urlscan.io logo urlscan.io
SecurityTrails logo

www.cevik.dev Open in urlscan Pro
213.238.183.89  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://www.cevik.dev/
Effective URL: https://www.cevik.dev/verify/login.php
Submission: On October 11 via api from TR — Scanned from IT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 15 IPs in 4 countries across 14 domains to perform 91 HTTP transactions. The main IP is 213.238.183.89, located in Turkey and belongs to CENUTA, TR. The main domain is www.cevik.dev.
TLS certificate: Issued by R11 on September 27th 2024. Valid for: 3 months.
This is the only time www.cevik.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citibank (Banking)

Domain & IP information

IP Address AS Autonomous System
21 213.238.183.89 213252 (CENUTA)
1 3 18.203.182.207 16509 (AMAZON-02)
7 18.239.18.30 16509 (AMAZON-02)
1 52.210.48.33 16509 (AMAZON-02)
1 63.140.62.27 16509 (AMAZON-02)
1 1 52.18.168.199 16509 (AMAZON-02)
1 66.235.152.221 16509 (AMAZON-02)
1 143.204.215.39 16509 (AMAZON-02)
15 172.217.16.200 15169 (GOOGLE)
1 193.0.160.131 54312 (ROCKETFUEL)
10 104.17.208.240 13335 (CLOUDFLAR...)
1 35.244.154.8 15169 (GOOGLE)
12 142.250.185.194 15169 (GOOGLE)
12 142.250.181.226 15169 (GOOGLE)
5 142.250.185.68 15169 (GOOGLE)
91 15
21    213.238.183.89 (Turkey)

ASN213252 (CENUTA, TR)
PTR: 89.183.238.213.static.cenuta.com
www.cevik.dev
3    18.203.182.207 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-203-182-207.eu-west-1.compute.amazonaws.com
dpm.demdex.net
7    18.239.18.30 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-239-18-30.ams58.r.cloudfront.net
nexus.ensighten.com
1    52.210.48.33 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-210-48-33.eu-west-1.compute.amazonaws.com
citi.demdex.net
1    63.140.62.27 (United States)

ASN16509 (AMAZON-02, US)
PTR: ip-63-140-62-27.data.adobedc.net
metrics1.citi.com
1    52.18.168.199 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-18-168-199.eu-west-1.compute.amazonaws.com
cm.everesttech.net
1    66.235.152.221 (United States)

ASN16509 (AMAZON-02, US)
PTR: ip-66-235-152-221.data.adobedc.net
citicorpcreditservic.tt.omtrdc.net
1    143.204.215.39 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-39.fra53.r.cloudfront.net
c1.rfihub.net
15    172.217.16.200 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s65-in-f8.1e100.net
www.googletagmanager.com
1    193.0.160.131 (United States)

ASN54312 (ROCKETFUEL, US)
20766699p.rfihub.com
10    104.17.208.240 (None, )

ASN13335 (CLOUDFLARENET, US)
zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com
siteintercept.qualtrics.com
1    35.244.154.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.154.244.35.bc.googleusercontent.com
sr.rlcdn.com
12    142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net
googleads.g.doubleclick.net
12    142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net
td.doubleclick.net
5    142.250.185.68 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f4.1e100.net
www.google.com
Apex Domain
Subdomains		 Transfer
24 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 42
td.doubleclick.net — Cisco Umbrella Rank: 192
15 KB
21 cevik.dev
www.cevik.dev
798 KB
15 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
1 MB
10 qualtrics.com
zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com — Cisco Umbrella Rank: 34896
siteintercept.qualtrics.com — Cisco Umbrella Rank: 835
98 KB
7 ensighten.com
nexus.ensighten.com — Cisco Umbrella Rank: 4670
64 KB
5 google.com
www.google.com — Cisco Umbrella Rank: 3
887 B
4 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 243
citi.demdex.net — Cisco Umbrella Rank: 34743
2 KB
1 rlcdn.com
sr.rlcdn.com — Cisco Umbrella Rank: 31003
1 rfihub.com
20766699p.rfihub.com — Cisco Umbrella Rank: 144366
1 rfihub.net
c1.rfihub.net — Cisco Umbrella Rank: 4780
6 KB
1 omtrdc.net
citicorpcreditservic.tt.omtrdc.net — Cisco Umbrella Rank: 25963
913 B
1 everesttech.net
cm.everesttech.net — Cisco Umbrella Rank: 1371
490 B
1 citi.com
metrics1.citi.com — Cisco Umbrella Rank: 18657
460 B
0 amazon-adsystem.com Failed
s.amazon-adsystem.com — Cisco Umbrella Rank: 352 Failed
91 14
Domain Requested by
21 www.cevik.dev www.cevik.dev
15 www.googletagmanager.com www.cevik.dev
www.googletagmanager.com
12 td.doubleclick.net www.googletagmanager.com
12 googleads.g.doubleclick.net www.googletagmanager.com
9 siteintercept.qualtrics.com zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com
siteintercept.qualtrics.com
7 nexus.ensighten.com www.cevik.dev
5 www.google.com
3 dpm.demdex.net 1 redirects www.cevik.dev
1 sr.rlcdn.com nexus.ensighten.com
1 zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com nexus.ensighten.com
1 20766699p.rfihub.com c1.rfihub.net
1 c1.rfihub.net nexus.ensighten.com
1 citicorpcreditservic.tt.omtrdc.net www.cevik.dev
1 cm.everesttech.net 1 redirects
1 metrics1.citi.com www.cevik.dev
1 citi.demdex.net www.cevik.dev
0 s.amazon-adsystem.com Failed
91 17

This site contains no links.

