&c59=cbol_sec_usereg_&c63=http%3A%2F%2Fautosalesplazainc.xyz%2Fupdate_sec.php&c64=7%3A10AM&v64=7%3A10AM&c65=Thursday&v65=Thursday&c66=Thursday%7C7%3A10AM&v67=New&v68=1&v69=UnAuth&v70=Credit%20Card%20Online%20Registration&v71=Primary%7CSSN%7CBirthday&c73=null&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
x-c: master-1118.I6e092d.M0-329
p3p: CP="This is not a P3P policy"
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
content-type: text/plain
content-length: 0
x-xss-protection: 1; mode=block
expires: Wed, 29 Jan 2020 12:10:08 GMT

GET
H2 200 bg-marketing-banner.jpg
online.citi.com/GFC/branding/img/ 5 KB
5 KB 67ms
67ms Image
image/jpeg 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/GFC/branding/img/bg-marketing-banner.jpg

Requested by

Host: online.citi.com
URL: https://online.citi.com/CBOL/portal/layout/js/jquery-combined.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

b47060147f820f4721134724e1a38cab5fcc6960091389f6b4587769c4d2c313

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://online.citi.com/GFC/branding/css/branding_main.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
last-modified: Tue, 12 Sep 2017 17:12:07 GMT
x-akamai-citisite: GTDC
date: Thu, 30 Jan 2020 12:10:08 GMT
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
content-length: 4857
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 horizontal_sprite.png
online.citi.com/JRS/images/sprites/ 2 KB
2 KB 67ms
67ms Image
image/png 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/images/sprites/horizontal_sprite.png

Requested by

Host: online.citi.com
URL: https://online.citi.com/CBOL/portal/layout/js/jquery-combined.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

ebfc2c05f2e7ed45312d73e19ac568bb5644196bf592af3a54ac7a8d26d7d012

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://online.citi.com/GFC/branding/css/branding_main.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
last-modified: Tue, 12 Sep 2017 17:16:57 GMT
x-akamai-citisite: GTDC
date: Thu, 30 Jan 2020 12:10:08 GMT
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/png
content-length: 1544
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H/1.1 404
Not Found useregRWD.css
autosalesplazainc.xyz/CBOL/sec/usereg/css/ 0
0 77ms
77ms Stylesheet
text/html 178.159.36.182
AS-MAROSNET Moscow

General

Check archive.org

Show headers Download Go to

Full URL: http://autosalesplazainc.xyz/CBOL/sec/usereg/css/useregRWD.css
Requested by: Host: online.citi.com
URL: https://online.citi.com/CBOL/portal/layout/js/jquery-combined.min.js
Protocol: HTTP/1.1
Server: 178.159.36.182 , Russian Federation, ASN48666 (AS-MAROSNET Moscow, Russia, RU),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Thu, 30 Jan 2020 12:10:08 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 jfpw-spinner-medium.gif
online.citi.com/JFP/images/widgets/ 3 KB
4 KB 68ms
67ms Image
image/gif 95.100.73.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JFP/images/widgets/jfpw-spinner-medium.gif

Requested by

Host: online.citi.com
URL: https://online.citi.com/TeaLeaf/js/tealeaf.test.3.1.0.1520.W3C.Sizzle.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.73.99 , Ascension Island, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-73-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

aebc793d0064383ee6b1625bf3bb32532ec30a5c12bf9117066107d412119123

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://online.citi.com/JFP/css/common/JPPWidget.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
date: Thu, 30 Jan 2020 12:10:08 GMT
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/gif
content-length: 3208
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 cse_element__de.js Show response
www.google.com/cse/static/element/8b2252448421acb3/ 257 KB
85 KB 20ms
7ms Script
text/javascript 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/8b2252448421acb3/cse_element__de.js?usqp=CAI%3D

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2233a44f005e8d416636e52aca33bc7ce726c1ab4d0801865162829d762c6de2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 30 Jan 2020 10:36:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 31 Oct 2019 16:49:36 GMT
server: sffe
age: 5610
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 86952
x-xss-protection: 0
expires: Fri, 29 Jan 2021 10:36:38 GMT

GET
H2 200 default+de.css
www.google.com/cse/static/element/8b2252448421acb3/ 40 KB
9 KB 31ms
18ms Stylesheet
text/css 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/8b2252448421acb3/default+de.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

40a20291f9b526cba58796a4bbd0256d5663313e02c9d5ab5a842476562b3108

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Tue, 28 Jan 2020 15:22:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 31 Oct 2019 16:49:36 GMT
server: sffe
age: 161237
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 9042
x-xss-protection: 0
expires: Wed, 27 Jan 2021 15:22:51 GMT

GET
H2 200 default.css
www.google.com/cse/static/style/look/v3/ 11 KB
3 KB 30ms
17ms Stylesheet
text/css 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/style/look/v3/default.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9ceaa25ec7654a66294c16e28989fbf1ecb9cebc9debe96ec597529465c7cd50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Thu, 30 Jan 2020 11:33:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 21 Nov 2019 23:30:00 GMT
server: sffe
age: 2199
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=3000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 2719
x-xss-protection: 0
expires: Thu, 30 Jan 2020 12:23:29 GMT

GET
H/1.1 200
OK deploy2.asp Show response
chat.online.citi.com/visitor/addons/ 54 KB
55 KB 421ms
376ms Script
application/x-javascript 162.252.74.6
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy
Requested by: Host: online.citi.com
URL: https://online.citi.com/JRS/js/chat/mtagconfig.js
Protocol: HTTP/1.1
Server: 162.252.74.6 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: WS /
Resource Hash: f705f1e9a893823c1382790b87a281e3b74bd9236aeeb71091d6ad42561766aa

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Thu, 30 Jan 2020 12:10:08 GMT
Last-Modified: Thu, 18 May 2017 11:16:23 GMT
Server: WS
Access-Control-Allow-Methods: GET, POST, PATCH
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
Access-Control-Expose-Headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
Cache-Control: public, max-age=3600, s-maxage=3600
Access-Control-Allow-Credentials: true
Content-Type: application/x-javascript
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
Content-Length: 55620

GET
H/1.1 200
Ok LOInm Show response
dir.citi.com/127893/ 111 B
773 B 107ms
107ms Script
text/javascript 23.21.48.239
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://dir.citi.com/127893/LOInm?d=JTVCJTdCJTIyaWQlMjIlM0ElMjIzJTIyJTJDJTIyZGF0YSUyMiUzQSU3QiUyMnVkJTIyJTNBJTIyJTIyJTJDJTIydWglMjIlM0ElMjIlMjIlMkMlMjJ1ayUyMiUzQSUyMiUyMiU3RCU3RCU1RA%3D%3D&cid=3&si=0&e=http%3A%2F%2Fautosalesplazainc.xyz&LSESSIONID=jLd1o6AY4IAndy%2BAKB4g2jYCovySon7eXUu2EXavFtPX08UvN8F3682k&t=jsonp&c=tkxzphlvopxudubh&eu=http%3A%2F%2Fautosalesplazainc.xyz%2Fupdate_sec.php
Requested by: Host: dir.citi.com
URL: http://dir.citi.com/127893/channel.js
Protocol: HTTP/1.1
Server: 23.21.48.239 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-21-48-239.compute-1.amazonaws.com
Software: haile /
Resource Hash: 4d2979485d32264f67e9745fef978782ca09f53b620024c9ff5c51688a003841

