specialoffers.citicards.com Open in urlscan Pro
198.160.105.75 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://click.info15.citi.com/?qs=ca720e8e9d15491a90ae2b6d432672e83463a0c10b1138a30001f081df4a5a6e247c63d8881791d1839cd4be5c22...
Effective URL:
https://specialoffers.citicards.com/en/Citi/AlreadyAccepted
Submission: On November 01 via manual (November 1st 2022, 9:02:48 pm UTC) from US — Scanned from DE

Summary HTTP 86 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 17 IPs in 5 countries across 15 domains to perform 86 HTTP transactions. The main IP is 198.160.105.75, located in Conway, United States and belongs to ACXIOM, US. The main domain is specialoffers.citicards.com.
TLS certificate: Issued by DigiCert EV RSA CA G2 on September 15th 2022. Valid for: a year.

This is the only time specialoffers.citicards.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	13.111.71.127 13.111.71.127	22606 (EXACT-7) (EXACT-7)
4 16	198.160.105.75 198.160.105.75	15026 (ACXIOM) (ACXIOM)
11	52.84.174.105 52.84.174.105	16509 (AMAZON-02) (AMAZON-02)
1 4	99.81.236.184 99.81.236.184	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:248... 2600:9000:248c:7200:1:76cf:fe80:93a1	16509 (AMAZON-02) (AMAZON-02)
13	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
1	193.0.160.128 193.0.160.128	54312 (ROCKETFUEL) (ROCKETFUEL)
1	52.19.103.22 52.19.103.22	16509 (AMAZON-02) (AMAZON-02)
2	15.188.95.229 15.188.95.229	16509 (AMAZON-02) (AMAZON-02)
1 1	52.212.76.227 52.212.76.227	16509 (AMAZON-02) (AMAZON-02)
1	15.236.176.210 15.236.176.210	16509 (AMAZON-02) (AMAZON-02)
8	104.17.208.240 104.17.208.240	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	18.66.122.116 18.66.122.116	16509 (AMAZON-02) (AMAZON-02)
1	35.190.60.146 35.190.60.146	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:80b::2004	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
3	104.17.209.240 104.17.209.240	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	88.221.169.119 88.221.169.119	16625 (AKAMAI-AS) (AKAMAI-AS)
86	17

1 13.111.71.127 (United States) 1 redirects

ASN22606 (EXACT-7, US)
PTR: click.info15.citi.com

click.info15.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 198.160.105.75 (Conway, United States) 4 redirects

ASN15026 (ACXIOM, US)

specialoffers.citicards.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 52.84.174.105 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-84-174-105.cdg50.r.cloudfront.net

nexus.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 99.81.236.184 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-99-81-236-184.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:248c:7200:1:76cf:fe80:93a1 (United States)

ASN16509 (AMAZON-02, US)

c1.rfihub.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.128 (United States)

ASN54312 (ROCKETFUEL, US)

20766699p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.19.103.22 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-103-22.eu-west-1.compute.amazonaws.com

citi.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.188.95.229 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-188-95-229.eu-west-3.compute.amazonaws.com

metrics1.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.212.76.227 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-212-76-227.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.236.176.210 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

citicorpcreditservic.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 104.17.208.240 (Shahr, Iran, Islamic Republic Of)

ASN13335 (CLOUDFLARENET, US)

zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.122.116 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-122-116.fra60.r.cloudfront.net

cdn.pbbl.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.60.146 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com

sr.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:80b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.17.209.240 (Shahr, Iran, Islamic Republic Of)

ASN13335 (CLOUDFLARENET, US)

siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.221.169.119 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a88-221-169-119.deploy.static.akamaitechnologies.com

iad1.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	citicards.com 4 redirects specialoffers.citicards.com	202 KB
13	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 121	678 KB
12	qualtrics.com zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com — Cisco Umbrella Rank: 51650 siteintercept.qualtrics.com — Cisco Umbrella Rank: 1467 iad1.qualtrics.com — Cisco Umbrella Rank: 16724	93 KB
11	ensighten.com nexus.ensighten.com — Cisco Umbrella Rank: 3567	154 KB
9	google.de www.google.de — Cisco Umbrella Rank: 3590	1 KB
9	google.com www.google.com — Cisco Umbrella Rank: 17	1 KB
9	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 66	9 KB
5	demdex.net 1 redirects dpm.demdex.net — Cisco Umbrella Rank: 285 citi.demdex.net — Cisco Umbrella Rank: 66967	7 KB
3	citi.com 1 redirects click.info15.citi.com — Cisco Umbrella Rank: 235654 metrics1.citi.com — Cisco Umbrella Rank: 35002	1 KB
1	rlcdn.com sr.rlcdn.com — Cisco Umbrella Rank: 17462	98 B
1	pbbl.co cdn.pbbl.co — Cisco Umbrella Rank: 11216
1	omtrdc.net citicorpcreditservic.tt.omtrdc.net — Cisco Umbrella Rank: 46285	1 KB
1	everesttech.net 1 redirects cm.everesttech.net — Cisco Umbrella Rank: 1487	517 B
1	rfihub.com 20766699p.rfihub.com — Cisco Umbrella Rank: 62918	685 B
1	rfihub.net c1.rfihub.net — Cisco Umbrella Rank: 6947	6 KB
86	15

	Domain	Requested by
16	specialoffers.citicards.com	4 redirects specialoffers.citicards.com
13	www.googletagmanager.com	nexus.ensighten.com www.googletagmanager.com
11	nexus.ensighten.com	specialoffers.citicards.com nexus.ensighten.com
10	siteintercept.qualtrics.com	zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com siteintercept.qualtrics.com
9	www.google.de
9	www.google.com
9	googleads.g.doubleclick.net	www.googletagmanager.com
4	dpm.demdex.net	1 redirects specialoffers.citicards.com nexus.ensighten.com
2	metrics1.citi.com	nexus.ensighten.com
1	iad1.qualtrics.com
1	sr.rlcdn.com	nexus.ensighten.com
1	cdn.pbbl.co	nexus.ensighten.com
1	zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com	nexus.ensighten.com
1	citicorpcreditservic.tt.omtrdc.net	nexus.ensighten.com
1	cm.everesttech.net	1 redirects
1	citi.demdex.net	nexus.ensighten.com
1	20766699p.rfihub.com	c1.rfihub.net
1	c1.rfihub.net	nexus.ensighten.com
1	click.info15.citi.com	1 redirects
86	19

This site contains links to these domains. Also see Links.

Domain
online.citibank.com
online.citi.com

Subject Issuer	Validity	Valid
specialoffers.citicards.com DigiCert EV RSA CA G2	`2022-09-15` - `2023-10-16`	a year	crt.sh
nexus.ensighten.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-07` - `2023-10-14`	a year	crt.sh
*.rfihub.net Amazon	`2021-12-29` - `2023-01-27`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
*.rfihub.com Sectigo RSA Domain Validation Secure Server CA	`2022-05-24` - `2023-05-24`	a year	crt.sh
*.demdex.com DigiCert TLS RSA SHA256 2020 CA1	`2022-09-26` - `2023-10-27`	a year	crt.sh
metrics1.citi.com DigiCert EV RSA CA G2	`2022-07-22` - `2023-08-22`	a year	crt.sh
*.tt.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1	`2022-08-01` - `2023-09-01`	a year	crt.sh
*.qualtrics.com DigiCert TLS RSA SHA256 2020 CA1	`2022-05-04` - `2023-05-04`	a year	crt.sh
*.pbbl.co Amazon	`2022-10-04` - `2023-11-02`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh

This page contains 4 frames:

Primary Page: https://specialoffers.citicards.com/en/Citi/AlreadyAccepted
Frame ID: 120122B018D811A4EB2DF9CDE73D8AF9
Requests: 83 HTTP requests in this frame

Frame: https://20766699p.rfihub.com/ca.html?ver=9&ra=1714&rb=648&ca=20766699&_o=17169175&_t=bonusrewardsofferalreadyaccepted&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=bonusrewardsofferalreadyaccepted&pe=https%3A%2F%2Fspecialoffers.citicards.com%2Fen%2FCiti%2FAlreadyAccepted&pf=&ra=21857572712871876
Frame ID: BC2B5EAF71BE4E85336A997F64A37E9A
Requests: 1 HTTP requests in this frame

Frame: https://citi.demdex.net/dest5.html?d_nsid=0
Frame ID: D9E01454755E234621E465044D2C56B3
Requests: 1 HTTP requests in this frame

Frame: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Frame ID: AD31986D31FCA3843D987DF3025FD3F3
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Already Accepted Page

Page URL History Show full URLs

https://click.info15.citi.com/?qs=ca720e8e9d15491a90ae2b6d432672e83463a0c10b1138a30001f081df4a5a6e247c63d8... HTTP 302
https://specialoffers.citicards.com/citi/intro.aspx?i=4090166456&di=E2211U403&s=EC HTTP 302
https://specialoffers.citicards.com/en/Citi/Intro2?i=4090166456&di=E2211U403&s=EC HTTP 302
https://specialoffers.citicards.com/en/Citi/AlreadyAccepted Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Ensighten (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

//nexus\.ensighten\.com/

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

86
Requests

95 %
HTTPS

26 %
IPv6

15
Domains

19
Subdomains

17
IPs

5
Countries

1153 kB
Transfer

3156 kB
Size

29
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://online.citibank.com/JRS/portal/template.do?ID=TermsDisclaimer
Title: Terms and Conditions

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=Privacy
Title: Privacy

Search URL Search Domain Scan URL

URL: https://online.citi.com/JRS/portal/template.do?ID=Privacy#notice-at-collection
Title: Notice At Collection

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/dataprivacyhub
Title: CA Privacy Hub

Search URL Search Domain Scan URL

URL: https://online.citibank.com/US/JRS/pands/detail.do?ID=SecurityCenter
Title: Security

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://click.info15.citi.com/?qs=ca720e8e9d15491a90ae2b6d432672e83463a0c10b1138a30001f081df4a5a6e247c63d8881791d1839cd4be5c2234560b7e20b6cc59ca834e079ef9693e8ce2 HTTP 302
https://specialoffers.citicards.com/citi/intro.aspx?i=4090166456&di=E2211U403&s=EC HTTP 302
https://specialoffers.citicards.com/en/Citi/Intro2?i=4090166456&di=E2211U403&s=EC HTTP 302
https://specialoffers.citicards.com/en/Citi/AlreadyAccepted Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2

https://specialoffers.citicards.com/bundles/js/jquery?v=235DeCRyc2KKtm5-u-WowaGmWHU3ft44y448NxHpMf41 HTTP 302
https://specialoffers.citicards.com/error.html?item=%2fbundles%2fjs%2fjquery&user=SpecialOffers%2f4090166456&site=website