Subject Issuer Validity Valid
cevik.dev
R11		 2024-09-27 -
2024-12-26		 3 months crt.sh
nexus.ensighten.com
Amazon RSA 2048 M03		 2024-08-29 -
2025-09-28		 a year crt.sh
*.demdex.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-09-25 -
2025-10-26		 a year crt.sh
metrics1.citi.com
DigiCert EV RSA CA G2		 2024-07-01 -
2025-08-01		 a year crt.sh
*.tt.omtrdc.net
DigiCert TLS RSA SHA256 2020 CA1		 2024-02-26 -
2025-03-28		 a year crt.sh
*.rfihub.net
Amazon RSA 2048 M03		 2024-09-30 -
2025-10-29		 a year crt.sh
*.google-analytics.com
WR2		 2024-09-24 -
2024-12-17		 3 months crt.sh
*.rfihub.com
Sectigo RSA Domain Validation Secure Server CA		 2024-04-08 -
2025-04-27		 a year crt.sh
*.qualtrics.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-03-27 -
2025-02-19		 a year crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2024-02-06 -
2025-03-05		 a year crt.sh
*.g.doubleclick.net
WR2		 2024-09-24 -
2024-12-17		 3 months crt.sh
*.doubleclick.net
WR2		 2024-09-24 -
2024-12-17		 3 months crt.sh
www.google.com
WR2		 2024-09-24 -
2024-12-17		 3 months crt.sh

This page contains 16 frames:

Primary Page: https://www.cevik.dev/verify/login.php
Frame ID: 18B829CAD19629D3A9AE782345F6CA38
Requests: 76 HTTP requests in this frame

Frame: https://citi.demdex.net/dest5.html?d_nsid=0
Frame ID: D05E1302915B3BAEC36F0E550398F7FF
Requests: 1 HTTP requests in this frame

Frame: https://20766699p.rfihub.com/ca.html?ver=9&ra=126&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&pf=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&ra=3366642338878276
Frame ID: 3143372FE2E0325962EBDE68F0E0B903
Requests: 1 HTTP requests in this frame

Frame: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Frame ID: AB1B22FEDCC696B93DCBCDBF16C3AE2B
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/916451471?random=1728618860352&cv=11&fst=1728618860352&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v867929579za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&ref=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&hn=www.googleadservices.com&frm=0&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&npa=0&pscdl=noapi&auid=372054761.1728618860&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Frame ID: 574215EB9013D1AD9E98D9A5AB94C9DA
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/11474974432?random=1728618860374&cv=11&fst=1728618860374&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v867929579za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&ref=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&hn=www.googleadservices.com&frm=0&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&npa=0&pscdl=noapi&auid=372054761.1728618860&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Frame ID: C17371A9BC7680A21B61728BF3EAF396
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/960621875?random=1728618860544&cv=11&fst=1728618860544&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90za200zb9180781895&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685~101836705&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&ref=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&hn=www.googleadservices.com&frm=0&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&npa=0&pscdl=noapi&auid=372054761.1728618860&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Frame ID: 52D3D7FEED23320F22C1BDA62B0CF4E6
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/819500023?random=1728618860614&cv=11&fst=1728618860614&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9103212889za200zb9180781895&gcd=13l3l3l3l1l1&dma=0&tag_exp=101529666~101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&ref=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&hn=www.googleadservices.com&frm=0&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&npa=0&pscdl=noapi&auid=372054761.1728618860&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Frame ID: CA891D6FAF7EEEB12462135F08A654BC
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/695231162?random=1728618860656&cv=11&fst=1728618860656&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90za200zb9180781895&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&ref=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&hn=www.googleadservices.com&frm=0&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&npa=0&pscdl=noapi&auid=372054761.1728618860&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Frame ID: 2CAC4FC12640B2226D70E1D91CE4D4B6
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/975701947?random=1728618860696&cv=11&fst=1728618860696&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v890809048za200zb9180781895&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533421~101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&ref=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&hn=www.googleadservices.com&frm=0&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&npa=0&pscdl=noapi&auid=372054761.1728618860&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Frame ID: 573EDF6ED7AC1631C4306F1751CEEC15
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/830907969?random=1728618860737&cv=11&fst=1728618860737&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9103109856za200zb9180781895&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&ref=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&hn=www.googleadservices.com&frm=0&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&npa=0&pscdl=noapi&auid=372054761.1728618860&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Frame ID: 9C634180342EEDFA0997D7B97386E474
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/644574043?random=1728618860784&cv=11&fst=1728618860784&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v896983788za200zb9180781895&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&ref=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&hn=www.googleadservices.com&frm=0&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&npa=0&pscdl=noapi&auid=372054761.1728618860&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Frame ID: DA667F70AB7838D816B8281B7EC35CEE
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/10955006959?random=1728618860826&cv=11&fst=1728618860826&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v891068819za200zb9180781895&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&ref=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&hn=www.googleadservices.com&frm=0&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&npa=0&pscdl=noapi&auid=372054761.1728618860&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Frame ID: 997F0766BBA39D00A9CA7DA765152B0E
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/959299794?random=1728618860884&cv=11&fst=1728618860884&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v868557816za200zb9180781895&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&ref=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&hn=www.googleadservices.com&frm=0&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&npa=0&pscdl=noapi&auid=372054761.1728618860&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Frame ID: 175793D28352F88CFFB0371F2759551F
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/658128868?random=1728618860913&cv=11&fst=1728618860913&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v868557816za200zb9180781895&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&ref=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&hn=www.googleadservices.com&frm=0&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&npa=0&pscdl=noapi&auid=372054761.1728618860&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Frame ID: 0D37A61F89CC54534B4D270610461277
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/11172302925?random=1728618860937&cv=11&fst=1728618860937&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9136005172za200zb9180781895&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&ref=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&hn=www.googleadservices.com&frm=0&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&npa=0&pscdl=noapi&auid=372054761.1728618860&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Frame ID: 1CEA44D3F48F323116B0254EAEBD36A7
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign On to Your Citi Account - Citibank