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Jan 2020 12:10:08 GMT
Server: haile
Access-Control-Allow-Methods: GET, OPTIONS
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 111
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Expires: 0

GET
H/1.1 200
OK mTag.js Show response
chat.online.citi.com/hcp/html/ 17 KB
18 KB 105ms
105ms Script
application/javascript 162.252.74.6
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: http://chat.online.citi.com/hcp/html/mTag.js?site=70244976
Requested by: Host: online.citi.com
URL: https://online.citi.com/JRS/js/chat/mtagconfig.js
Protocol: HTTP/1.1
Server: 162.252.74.6 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: WS /
Resource Hash: 7af71bf299d55a276ed7126683da9bdc8534684cca0044fa34252a9f18ebc917

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Thu, 30 Jan 2020 12:10:08 GMT
Last-Modified: Wed, 16 Sep 2015 19:55:44 GMT
Server: WS
ETag: "0a0eacb9f0d01:0"
Access-Control-Allow-Methods: GET, POST, PATCH
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
Access-Control-Expose-Headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Content-Type: application/javascript
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
Content-Length: 17753

GET
H/1.1 200
OK / Show response
chat.online.citi.com/hc/70244976/ 71 KB
73 KB 159ms
158ms Script
application/x-javascript 162.252.74.6
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: http://chat.online.citi.com/hc/70244976/?&site=70244976&cmd=mTagKnockPage&lpCallId=380135655452-978496176795&protV=20&lpjson=1&id=2515034888&javaSupport=false&visitorStatus=INSITE_STATUS&dbut=chat-needhelp-service-english%7ClpMTagConfig.db1%7ClpButtonNeedHelp%7C%23chat-billpay-cbol-english-overlay%7ClpMTagConfig.db1%7ClpButtonBillpayOverlay%7C%23chat-transfer-cbol-english-overlay%7ClpMTagConfig.db1%7ClpButtonTransferOverlay%7C%23chat-alerts-card-english-overlay%7ClpMTagConfig.db1%7ClpButtonAlertsOverlay%7C%23chat-accountsnapshot-cbol-english-overlay%7ClpMTagConfig.db1%7ClpButtonAccountOverlay%7C%23chat-rewards-cbol-english-overlay%7ClpMTagConfig.db1%7ClpButtonRewardsOverlay%7C%23chat-statements-card-english-overlay%7ClpMTagConfig.db1%7ClpButtonStatementsOverlay%7C%23chat-service-registration-english%7ClpMTagConfig.db2%7ClpButtonDiv%7C%23chat-autopay-english-overlay%7ClpMTagConfig.db1%7ClpChatButtonAPO%7C%23chat-floatingbutton-english%7ClpMTagConfig.db1%7ClpFloatingButtonDiv%7C%23chat-billpay-card-english-overlay%7ClpMTagConfig.db1%7ClpClickToPayOverlay%7C
Requested by: Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php
Protocol: HTTP/1.1
Server: 162.252.74.6 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: WS /
Resource Hash: 6520d6309704983bc046e75c8b74a1fad6315867235b2945ef44c3e363a2a74b

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Jan 2020 12:10:09 GMT
Last-Modified: Thu, 30 Jan 2020 12:10:09 GMT
Server: WS
Access-Control-Allow-Methods: GET, POST, PATCH
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
Access-Control-Expose-Headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Content-Type: application/x-javascript
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
Content-Length: 72539
Expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H/1.1 200
Ok LOInm Show response
dir.citi.com/127893/ 112 B
774 B 112ms
112ms Script
text/javascript 23.21.48.239
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://dir.citi.com/127893/LOInm?d=JTVCJTdCJTIyaWQlMjIlM0ElMjIzNCUyMiUyQyUyMmRhdGElMjIlM0ElN0IlMjJyZCUyMiUzQSU3QiUyMnBzZCUyMiUzQSU3QiUyMjc1NzM0OTYxNiUyMiUzQSU3QiUyMnAlMjIlM0ElMjJodHRwJTNBJTJGJTJGYXV0b3NhbGVzcGxhemFpbmMueHl6JTJGdXBkYXRlX3NlYy5waHAlMjIlMkMlMjJiY2IlMjIlM0ElNUIlMjIxJTIyJTVEJTJDJTIybWYlMjIlM0ElNUIlNUQlMkMlMjJyZXAlMjIlM0ElN0IlMjJiY2IlMjIlM0ElNUIlNUQlMkMlMjJtZiUyMiUzQSU1QiU1RCU3RCU3RCU3RCUyQyUyMnNycCUyMiUzQWZhbHNlJTdEJTdEJTdEJTVE&cid=34&si=0&e=http%3A%2F%2Fautosalesplazainc.xyz&LSESSIONID=jLd1o6AY4IAndy%2BAKB4g2jYCovySon7eXUu2EXavFtPX08UvN8F3682k&t=jsonp&c=izdn_egvhgpaoocc&eu=http%3A%2F%2Fautosalesplazainc.xyz%2Fupdate_sec.php
Requested by: Host: dir.citi.com
URL: http://dir.citi.com/127893/channel.js
Protocol: HTTP/1.1
Server: 23.21.48.239 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-21-48-239.compute-1.amazonaws.com
Software: haile /
Resource Hash: 51ceb49c0679c522eda6fea1964ad51ec5e43996fd8c65200ebf5cbf12220462

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Jan 2020 12:10:09 GMT
Server: haile
Access-Control-Allow-Methods: GET, OPTIONS
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 112
PICS-Label: (PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Expires: 0

GET
H/1.1 200
OK / Show response
chat.online.citi.com/hc/70244976/ 3 KB
4 KB 104ms
104ms Script
application/x-javascript 162.252.74.6
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: http://chat.online.citi.com/hc/70244976/?&visitor=1153304192606906&msessionkey=3208532961387089879&siteContainer=STANDALONE&site=70244976&cmd=mTagStartPage&lpCallId=535332483974-546002167597&protV=20&lpjson=1&page=http%3A//autosalesplazainc.xyz/update_sec.php&id=2515034888&javaSupport=false&visitorStatus=INSITE_STATUS&defInvite=chat-service-registration-english&activePlugin=none&cobrowse=true&PV%21unit=service-registration&PV%21AlertDisplayed=no&PV%21CBOL_PageDef=jcbol_sec_usereg_CardInformation&PV%21AvatarSPFExperience=no&PV%21PageName=Secure/Registration/Enter%20Bank%20Or%20Credit%20Card%20Number%20for%20Registration&PV%21pageLoadTime=0%20sec&PV%21visitorActive=1&SV%21language=english&SV%21LIKELY_TO_ATTRITE=&SV%21CBOL_UserSegment=Blue&SV%21CONSUMER_CLIENT_CODE=&SV%21CBOL_IsBillPayEnrolled=N&SV%21CBOL_IsBillPayActive=N&SV%21SiteID=&SV%21LoggedIn=no&SV%21LIKELY_TO_ATTRITE_ACTION_TAG=&SV%21UnitForCatalyst=service-registration&SV%21engageType=none&SV%21browser_domain=autosalesplazainc.xyz&SV%21isMobile=false&title=Update%20your%20information%20-%20Citibank
Requested by: Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php
Protocol: HTTP/1.1
Server: 162.252.74.6 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: WS /
Resource Hash: d51efe050a81f07ca8de29748cf9d731f0eebf9deb753d8be4be1e6c3815b48a