Request Chain 3

https://specialoffers.citicards.com/bundles/js/speedbump?v=gCBaz4Ns6ddPKtA5wokLjIHeN-x2KnPOhJhKPSfpjFQ1 HTTP 302
https://specialoffers.citicards.com/error.html?item=%2fbundles%2fjs%2fspeedbump&user=SpecialOffers%2f4090166456&site=website

Request Chain 9

https://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1667336557619 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1667336557619

Request Chain 27

https://cm.everesttech.net/cm/dd?d_uuid=05875566632583370962494897272154633426 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y2GJbQAAALNA2QN-

86 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request AlreadyAccepted Show response
specialoffers.citicards.com/en/Citi/
Redirect Chain

https://click.info15.citi.com/?qs=ca720e8e9d15491a90ae2b6d432672e83463a0c10b1138a30001f081df4a5a6e247c63d8881791d1839cd4be5c2234560b7e20b6cc59ca834e079ef9693e8ce2
https://specialoffers.citicards.com/citi/intro.aspx?i=4090166456&di=E2211U403&s=EC
https://specialoffers.citicards.com/en/Citi/Intro2?i=4090166456&di=E2211U403&s=EC
https://specialoffers.citicards.com/en/Citi/AlreadyAccepted

12 KB
4 KB

456ms
456ms

Document
text/html

198.160.105.75
ACXIOM

General

Check archive.org

Show headers Download Go to

Full URL

https://specialoffers.citicards.com/en/Citi/AlreadyAccepted

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

198.160.105.75 Conway, United States, ASN15026 (ACXIOM, US),

Reverse DNS

Software

Resource Hash

9d344eb07d6faf04053eca79fe6d253c02fe29f1bb778f4aeffc166fd4872276

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Encoding: gzip
Content-Length: 3943
Strict-Transport-Security: max-age=157680000; includeSubDomains
cache-control: no-cache, no-store
content-type: text/html; charset=utf-8
date: Tue, 01 Nov 2022 21:02:35 GMT
expires: -1
ntcoent-length: 12632
pragma: no-cache

Redirect headers

Strict-Transport-Security: max-age=157680000; includeSubDomains
cache-control: no-cache, no-store
content-length: 141
content-type: text/html; charset=utf-8
date: Tue, 01 Nov 2022 21:02:34 GMT
expires: -1
location: /en/Citi/AlreadyAccepted
pragma: no-cache

GET
H/1.1 200
OK bootstrap.min.css
specialoffers.citicards.com/Content/ 158 KB
27 KB 242ms
241ms Stylesheet
text/css 198.160.105.75
ACXIOM

General

Check archive.org

Show headers Download Go to

Full URL

https://specialoffers.citicards.com/Content/bootstrap.min.css

Requested by

Host: specialoffers.citicards.com
URL: https://specialoffers.citicards.com/en/Citi/AlreadyAccepted

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

198.160.105.75 Conway, United States, ASN15026 (ACXIOM, US),

Reverse DNS

Software

Resource Hash

0c5ed985fdbddc027124d4e6879ce1a1860832cda85e2b517c18d8fbd2fffc06

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/en/Citi/AlreadyAccepted
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

cteonnt-length: 162017
date: Tue, 01 Nov 2022 21:02:35 GMT
Strict-Transport-Security: max-age=157680000; includeSubDomains
Content-Encoding: gzip
last-modified: Wed, 15 Jun 2022 14:49:12 GMT
etag: "da54bd13c780d81:0"
Transfer-Encoding: chunked
content-type: text/css
Cache-Control: private
accept-ranges: bytes

GET
H/1.1 200
OK styles.css
specialoffers.citicards.com/assets/CSS/ 11 KB
2 KB 597ms
232ms Stylesheet
text/css 198.160.105.75
ACXIOM

General

Check archive.org

Show headers Download Go to

Full URL

https://specialoffers.citicards.com/assets/CSS/styles.css

Requested by

Host: specialoffers.citicards.com
URL: https://specialoffers.citicards.com/en/Citi/AlreadyAccepted

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

198.160.105.75 Conway, United States, ASN15026 (ACXIOM, US),

Reverse DNS

Software

Resource Hash

50981e218a3fd3dc86c187e19c6912fcd889b768f47d848d0f5bb8a9711ec221

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/en/Citi/AlreadyAccepted
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

cteonnt-length: 11406
date: Tue, 01 Nov 2022 21:02:35 GMT
Strict-Transport-Security: max-age=157680000; includeSubDomains
Content-Encoding: gzip
last-modified: Fri, 01 Jul 2022 16:23:04 GMT
etag: "887355d7668dd81:0"
content-type: text/css
Cache-Control: private
accept-ranges: bytes
Content-Length: 1956

GET
H/1.1

200
OK

error.html Show response
specialoffers.citicards.com/
Redirect Chain

https://specialoffers.citicards.com/bundles/js/jquery?v=235DeCRyc2KKtm5-u-WowaGmWHU3ft44y448NxHpMf41
https://specialoffers.citicards.com/error.html?item=%2fbundles%2fjs%2fjquery&user=SpecialOffers%2f4090166456&site=website

6 KB
3 KB

230ms
230ms

Script
text/html

198.160.105.75
ACXIOM

General

Check archive.org

Show headers Download Go to

Full URL

https://specialoffers.citicards.com/error.html?item=%2fbundles%2fjs%2fjquery&user=SpecialOffers%2f4090166456&site=website

Requested by

Host: specialoffers.citicards.com
URL: https://specialoffers.citicards.com/en/Citi/AlreadyAccepted

Protocol

HTTP/1.1

Server

198.160.105.75 Conway, United States, ASN15026 (ACXIOM, US),

Reverse DNS

Software

Resource Hash

4af8a6ebc8da1ba09cf8e899963088618abea5a0769ee592e74d8b54a42bb384

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/en/Citi/AlreadyAccepted
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 01 Nov 2022 21:02:35 GMT
Strict-Transport-Security: max-age=157680000; includeSubDomains
Content-Encoding: gzip
X-Expires-Orig: None
last-modified: Fri, 01 Jul 2022 16:24:12 GMT
etag: "a783f0ff668dd81:0"
ntcoent-length: 5999
content-type: text/html
X-Cache-Control-Orig
Cache-Control: max-age=0, must-revalidate, private, private
accept-ranges: bytes
Content-Length: 1943

Redirect headers

date: Tue, 01 Nov 2022 21:02:35 GMT
Strict-Transport-Security: max-age=157680000; includeSubDomains
X-Expires-Orig: None
content-type: text/html; charset=utf-8
location: /error.html?item=%2fbundles%2fjs%2fjquery&user=SpecialOffers%2f4090166456&site=website
X-Cache-Control-Orig
Cache-Control: max-age=0, must-revalidate, private
content-length: 211

GET
H/1.1

200
OK

error.html Show response
specialoffers.citicards.com/
Redirect Chain

https://specialoffers.citicards.com/bundles/js/speedbump?v=gCBaz4Ns6ddPKtA5wokLjIHeN-x2KnPOhJhKPSfpjFQ1
https://specialoffers.citicards.com/error.html?item=%2fbundles%2fjs%2fspeedbump&user=SpecialOffers%2f4090166456&site=website

6 KB
3 KB

235ms
235ms

Script
text/html

198.160.105.75
ACXIOM

General

Check archive.org

Show headers Download Go to

Full URL

https://specialoffers.citicards.com/error.html?item=%2fbundles%2fjs%2fspeedbump&user=SpecialOffers%2f4090166456&site=website

Requested by

Host: specialoffers.citicards.com
URL: https://specialoffers.citicards.com/en/Citi/AlreadyAccepted

Protocol

HTTP/1.1

Server

198.160.105.75 Conway, United States, ASN15026 (ACXIOM, US),

Reverse DNS

Software

Resource Hash

4af8a6ebc8da1ba09cf8e899963088618abea5a0769ee592e74d8b54a42bb384

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/en/Citi/AlreadyAccepted
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 01 Nov 2022 21:02:35 GMT
Strict-Transport-Security: max-age=157680000; includeSubDomains
Content-Encoding: gzip
X-Expires-Orig: None
last-modified: Fri, 01 Jul 2022 16:24:12 GMT
etag: "a783f0ff668dd81:0"
ntcoent-length: 5999
content-type: text/html
X-Cache-Control-Orig
Cache-Control: max-age=0, must-revalidate, private, private
accept-ranges: bytes
Content-Length: 1943

Redirect headers

date: Tue, 01 Nov 2022 21:02:35 GMT
Strict-Transport-Security: max-age=157680000; includeSubDomains
X-Expires-Orig: None
content-type: text/html; charset=utf-8
location: /error.html?item=%2fbundles%2fjs%2fspeedbump&user=SpecialOffers%2f4090166456&site=website
X-Cache-Control-Orig
Cache-Control: max-age=0, must-revalidate, private
content-length: 214

GET
H2 200 Bootstrap.js Show response
nexus.ensighten.com/citi/na_prod/ 100 KB
30 KB 101ms
24ms Script
application/javascript 52.84.174.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Requested by: Host: specialoffers.citicards.com
URL: https://specialoffers.citicards.com/en/Citi/AlreadyAccepted
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.84.174.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-84-174-105.cdg50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bbfca0a1b4b8df35c0a0ab9a6325eca549e9b7e5774fd4eb10eba866411c7322

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 01 Nov 2022 20:04:27 GMT
x-amz-version-id: SaDF86KAnuBnVFqQZ55FkjTG5Y1bZFh7
content-encoding: br
via: 1.1 4cdc479f5a3e085b3677cdfbbae00b5e.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG50-P1
age: 3490
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Tue, 01 Nov 2022 20:04:06 GMT
server: AmazonS3
etag: W/"1c1090d9fe3c891160d9c57c21242fd6"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=300
x-amz-cf-id: 7ujXUs6J-TRPLsktIJshwpfw8YnpnoaghW6OngAo9OZ6-rnpfLAc7w==

GET
H/1.1 200
OK CitiNewLogo.ashx
specialoffers.citicards.com/-/media/Images/Citi/Logos/Citi-Logo-White/ 834 B
1 KB 233ms
233ms Image
image/png 198.160.105.75
ACXIOM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://specialoffers.citicards.com/-/media/Images/Citi/Logos/Citi-Logo-White/CitiNewLogo.ashx?h=60&iar=0&w=45&hash=E86C8CA329124BEDE2CF8A301724E012

Requested by

Host: specialoffers.citicards.com
URL: https://specialoffers.citicards.com/en/Citi/AlreadyAccepted