Page URL History Show full URLs

  1. http://www.cevik.dev/ HTTP 307
    https://www.cevik.dev/ Page URL
  2. https://www.cevik.dev/verify/index.php Page URL
  3. https://www.cevik.dev/verify/login.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • //nexus\.ensighten\.com/
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

91
Requests

97 %
HTTPS

0 %
IPv6

14
Domains

17
Subdomains

15
IPs

4
Countries

2284 kB
Transfer

7086 kB
Size

19
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.cevik.dev/ HTTP 307
    https://www.cevik.dev/ Page URL
  2. https://www.cevik.dev/verify/index.php Page URL
  3. https://www.cevik.dev/verify/login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://www.cevik.dev/ HTTP 307
  • https://www.cevik.dev/
Request Chain 12
  • https://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1728618858379 HTTP 302
  • https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1728618858379
Request Chain 24
  • https://cm.everesttech.net/cm/dd?d_uuid=87083073922005263021024912409994560269 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZwihawAAAGbTLAN-
Request Chain 41
  • https://s.amazon-adsystem.com/iu3?pid=c3702eea-109e-48b0-9ef4-c856bdd405e2&event=PageView HTTP 302
  • https://s.amazon-adsystem.com/iu3?pid=c3702eea-109e-48b0-9ef4-c856bdd405e2&event=PageView&dcc=t

91 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
www.cevik.dev/
Redirect Chain
  • http://www.cevik.dev/
  • https://www.cevik.dev/
61 B
312 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.cevik.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
213.238.183.89 , Turkey, ASN213252 (CENUTA, TR),
Reverse DNS
89.183.238.213.static.cenuta.com
Software
/ PHP/5.6.40
Resource Hash
e1b476f54423923e3d9dc3b56bf8082b83a5224a3e9a3c6e833bb98e04f79114

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding
br
content-length
58
content-type
text/html; charset=UTF-8
date
Fri, 11 Oct 2024 03:54:16 GMT
vary
Accept-Encoding
x-powered-by
PHP/5.6.40

Redirect headers

Cross-Origin-Resource-Policy
Cross-Origin
Location
https://www.cevik.dev/
Non-Authoritative-Reason
HSTS
index.php
www.cevik.dev/verify/ 		53 B
88 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.cevik.dev/verify/index.php
Requested by
Host: www.cevik.dev
URL: https://www.cevik.dev/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
213.238.183.89 , Turkey, ASN213252 (CENUTA, TR),
Reverse DNS
89.183.238.213.static.cenuta.com
Software
/ PHP/5.6.40
Resource Hash

Request headers

Referer
https://www.cevik.dev/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

content-encoding
br
content-length
51
content-type
text/html; charset=UTF-8
date
Fri, 11 Oct 2024 03:54:16 GMT
vary
Accept-Encoding
x-powered-by
PHP/5.6.40
Primary Request login.php
www.cevik.dev/verify/ 		371 KB
38 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.cevik.dev/verify/login.php
Requested by
Host: www.cevik.dev
URL: https://www.cevik.dev/verify/index.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
213.238.183.89 , Turkey, ASN213252 (CENUTA, TR),
Reverse DNS
89.183.238.213.static.cenuta.com
Software
/ PHP/5.6.40
Resource Hash
ae741a6e8123b9c3cedadb693325a0c0db7cb60d4b82bd01b06d4bec70410143

Request headers

Referer
https://www.cevik.dev/verify/index.php
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

content-encoding
br
content-type
text/html; charset=UTF-8
date
Fri, 11 Oct 2024 03:54:16 GMT
vary
Accept-Encoding
x-powered-by
PHP/5.6.40
Bootstrap.js
www.cevik.dev/verify/js/ 		280 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.cevik.dev/verify/js/Bootstrap.js
Requested by
Host: www.cevik.dev
URL: https://www.cevik.dev/verify/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
213.238.183.89 , Turkey, ASN213252 (CENUTA, TR),
Reverse DNS
89.183.238.213.static.cenuta.com
Software
/
Resource Hash
c73e69a929ce513e05bba4a3359296cf41064aaff3355d900b971ca39175a935