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Jan 2020 12:10:09 GMT
Last-Modified: Thu, 30 Jan 2020 12:10:09 GMT
Server: WS
Access-Control-Allow-Methods: GET, POST, PATCH
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
Access-Control-Expose-Headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Content-Type: application/x-javascript
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
Content-Length: 2660
Expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H/1.1 200
OK / Show response
chat.online.citi.com/hc/70244976/ 119 B
1 KB 101ms
101ms Script
application/x-javascript 162.252.74.6
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: http://chat.online.citi.com/hc/70244976/?&site=70244976&cmd=mTagUrl&lpCallId=142860644294-260299520799&protV=20&lpjson=1&SV%21impression-query-name=chat-needhelp-service-english&SV%21impression-query-room=chat-needhelp-service-english&id=2515034888&info=button-impression%3Achat-needhelp-service-english%28Update%20your%20information%20-%20Citibank%29&waitForVisitor=true&d=1580386210121&page=http%3A//chat.online.citi.com/hcp/width/img40.gif
Requested by: Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php
Protocol: HTTP/1.1
Server: 162.252.74.6 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: WS /
Resource Hash: 80f9b4a080aa62eb38eda273cbd148612aa16e2b4d20a18f9e7822561f71beef

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Jan 2020 12:10:09 GMT
Last-Modified: Thu, 30 Jan 2020 12:10:10 GMT
Server: WS
Access-Control-Allow-Methods: GET, POST, PATCH
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
Access-Control-Expose-Headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Content-Type: application/x-javascript
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
Content-Length: 119
Expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H/1.1 200
OK / Show response
chat.online.citi.com/hc/70244976/ 119 B
1 KB 196ms
168ms Script
application/x-javascript 162.252.74.6
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: http://chat.online.citi.com/hc/70244976/?&site=70244976&cmd=mTagUrl&lpCallId=641922066561-594987317242&protV=20&lpjson=1&SV%21impression-query-name=chat-billpay-cbol-english-overlay&SV%21impression-query-room=chat-billpay-cbol-english-overlay&id=2515034888&info=button-impression%3Achat-billpay-cbol-english-overlay%28Update%20your%20information%20-%20Citibank%29&waitForVisitor=true&d=1580386210122&page=http%3A//chat.online.citi.com/hcp/width/img40.gif
Requested by: Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php
Protocol: HTTP/1.1
Server: 162.252.74.6 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: WS /
Resource Hash: ffc82195a9c9bc8cdf4adb16f2182fe2ec8d6fd3f6598cc94d61df6658536289

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Jan 2020 12:10:09 GMT
Last-Modified: Thu, 30 Jan 2020 12:10:10 GMT
Server: WS
Access-Control-Allow-Methods: GET, POST, PATCH
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
Access-Control-Expose-Headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Content-Type: application/x-javascript
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
Content-Length: 119
Expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H/1.1 200
OK / Show response
chat.online.citi.com/hc/70244976/ 119 B
1 KB 203ms
176ms Script
application/x-javascript 162.252.74.6
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: http://chat.online.citi.com/hc/70244976/?&site=70244976&cmd=mTagUrl&lpCallId=639537914045-640091181542&protV=20&lpjson=1&SV%21impression-query-name=chat-transfer-cbol-english-overlay&SV%21impression-query-room=chat-transfer-cbol-english-overlay&id=2515034888&info=button-impression%3Achat-transfer-cbol-english-overlay%28Update%20your%20information%20-%20Citibank%29&waitForVisitor=true&d=1580386210122&page=http%3A//chat.online.citi.com/hcp/width/img40.gif
Requested by: Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php
Protocol: HTTP/1.1
Server: 162.252.74.6 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: WS /
Resource Hash: 12f0f28d516118803973d85397c8d644adcd361e308333375a85b0640445eb9a

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Jan 2020 12:10:09 GMT
Last-Modified: Thu, 30 Jan 2020 12:10:10 GMT
Server: WS
Access-Control-Allow-Methods: GET, POST, PATCH
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
Access-Control-Expose-Headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Content-Type: application/x-javascript
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
Content-Length: 119
Expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H/1.1 200
OK / Show response
chat.online.citi.com/hc/70244976/ 119 B
1 KB 199ms
172ms Script
application/x-javascript 162.252.74.6
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: http://chat.online.citi.com/hc/70244976/?&site=70244976&cmd=mTagUrl&lpCallId=740092240694-402206574817&protV=20&lpjson=1&SV%21impression-query-name=chat-alerts-card-english-overlay&SV%21impression-query-room=chat-alerts-card-english-overlay&id=2515034888&info=button-impression%3Achat-alerts-card-english-overlay%28Update%20your%20information%20-%20Citibank%29&waitForVisitor=true&d=1580386210123&page=http%3A//chat.online.citi.com/hcp/width/img40.gif
Requested by: Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php
Protocol: HTTP/1.1
Server: 162.252.74.6 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: WS /
Resource Hash: 3632f93f4bc5eb3b80aec21e79a2b8e4a61e7e6334bc02fcfdc5255d78853f68

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Jan 2020 12:10:09 GMT
Last-Modified: Thu, 30 Jan 2020 12:10:10 GMT
Server: WS
Access-Control-Allow-Methods: GET, POST, PATCH
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
Access-Control-Expose-Headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Content-Type: application/x-javascript
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
Content-Length: 119
Expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H/1.1 200
OK / Show response
chat.online.citi.com/hc/70244976/ 119 B
1 KB 197ms
176ms Script
application/x-javascript 162.252.74.6
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: http://chat.online.citi.com/hc/70244976/?&site=70244976&cmd=mTagUrl&lpCallId=493972986513-739428519458&protV=20&lpjson=1&SV%21impression-query-name=chat-accountsnapshot-cbol-english-overlay&SV%21impression-query-room=chat-accountsnapshot-cbol-english-overlay&id=2515034888&info=button-impression%3Achat-accountsnapshot-cbol-english-overlay%28Update%20your%20information%20-%20Citibank%29&waitForVisitor=true&d=1580386210123&page=http%3A//chat.online.citi.com/hcp/width/img40.gif
Requested by: Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php
Protocol: HTTP/1.1
Server: 162.252.74.6 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: WS /
Resource Hash: c0921cde5dc4f0fa3a9ceda9b3d40fceb40630ce9e8c81609206fbcba30c299a

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Jan 2020 12:10:09 GMT
Last-Modified: Thu, 30 Jan 2020 12:10:10 GMT
Server: WS
Access-Control-Allow-Methods: GET, POST, PATCH
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
Access-Control-Expose-Headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Content-Type: application/x-javascript
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
Content-Length: 119
Expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H/1.1 200
OK / Show response
chat.online.citi.com/hc/70244976/ 119 B
1 KB 204ms
183ms Script
application/x-javascript 162.252.74.6
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: http://chat.online.citi.com/hc/70244976/?&site=70244976&cmd=mTagUrl&lpCallId=796548476057-226635621935&protV=20&lpjson=1&SV%21impression-query-name=chat-rewards-cbol-english-overlay&SV%21impression-query-room=chat-rewards-cbol-english-overlay&id=2515034888&info=button-impression%3Achat-rewards-cbol-english-overlay%28Update%20your%20information%20-%20Citibank%29&waitForVisitor=true&d=1580386210151&page=http%3A//chat.online.citi.com/hcp/width/img40.gif
Requested by: Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php
Protocol: HTTP/1.1
Server: 162.252.74.6 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: WS /
Resource Hash: 6fd00c6f23d7de5c4bd61bc535b665f993c9d09e78b2d22405bef03393540499