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

198.160.105.75 Conway, United States, ASN15026 (ACXIOM, US),

Reverse DNS

Software

Resource Hash

fb4f6c10aac535d58e871112379d0b32fc841bd29313511b75b2ebc87f350c8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/en/Citi/AlreadyAccepted
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 01 Nov 2022 21:02:36 GMT
Strict-Transport-Security: max-age=157680000; includeSubDomains
last-modified: Tue, 20 Nov 2018 21:49:23 GMT
content-type: image/png
cache-control: private, max-age=604800
content-disposition: inline; filename="CitiNewLogo.png"
accept-ranges: bytes
content-length: 834

GET
H/1.1 200
OK DSKFooterLogo.ashx
specialoffers.citicards.com/-/media/Images/Citi/Logos/ 2 KB
3 KB 230ms
230ms Image
image/png 198.160.105.75
ACXIOM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://specialoffers.citicards.com/-/media/Images/Citi/Logos/DSKFooterLogo.ashx?h=100&iar=0&w=289&hash=CCC4D356FAE5B788D0BDA8C5B88EB367

Requested by

Host: specialoffers.citicards.com
URL: https://specialoffers.citicards.com/en/Citi/AlreadyAccepted

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

198.160.105.75 Conway, United States, ASN15026 (ACXIOM, US),

Reverse DNS

Software

Resource Hash

924a81ffb705b704d1e4160fd1fc1de6c60ff8a747ac895045b1cbac883c6079

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/en/Citi/AlreadyAccepted
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 01 Nov 2022 21:02:36 GMT
Strict-Transport-Security: max-age=157680000; includeSubDomains
last-modified: Tue, 20 Nov 2018 21:49:54 GMT
content-type: image/png
cache-control: private, max-age=604800
content-disposition: inline; filename="DSKFooterLogo.png"
accept-ranges: bytes
content-length: 2507

GET
H/1.1 200
OK MBLFooterLogo.ashx
specialoffers.citicards.com/-/media/Images/Citi/Logos/ 1 KB
2 KB 234ms
233ms Image
image/png 198.160.105.75
ACXIOM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://specialoffers.citicards.com/-/media/Images/Citi/Logos/MBLFooterLogo.ashx?h=54&iar=0&w=160&hash=35C4D88D751D8DD678628BDCE75AC4AA

Requested by

Host: specialoffers.citicards.com
URL: https://specialoffers.citicards.com/en/Citi/AlreadyAccepted

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

198.160.105.75 Conway, United States, ASN15026 (ACXIOM, US),

Reverse DNS

Software

Resource Hash

6d50a613036a81d1dd30f397a5ddefb75a383de3573ec01b9c1020c1c9441b52

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/en/Citi/AlreadyAccepted
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 01 Nov 2022 21:02:36 GMT
Strict-Transport-Security: max-age=157680000; includeSubDomains
last-modified: Tue, 20 Nov 2018 21:50:29 GMT
content-type: image/png
cache-control: private, max-age=604800
content-disposition: inline; filename="MBLFooterLogo.png"
accept-ranges: bytes
content-length: 1336

GET
H/1.1 200
OK footer-logo.ashx
specialoffers.citicards.com/-/media/Images/Citi/Logos/ 1 KB
2 KB 235ms
235ms Image
image/png 198.160.105.75
ACXIOM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://specialoffers.citicards.com/-/media/Images/Citi/Logos/footer-logo.ashx?h=24&iar=0&w=40&hash=8D8E71A2BBD147465B6945AFC08E6B80

Requested by

Host: specialoffers.citicards.com
URL: https://specialoffers.citicards.com/en/Citi/AlreadyAccepted

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

198.160.105.75 Conway, United States, ASN15026 (ACXIOM, US),

Reverse DNS

Software

Resource Hash

16a787074ffc149acee9d02b9715f5ca61a252ab16f26cd21ddccfffc24c9654

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/en/Citi/AlreadyAccepted
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 01 Nov 2022 21:02:36 GMT
Strict-Transport-Security: max-age=157680000; includeSubDomains
last-modified: Fri, 09 Jan 2015 05:34:24 GMT
content-type: image/png
cache-control: private, max-age=604800
content-disposition: inline; filename="footer logo.png"
accept-ranges: bytes
content-length: 1365

GET
H/1.1

200
OK

rd Show response
dpm.demdex.net/id/
Redirect Chain

https://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1667336557619
https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1667336557619

363 B
1 KB

35ms
35ms

XHR
application/json

99.81.236.184
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1667336557619

Requested by

Host: specialoffers.citicards.com
URL: https://specialoffers.citicards.com/en/Citi/AlreadyAccepted

Protocol

HTTP/1.1

Server

99.81.236.184 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-99-81-236-184.eu-west-1.compute.amazonaws.com

Software

Resource Hash

89fd5f0e763ee65f6cffc3f1f7501bcd5dd01a1145b1ec595323b642f60711fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v045-086daf400.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: P+YP94vZRPs=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://specialoffers.citicards.com
Content-Type: application/json;charset=utf-8
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 306
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-1-v045-0333db6ef.edge-irl1.demdex.com 0 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: YnG5BH2aQwA=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://specialoffers.citicards.com
Location: https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1667336557619
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 204 e.gif
nexus.ensighten.com/error/ 0
249 B 18ms
18ms Image
text/plain 52.84.174.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nexus.ensighten.com/error/e.gif?msg=_dl%20is%20not%20defined&lnn=-1&fn=&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError
Requested by: Host: specialoffers.citicards.com
URL: https://specialoffers.citicards.com/en/Citi/AlreadyAccepted
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.84.174.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-84-174-105.cdg50.r.cloudfront.net
Software: CloudFront /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 01 Nov 2022 01:05:23 GMT
via: 1.1 4cdc479f5a3e085b3677cdfbbae00b5e.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: CDG50-P1
age: 71834
x-cache: Hit from cloudfront
cache-control: no-cache, no-store
x-amz-cf-id: WAZf3szQF_C2lPtoawtKMj_Vo2H1Eu3Z5pdlD12f6BSzD3pSkDkcTA==

GET
H/1.1 200
OK hr.png
specialoffers.citicards.com/assets/Citi/images/ 202 B
647 B 465ms
231ms Image
image/png 198.160.105.75
ACXIOM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://specialoffers.citicards.com/assets/Citi/images/hr.png

Requested by

Host: specialoffers.citicards.com
URL: https://specialoffers.citicards.com/assets/CSS/styles.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

198.160.105.75 Conway, United States, ASN15026 (ACXIOM, US),

Reverse DNS

Software

Resource Hash

0074948613289358bea8b2caa28def73c40bc6fc084ec8b81efb70fc30132278

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/assets/CSS/styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 01 Nov 2022 21:02:36 GMT
Strict-Transport-Security: max-age=157680000; includeSubDomains
last-modified: Tue, 14 Jun 2022 21:08:53 GMT
accept-ranges: bytes
etag: "24f9ccf33280d81:0"
content-length: 202
content-type: image/png

GET
H/1.1 200
OK Interstate-Light.woff
specialoffers.citicards.com/assets/fonts/ 74 KB
74 KB 442ms
232ms Font
font/x-woff 198.160.105.75
ACXIOM

General

Check archive.org

Show headers Download Go to

Full URL

https://specialoffers.citicards.com/assets/fonts/Interstate-Light.woff

Requested by

Host: specialoffers.citicards.com
URL: https://specialoffers.citicards.com/assets/CSS/styles.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

198.160.105.75 Conway, United States, ASN15026 (ACXIOM, US),

Reverse DNS

Software

Resource Hash

f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000; includeSubDomains

Request headers

Referer: https://specialoffers.citicards.com/assets/CSS/styles.css
Origin: https://specialoffers.citicards.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 01 Nov 2022 21:02:36 GMT
Strict-Transport-Security: max-age=157680000; includeSubDomains
last-modified: Tue, 14 Jun 2022 21:08:54 GMT
accept-ranges: bytes
etag: "59994af43280d81:0"
content-length: 75538
content-type: font/x-woff

GET
H/1.1 200
OK Interstate-Regular.woff
specialoffers.citicards.com/assets/fonts/ 77 KB
77 KB 446ms
228ms Font
font/x-woff 198.160.105.75
ACXIOM

General

Check archive.org

Show headers Download Go to

Full URL

https://specialoffers.citicards.com/assets/fonts/Interstate-Regular.woff

Requested by

Host: specialoffers.citicards.com
URL: https://specialoffers.citicards.com/assets/CSS/styles.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

198.160.105.75 Conway, United States, ASN15026 (ACXIOM, US),

Reverse DNS

Software

Resource Hash

045cd226594cb32ddf9d4db8ee45611f4d0788675ae50180b68da975e66fe1fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=157680000; includeSubDomains

Request headers

Referer: https://specialoffers.citicards.com/assets/CSS/styles.css
Origin: https://specialoffers.citicards.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 01 Nov 2022 21:02:36 GMT
Strict-Transport-Security: max-age=157680000; includeSubDomains
last-modified: Tue, 14 Jun 2022 21:08:54 GMT
accept-ranges: bytes
etag: "2ef153f43280d81:0"
content-length: 78762
content-type: font/x-woff

GET
H2 200 serverComponent.php Show response
nexus.ensighten.com/citi/na_prod/ 1 KB
919 B 58ms
57ms Script
text/javascript 52.84.174.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Nov%2001%2020:04:01%20GMT%202022&ClientID=1129&PageID=https%3A%2F%2Fspecialoffers.citicards.com%2Fen%2FCiti%2FAlreadyAccepted
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.84.174.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-84-174-105.cdg50.r.cloudfront.net
Software: nginx /
Resource Hash: 8f5455cae2a27c21e60b06335301f8e6946bccaf2f57b69cbfa19ec27718579d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 01 Nov 2022 21:02:37 GMT
content-encoding: gzip
via: 1.1 4cdc479f5a3e085b3677cdfbbae00b5e.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: CDG50-P1
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/javascript
cache-control: no-cache, no-store
x-amz-cf-id: jLym9ceX1lBjNaXCsN2iao68EQf4noK6eZuHlURaabgt1NvYEstShQ==
expires: Tue, 01 Nov 2022 21:02:36 GMT

GET
H2 200 7c8ae1f9c206930028672949c6703f6d.js Show response
nexus.ensighten.com/citi/na_prod/code/ 2 KB
2 KB 21ms
21ms Script
application/javascript 52.84.174.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/7c8ae1f9c206930028672949c6703f6d.js?conditionId0=4849963
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.84.174.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-84-174-105.cdg50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9a74546a8f511f31b5252f115d2db7aa69370ca5eeaf6828f60abb197f35a169