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/verify/login.php

Response headers

cache-control
public, max-age=604800
content-encoding
br
expires
Fri, 18 Oct 2024 03:54:17 GMT
accept-ranges
bytes
content-length
90196
date
Fri, 11 Oct 2024 03:54:17 GMT
content-type
application/javascript
last-modified
Wed, 09 Jun 2021 13:44:56 GMT
vary
Accept-Encoding
Interstate-Light.woff
www.cevik.dev/verify/css/ 		74 KB
74 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.cevik.dev/verify/css/Interstate-Light.woff
Requested by
Host: www.cevik.dev
URL: https://www.cevik.dev/verify/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
213.238.183.89 , Turkey, ASN213252 (CENUTA, TR),
Reverse DNS
89.183.238.213.static.cenuta.com
Software
/
Resource Hash
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.cevik.dev
Referer
https://www.cevik.dev/verify/login.php

Response headers

expires
Fri, 18 Oct 2024 03:54:17 GMT
accept-ranges
bytes
cache-control
public, max-age=604800
content-length
75538
date
Fri, 11 Oct 2024 03:54:17 GMT
content-type
font/woff
last-modified
Wed, 09 Jun 2021 13:29:36 GMT
Interstate-Bold.woff
www.cevik.dev/verify/css/ 		70 KB
70 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.cevik.dev/verify/css/Interstate-Bold.woff
Requested by
Host: www.cevik.dev
URL: https://www.cevik.dev/verify/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
213.238.183.89 , Turkey, ASN213252 (CENUTA, TR),
Reverse DNS
89.183.238.213.static.cenuta.com
Software
/
Resource Hash
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.cevik.dev
Referer
https://www.cevik.dev/verify/login.php

Response headers

expires
Fri, 18 Oct 2024 03:54:17 GMT
accept-ranges
bytes
cache-control
public, max-age=604800
content-length
71874
date
Fri, 11 Oct 2024 03:54:17 GMT
content-type
font/woff
last-modified
Wed, 09 Jun 2021 13:29:34 GMT
Interstate-Regular.woff
www.cevik.dev/verify/css/ 		77 KB
77 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.cevik.dev/verify/css/Interstate-Regular.woff
Requested by
Host: www.cevik.dev
URL: https://www.cevik.dev/verify/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
213.238.183.89 , Turkey, ASN213252 (CENUTA, TR),
Reverse DNS
89.183.238.213.static.cenuta.com
Software
/
Resource Hash
045cd226594cb32ddf9d4db8ee45611f4d0788675ae50180b68da975e66fe1fe

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.cevik.dev
Referer
https://www.cevik.dev/verify/login.php

Response headers

expires
Fri, 18 Oct 2024 03:54:17 GMT
accept-ranges
bytes
cache-control
public, max-age=604800
content-length
78762
date
Fri, 11 Oct 2024 03:54:17 GMT
content-type
font/woff
last-modified
Wed, 09 Jun 2021 13:29:38 GMT
styles.css
www.cevik.dev/verify/css/ 		1 MB
143 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.cevik.dev/verify/css/styles.css
Requested by
Host: www.cevik.dev
URL: https://www.cevik.dev/verify/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
213.238.183.89 , Turkey, ASN213252 (CENUTA, TR),
Reverse DNS
89.183.238.213.static.cenuta.com
Software
/
Resource Hash
70f3cacfaa80a9d270cf98ce26fef532b1004bc471a20611f35bc70cd6d8d899

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/verify/login.php

Response headers

cache-control
public, max-age=604800
content-encoding
br
expires
Fri, 18 Oct 2024 03:54:17 GMT
accept-ranges
bytes
content-length
146691
date
Fri, 11 Oct 2024 03:54:17 GMT
content-type
text/css
last-modified
Sun, 13 Jun 2021 07:04:20 GMT
vary
Accept-Encoding
citipridelogo.jpg
www.cevik.dev/verify/css/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cevik.dev/verify/css/citipridelogo.jpg
Requested by
Host: www.cevik.dev
URL: https://www.cevik.dev/verify/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
213.238.183.89 , Turkey, ASN213252 (CENUTA, TR),
Reverse DNS
89.183.238.213.static.cenuta.com
Software
/
Resource Hash
f94cb7cab7413f3e828c469111e3f9ee7bf21ac163cea343be2cdef866160d40

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/verify/login.php

Response headers

expires
Fri, 18 Oct 2024 03:54:17 GMT
accept-ranges
bytes
cache-control
public, max-age=604800
content-length
2658
date
Fri, 11 Oct 2024 03:54:17 GMT
content-type
image/jpeg
last-modified
Wed, 09 Jun 2021 13:03:50 GMT
050-location@2x.svg
www.cevik.dev/verify/css/ 		2 KB
767 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cevik.dev/verify/css/050-location@2x.svg
Requested by
Host: www.cevik.dev
URL: https://www.cevik.dev/verify/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
213.238.183.89 , Turkey, ASN213252 (CENUTA, TR),
Reverse DNS
89.183.238.213.static.cenuta.com
Software
/
Resource Hash
6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/verify/login.php