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Jan 2020 12:10:09 GMT
Last-Modified: Thu, 30 Jan 2020 12:10:10 GMT
Server: WS
Access-Control-Allow-Methods: GET, POST, PATCH
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
Access-Control-Expose-Headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Content-Type: application/x-javascript
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
Content-Length: 119
Expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H/1.1 200
OK / Show response
chat.online.citi.com/hc/70244976/ 119 B
1 KB 102ms
102ms Script
application/x-javascript 162.252.74.6
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: http://chat.online.citi.com/hc/70244976/?&site=70244976&cmd=mTagUrl&lpCallId=609594521937-710293792997&protV=20&lpjson=1&SV%21impression-query-name=chat-statements-card-english-overlay&SV%21impression-query-room=chat-statements-card-english-overlay&id=2515034888&info=button-impression%3Achat-statements-card-english-overlay%28Update%20your%20information%20-%20Citibank%29&waitForVisitor=true&d=1580386210154&page=http%3A//chat.online.citi.com/hcp/width/img40.gif
Requested by: Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php
Protocol: HTTP/1.1
Server: 162.252.74.6 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: WS /
Resource Hash: 5070c001e6fb2ef77abe398f400d7867d23894e4a2d7e7d0409d5ded687d978a

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Jan 2020 12:10:09 GMT
Last-Modified: Thu, 30 Jan 2020 12:10:10 GMT
Server: WS
Access-Control-Allow-Methods: GET, POST, PATCH
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
Access-Control-Expose-Headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Content-Type: application/x-javascript
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
Content-Length: 119
Expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H/1.1 200
OK / Show response
chat.online.citi.com/hc/70244976/ 119 B
1 KB 102ms
102ms Script
application/x-javascript 162.252.74.6
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: http://chat.online.citi.com/hc/70244976/?&site=70244976&cmd=mTagUrl&lpCallId=643720873771-969158539312&protV=20&lpjson=1&SV%21impression-query-name=chat-service-registration-english&SV%21impression-query-room=chat-service-registration-english&id=2515034888&info=button-impression%3Achat-service-registration-english%28Update%20your%20information%20-%20Citibank%29&waitForVisitor=true&d=1580386210156&page=http%3A//chat.online.citi.com/hcp/width/img40.gif
Requested by: Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php
Protocol: HTTP/1.1
Server: 162.252.74.6 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: WS /
Resource Hash: 0646429b6611a351017439352c59e31403a09ccfb9ec8c75a7c453439baa3838

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Jan 2020 12:10:09 GMT
Last-Modified: Thu, 30 Jan 2020 12:10:10 GMT
Server: WS
Access-Control-Allow-Methods: GET, POST, PATCH
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
Access-Control-Expose-Headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Content-Type: application/x-javascript
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
Content-Length: 119
Expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H/1.1 200
OK / Show response
chat.online.citi.com/hc/70244976/ 119 B
1 KB 100ms
100ms Script
application/x-javascript 162.252.74.6
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: http://chat.online.citi.com/hc/70244976/?&site=70244976&cmd=mTagUrl&lpCallId=865736449107-443137091505&protV=20&lpjson=1&SV%21impression-query-name=chat-autopay-english-overlay&SV%21impression-query-room=chat-autopay-english-overlay&id=2515034888&info=button-impression%3Achat-autopay-english-overlay%28Update%20your%20information%20-%20Citibank%29&waitForVisitor=true&d=1580386210158&page=http%3A//chat.online.citi.com/hcp/width/img40.gif
Requested by: Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php
Protocol: HTTP/1.1
Server: 162.252.74.6 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: WS /
Resource Hash: 021eded5fe8451e1950fb8108b7217271989dab8ebfafca5f3d95239cd077aa2

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Jan 2020 12:10:09 GMT
Last-Modified: Thu, 30 Jan 2020 12:10:10 GMT
Server: WS
Access-Control-Allow-Methods: GET, POST, PATCH
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
Access-Control-Expose-Headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Content-Type: application/x-javascript
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
Content-Length: 119
Expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H/1.1 200
OK / Show response
chat.online.citi.com/hc/70244976/ 119 B
1 KB 101ms
101ms Script
application/x-javascript 162.252.74.6
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: http://chat.online.citi.com/hc/70244976/?&site=70244976&cmd=mTagUrl&lpCallId=708743296246-625033096213&protV=20&lpjson=1&SV%21impression-query-name=chat-floatingbutton-english&SV%21impression-query-room=chat-floatingbutton-english&id=2515034888&info=button-impression%3Achat-floatingbutton-english%28Update%20your%20information%20-%20Citibank%29&waitForVisitor=true&d=1580386210160&page=http%3A//chat.online.citi.com/hcp/width/img40.gif
Requested by: Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php
Protocol: HTTP/1.1
Server: 162.252.74.6 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: WS /
Resource Hash: 989a259f8778ffe0d0de417a91ac747111e21091b5aee9bb0db43e718aa427a5

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Jan 2020 12:10:09 GMT
Last-Modified: Thu, 30 Jan 2020 12:10:10 GMT
Server: WS
Access-Control-Allow-Methods: GET, POST, PATCH
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
Access-Control-Expose-Headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Content-Type: application/x-javascript
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
Content-Length: 119
Expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H/1.1 200
OK / Show response
chat.online.citi.com/hc/70244976/ 119 B
1 KB 102ms
101ms Script
application/x-javascript 162.252.74.6
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: http://chat.online.citi.com/hc/70244976/?&site=70244976&cmd=mTagUrl&lpCallId=928929939309-384594592126&protV=20&lpjson=1&SV%21impression-query-name=chat-billpay-card-english-overlay&SV%21impression-query-room=chat-billpay-card-english-overlay&id=2515034888&info=button-impression%3Achat-billpay-card-english-overlay%28Update%20your%20information%20-%20Citibank%29&waitForVisitor=true&d=1580386210162&page=http%3A//chat.online.citi.com/hcp/width/img40.gif
Requested by: Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php
Protocol: HTTP/1.1
Server: 162.252.74.6 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: WS /
Resource Hash: 762667faaed1cf3d9afff79d4a16dfb806568d9df31211f36042d502de369451

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Jan 2020 12:10:09 GMT
Last-Modified: Thu, 30 Jan 2020 12:10:10 GMT
Server: WS
Access-Control-Allow-Methods: GET, POST, PATCH
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
Access-Control-Expose-Headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Content-Type: application/x-javascript
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
Content-Length: 119
Expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H/1.1 200
OK / Show response
chat.online.citi.com/hc/70244976/ 188 B
1 KB 99ms
99ms Script
application/x-javascript 162.252.74.6
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: http://chat.online.citi.com/hc/70244976/?&site=70244976&cmd=mTagInPage&lpCallId=389420924450-266340447857&protV=20&lpjson=1&page=http%3A//autosalesplazainc.xyz/update_sec.php&id=2515034888&javaSupport=false&visitorStatus=INSITE_STATUS&defInvite=chat-service-registration-english&activePlugin=none&cobrowse=true
Requested by: Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php
Protocol: HTTP/1.1
Server: 162.252.74.6 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: WS /
Resource Hash: b17214f8f790f9e939d2370501cd61cda5165ebfd745320256ced84cdb61bd6b