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 18 Oct 2022 17:53:07 GMT
x-amz-version-id: fn0OQIG24n9jjHSfN2OozphT08M6eW_x
content-encoding: br
via: 1.1 4cdc479f5a3e085b3677cdfbbae00b5e.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG50-P1
age: 1220971
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Tue, 18 Oct 2022 17:52:59 GMT
server: AmazonS3
etag: W/"7df0440e45009010a99db868682aafb3"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: BuVE1xn9ewIUaLFP1k1wUZrOhA69_fI_0_NIOSzLjs4i-AGdo0OiwQ==

GET
H2 200 af3b21070dd01ab22a4f331056324374.js Show response
nexus.ensighten.com/citi/na_prod/code/ 7 KB
2 KB 22ms
22ms Script
application/javascript 52.84.174.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.84.174.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-84-174-105.cdg50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d2751a84e6a70913798dd8b2aede47ab49b7a701618cd151d89755638f71aa02

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 21:43:10 GMT
x-amz-version-id: QTYOdEvDbSbtudwcv3X6K9qpVGIDVLJs
content-encoding: br
via: 1.1 4cdc479f5a3e085b3677cdfbbae00b5e.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG50-P1
age: 6650368
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Tue, 16 Aug 2022 21:43:05 GMT
server: AmazonS3
etag: W/"412eb38d6a797c24fd5d7e30e1b9799d"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: uibWcLglQzpiOVdQajRDbC2qLKAYK5Vd4uWM3Cv1gS0fOeq0hDW6aw==

GET
H2 200 d74f82b561a6aa5d9247eaf72394131a.js Show response
nexus.ensighten.com/citi/na_prod/code/ 2 KB
1 KB 21ms
21ms Script
application/javascript 52.84.174.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/d74f82b561a6aa5d9247eaf72394131a.js?conditionId0=480881
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.84.174.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-84-174-105.cdg50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1243ffed4530d6d237dd040101bf2933687f6e9272b10132060115058f914206

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Fri, 22 Jul 2022 04:43:02 GMT
x-amz-version-id: RvpSCqGYAfuhljj0NjnAsdqP.N32uojg
content-encoding: br
via: 1.1 4cdc479f5a3e085b3677cdfbbae00b5e.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG50-P1
age: 8871576
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 14 Jul 2022 20:16:36 GMT
server: AmazonS3
etag: W/"43372887591ae43fb66862c6ae6d2c9b"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: 2_-zAWsqr318UuPcO9lEJdbUSXgJvDt6A_Ap_2jwa2QiZMAuMCt8_g==

GET
H2 200 725f52f47953fbdb124cea48c5c5316a.js Show response
nexus.ensighten.com/citi/na_prod/code/ 293 KB
68 KB 29ms
27ms Script
application/javascript 52.84.174.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/725f52f47953fbdb124cea48c5c5316a.js?conditionId0=421908
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.84.174.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-84-174-105.cdg50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0c5501be4076f83d680144fb5bafd0ba3a17230cab93e680dbfc3892f52286d9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 01 Nov 2022 20:04:14 GMT
x-amz-version-id: uZJT4ytcTdGY2xBdzTHIy1d9hsxzSHhU
content-encoding: br
via: 1.1 4cdc479f5a3e085b3677cdfbbae00b5e.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG50-P1
age: 3504
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Tue, 01 Nov 2022 20:04:06 GMT
server: AmazonS3
etag: W/"9a28990ee281a14946095dec23e5627e"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: tpnaW5cdJp9n_adb527_4TGNZriprsWM58YbVc054iaxI_5h67A6zw==

GET
H2 200 51aba9f62787efbaa13e53a8d1ae3892.js Show response
nexus.ensighten.com/citi/na_prod/code/ 1 KB
1 KB 22ms
20ms Script
application/javascript 52.84.174.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/51aba9f62787efbaa13e53a8d1ae3892.js?conditionId0=4827153
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.84.174.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-84-174-105.cdg50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bf8892a953595eb96b9ca68c5756849d404115dcf2ee9bf87e8b4e7b3cf8e650

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Fri, 22 Jul 2022 05:05:43 GMT
x-amz-version-id: wbqnWd5jL63548esNkWLxT1ImQDA0TC0
content-encoding: gzip
via: 1.1 4cdc479f5a3e085b3677cdfbbae00b5e.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG50-P1
age: 8870215
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 31 Aug 2021 17:19:04 GMT
server: AmazonS3
etag: W/"4d37444c012a76a0557182615bf5cdd3"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: rE6Uj5CPBTG8zaaDgmYidByZZislDY7SzfB7eX6-q_cIVYVukqibKA==

GET
H2 200 e89e922d42191212e2571eceaae47b48.js Show response
nexus.ensighten.com/citi/na_prod/code/ 192 KB
37 KB 24ms
23ms Script
application/javascript 52.84.174.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/e89e922d42191212e2571eceaae47b48.js?conditionId0=486757
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.84.174.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-84-174-105.cdg50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d140961b4bd4b8aee9d60f3cec65e515b79064ee8d35cd4b70fb7f51eb37e40b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 18 Oct 2022 19:50:16 GMT
x-amz-version-id: hUuUk3pAtYHN0sXn0vLTg11CAYuvLZtL
content-encoding: br
via: 1.1 4cdc479f5a3e085b3677cdfbbae00b5e.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG50-P1
age: 1213942
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Tue, 18 Oct 2022 19:50:01 GMT
server: AmazonS3
etag: W/"60cea34a01b7b0cf3a2957ad282e1872"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: L4PQiQqQCabsa8iJfWOSF7CiS4n1nXemcDMBy1CFbkxQijtZg09wpg==

GET
H2 200 66b3bdd1803d6a2f5d6abaa2ab137d76.js Show response
nexus.ensighten.com/citi/na_prod/code/ 97 KB
12 KB 44ms
43ms Script
application/javascript 52.84.174.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/66b3bdd1803d6a2f5d6abaa2ab137d76.js?conditionId0=467299
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.84.174.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-84-174-105.cdg50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 47b27bd8c4abc9012f01d108ba6aad324f2c737ff737700415b824fa95ffffc8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 18 Oct 2022 19:50:16 GMT
x-amz-version-id: Lzg99yplYRu_rCETVvUTbI6kwLiuOssa
content-encoding: br
via: 1.1 4cdc479f5a3e085b3677cdfbbae00b5e.cloudfront.net (CloudFront)
x-amz-cf-pop: CDG50-P1
age: 1213942
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Tue, 18 Oct 2022 19:50:01 GMT
server: AmazonS3
etag: W/"662a42456f7dd1308f192f08de900712"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: JDFv5mH5bm0cQNjc2yYL1BIIZufFZTXT4UaUtW95IgDz2pomxuSxnw==

GET
H2 200 tc.min.js Show response
c1.rfihub.net/js/ 19 KB
6 KB 82ms
16ms Script
application/x-javascript 2600:9000:248c:7200:1:76cf:fe80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.rfihub.net/js/tc.min.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:248c:7200:1:76cf:fe80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 01 Nov 2022 20:59:57 GMT
content-encoding: gzip
via: 1.1 785051524e198b20f8b58122667c188e.cloudfront.net (CloudFront)
last-modified: Tue, 01 Nov 2022 20:59:47 GMT
server: Jetty(9.3.29.v20201019)
x-amz-cf-pop: MXP64-P1
age: 160
x-cache: Hit from cloudfront
content-type: application/x-javascript
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: public, max-age=3600
content-length: 6162
x-amz-cf-id: 3DP5x1yT1ia9Jg33MudC0DvmY3ZIeb3g8PXX2PtjNM8rj_hDHAd9sQ==
expires: Tue, 01 Nov 2022 21:59:57 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 110 KB
43 KB 43ms
16ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6260004

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ba7fd38600c6c271afd1e3b593f33ec9c2177252ab15109ad99717bc6d58a6a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 01 Nov 2022 21:02:37 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 44077
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 01 Nov 2022 21:02:37 GMT

GET
H/1.1 200
OK ca.html Show response
20766699p.rfihub.com/ Frame BC2B 118 B
685 B 188ms
16ms Document
text/html 193.0.160.128
ROCKETFUEL

General

Check archive.org

Show headers Download Go to

Full URL: https://20766699p.rfihub.com/ca.html?ver=9&ra=1714&rb=648&ca=20766699&_o=17169175&_t=bonusrewardsofferalreadyaccepted&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=bonusrewardsofferalreadyaccepted&pe=https%3A%2F%2Fspecialoffers.citicards.com%2Fen%2FCiti%2FAlreadyAccepted&pf=&ra=21857572712871876
Requested by: Host: c1.rfihub.net
URL: https://c1.rfihub.net/js/tc.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.128 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: c437eb764a99e6cd5172d63c3fae564bbc51eda4981058d5edebd2bf0700eb76

Request headers

Referer: https://specialoffers.citicards.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache
Content-Length: 118
Content-Type: text/html;charset=utf-8
Date: Tue, 01 Nov 2022 21:02:37 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server: Jetty(9.3.29.v20201019)

GET
H/1.1 200
OK dest5.html Show response
citi.demdex.net/ Frame D9E0 7 KB
3 KB 172ms
31ms Document
text/html 52.19.103.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://citi.demdex.net/dest5.html?d_nsid=0

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.19.103.22 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-19-103-22.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://specialoffers.citicards.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: text/html;charset=UTF-8
DCS: dcs-prod-irl1-1-v045-00c503e2b.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: QtBMLzBHQWc=
content-encoding: gzip
date: Tue, 1 Nov 2022 21:02:38 GMT
last-modified: Fri, 28 Oct 2022 11:02:58 GMT
transfer-encoding: chunked
vary: accept-encoding

GET
H2 200 id Show response
metrics1.citi.com/ 89 B
631 B 74ms
18ms XHR
application/x-javascript 15.188.95.229
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics1.citi.com/id?d_visid_ver=3.1.2&d_fieldgroup=A&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&mid=01094779162606609713115433074956176753&ts=1667336557852

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.188.95.229 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-95-229.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

c30bce3a032d8984d3ce025546ba163a83de00e90ebaf2610e5fee751f147889

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://specialoffers.citicards.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 01 Nov 2022 21:02:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: https://specialoffers.citicards.com
p3p: CP="This is not a P3P policy"
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-length: 89
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=Y2GJbQAAALNA2QN-
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=05875566632583370962494897272154633426
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y2GJbQAAALNA2QN-

42 B
942 B

38ms
38ms

Image
image/gif

99.81.236.184
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y2GJbQAAALNA2QN-

Requested by

Host: specialoffers.citicards.com
URL: https://specialoffers.citicards.com/en/Citi/AlreadyAccepted

Protocol

HTTP/1.1

Server

99.81.236.184 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-99-81-236-184.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v045-07303b075.edge-irl1.demdex.com 8 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: PV7dXKgoQhw=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y2GJbQAAALNA2QN-
Date: Tue, 01 Nov 2022 21:02:37 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 110 KB
43 KB 24ms
23ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6269322&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