Response headers

cache-control
public, max-age=604800
content-encoding
br
expires
Fri, 18 Oct 2024 03:54:17 GMT
accept-ranges
bytes
content-length
701
date
Fri, 11 Oct 2024 03:54:17 GMT
content-type
image/svg+xml
last-modified
Wed, 09 Jun 2021 13:29:00 GMT
vary
Accept-Encoding
icon_globe_med-grey@2x.svg
www.cevik.dev/verify/css/ 		3 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cevik.dev/verify/css/icon_globe_med-grey@2x.svg
Requested by
Host: www.cevik.dev
URL: https://www.cevik.dev/verify/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
213.238.183.89 , Turkey, ASN213252 (CENUTA, TR),
Reverse DNS
89.183.238.213.static.cenuta.com
Software
/
Resource Hash
a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/verify/login.php

Response headers

cache-control
public, max-age=604800
content-encoding
br
expires
Fri, 18 Oct 2024 03:54:17 GMT
accept-ranges
bytes
content-length
1371
date
Fri, 11 Oct 2024 03:54:17 GMT
content-type
image/svg+xml
last-modified
Wed, 09 Jun 2021 13:29:14 GMT
vary
Accept-Encoding
320_Citi-PLT@3x.png
www.cevik.dev/verify/css/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cevik.dev/verify/css/320_Citi-PLT@3x.png
Requested by
Host: www.cevik.dev
URL: https://www.cevik.dev/verify/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
213.238.183.89 , Turkey, ASN213252 (CENUTA, TR),
Reverse DNS
89.183.238.213.static.cenuta.com
Software
/
Resource Hash
f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/verify/login.php

Response headers

expires
Fri, 18 Oct 2024 03:54:17 GMT
accept-ranges
bytes
cache-control
public, max-age=604800
content-length
11562
date
Fri, 11 Oct 2024 03:54:17 GMT
content-type
image/png
last-modified
Wed, 09 Jun 2021 13:03:40 GMT
1440_Citi-PLT@3x.png
www.cevik.dev/verify/css/ 		27 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cevik.dev/verify/css/1440_Citi-PLT@3x.png
Requested by
Host: www.cevik.dev
URL: https://www.cevik.dev/verify/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
213.238.183.89 , Turkey, ASN213252 (CENUTA, TR),
Reverse DNS
89.183.238.213.static.cenuta.com
Software
/
Resource Hash
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/verify/login.php

Response headers

expires
Fri, 18 Oct 2024 03:54:17 GMT
accept-ranges
bytes
cache-control
public, max-age=604800
content-length
28149
date
Fri, 11 Oct 2024 03:54:17 GMT
content-type
image/png
last-modified
Wed, 09 Jun 2021 13:03:34 GMT
rd
dpm.demdex.net/id/
Redirect Chain
  • https://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1728618858379
  • https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1728618858379
363 B
908 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1728618858379
Requested by
Host: www.cevik.dev
URL: https://www.cevik.dev/verify/login.php
Protocol
H2
Server
18.203.182.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-203-182-207.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
532bed584fc4f54a77bb2edfd11b1a9d4d1052480e2301c43ffd836ec7be6225
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
dcs
dcs-prod-irl1-1-v066-071001046.edge-irl1.demdex.com 1 ms
content-encoding
gzip
pragma
no-cache
access-control-allow-credentials
true
x-tid
IL7OchanQqM=
expires
Thu, 01 Jan 1970 00:00:00 UTC
access-control-allow-origin
https://www.cevik.dev
content-length
306
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date
Fri, 11 Oct 2024 03:54:18 GMT
content-type
application/json;charset=utf-8
vary
Origin

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
location
https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1728618858379
dcs
dcs-prod-irl1-2-v066-0c93bf567.edge-irl1.demdex.com 0 ms
pragma
no-cache
access-control-allow-credentials
true
x-tid
w0RAa1iGR1I=
expires
Thu, 01 Jan 1970 00:00:00 UTC
access-control-allow-origin
https://www.cevik.dev
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date
Fri, 11 Oct 2024 03:54:18 GMT
vary
Origin
e.gif
nexus.ensighten.com/error/ 		0
274 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nexus.ensighten.com/error/e.gif?msg=_dl%20is%20not%20defined&lnn=-1&fn=&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError
Requested by
Host: www.cevik.dev
URL: https://www.cevik.dev/verify/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.18.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-18-30.ams58.r.cloudfront.net
Software
CloudFront /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

cache-control
no-cache, no-store
age
38819
via
1.1 cc275df4032e534bfa7c3c156b598f5a.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
bcg8EIM5xA_HSfAElkcedKiGfZhaSpYD0t_C1Q1ned1aToSmlTDD-w==
date
Thu, 10 Oct 2024 17:07:19 GMT
x-amz-cf-pop
AMS58-P6
server
CloudFront
serverComponent.php
nexus.ensighten.com/citi/na_prod/ 		1 KB
906 B 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/citi/na_prod/serverComponent.php?r=452.5928622043258&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php
Requested by
Host: www.cevik.dev
URL: https://www.cevik.dev/verify/js/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.18.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-18-30.ams58.r.cloudfront.net
Software
CloudFront /
Resource Hash
4fd777a5377960c3e03ffd01ec884c569c169ebdf81b53d98e139c7a4657ca86