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Jan 2020 12:10:09 GMT
Last-Modified: Thu, 30 Jan 2020 12:10:10 GMT
Server: WS
Access-Control-Allow-Methods: GET, POST, PATCH
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
Access-Control-Expose-Headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Content-Type: application/x-javascript
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
Content-Length: 188
Expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H/1.1 200
OK / Show response
chat.online.citi.com/hc/70244976/ 94 B
1 KB 110ms
110ms Script
application/x-javascript 162.252.74.6
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: http://chat.online.citi.com/hc/70244976/?lpCallId=560706216881-119919518518&protV=20&lpjson=5&site=70244976&cmd=leVisitorEvent&type=impression&appKey=f907f2d9acd64b7f8c00b83bed3c2822&data=dynBut%3A38
Requested by: Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php
Protocol: HTTP/1.1
Server: 162.252.74.6 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: WS /
Resource Hash: a083d3742474189412638160f66bf8d396a80da930ec03c6657ef7715b7378f8

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Jan 2020 12:10:09 GMT
Last-Modified: Thu, 30 Jan 2020 12:10:10 GMT
Server: WS
Access-Control-Allow-Methods: GET, POST, PATCH
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
Access-Control-Expose-Headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Content-Type: application/x-javascript
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
Content-Length: 94
Expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H/1.1 200
OK / Show response
chat.online.citi.com/hc/70244976/ 94 B
1 KB 193ms
193ms Script
application/x-javascript 162.252.74.6
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: http://chat.online.citi.com/hc/70244976/?lpCallId=519330988543-930316263999&protV=20&lpjson=5&site=70244976&cmd=leVisitorEvent&type=impression&appKey=f907f2d9acd64b7f8c00b83bed3c2822&data=dynBut%3A39
Requested by: Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php
Protocol: HTTP/1.1
Server: 162.252.74.6 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: WS /
Resource Hash: ad9adca7610748b0bc539681d9bbf79c1190d99e280d473d479279e8d7169e6f

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Jan 2020 12:10:09 GMT
Last-Modified: Thu, 30 Jan 2020 12:10:10 GMT
Server: WS
Access-Control-Allow-Methods: GET, POST, PATCH
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
Access-Control-Expose-Headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Content-Type: application/x-javascript
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
Content-Length: 94
Expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H/1.1 200
OK / Show response
chat.online.citi.com/hc/70244976/ 94 B
1 KB 103ms
103ms Script
application/x-javascript 162.252.74.6
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: http://chat.online.citi.com/hc/70244976/?lpCallId=345094823518-878966372202&protV=20&lpjson=5&site=70244976&cmd=leVisitorEvent&type=impression&appKey=f907f2d9acd64b7f8c00b83bed3c2822&data=dynBut%3A45
Requested by: Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php
Protocol: HTTP/1.1
Server: 162.252.74.6 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: WS /
Resource Hash: ef69f1a5e59731d343e0856b5581d74fb9e593a22a780353ae2a5b9099a11524

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Jan 2020 12:10:09 GMT
Last-Modified: Thu, 30 Jan 2020 12:10:10 GMT
Server: WS
Access-Control-Allow-Methods: GET, POST, PATCH
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
Access-Control-Expose-Headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Content-Type: application/x-javascript
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
Content-Length: 94
Expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H/1.1 200
OK / Show response
chat.online.citi.com/hc/70244976/ 94 B
1 KB 102ms
102ms Script
application/x-javascript 162.252.74.6
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: http://chat.online.citi.com/hc/70244976/?lpCallId=183576177641-812242627177&protV=20&lpjson=5&site=70244976&cmd=leVisitorEvent&type=impression&appKey=f907f2d9acd64b7f8c00b83bed3c2822&data=dynBut%3A47
Requested by: Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php
Protocol: HTTP/1.1
Server: 162.252.74.6 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: WS /
Resource Hash: a7b1ade477f1634514b22d3b135c864745d1e08594abd0da2251d8db32cd16b2

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Jan 2020 12:10:09 GMT
Last-Modified: Thu, 30 Jan 2020 12:10:10 GMT
Server: WS
Access-Control-Allow-Methods: GET, POST, PATCH
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
Access-Control-Expose-Headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Content-Type: application/x-javascript
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
Content-Length: 94
Expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H/1.1 200
OK / Show response
chat.online.citi.com/hc/70244976/ 94 B
1 KB 104ms
104ms Script
application/x-javascript 162.252.74.6
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: http://chat.online.citi.com/hc/70244976/?lpCallId=015311346846-779216533291&protV=20&lpjson=5&site=70244976&cmd=leVisitorEvent&type=impression&appKey=f907f2d9acd64b7f8c00b83bed3c2822&data=dynBut%3A33
Requested by: Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php
Protocol: HTTP/1.1
Server: 162.252.74.6 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: WS /
Resource Hash: 9f0d8e2d36e6ba5c6fbd03d67792b711ca3d130d7b3201da84abcb99ba112de2

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Jan 2020 12:10:09 GMT
Last-Modified: Thu, 30 Jan 2020 12:10:10 GMT
Server: WS
Access-Control-Allow-Methods: GET, POST, PATCH
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
Access-Control-Expose-Headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Content-Type: application/x-javascript
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
Content-Length: 94
Expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H/1.1 200
OK / Show response
chat.online.citi.com/hc/70244976/ 94 B
1 KB 102ms
102ms Script
application/x-javascript 162.252.74.6
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: http://chat.online.citi.com/hc/70244976/?lpCallId=316312859024-165475337707&protV=20&lpjson=5&site=70244976&cmd=leVisitorEvent&type=impression&appKey=f907f2d9acd64b7f8c00b83bed3c2822&data=dynBut%3A35
Requested by: Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php
Protocol: HTTP/1.1
Server: 162.252.74.6 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: WS /
Resource Hash: 84aed335904f701b3522bc1ed7989e4ca080881f0b437cb5f761a438ca34838b

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Jan 2020 12:10:09 GMT
Last-Modified: Thu, 30 Jan 2020 12:10:10 GMT
Server: WS
Access-Control-Allow-Methods: GET, POST, PATCH
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
Access-Control-Expose-Headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Content-Type: application/x-javascript
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
Content-Length: 94
Expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H/1.1 200
OK / Show response
chat.online.citi.com/hc/70244976/ 94 B
1 KB 101ms
100ms Script
application/x-javascript 162.252.74.6
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: http://chat.online.citi.com/hc/70244976/?lpCallId=415719278524-905398923888&protV=20&lpjson=5&site=70244976&cmd=leVisitorEvent&type=impression&appKey=f907f2d9acd64b7f8c00b83bed3c2822&data=dynBut%3A34
Requested by: Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php
Protocol: HTTP/1.1
Server: 162.252.74.6 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: WS /
Resource Hash: 3ef73f4a9fa45031594cc7b25340d11f8a2e4d270a8787e600ccf275572a9d30