08f0cf1b0d701e0460fb618191b30ad16244e5ae8c39b77f155ead956beeedd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 01 Nov 2022 21:02:37 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 44100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 01 Nov 2022 21:02:37 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 110 KB
43 KB 32ms
31ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6256710&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

243bcd026cce66d7fda39e0376596c57802bc4136e4f273a661a39c3e9674b7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 01 Nov 2022 21:02:37 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 44098
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 01 Nov 2022 21:02:37 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 110 KB
43 KB 21ms
21ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6415812&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

dd97d125df6859c393414f45f0de0ba246c0c5366471190d6626df1de4b63bdf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 01 Nov 2022 21:02:37 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 44098
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 01 Nov 2022 21:02:37 GMT

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 363 B
1 KB 33ms
33ms XHR
application/json 99.81.236.184
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&d_mid=01094779162606609713115433074956176753&d_blob=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&d_cid_ic=AVID%0131B0C4B6BB28442D-60000726E4CB561E&ts=1667336557932

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

99.81.236.184 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-99-81-236-184.eu-west-1.compute.amazonaws.com

Software

Resource Hash

31ea009da5fe3e10c8e37327c112e02559af3b0eeef89f1d814b3b985e02eb38

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://specialoffers.citicards.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-1-v045-05e780d2b.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: dbU/MebaQKY=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://specialoffers.citicards.com
Content-Type: application/json;charset=utf-8
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 306
Expires: Thu, 01 Jan 1970 00:00:00 UTC

POST
H2 200 delivery Show response
citicorpcreditservic.tt.omtrdc.net/rest/v1/ 363 B
1 KB 115ms
51ms XHR
application/json 15.236.176.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://citicorpcreditservic.tt.omtrdc.net/rest/v1/delivery?client=citicorpcreditservic&sessionId=b4bed3b978e1401b82bee275fffd7f86&version=2.10.0

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/725f52f47953fbdb124cea48c5c5316a.js?conditionId0=421908

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

53fe81e1e164379abff662ffce23f24017faaa984b43cecc4690e69453a5b047

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://specialoffers.citicards.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 01 Nov 2022 21:02:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List
server: jag
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
p3p: CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
access-control-allow-origin: https://specialoffers.citicards.com
content-type: application/json;charset=UTF-8
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
timing-allow-origin: *
x-xss-protection: 1; mode=block
x-request-id: 47013b17-f422-42d1-9721-d5f4a953d2b4

GET
H2 200 / Show response
zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com/SIE/ 7 KB
4 KB 155ms
94ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_3VI8kkudS0JJRFc

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/7c8ae1f9c206930028672949c6703f6d.js?conditionId0=4849963

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f661da3e963fdb1822bde397273373e018df5e88418a76541ede82c3a579f458

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 01 Nov 2022 21:02:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 97172
cf-polished: origSize=8487
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"2127-H40ILrluKx1juEGz7wmS24Pdtz8"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 76379291edc990fa-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin: *

GET
H2 403 1560.js
cdn.pbbl.co/r/ 0
0 65ms
7ms Script
text/html 18.66.122.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pbbl.co/r/1560.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/af3b21070dd01ab22a4f331056324374.js?conditionId0=4897099
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.122.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-122-116.fra60.r.cloudfront.net
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 178 KB
65 KB 25ms
24ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-916451471

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

11c366a18d5bd7da2358a19981074e313823877417cd7b1592c854c803b7ed77

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 01 Nov 2022 21:02:38 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 66739
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 01 Nov 2022 21:02:38 GMT

GET
H2 451 425466.html Show response
sr.rlcdn.com/ Frame AD31 0
98 B 240ms
166ms Document
text/plain 35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/66b3bdd1803d6a2f5d6abaa2ab137d76.js?conditionId0=467299
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://specialoffers.citicards.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Tue, 01 Nov 2022 21:02:38 GMT
via: 1.1 google

GET
H2 204 e.gif
nexus.ensighten.com/error/ 0
250 B 28ms
27ms Image
text/plain 52.84.174.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nexus.ensighten.com/error/e.gif?msg=%24%20is%20not%20defined&lnn=-1&fn=&cid=1129&client=citi&publishPath=na_prod&rid=2680754&did=572750&errorName=ReferenceError
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.84.174.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-84-174-105.cdg50.r.cloudfront.net
Software: CloudFront /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 01 Nov 2022 01:05:23 GMT
via: 1.1 4cdc479f5a3e085b3677cdfbbae00b5e.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: CDG50-P1
age: 71835
x-cache: Hit from cloudfront
cache-control: no-cache, no-store
x-amz-cf-id: ap6xy8XQXUa4tqORqpLRe75rSU_vtF3raydCTIg7gYlxdnCs0McH7w==

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/ 2 KB
2 KB 92ms
63ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1667336558373&cv=11&fst=1667336558373&bg=ffffff&guid=ON&async=1&gtm=2oaav0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fspecialoffers.citicards.com%2Fen%2FCiti%2FAlreadyAccepted&tiba=Already%20Accepted%20Page&auid=555677616.1667336558&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-916451471

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5fc36886cf90386b516f8278d9f7829d91791310c77a397dccb42bb0630924a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Nov 2022 21:02:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 981
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 178 KB
65 KB 27ms
24ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b1541e720931ef67a22dc9c8903745a1386d8d64b50c85ccb4609097b04b5330

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 01 Nov 2022 21:02:38 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 66676
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 01 Nov 2022 21:02:38 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 134 KB
52 KB 20ms
17ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8a225b331695be6d2dcaf986a87029c08acfc771931a36be20e2f49e71df8db3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 01 Nov 2022 21:02:38 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 52857
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 01 Nov 2022 21:02:38 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 134 KB
52 KB 25ms
22ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

382f80dd9dd38bde25bcff848b26ddb970c31edd26ff9df49463e6e5a335a993

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 01 Nov 2022 21:02:38 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 52820
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 01 Nov 2022 21:02:38 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 134 KB
52 KB 38ms
35ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

45a12adab3e96d6b4ff51be65f54e79768361648e54f0a83e74873e5c78ce379

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 01 Nov 2022 21:02:38 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 52820
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 01 Nov 2022 21:02:38 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 134 KB
52 KB 35ms
32ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9f85749273347f0cf3f6315dee5f65b49d8cf557869735aaa3b1741952c627af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 01 Nov 2022 21:02:38 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 52861
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 01 Nov 2022 21:02:38 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 134 KB
52 KB 55ms
52ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

898ee9707d3c58c731d20cc092795df77ca64e6ee200472eca32489d7c1f1a31

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 01 Nov 2022 21:02:38 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 52815
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 01 Nov 2022 21:02:38 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 134 KB
52 KB 48ms
46ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0d31064e0cc70aede8483046c4249686e0743ab81feb8b3aa5365cd7461a6ed7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 01 Nov 2022 21:02:38 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 52815
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 01 Nov 2022 21:02:38 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 178 KB
65 KB 49ms
47ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1c7550fa423f8809eca07f4b581bee242ba7e50c990c3bfbf7ed6672546490a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 01 Nov 2022 21:02:38 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 66820
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 01 Nov 2022 21:02:38 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/ 2 KB
1003 B 78ms
61ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1667336558436&cv=11&fst=1667336558436&bg=ffffff&guid=ON&async=1&gtm=2oaav0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fspecialoffers.citicards.com%2Fen%2FCiti%2FAlreadyAccepted&tiba=Already%20Accepted%20Page&auid=555677616.1667336558&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

98120587fcc6513181c688680e3933fb37dc58d28981eb8f838a95968bea4d4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Nov 2022 21:02:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 977
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/ 2 KB
1006 B 26ms
26ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1667336558501&cv=11&fst=1667336558501&bg=ffffff&guid=ON&async=1&gtm=2oaav0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fspecialoffers.citicards.com%2Fen%2FCiti%2FAlreadyAccepted&tiba=Already%20Accepted%20Page&auid=555677616.1667336558&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c3456c3df1b0ca8a83405485f5f958ccb69a0eb0189bc29ee55e251a2b2e4f0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Nov 2022 21:02:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 980
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/ 2 KB
1007 B 26ms
26ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1667336558518&cv=11&fst=1667336558518&bg=ffffff&guid=ON&async=1&gtm=2oaav0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fspecialoffers.citicards.com%2Fen%2FCiti%2FAlreadyAccepted&tiba=Already%20Accepted%20Page&auid=555677616.1667336558&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a7aeb6a29f43dbe3be71fa01c1c1c1c6e799f9b3eecc24f7a54bdb1c85c6559e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Nov 2022 21:02:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 981
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/ 2 KB
1004 B 62ms
62ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1667336558531&cv=11&fst=1667336558531&bg=ffffff&guid=ON&async=1&gtm=2oaav0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fspecialoffers.citicards.com%2Fen%2FCiti%2FAlreadyAccepted&tiba=Already%20Accepted%20Page&auid=555677616.1667336558&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffd53530eaceb04998885f7a240b6785efa493c6aaefb34d85f2a730f8a31531

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Nov 2022 21:02:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 980
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/ 2 KB
1001 B 27ms
26ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1667336558550&cv=11&fst=1667336558550&bg=ffffff&guid=ON&async=1&gtm=2oaav0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fspecialoffers.citicards.com%2Fen%2FCiti%2FAlreadyAccepted&tiba=Already%20Accepted%20Page&auid=555677616.1667336558&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7488ec38798662b2626a6c8fc426758cf2f30aaad9062d0156d63c104b14e5f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Nov 2022 21:02:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 977
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 11.ef6dd521fd8480c07042.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 61 KB
19 KB 36ms
30ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/11.ef6dd521fd8480c07042.chunk.js?Q_CLIENTVERSION=1.80.1&Q_CLIENTTYPE=web&Q_BRANDID=specialoffers.citicards.com

Requested by

Host: zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com
URL: https://zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_3VI8kkudS0JJRFc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fa7fa15c5459ddf8fe98d6236c629700c3b4979c5d379ba2985b6851c68d23d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 01 Nov 2022 21:02:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 439971
cf-polished: origSize=63601
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 25 Oct 2022 22:16:02 GMT
cf-bgj: minify
server: cloudflare
etag: W/"f871-184113784d0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 763792931fdb90fa-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin: *