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

cache-control
no-cache, no-store
content-encoding
gzip
via
1.1 cc275df4032e534bfa7c3c156b598f5a.cloudfront.net (CloudFront)
expires
Fri, 11 Oct 2024 03:54:17 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
jQYdv5eqxqfGZKOH1tBBcOIk8svcH9oDELTUAMG8kI7FUPbm76_V2w==
date
Fri, 11 Oct 2024 03:54:18 GMT
content-type
text/javascript
vary
Accept-Encoding
server
CloudFront
x-amz-cf-pop
AMS58-P6
jamp-spinner-2x.gif
www.cevik.dev/verify/css/ 		36 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cevik.dev/verify/css/jamp-spinner-2x.gif
Requested by
Host: www.cevik.dev
URL: https://www.cevik.dev/verify/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
213.238.183.89 , Turkey, ASN213252 (CENUTA, TR),
Reverse DNS
89.183.238.213.static.cenuta.com
Software
/
Resource Hash
79206ccd37edbafc46266406417abb5be984a5d0fb9f38e693d67b6d30cba8bb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/verify/login.php

Response headers

expires
Fri, 18 Oct 2024 03:54:17 GMT
accept-ranges
bytes
cache-control
public, max-age=604800
content-length
36855
date
Fri, 11 Oct 2024 03:54:17 GMT
content-type
image/gif
last-modified
Wed, 09 Jun 2021 13:04:06 GMT
LSO_4959.jpg
www.cevik.dev/verify/css/ 		171 KB
171 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cevik.dev/verify/css/LSO_4959.jpg
Requested by
Host: www.cevik.dev
URL: https://www.cevik.dev/verify/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
213.238.183.89 , Turkey, ASN213252 (CENUTA, TR),
Reverse DNS
89.183.238.213.static.cenuta.com
Software
/
Resource Hash
48e89b7e40e096b89d864a5c8ee340ce44ca60fe9675310ef2f3f40a53a7d593

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/verify/login.php

Response headers

expires
Fri, 18 Oct 2024 03:54:17 GMT
accept-ranges
bytes
cache-control
public, max-age=604800
content-length
174933
date
Fri, 11 Oct 2024 03:54:17 GMT
content-type
image/jpeg
last-modified
Fri, 11 Jun 2021 14:22:08 GMT
Citi-Branding-Sprite.png
www.cevik.dev/verify/img/ 		708 B
708 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cevik.dev/verify/img/Citi-Branding-Sprite.png
Requested by
Host: www.cevik.dev
URL: https://www.cevik.dev/verify/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
213.238.183.89 , Turkey, ASN213252 (CENUTA, TR),
Reverse DNS
89.183.238.213.static.cenuta.com
Software
/
Resource Hash
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/verify/login.php

Response headers

cache-control
private, no-cache, no-store, must-revalidate, max-age=0
content-length
708
pragma
no-cache
date
Fri, 11 Oct 2024 03:54:17 GMT
content-type
text/html
Appstore-Googleplay-JDPower-Sprite.png
www.cevik.dev/verify/css/ 		44 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cevik.dev/verify/css/Appstore-Googleplay-JDPower-Sprite.png
Requested by
Host: www.cevik.dev
URL: https://www.cevik.dev/verify/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
213.238.183.89 , Turkey, ASN213252 (CENUTA, TR),
Reverse DNS
89.183.238.213.static.cenuta.com
Software
/
Resource Hash
b8e446605f92c29a178dd6494688103ac268004592afe06643df46f4bff68577

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/verify/login.php

Response headers

expires
Fri, 18 Oct 2024 03:54:17 GMT
accept-ranges
bytes
cache-control
public, max-age=604800
content-length
44996
date
Fri, 11 Oct 2024 03:54:17 GMT
content-type
image/png
last-modified
Wed, 09 Jun 2021 13:03:44 GMT
social-media_facebook@3x.png
www.cevik.dev/verify/css/ 		445 B
498 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cevik.dev/verify/css/social-media_facebook@3x.png
Requested by
Host: www.cevik.dev
URL: https://www.cevik.dev/verify/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
213.238.183.89 , Turkey, ASN213252 (CENUTA, TR),
Reverse DNS
89.183.238.213.static.cenuta.com
Software
/
Resource Hash
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/verify/login.php

Response headers

expires
Fri, 18 Oct 2024 03:54:17 GMT
accept-ranges
bytes
cache-control
public, max-age=604800
content-length
445
date
Fri, 11 Oct 2024 03:54:17 GMT
content-type
image/png
last-modified
Wed, 09 Jun 2021 13:03:54 GMT
social-media_twitter@3x.png
www.cevik.dev/verify/css/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cevik.dev/verify/css/social-media_twitter@3x.png
Requested by
Host: www.cevik.dev
URL: https://www.cevik.dev/verify/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
213.238.183.89 , Turkey, ASN213252 (CENUTA, TR),
Reverse DNS
89.183.238.213.static.cenuta.com
Software
/
Resource Hash
5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/verify/login.php