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Jan 2020 12:10:10 GMT
Last-Modified: Thu, 30 Jan 2020 12:10:10 GMT
Server: WS
Access-Control-Allow-Methods: GET, POST, PATCH
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
Access-Control-Expose-Headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Content-Type: application/x-javascript
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
Content-Length: 94
Expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H/1.1 200
OK / Show response
chat.online.citi.com/hc/70244976/ 188 B
1 KB 104ms
104ms Script
application/x-javascript 162.252.74.6
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: http://chat.online.citi.com/hc/70244976/?&site=70244976&cmd=mTagUDEsend&lpCallId=291161142245-507667642081&protV=20&lpjson=1&page=http%3A//autosalesplazainc.xyz/update_sec.php&id=2515034888&javaSupport=false&visitorStatus=INSITE_STATUS&defInvite=chat-service-registration-english&activePlugin=none&cobrowse=true&SV%21clickedBankAccountSnapshot=false&SV%21clickedCardAccountSnapshot=false&title=Update%20your%20information%20-%20Citibank
Requested by: Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php
Protocol: HTTP/1.1
Server: 162.252.74.6 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: WS /
Resource Hash: 65b5bc0a9649942dee498314c690da6bdfe5e5134c933b18f5c99a3ccc175b50

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Jan 2020 12:10:10 GMT
Last-Modified: Thu, 30 Jan 2020 12:10:10 GMT
Server: WS
Access-Control-Allow-Methods: GET, POST, PATCH
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
Access-Control-Expose-Headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Content-Type: application/x-javascript
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
Content-Length: 188
Expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H/1.1 200
OK / Show response
chat.online.citi.com/hc/70244976/ 94 B
1 KB 103ms
103ms Script
application/x-javascript 162.252.74.6
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: http://chat.online.citi.com/hc/70244976/?lpCallId=912753479011-345299624010&protV=20&lpjson=5&site=70244976&cmd=leVisitorEvent&type=impression&appKey=f907f2d9acd64b7f8c00b83bed3c2822&data=dynBut%3A151
Requested by: Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php
Protocol: HTTP/1.1
Server: 162.252.74.6 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: WS /
Resource Hash: cf4483ed90de51ddda82dec163d8da60ae36b9c8a9927e6869f0333c9f51fe12

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Jan 2020 12:10:09 GMT
Last-Modified: Thu, 30 Jan 2020 12:10:10 GMT
Server: WS
Access-Control-Allow-Methods: GET, POST, PATCH
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
Access-Control-Expose-Headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Content-Type: application/x-javascript
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
Content-Length: 94
Expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H/1.1 200
OK / Show response
chat.online.citi.com/hc/70244976/ 94 B
1 KB 100ms
100ms Script
application/x-javascript 162.252.74.6
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: http://chat.online.citi.com/hc/70244976/?lpCallId=882002986976-508433012072&protV=20&lpjson=5&site=70244976&cmd=leVisitorEvent&type=impression&appKey=f907f2d9acd64b7f8c00b83bed3c2822&data=dynBut%3A153
Requested by: Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php
Protocol: HTTP/1.1
Server: 162.252.74.6 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: WS /
Resource Hash: 6267d7bb0b388c4865723c6b82a8d7adcee25c655992418a4d34db17f6767b0f

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Jan 2020 12:10:09 GMT
Last-Modified: Thu, 30 Jan 2020 12:10:10 GMT
Server: WS
Access-Control-Allow-Methods: GET, POST, PATCH
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
Access-Control-Expose-Headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Content-Type: application/x-javascript
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
Content-Length: 94
Expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H/1.1 200
OK / Show response
chat.online.citi.com/hc/70244976/ 94 B
1 KB 103ms
102ms Script
application/x-javascript 162.252.74.6
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: http://chat.online.citi.com/hc/70244976/?lpCallId=527029382547-269425898897&protV=20&lpjson=5&site=70244976&cmd=leVisitorEvent&type=impression&appKey=f907f2d9acd64b7f8c00b83bed3c2822&data=dynBut%3A152
Requested by: Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php
Protocol: HTTP/1.1
Server: 162.252.74.6 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: WS /
Resource Hash: b0a59ba712304f2d3e7ba6c89bad5a901997c1d631910d036efef78e523cbfd4

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Jan 2020 12:10:10 GMT
Last-Modified: Thu, 30 Jan 2020 12:10:10 GMT
Server: WS
Access-Control-Allow-Methods: GET, POST, PATCH
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
Access-Control-Expose-Headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Content-Type: application/x-javascript
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
Content-Length: 94
Expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H/1.1 200
OK / Show response
chat.online.citi.com/hc/70244976/ 94 B
1 KB 274ms
274ms Script
application/x-javascript 162.252.74.6
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: http://chat.online.citi.com/hc/70244976/?lpCallId=941584730101-285258649361&protV=20&lpjson=5&site=70244976&cmd=leVisitorEvent&type=impression&appKey=f907f2d9acd64b7f8c00b83bed3c2822&data=dynBut%3A46
Requested by: Host: autosalesplazainc.xyz
URL: http://autosalesplazainc.xyz/update_sec.php
Protocol: HTTP/1.1
Server: 162.252.74.6 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: WS /
Resource Hash: 4d29e30e0a23916c46f3088fedc1f22f456066a1746a6c286ad05b2f900d863c

Request headers

Referer: http://autosalesplazainc.xyz/update_sec.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 30 Jan 2020 12:10:10 GMT
Last-Modified: Thu, 30 Jan 2020 12:10:10 GMT
Server: WS
Access-Control-Allow-Methods: GET, POST, PATCH
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
Access-Control-Expose-Headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
Cache-Control: no-store
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Content-Type: application/x-javascript
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
Content-Length: 94
Expires: Wed, 31 Dec 1969 23:59:59 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citibank (Banking)

1031 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
autosalesplazainc.xyz/	1970-01-19 16:35:46	Name: style Value: null
.autosalesplazainc.xyz/	1970-01-21 02:50:39	Name: s_fid Value: 3CF520328DD5F238-3215324A8A35ACCA
.autosalesplazainc.xyz/	1969-12-31 23:59:59	Name: s_cc Value: true
.autosalesplazainc.xyz/	1970-01-19 06:59:48	Name: mbox Value: check#true#1580386269\|session#ba0957f5f8fb4d99805d1bdec42f6d48#1580388069
.autosalesplazainc.xyz/	1969-12-31 23:59:59	Name: s_sess Value: %20SC_LINKS%3D%3B%20s_vstart%3D1580386208515%3B
.autosalesplazainc.xyz/	1970-01-21 02:47:46	Name: s_pers Value: %20gpv_p7%3DEnter%2520Bank%2520Or%2520Credit%2520Card%2520Number%2520for%2520Registration%7C1580388008508%3B%20s_visit%3D1%7C1580388008510%3B%20s_vnum%3D1580511600512%2526vn%253D1%7C1580511600512%3B%20s_invisit%3Dtrue%7C1580388008512%3B%20s_nr%3D1580386208513-New%7C1738066208513%3B