GET
H2 200 /
www.google.com/pagead/1p-user-list/916451471/ 42 B
548 B 52ms
22ms Image
image/gif 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/916451471/?random=1667336558373&cv=11&fst=1667336400000&bg=ffffff&guid=ON&async=1&gtm=2oaav0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fspecialoffers.citicards.com%2Fen%2FCiti%2FAlreadyAccepted&tiba=Already%20Accepted%20Page&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=272347574&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Nov 2022 21:02:38 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/916451471/ 42 B
108 B 88ms
59ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/916451471/?random=1667336558373&cv=11&fst=1667336400000&bg=ffffff&guid=ON&async=1&gtm=2oaav0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fspecialoffers.citicards.com%2Fen%2FCiti%2FAlreadyAccepted&tiba=Already%20Accepted%20Page&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=272347574&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Nov 2022 21:02:38 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/ 2 KB
1007 B 26ms
26ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1667336558574&cv=11&fst=1667336558574&bg=ffffff&guid=ON&async=1&gtm=2oaav0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fspecialoffers.citicards.com%2Fen%2FCiti%2FAlreadyAccepted&tiba=Already%20Accepted%20Page&auid=555677616.1667336558&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0b0c5c95c464c999e945e82de4ac563b89fec1757f82d7d451e4bed3d8244f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Nov 2022 21:02:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 983
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/ 2 KB
1004 B 57ms
57ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1667336558587&cv=11&fst=1667336558587&bg=ffffff&guid=ON&async=1&gtm=2oaav0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fspecialoffers.citicards.com%2Fen%2FCiti%2FAlreadyAccepted&tiba=Already%20Accepted%20Page&auid=555677616.1667336558&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

961aded32f46bb3a2a9cb2ebc8972ed4c475eb2be1d497071cac3d16130a2f95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Nov 2022 21:02:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 980
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/ 2 KB
1007 B 27ms
27ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/?random=1667336558604&cv=11&fst=1667336558604&bg=ffffff&guid=ON&async=1&gtm=2oaav0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fspecialoffers.citicards.com%2Fen%2FCiti%2FAlreadyAccepted&tiba=Already%20Accepted%20Page&auid=555677616.1667336558&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bae13d4a488e76de80809350ecb57f29e083c42b727a3f765c85d228f97e8aa9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Nov 2022 21:02:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 983
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/830907969/ 42 B
64 B 40ms
22ms Image
image/gif 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/830907969/?random=1667336558501&cv=11&fst=1667336400000&bg=ffffff&guid=ON&async=1&gtm=2oaav0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fspecialoffers.citicards.com%2Fen%2FCiti%2FAlreadyAccepted&tiba=Already%20Accepted%20Page&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=416822017&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Nov 2022 21:02:38 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/830907969/ 42 B
108 B 21ms
20ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/830907969/?random=1667336558501&cv=11&fst=1667336400000&bg=ffffff&guid=ON&async=1&gtm=2oaav0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fspecialoffers.citicards.com%2Fen%2FCiti%2FAlreadyAccepted&tiba=Already%20Accepted%20Page&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=416822017&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Nov 2022 21:02:38 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/644574043/ 42 B
64 B 42ms
24ms Image
image/gif 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/644574043/?random=1667336558436&cv=11&fst=1667336400000&bg=ffffff&guid=ON&async=1&gtm=2oaav0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fspecialoffers.citicards.com%2Fen%2FCiti%2FAlreadyAccepted&tiba=Already%20Accepted%20Page&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1881583136&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Nov 2022 21:02:38 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/644574043/ 42 B
548 B 20ms
20ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/644574043/?random=1667336558436&cv=11&fst=1667336400000&bg=ffffff&guid=ON&async=1&gtm=2oaav0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fspecialoffers.citicards.com%2Fen%2FCiti%2FAlreadyAccepted&tiba=Already%20Accepted%20Page&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1881583136&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Nov 2022 21:02:38 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/960621875/ 42 B
64 B 40ms
23ms Image
image/gif 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/960621875/?random=1667336558550&cv=11&fst=1667336400000&bg=ffffff&guid=ON&async=1&gtm=2oaav0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fspecialoffers.citicards.com%2Fen%2FCiti%2FAlreadyAccepted&tiba=Already%20Accepted%20Page&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=265237733&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Nov 2022 21:02:38 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/960621875/ 42 B
108 B 21ms
21ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/960621875/?random=1667336558550&cv=11&fst=1667336400000&bg=ffffff&guid=ON&async=1&gtm=2oaav0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fspecialoffers.citicards.com%2Fen%2FCiti%2FAlreadyAccepted&tiba=Already%20Accepted%20Page&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=265237733&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Nov 2022 21:02:38 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/975701947/ 42 B
64 B 43ms
26ms Image
image/gif 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/975701947/?random=1667336558531&cv=11&fst=1667336400000&bg=ffffff&guid=ON&async=1&gtm=2oaav0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fspecialoffers.citicards.com%2Fen%2FCiti%2FAlreadyAccepted&tiba=Already%20Accepted%20Page&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1714172683&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Nov 2022 21:02:38 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/975701947/ 42 B
108 B 22ms
21ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/975701947/?random=1667336558531&cv=11&fst=1667336400000&bg=ffffff&guid=ON&async=1&gtm=2oaav0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fspecialoffers.citicards.com%2Fen%2FCiti%2FAlreadyAccepted&tiba=Already%20Accepted%20Page&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1714172683&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Nov 2022 21:02:38 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/695231162/ 42 B
64 B 42ms
26ms Image
image/gif 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/695231162/?random=1667336558518&cv=11&fst=1667336400000&bg=ffffff&guid=ON&async=1&gtm=2oaav0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fspecialoffers.citicards.com%2Fen%2FCiti%2FAlreadyAccepted&tiba=Already%20Accepted%20Page&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3171064749&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Nov 2022 21:02:38 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/695231162/ 42 B
108 B 20ms
20ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/695231162/?random=1667336558518&cv=11&fst=1667336400000&bg=ffffff&guid=ON&async=1&gtm=2oaav0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fspecialoffers.citicards.com%2Fen%2FCiti%2FAlreadyAccepted&tiba=Already%20Accepted%20Page&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3171064749&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Nov 2022 21:02:38 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 Targeting.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 8 KB
2 KB 45ms
45ms XHR
application/json 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_3VI8kkudS0JJRFc&Q_CLIENTVERSION=1.80.1&Q_CLIENTTYPE=web

Requested by

Host: siteintercept.qualtrics.com
URL: https://siteintercept.qualtrics.com/dxjsmodule/11.ef6dd521fd8480c07042.chunk.js?Q_CLIENTVERSION=1.80.1&Q_CLIENTTYPE=web&Q_BRANDID=specialoffers.citicards.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

56d0cbe9f22da664c0c4ec0958fdfea538da5fbab6a5ecba59b05840fc118521

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://specialoffers.citicards.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Tue, 01 Nov 2022 21:02:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://specialoffers.citicards.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
permissions-policy: camera=(), geolocation=(), microphone=()
trace-id: 976a5219ecea7a77
cf-ray: 7637929378be90fa-FRA
timing-allow-origin: *

GET
H3 200 /
www.google.com/pagead/1p-user-list/959299794/ 42 B
64 B 37ms
25ms Image
image/gif 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/959299794/?random=1667336558574&cv=11&fst=1667336400000&bg=ffffff&guid=ON&async=1&gtm=2oaav0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fspecialoffers.citicards.com%2Fen%2FCiti%2FAlreadyAccepted&tiba=Already%20Accepted%20Page&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3119686619&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Nov 2022 21:02:38 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/959299794/ 42 B
108 B 21ms
21ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/959299794/?random=1667336558574&cv=11&fst=1667336400000&bg=ffffff&guid=ON&async=1&gtm=2oaav0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fspecialoffers.citicards.com%2Fen%2FCiti%2FAlreadyAccepted&tiba=Already%20Accepted%20Page&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3119686619&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Nov 2022 21:02:38 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/10955006959/ 42 B
64 B 25ms
23ms Image
image/gif 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10955006959/?random=1667336558604&cv=11&fst=1667336400000&bg=ffffff&guid=ON&async=1&gtm=2oaav0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fspecialoffers.citicards.com%2Fen%2FCiti%2FAlreadyAccepted&tiba=Already%20Accepted%20Page&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2633411568&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Nov 2022 21:02:38 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/10955006959/ 42 B
108 B 21ms
21ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/10955006959/?random=1667336558604&cv=11&fst=1667336400000&bg=ffffff&guid=ON&async=1&gtm=2oaav0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fspecialoffers.citicards.com%2Fen%2FCiti%2FAlreadyAccepted&tiba=Already%20Accepted%20Page&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2633411568&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Nov 2022 21:02:38 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/819500023/ 42 B
64 B 22ms
22ms Image
image/gif 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/819500023/?random=1667336558587&cv=11&fst=1667336400000&bg=ffffff&guid=ON&async=1&gtm=2oaav0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fspecialoffers.citicards.com%2Fen%2FCiti%2FAlreadyAccepted&tiba=Already%20Accepted%20Page&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1235509659&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Nov 2022 21:02:38 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/819500023/ 42 B
64 B 44ms
26ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/819500023/?random=1667336558587&cv=11&fst=1667336400000&bg=ffffff&guid=ON&async=1&gtm=2oaav0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fspecialoffers.citicards.com%2Fen%2FCiti%2FAlreadyAccepted&tiba=Already%20Accepted%20Page&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1235509659&rmt_tld=1&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Nov 2022 21:02:38 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 CoreModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 102 KB
32 KB 40ms
40ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.80.1&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

20ee45b17985faa6172dc3930d47bb56303e3e9f4452e72e2c0feb9d562a081d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 01 Nov 2022 21:02:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 439954
cf-polished: origSize=105331
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 25 Oct 2022 22:16:02 GMT
cf-bgj: minify
server: cloudflare
etag: W/"19b73-184113784d0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 76379293c96290fa-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin: *

GET
H2 200 4.d66da9911972b1819cf8.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 2 KB
902 B 47ms
47ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/4.d66da9911972b1819cf8.chunk.js?Q_CLIENTVERSION=1.80.1&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback

Requested by

Host: zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com
URL: https://zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_3VI8kkudS0JJRFc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7ebed9bd6075e25e22437029df1d10c878b4a32b063ee5f36fc2bbe26cde7f6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 01 Nov 2022 21:02:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 439953
cf-polished: origSize=2539
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 25 Oct 2022 22:16:02 GMT
cf-bgj: minify
server: cloudflare
etag: W/"9eb-184113784d0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 763792942a2490fa-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin: *

GET
H2 200 1.9509091546eda6eef083.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 28 KB
7 KB 52ms
52ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/1.9509091546eda6eef083.chunk.js?Q_CLIENTVERSION=1.80.1&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback

Requested by

Host: zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com
URL: https://zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_3VI8kkudS0JJRFc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0198df44a72215a4ee34e27a97403d6494e0c2821aa7c06771109bc531ff46c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 01 Nov 2022 21:02:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 439951
cf-polished: origSize=29568
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 25 Oct 2022 22:16:02 GMT
cf-bgj: minify
server: cloudflare
etag: W/"7380-184113784d0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 763792942a2690fa-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin: *