Response headers

expires
Fri, 18 Oct 2024 03:54:17 GMT
accept-ranges
bytes
cache-control
public, max-age=604800
content-length
1277
date
Fri, 11 Oct 2024 03:54:17 GMT
content-type
image/png
last-modified
Wed, 09 Jun 2021 13:03:56 GMT
social-media_youtube@3x.png
www.cevik.dev/verify/css/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.cevik.dev/verify/css/social-media_youtube@3x.png
Requested by
Host: www.cevik.dev
URL: https://www.cevik.dev/verify/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
213.238.183.89 , Turkey, ASN213252 (CENUTA, TR),
Reverse DNS
89.183.238.213.static.cenuta.com
Software
/
Resource Hash
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/verify/login.php

Response headers

expires
Fri, 18 Oct 2024 03:54:17 GMT
accept-ranges
bytes
cache-control
public, max-age=604800
content-length
1175
date
Fri, 11 Oct 2024 03:54:17 GMT
content-type
image/png
last-modified
Wed, 09 Jun 2021 13:03:58 GMT
dest5.html
citi.demdex.net/ Frame D05E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://citi.demdex.net/dest5.html?d_nsid=0
Requested by
Host: www.cevik.dev
URL: https://www.cevik.dev/verify/js/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.210.48.33 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-210-48-33.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.cevik.dev/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding
gzip
content-type
text/html;charset=UTF-8
date
Fri, 11 Oct 2024 03:54:19 GMT
dcs
dcs-prod-irl1-2-v066-06a1972a0.edge-irl1.demdex.com 0 ms
expires
Thu, 01 Jan 1970 00:00:00 UTC
last-modified
Thu, 10 Oct 2024 10:03:38 GMT
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains
vary
accept-encoding
x-tid
JRyvkkWkSRM=
id
metrics1.citi.com/ 		48 B
460 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://metrics1.citi.com/id?d_visid_ver=3.1.2&d_fieldgroup=A&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&mid=81767132066500732130547928776542501550&ts=1728618858812
Requested by
Host: www.cevik.dev
URL: https://www.cevik.dev/verify/js/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
63.140.62.27 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-63-140-62-27.data.adobedc.net
Software
jag /
Resource Hash
1057037191d4790eb3e231e2c6e7240a2cc3ff275c154641a5e7e380946f509f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://www.cevik.dev/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
x-content-type-options
nosniff
access-control-allow-origin
https://www.cevik.dev
p3p
CP="This is not a P3P policy"
content-length
48
date
Fri, 11 Oct 2024 03:54:19 GMT
x-xss-protection
1; mode=block
content-type
application/x-javascript;charset=utf-8
vary
Origin
server
jag
ibs:dpid=411&dpuuid=ZwihawAAAGbTLAN-
dpm.demdex.net/
Redirect Chain
  • https://cm.everesttech.net/cm/dd?d_uuid=87083073922005263021024912409994560269
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZwihawAAAGbTLAN-
42 B
716 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZwihawAAAGbTLAN-
Requested by
Host: www.cevik.dev
URL: https://www.cevik.dev/verify/login.php
Protocol
H2
Server
18.203.182.207 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-203-182-207.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
dcs
dcs-prod-irl1-1-v066-09f54db23.edge-irl1.demdex.com 2 ms
content-encoding
gzip
pragma
no-cache
x-content-type-options
nosniff
x-tid
rKgOZMVJTdM=
expires
Thu, 01 Jan 1970 00:00:00 UTC
content-length
59
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date
Fri, 11 Oct 2024 03:54:19 GMT
content-type
image/gif

Redirect headers

Cache-Control
no-cache
Location
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZwihawAAAGbTLAN-
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Content-Length
0
Date
Fri, 11 Oct 2024 03:54:19 GMT
Connection
keep-alive
Server
AMO-cookiemap/1.1
json
citicorpcreditservic.tt.omtrdc.net/m2/citicorpcreditservic/mbox/ 		142 B
913 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://citicorpcreditservic.tt.omtrdc.net/m2/citicorpcreditservic/mbox/json?mbox=target-global-mbox&mboxSession=6f658210b79843558d6532bf6250dca3&mboxPC=&mboxPage=7320c496341a4d06a48211f72c10f43f&mboxRid=9cd2d3c149ee4c51be0072c72e77becb&mboxVersion=1.7.0&mboxCount=1&mboxTime=1728626058419&mboxHost=www.cevik.dev&mboxURL=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&mboxReferrer=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&mboxXDomain=enabled&browserHeight=1200&browserWidth=1600&browserTimeOffset=120&screenHeight=1200&screenWidth=1600&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&webGLRenderer=Intel%20Iris%20OpenGL%20Engine&mboxMCSDID=242BACA1C2AFC5C0-7B11097B7BA581B6&vst.trk=metrics.citi.com&vst.trks=metrics1.citi.com&mboxMCGVID=81767132066500732130547928776542501550&mboxAAMB=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&mboxMCGLH=6
Requested by
Host: www.cevik.dev
URL: https://www.cevik.dev/verify/js/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
66.235.152.221 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-66-235-152-221.data.adobedc.net
Software
jag /
Resource Hash
f94d7f12e3bdb8e4dc6a368dca3616cb6feab780010eccc8ae88fa0b85070cc1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