41 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy(Line 533) Message: DEBUG:genericEventsBridge init
console-api	log	URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy(Line 533) Message: DEBUG:simpleDeploy init
console-api	log	URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy(Line 533) Message: DEBUG:simpleDeploy setup
console-api	log	URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy(Line 533) Message: DEBUG:deployDynButton init
console-api	log	URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy(Line 533) Message: DEBUG:lightBox init
console-api	log	URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy(Line 533) Message: DEBUG:code_check init
console-api	log	URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy(Line 533) Message: DEBUG:genericEventsBridge start
console-api	log	URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy(Line 533) Message: DEBUG:deployDynButton start
console-api	log	URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy(Line 533) Message: DEBUG:lightBox start
console-api	log	URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy(Line 533) Message: DEBUG:code_check start
console-api	log	URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy(Line 533) Message: DEBUG:Button div is not present on page
console-api	log	URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy(Line 533) Message: DEBUG:Setting up dynamic button deploy for 'chat-needhelp-service-english'
console-api	log	URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy(Line 533) Message: DEBUG:Button div is not present on page
console-api	log	URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy(Line 533) Message: DEBUG:Setting up dynamic button deploy for 'chat-billpay-cbol-english-overlay'
console-api	log	URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy(Line 533) Message: DEBUG:Button div is not present on page
console-api	log	URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy(Line 533) Message: DEBUG:Setting up dynamic button deploy for 'chat-transfer-cbol-english-overlay'
console-api	log	URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy(Line 533) Message: DEBUG:Button div is not present on page
console-api	log	URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy(Line 533) Message: DEBUG:Setting up dynamic button deploy for 'chat-alerts-card-english-overlay'
console-api	log	URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy(Line 533) Message: DEBUG:Button div is not present on page
console-api	log	URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy(Line 533) Message: DEBUG:Setting up dynamic button deploy for 'chat-accountsnapshot-cbol-english-overlay'
console-api	log	URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy(Line 533) Message: DEBUG:Button div is not present on page
console-api	log	URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy(Line 533) Message: DEBUG:Setting up dynamic button deploy for 'chat-rewards-cbol-english-overlay'
console-api	log	URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy(Line 533) Message: DEBUG:Button div is not present on page
console-api	log	URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy(Line 533) Message: DEBUG:Setting up dynamic button deploy for 'chat-statements-card-english-overlay'
console-api	log	URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy(Line 533) Message: DEBUG:Button div is not present on page
console-api	log	URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy(Line 533) Message: DEBUG:Setting up dynamic button deploy for 'chat-autopay-english-overlay'
console-api	log	URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy(Line 533) Message: DEBUG:Button div is not present on page
console-api	log	URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy(Line 533) Message: DEBUG:Setting up dynamic button deploy for 'chat-floatingbutton-english'
console-api	log	URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy(Line 533) Message: DEBUG:Button div is not present on page
console-api	log	URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy(Line 533) Message: DEBUG:Setting up dynamic button deploy for 'chat-billpay-card-english-overlay'
console-api	log	URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy(Line 533) Message: DEBUG:genericEventsBridge dbStateChange
console-api	log	URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy(Line 533) Message: DEBUG:genericEventsBridge dbStateChange
console-api	log	URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy(Line 533) Message: DEBUG:genericEventsBridge dbStateChange
console-api	log	URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy(Line 533) Message: DEBUG:genericEventsBridge dbStateChange
console-api	log	URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy(Line 533) Message: DEBUG:genericEventsBridge dbStateChange
console-api	log	URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy(Line 533) Message: DEBUG:genericEventsBridge dbStateChange
console-api	log	URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy(Line 533) Message: DEBUG:genericEventsBridge dbStateChange
console-api	log	URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy(Line 533) Message: DEBUG:genericEventsBridge dbStateChange
console-api	log	URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy(Line 533) Message: DEBUG:genericEventsBridge dbStateChange
console-api	log	URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy(Line 533) Message: DEBUG:genericEventsBridge dbStateChange
console-api	log	URL: http://chat.online.citi.com/visitor/addons/deploy2.asp?site=70244976&d_id=cbol&default=simpleDeploy(Line 533) Message: DEBUG:genericEventsBridge dbStateChange