GET
H2 200 FeedbackButtonModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 64 KB
23 KB 39ms
39ms Script
application/javascript 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/FeedbackButtonModule.js?Q_CLIENTVERSION=1.80.1&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2b5aceeabb3acd528746d88da082a178e77658bbeea164b0f382469c6e23b8de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 01 Nov 2022 21:02:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 439952
cf-polished: origSize=66295
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 25 Oct 2022 22:16:02 GMT
cf-bgj: minify
server: cloudflare
etag: W/"102f7-184113784d0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 763792942a2790fa-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin: *

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 5 KB
1 KB 75ms
52ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_0AioryRkl8bxHM2&Version=10&Q_ORIGIN=https://specialoffers.citicards.com&Q_CLIENTVERSION=1.80.1&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a2f7fba74d9a3aec8d2fe653a2cb1747b173ad828b7610a96b7d0662d9ebaa81

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

expires: Fri, 29 Oct 2032 10:01:53 GMT
date: Tue, 01 Nov 2022 21:02:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 39645
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 01 Nov 2022 10:01:53 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 763792944bd39085-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 2 KB
1 KB 67ms
44ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_6sPqDX4wKQujPO6&Version=1&Q_InterceptID=SI_0AioryRkl8bxHM2&Q_ORIGIN=https://specialoffers.citicards.com&Q_CLIENTVERSION=1.80.1&Q_CLIENTTYPE=web

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d606706bc014b445cce648ddb3b4a05c10e012317100eb36ef6080580515a0bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

expires: Fri, 29 Oct 2032 10:01:53 GMT
date: Tue, 01 Nov 2022 21:02:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 39645
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 01 Nov 2022 10:01:53 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 763792944bd79085-FRA
servershortname

GET
H2 200 Graphic.php
iad1.qualtrics.com/WRQualtricsSiteIntercept/ 2 KB
3 KB 53ms
18ms Image
image/png 88.221.169.119
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://iad1.qualtrics.com/WRQualtricsSiteIntercept/Graphic.php?IM=IM_2ghDuHHjeSOirNc

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

88.221.169.119 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a88-221-169-119.deploy.static.akamaitechnologies.com

Software

Resource Hash

25f4eeb23f67fe1d74534ed37230ecd54ab4f57524276970dcbeaaf3b0fc64f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Tue, 01 Nov 2022 21:02:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy-report-only: report-uri https://sjc1.qualtrics.com/csp-report
content-disposition: inline; filename=feedback.png
content-length: 2196
x-request-id: 64705a7f-914f-4148-b2c8-0897c03059b1
referrer-policy: strict-origin-when-cross-origin
etag: "e6ed675f115fb1568bb1aabc00aa3f30"
content-type: image/png
access-control-allow-origin: *
x-transaction-id: b8f6b5a0-80a3-4b2f-a55a-f9160a3014c6
cache-control: public, max-age=29
permissions-policy: camera=(), geolocation=(), microphone=()
x-robots-tag: noindex
expires: Tue, 01 Nov 2022 21:03:07 GMT

GET
H2 200 s3958018050981
metrics1.citi.com/b/ss/citinaprod/1/JS-2.0.0/ 43 B
347 B 21ms
20ms Image
image/gif 15.188.95.229
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://metrics1.citi.com/b/ss/citinaprod/1/JS-2.0.0/s3958018050981?AQB=1&ndh=1&pf=1&t=1%2F10%2F2022%2021%3A2%3A38%202%200&fid=1622BD552A30E03D-36324DB90C5D3844&ce=UTF-8&pageName=bonus%20rewards%20-%20offer%20already%20accepted&g=https%3A%2F%2Fspecialoffers.citicards.com%2Fen%2FCiti%2FAlreadyAccepted&c.&visitStart=1&.c&cc=USD&ch=us&c1=public&h1=us%2Fpublic%2Fcards%2Fspecial%20offers%2Facxiom&c2=cards&c3=special%20offers&c4=acxiom&c8=prelogin%20self%20service&c9=us&c11=english&c26=no%20value&v38=bonus%20rewards%20-%20offer%20already%20accepted&v52=no%20value&c59=acxiom_bonus_offer_already_accepted_cb&c61=20&c63=https%3A%2F%2Fspecialoffers.citicards.com%2Fen%2FCiti%2FAlreadyAccepted&c64=5%3A02PM&v64=5%3A02PM&c65=Tuesday&v65=Tuesday&c66=Tuesday%7C5%3A02PM&v67=New&v68=1&c69=not%20logged%20in&c73=578278%2C358910%2C624610%2C373773%2C622672%2C677895%2C494437%2C652314%2C593700%2C707461%2C729589%2C697723%2C663315%2C584566%2C729588%2C719651%2C729584%2C573017%2C522574%2C719654%2C588511%2C693696%2C552021%2C670807%2C632449%2C663310%2C522572%2C580663%2C626438%2C727563%2C663313%2C515853%2C522576%2C562734%2C725679%2C696250%2C582775%2C706463%2C507276%2C531459%2C593103%2C689979%2C632249%2C639140%2C600937%2C385436%2C716093%2C713661%2C565689%2C662152%2C727855%2C512346%2C693686%2C578262%2C692933%2C695962%2C692917%2C692919%2C729583%2C729586%2C727856%2C666421%2C692920%2C578343%2C599415%2C609397%2C629918%2C607856%2C388219%2C704091%2C359218%2C528144%2C572750%2C359214%2C486892%2C510670%2C369351&v73=medium%7C1600&v78=yes&v87=specialoffers.citicards.com&v96=cl%7Cbos%3Ana%7Cdsa%3Ana%7Cax%3Ano%20call%7Cdsr%3Ana%7Crf%3A-%7Ccms%3A-&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.188.95.229 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-95-229.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Nov 2022 21:02:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Wed, 02 Nov 2022 21:02:38 GMT
server: jag
etag: 3580577995975262208-4619655496754665170
vary: *
p3p: CP="This is not a P3P policy"
access-control-allow-origin: *
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0, no-transform, private
content-length: 43
x-xss-protection: 1; mode=block
expires: Mon, 31 Oct 2022 21:02:38 GMT

POST
H2 200 / Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 45 B
221 B 91ms
90ms XHR
text/plain 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_Impress=1&Q_CID=CR_6sPqDX4wKQujPO6&Q_SIID=SI_0AioryRkl8bxHM2&Q_ASID=AS_etUBT4QUD9Btyf4&Q_CLIENTVERSION=1.80.1&Q_CLIENTTYPE=web&r=1667336558876

Requested by

Host: siteintercept.qualtrics.com
URL: https://siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.80.1&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f47f21063dfdcbdeffed3d97689b45efae7a52401cd7fc5b8d07c42d2f232ab9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://specialoffers.citicards.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Tue, 01 Nov 2022 21:02:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: strict-origin-when-cross-origin
cf-cache-status: DYNAMIC
content-encoding: br
x-content-type-options: nosniff
server: cloudflare
vary: Accept-Encoding
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://specialoffers.citicards.com
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
permissions-policy: camera=(), geolocation=(), microphone=()
trace-id: c4a700eb98f7b58e
cf-ray: 763792950ccb9085-FRA

GET
H2 200 wr-dialog-close-btn-white.png
siteintercept.qualtrics.com/WRQualtricsShared/Graphics/siteintercept/ 254 B
549 B 67ms
66ms Image
image/png 104.17.208.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://siteintercept.qualtrics.com/WRQualtricsShared/Graphics/siteintercept/wr-dialog-close-btn-white.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.208.240 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cd5496f75a7c1029bc681f639794b83f034d5ecd884e8514ae12b13eee9eec70

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://specialoffers.citicards.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

expires: Thu, 26 Feb 2032 14:38:39 GMT
date: Tue, 01 Nov 2022 21:02:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 21277439
cf-polished: origSize=759
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
x-envoy-upstream-service-time: 5
content-length: 254
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 23 Feb 2022 00:33:55 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=315360000, public
accept-ranges: bytes
cf-ray: 763792950c1f90fa-FRA
trace-id: 7777a296f941d072
servershortname

Verdicts & Comments Add Verdict or Comment

76 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

29 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
specialoffers.citicards.com/	1969-12-31 23:59:59	Name: shell#lang Value: en
specialoffers.citicards.com/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: zsuvl1xr0bsbpr1k5yrw4mbl
specialoffers.citicards.com/	1970-01-20 07:08:57	Name: NSC_JO525birdkaiu4teumzzyxcquuh2lcE Value: 14b5a3d9d6f78340f5de7ac9fcda48513e66b2d1613f91cf47bb3f50e15aa9c8a89ab0a8
.citicards.com/	1969-12-31 23:59:59	Name: XCADC Value: 0bS6fA2tudfAD3vEtYWbV4Vk/c00003
specialoffers.citicards.com/	1969-12-31 23:59:59	Name: website#lang Value: en
specialoffers.citicards.com/	1969-12-31 23:59:59	Name: .ASPXAUTH Value: 81650B46C61C868DD530D297ACB2F31547CB766FC406CF4186445BC42E4E48BC16A8E4F8069D97DB17943756BA596A40832BBF9DBD3EC6F474252C035E71FAE5FF1DA57EC1F546FA50935D0ED8A75B2F705B273B365A5D3072B7A0993DB185B2C740D58B76BC32F1AC09427967D3AB1F205DBC205DEE5C603347FA86CB470FA8DDBF1B10469968522B51540D86909B90A50F108F573A5F1D
specialoffers.citicards.com/	1970-01-20 07:08:58	Name: 7830 Value: error
specialoffers.citicards.com/	1970-01-20 07:08:58	Name: 7018 Value:
specialoffers.citicards.com/	1970-01-20 09:18:32	Name: 64072 Value:
.demdex.net/	1970-01-20 11:28:08	Name: demdex Value: 05875566632583370962494897272154633426
.citicards.com/	1969-12-31 23:59:59	Name: at_check Value: true
.citicards.com/	1969-12-31 23:59:59	Name: AMCVS_61834D9B5228A7430A490D45%40AdobeOrg Value: 1
.citicards.com/	1970-01-20 09:18:32	Name: _gcl_au Value: 1.1.555677616.1667336558
.citi.com/	1970-01-20 16:44:56	Name: s_vi Value: [CS]v1\|31B0C4B6BB28442D-60000726E4CB561E[CE]
.citi.com/	1970-01-20 16:44:56	Name: s_ecid Value: MCMID%7C01094779162606609713115433074956176753
.everesttech.net/	1970-01-20 15:54:32	Name: everest_g_v2 Value: g_surferid~Y2GJbQAAALNA2QN-
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAA_-MSNjU0NjQwNzc3MjYwMzazMLQ0NxTiM9Qt8cipzDMxiTfOKrQEALM_u1YlAAAA
.rfihub.com/	1970-01-20 16:30:32	Name: rud Value: H4sIAAAAAAAA_-MSNjU0NjQwNzc3MjYwMzazMLQ0NxTiM9Qt8cipzDMxiTfOKrQEALM_u1YlAAAA
.dpm.demdex.net/	1970-01-20 11:28:08	Name: dpm Value: 05875566632583370962494897272154633426
.citicards.com/	1970-01-20 16:44:56	Name: AMCV_61834D9B5228A7430A490D45%40AdobeOrg Value: -330454231%7CMCIDTS%7C19298%7CMCMID%7C01094779162606609713115433074956176753%7CMCAAMLH-1667941357%7C6%7CMCAAMB-1667941357%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1667343757s%7CNONE%7CMCAID%7C31B0C4B6BB28442D-60000726E4CB561E%7CMCSYNCSOP%7C411-19305%7CvVersion%7C3.1.2
.citicorpcreditservic.tt.omtrdc.net/	1970-01-20 07:08:58	Name: citicorpcreditservic!mboxSession Value: b4bed3b978e1401b82bee275fffd7f86
.citicorpcreditservic.tt.omtrdc.net/	1970-01-20 16:44:56	Name: citicorpcreditservic!mboxPC Value: b4bed3b978e1401b82bee275fffd7f86.37_0
.citicards.com/	1970-01-20 07:09:01	Name: mboxEdgeCluster Value: 37
.citicards.com/	1970-01-20 16:44:56	Name: mbox Value: session#b4bed3b978e1401b82bee275fffd7f86#1667338419\|PC#b4bed3b978e1401b82bee275fffd7f86.37_0#1730581359
.doubleclick.net/	1970-01-20 16:30:32	Name: IDE Value: AHWqTUk2wjrLtE7OqC8qb4z5z-vrCUeZ-ogjqdyz5Sabpu8A9eQTjPGjswqGSkY8
.citicards.com/	1970-01-20 16:44:56	Name: s_fid Value: 1622BD552A30E03D-36324DB90C5D3844
.citicards.com/	1970-01-20 16:44:56	Name: s_pers Value: %20gpv_p7%3Dbonus%2520rewards%2520-%2520offer%2520already%2520accepted%7C1667338358845%3B%20s_visit%3D1%7C1667338358846%3B%20s_vnum%3D1669852800847%2526vn%253D1%7C1669852800847%3B%20s_invisit%3Dtrue%7C1667338358847%3B%20s_nr%3D1667336558849-New%7C1825016558849%3B
.citicards.com/	1969-12-31 23:59:59	Name: s_sess Value: %20SC_LINKS%3D%3B%20s_vstart%3D1667336558851%3B
.citicards.com/	1969-12-31 23:59:59	Name: s_cc Value: true

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://cdn.pbbl.co/r/1560.js Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709 Message: Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=157680000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

20766699p.rfihub.com
c1.rfihub.net
cdn.pbbl.co
citi.demdex.net
citicorpcreditservic.tt.omtrdc.net
click.info15.citi.com
cm.everesttech.net
dpm.demdex.net
googleads.g.doubleclick.net
iad1.qualtrics.com
metrics1.citi.com
nexus.ensighten.com
siteintercept.qualtrics.com
specialoffers.citicards.com
sr.rlcdn.com
www.google.com
www.google.de
www.googletagmanager.com
zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com
104.17.208.240
104.17.209.240
13.111.71.127
15.188.95.229
15.236.176.210
18.66.122.116
193.0.160.128
198.160.105.75
2600:9000:248c:7200:1:76cf:fe80:93a1
2a00:1450:4001:801::2002
2a00:1450:4001:80b::2004
2a00:1450:4001:82a::2008
2a00:1450:4001:82f::2003
35.190.60.146
52.19.103.22
52.212.76.227
52.84.174.105
88.221.169.119
99.81.236.184
0074948613289358bea8b2caa28def73c40bc6fc084ec8b81efb70fc30132278
0198df44a72215a4ee34e27a97403d6494e0c2821aa7c06771109bc531ff46c0
045cd226594cb32ddf9d4db8ee45611f4d0788675ae50180b68da975e66fe1fe
08f0cf1b0d701e0460fb618191b30ad16244e5ae8c39b77f155ead956beeedd4
0c5501be4076f83d680144fb5bafd0ba3a17230cab93e680dbfc3892f52286d9
0c5ed985fdbddc027124d4e6879ce1a1860832cda85e2b517c18d8fbd2fffc06
0d31064e0cc70aede8483046c4249686e0743ab81feb8b3aa5365cd7461a6ed7
11c366a18d5bd7da2358a19981074e313823877417cd7b1592c854c803b7ed77
1243ffed4530d6d237dd040101bf2933687f6e9272b10132060115058f914206
16a787074ffc149acee9d02b9715f5ca61a252ab16f26cd21ddccfffc24c9654
1c7550fa423f8809eca07f4b581bee242ba7e50c990c3bfbf7ed6672546490a6
20ee45b17985faa6172dc3930d47bb56303e3e9f4452e72e2c0feb9d562a081d
243bcd026cce66d7fda39e0376596c57802bc4136e4f273a661a39c3e9674b7c
25f4eeb23f67fe1d74534ed37230ecd54ab4f57524276970dcbeaaf3b0fc64f9
2b5aceeabb3acd528746d88da082a178e77658bbeea164b0f382469c6e23b8de
31ea009da5fe3e10c8e37327c112e02559af3b0eeef89f1d814b3b985e02eb38
382f80dd9dd38bde25bcff848b26ddb970c31edd26ff9df49463e6e5a335a993
45a12adab3e96d6b4ff51be65f54e79768361648e54f0a83e74873e5c78ce379
47b27bd8c4abc9012f01d108ba6aad324f2c737ff737700415b824fa95ffffc8
4af8a6ebc8da1ba09cf8e899963088618abea5a0769ee592e74d8b54a42bb384
50981e218a3fd3dc86c187e19c6912fcd889b768f47d848d0f5bb8a9711ec221
53fe81e1e164379abff662ffce23f24017faaa984b43cecc4690e69453a5b047
56d0cbe9f22da664c0c4ec0958fdfea538da5fbab6a5ecba59b05840fc118521
5fc36886cf90386b516f8278d9f7829d91791310c77a397dccb42bb0630924a3
6d50a613036a81d1dd30f397a5ddefb75a383de3573ec01b9c1020c1c9441b52
7488ec38798662b2626a6c8fc426758cf2f30aaad9062d0156d63c104b14e5f3
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7ebed9bd6075e25e22437029df1d10c878b4a32b063ee5f36fc2bbe26cde7f6d
7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f
898ee9707d3c58c731d20cc092795df77ca64e6ee200472eca32489d7c1f1a31
89fd5f0e763ee65f6cffc3f1f7501bcd5dd01a1145b1ec595323b642f60711fd
8a225b331695be6d2dcaf986a87029c08acfc771931a36be20e2f49e71df8db3
8f5455cae2a27c21e60b06335301f8e6946bccaf2f57b69cbfa19ec27718579d
924a81ffb705b704d1e4160fd1fc1de6c60ff8a747ac895045b1cbac883c6079
961aded32f46bb3a2a9cb2ebc8972ed4c475eb2be1d497071cac3d16130a2f95
98120587fcc6513181c688680e3933fb37dc58d28981eb8f838a95968bea4d4f
9a74546a8f511f31b5252f115d2db7aa69370ca5eeaf6828f60abb197f35a169
9d344eb07d6faf04053eca79fe6d253c02fe29f1bb778f4aeffc166fd4872276
9f85749273347f0cf3f6315dee5f65b49d8cf557869735aaa3b1741952c627af
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a2f7fba74d9a3aec8d2fe653a2cb1747b173ad828b7610a96b7d0662d9ebaa81
a7aeb6a29f43dbe3be71fa01c1c1c1c6e799f9b3eecc24f7a54bdb1c85c6559e
b1541e720931ef67a22dc9c8903745a1386d8d64b50c85ccb4609097b04b5330
ba7fd38600c6c271afd1e3b593f33ec9c2177252ab15109ad99717bc6d58a6a7
bae13d4a488e76de80809350ecb57f29e083c42b727a3f765c85d228f97e8aa9
bbfca0a1b4b8df35c0a0ab9a6325eca549e9b7e5774fd4eb10eba866411c7322
bf8892a953595eb96b9ca68c5756849d404115dcf2ee9bf87e8b4e7b3cf8e650
c30bce3a032d8984d3ce025546ba163a83de00e90ebaf2610e5fee751f147889
c3456c3df1b0ca8a83405485f5f958ccb69a0eb0189bc29ee55e251a2b2e4f0c
c437eb764a99e6cd5172d63c3fae564bbc51eda4981058d5edebd2bf0700eb76
cd5496f75a7c1029bc681f639794b83f034d5ecd884e8514ae12b13eee9eec70
d0b0c5c95c464c999e945e82de4ac563b89fec1757f82d7d451e4bed3d8244f2
d140961b4bd4b8aee9d60f3cec65e515b79064ee8d35cd4b70fb7f51eb37e40b
d2751a84e6a70913798dd8b2aede47ab49b7a701618cd151d89755638f71aa02
d606706bc014b445cce648ddb3b4a05c10e012317100eb36ef6080580515a0bc
dd97d125df6859c393414f45f0de0ba246c0c5366471190d6626df1de4b63bdf
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296
f47f21063dfdcbdeffed3d97689b45efae7a52401cd7fc5b8d07c42d2f232ab9
f661da3e963fdb1822bde397273373e018df5e88418a76541ede82c3a579f458
fa7fa15c5459ddf8fe98d6236c629700c3b4979c5d379ba2985b6851c68d23d6
fb4f6c10aac535d58e871112379d0b32fc841bd29313511b75b2ebc87f350c8e
ffd53530eaceb04998885f7a240b6785efa493c6aaefb34d85f2a730f8a31531

specialoffers.citicards.com Open in urlscan Pro 198.160.105.75 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

86 Requests

95 %HTTPS

26 %IPv6

15 Domains

19 Subdomains

17 IPs

5 Countries

1153 kBTransfer

3156 kBSize

29 Cookies

5 Outgoing links

Page URL History

Redirected requests

86 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

specialoffers.citicards.com Open in urlscan Pro
198.160.105.75 Public Scan

Screenshot
Live screenshot

Full Image

86
Requests

95 %
HTTPS

26 %
IPv6

15
Domains

19
Subdomains

17
IPs

5
Countries

1153 kB
Transfer

3156 kB
Size

29
Cookies

86 HTTP transactions
0 data transactions