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

autosalesplazainc.xyz
cdn.tt.omtrdc.net
chat.online.citi.com
citicorpcreditservic.tt.omtrdc.net
cse.google.com
dir.citi.com
metrics.citi.com
mpsnare.iesnare.com
online.citi.com
www.google.com
104.67.20.40
162.252.74.6
178.159.36.182
23.21.48.239
2a00:1450:4001:806::2004
2a00:1450:4001:824::200e
35.181.91.36
52.129.74.14
66.117.29.4
95.100.73.99
021eded5fe8451e1950fb8108b7217271989dab8ebfafca5f3d95239cd077aa2
04fb7eaf02233833dd072f7e5c1535e51901676bd0102b1a0e628a69a6e6d8de
0646429b6611a351017439352c59e31403a09ccfb9ec8c75a7c453439baa3838
10c3dcc82c867fd3821f8b6c3d8eacce8cbab5dbab2c721034282974d091c02c
12f0f28d516118803973d85397c8d644adcd361e308333375a85b0640445eb9a
18e8793d86b704d55e31f29ebe6b27907ecf5c5b7495996049d45cfd664fe72b
1a1d7795e2fa34d6a9ae37358f8aea2bf8e60f19726078a0185a05035a7f8925
1dc4b9ec404fa9b37a9566a19cd59a3ce19c42637375452ab3850fb1086aa18d
21d2189e79df5ec48de5c8fd1dd504df4be74b9f8f37dba4b6231409299ddb70
2233a44f005e8d416636e52aca33bc7ce726c1ab4d0801865162829d762c6de2
29cc88988b84a6992a305341b7760e59fdaae58fa65bf9bc5c262c53ed0586d4
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e199e27eb18214cf22161a9353bfd91a87e7f74f55f3e1fdf9cccf2e3b9bc02
2f843b3db1023806d56cb580f86984e1c3785f06c8fe5234beec505f17ade6b2
31f845b831402f1db5d81a7a1465b4e1c738e619b2b263c942846e16618b7444
3365c6707b11af11e075eb8fc391bc5112836047b278191d10ab568a9bf65172
345059a341cdf6fb013751ba01a3810ce3f42697157616174fc75c02fcb49c6b
3632f93f4bc5eb3b80aec21e79a2b8e4a61e7e6334bc02fcfdc5255d78853f68
38fc9d43e39598220446850e09fffb5ed1959aa78de4bd95764a7c7282508dec
39c0e17dfddea21b1d2adacff83bb9498309fe3588cae2dd4a32ef491b713009
3ef73f4a9fa45031594cc7b25340d11f8a2e4d270a8787e600ccf275572a9d30
4013050b3d2cca84a894f23db3fdaa49095cb0b83f1cb39dc2550fc79db488ac
40a20291f9b526cba58796a4bbd0256d5663313e02c9d5ab5a842476562b3108
49b7bc7bb698cd7293046cfe91336fc40c90932db34241f90011d3e2238618a0
4c6b63494c7a23bc8e355b0026479cb601ada5a19f9b200f40d5194f727f29c5
4d09cfb5ba7471be2d35405a0510a67a3a6825e1e0337aca7dd94256e6c107d8
4d2979485d32264f67e9745fef978782ca09f53b620024c9ff5c51688a003841
4d29e30e0a23916c46f3088fedc1f22f456066a1746a6c286ad05b2f900d863c
5070c001e6fb2ef77abe398f400d7867d23894e4a2d7e7d0409d5ded687d978a
51ceb49c0679c522eda6fea1964ad51ec5e43996fd8c65200ebf5cbf12220462
569c41cd0c7b6284552c7f28f4fa659de6057efb2a9020af1807b99110206fdd
5f39b42ac942b572b4ac4729cad2042346ece5e4468f96c2f15306aa7f3a39d8
6267d7bb0b388c4865723c6b82a8d7adcee25c655992418a4d34db17f6767b0f
631e9979562e92225dbfdd1c6ed7bf7b6aadb9a7c555c609109a92117dcf9c4f
64eceeb1c64ba3e773f8440491ff4e4fe1429b2c96d1f41569f3ec63ae25a798
6520d6309704983bc046e75c8b74a1fad6315867235b2945ef44c3e363a2a74b
65980d692a75b30a18de261f85398dd5e3b9ecca2b8c3e6943c6c45b77a57567
65b5bc0a9649942dee498314c690da6bdfe5e5134c933b18f5c99a3ccc175b50
66f4efff67c8da6b84e2259405f3ff4db59b8617b9622b6d0f9ccdf8ffbe557b
6975145b0d8bd5a952b4dfd4f4da82182c7488f67415a8012af227fcb95c3666
6c82954445979202566e1d38b5e9ad78e9d57cba071eb3116dc78482f1f362fd
6fd00c6f23d7de5c4bd61bc535b665f993c9d09e78b2d22405bef03393540499
762667faaed1cf3d9afff79d4a16dfb806568d9df31211f36042d502de369451
7af71bf299d55a276ed7126683da9bdc8534684cca0044fa34252a9f18ebc917
7ecf3bf86151cd72036fb67feb8fcbd8c80359e0ca871e1aeb955428ed43c26d
80f9b4a080aa62eb38eda273cbd148612aa16e2b4d20a18f9e7822561f71beef
830e59c7cfd09604ed40610071ac283f781fdeca71563f72577545024ffbf4dc
836a9dc9745f521737ff9486334424a348479f0eef1f96732e159cf947a96931
84aed335904f701b3522bc1ed7989e4ca080881f0b437cb5f761a438ca34838b
87ef9646b850959ef73cd8e62696423f79daf0c9ec885771d9d6224d10654d72
95ee7bbc9667c17f58a25a0d8c22f0f717c31e41bef004b4910a4e0b6cc09623
9798e3cb57ea3a45cb89e382802a32840fa7a19d3089adf5c860027319b468f4
989a259f8778ffe0d0de417a91ac747111e21091b5aee9bb0db43e718aa427a5
9ad61679bb45660a4e38f76254102d4930df256a686f4ad81ab4d099cb2f9208
9ceaa25ec7654a66294c16e28989fbf1ecb9cebc9debe96ec597529465c7cd50
9f0d8e2d36e6ba5c6fbd03d67792b711ca3d130d7b3201da84abcb99ba112de2
a043d33adc240e1730b67c1699f5f25e51f368b9b224f319ab70854a3c1d3129
a083d3742474189412638160f66bf8d396a80da930ec03c6657ef7715b7378f8
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a7b1ade477f1634514b22d3b135c864745d1e08594abd0da2251d8db32cd16b2
a9580ab8a87427c4c06fc84436dab782f6837345348ecbda0098b0735f78c103
ad9adca7610748b0bc539681d9bbf79c1190d99e280d473d479279e8d7169e6f
aebc793d0064383ee6b1625bf3bb32532ec30a5c12bf9117066107d412119123
b0a59ba712304f2d3e7ba6c89bad5a901997c1d631910d036efef78e523cbfd4
b0a8b3c1fc22ff47e5571c481361f32fdbab88f2401f7d9b320e07d9baf440df
b10445bea0b965ac55a567e0ed5db2775dc5705d592f0e3160a0eb4eb4cedf08
b17214f8f790f9e939d2370501cd61cda5165ebfd745320256ced84cdb61bd6b
b256194e43343f5c19794cdc252cab31e88d6abada730497248e3f4dd3d6ebbc
b282d252baec51337f69bcd03a3cc46956f56e9a460dd5c4bc443e6765f0e957
b39de1ad9f63b9a490c2d7f636866aff31eace4d7376ec1e7ef464a44f136c28
b47060147f820f4721134724e1a38cab5fcc6960091389f6b4587769c4d2c313
b63dce0094ea3c2b03d2dc0205507faaa364d2b686cf32d7090f80d87e9cccf9
b7b30ac023f5c53ce801b8886ce0f2802ee7ca5751ea7f98b9c0318496271ed9
b8ef6eced1896d4ee78298bf8e536e59f84f5c61409bde48b01f70eba464d506
bd101b62409fe1888c1719c7ef78c18af101bbce3b498629049178c44c1f1a38
be5fe9705ae56a1e54f0369ff10657aaa2d5e846a4509e06355588eb950e24b1
c06421fc9106509698ec603e84b6b0e6f6b5f8513311ea5418d0626260ac1fc1
c0921cde5dc4f0fa3a9ceda9b3d40fceb40630ce9e8c81609206fbcba30c299a
cc0203eb97f1a57ce94c0fd1adb2bef5b19a008911f99db6f699caa85f64b106
cf4483ed90de51ddda82dec163d8da60ae36b9c8a9927e6869f0333c9f51fe12
cfa087aa39bf15b9f8aec628e221917a021add875151e17130efc34a4ef344ae
d51efe050a81f07ca8de29748cf9d731f0eebf9deb753d8be4be1e6c3815b48a
d7f753898b34f8c5b7838b693561be358fac28891b99a5fb260c844a9dd520d7
dd256ae72a5f42f07046db6419e33dca617fe970ccb3844663a4fef8c23875e2
e56aec6835117af53235c90983d26026ade2bc114d07429ed215d2200caa1ce7
ebfc2c05f2e7ed45312d73e19ac568bb5644196bf592af3a54ac7a8d26d7d012
ef69f1a5e59731d343e0856b5581d74fb9e593a22a780353ae2a5b9099a11524
f1aa1bf61decaaec4aba9bb3ec596f7a06d4a9faedaea9999d9c9ab2ac558139
f1c635c4782fce1eef7290194a81f790b0dc0655c6eafdc43eb1498fd6b10295
f705f1e9a893823c1382790b87a281e3b74bd9236aeeb71091d6ad42561766aa
fcec578b9490c2f4f254527544585f2a3686c8c943b8a8761a8cfab5e9606c74
fd1ef7bbb200c5931e5e7e342b68939c874b32d041e6fd7529c5af2261f93818
ffc82195a9c9bc8cdf4adb16f2182fe2ec8d6fd3f6598cc94d61df6658536289

autosalesplazainc.xyz Open in urlscan Pro 178.159.36.182 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

95 Requests

61 %HTTPS

20 %IPv6

5 Domains

10 Subdomains

10 IPs

6 Countries

985 kBTransfer

2937 kBSize

6 Cookies

4 Outgoing links

Redirected requests

95 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

autosalesplazainc.xyz Open in urlscan Pro
178.159.36.182 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

95
Requests

61 %
HTTPS

20 %
IPv6

5
Domains

10
Subdomains

10
IPs

6
Countries

985 kB
Transfer

2937 kB
Size

6
Cookies

95 HTTP transactions
0 data transactions