x-request-id
9cd2d3c149ee4c51be0072c72e77becb
x-content-type-options
nosniff
p3p
CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date
Fri, 11 Oct 2024 03:54:19 GMT
content-type
application/json;charset=UTF-8
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
no-cache, no-store, max-age=0, no-transform, private
timing-allow-origin
*
pragma
no-cache
access-control-allow-credentials
true
referrer-policy
strict-origin-when-cross-origin
access-control-allow-origin
https://www.cevik.dev
content-length
142
x-xss-protection
1; mode=block
server
jag
7c8ae1f9c206930028672949c6703f6d.js
nexus.ensighten.com/citi/na_prod/code/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/citi/na_prod/code/7c8ae1f9c206930028672949c6703f6d.js?conditionId0=4849963
Requested by
Host: www.cevik.dev
URL: https://www.cevik.dev/verify/js/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.18.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-18-30.ams58.r.cloudfront.net
Software
CloudFront /
Resource Hash
9a74546a8f511f31b5252f115d2db7aa69370ca5eeaf6828f60abb197f35a169

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

content-encoding
gzip
x-amz-version-id
fn0OQIG24n9jjHSfN2OozphT08M6eW_x
etag
W/"7df0440e45009010a99db868682aafb3"
age
26017058
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
jL4N469AdJVqUXIwckcdVkBQ_AZ7TaGb6SkDEouogm58_vspiNOFtQ==
date
Fri, 15 Dec 2023 00:56:42 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
last-modified
Tue, 18 Oct 2022 17:52:59 GMT
x-amz-replication-status
COMPLETED
cache-control
max-age=315360000
via
1.1 cc275df4032e534bfa7c3c156b598f5a.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS58-P6
server
CloudFront
x-amz-server-side-encryption
AES256
f0db1cf4496c8b42c5a1b2fa40b4f157.js
nexus.ensighten.com/citi/na_prod/code/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/citi/na_prod/code/f0db1cf4496c8b42c5a1b2fa40b4f157.js?conditionId0=4897099
Requested by
Host: www.cevik.dev
URL: https://www.cevik.dev/verify/js/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.18.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-18-30.ams58.r.cloudfront.net
Software
CloudFront /
Resource Hash
13a59cfac1785dd94d0005457ed1e12cf77fee65b975fe6fd91af77b7ac6cd77

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

content-encoding
gzip
x-amz-version-id
_NJEt9Au7TfYHRltPN9x_4PZSTxTzbkJ
etag
W/"f21df27f4d3e67ca5151a737dacd6837"
age
26020725
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
wICRDsIowUzfTXAJGC99EYdRxVk9mX4TkODFu_CCs-jSS1OR5vS6Qw==
date
Thu, 14 Dec 2023 23:55:35 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
last-modified
Wed, 02 Aug 2023 16:06:47 GMT
x-amz-replication-status
COMPLETED
cache-control
max-age=315360000
via
1.1 cc275df4032e534bfa7c3c156b598f5a.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS58-P6
server
CloudFront
x-amz-server-side-encryption
AES256
3ed53eedade7b6e8f3348ad8a8a00966.js
nexus.ensighten.com/citi/na_prod/code/ 		442 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/citi/na_prod/code/3ed53eedade7b6e8f3348ad8a8a00966.js?conditionId0=421908
Requested by
Host: www.cevik.dev
URL: https://www.cevik.dev/verify/js/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.18.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-18-30.ams58.r.cloudfront.net
Software
CloudFront /
Resource Hash
f15378bf29f9b730b732d0cb3dd9dbdf2b8961debbbcfdf5ba451392a98c686a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

content-encoding
br
x-amz-version-id
jQKOchf_XIXefv4Xv5UCQ5CBx1z3QoPb
etag
W/"ab7a5f956f07f9ec81288ad4d4bdbfe8"
age
201980
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
eSJKEgqw16QHmGgjXxeK8lAOakzPdEn0tq5sQDS_wQdL3wlLT2mZmQ==
date
Tue, 08 Oct 2024 19:48:00 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
last-modified
Tue, 08 Oct 2024 19:47:54 GMT
x-amz-replication-status
PENDING
cache-control
max-age=315360000
via
1.1 cc275df4032e534bfa7c3c156b598f5a.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS58-P6
server
CloudFront
x-amz-server-side-encryption
AES256
a9607bbeb2e6e06c07801d4745900799.js
nexus.ensighten.com/citi/na_prod/code/ 		23 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/citi/na_prod/code/a9607bbeb2e6e06c07801d4745900799.js?conditionId0=486757
Requested by
Host: www.cevik.dev
URL: https://www.cevik.dev/verify/js/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.18.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-18-30.ams58.r.cloudfront.net
Software
CloudFront /
Resource Hash
3556b4fa28a41290454dc84939dae439fcf5bda8a1eac70efdf2647bf041d43d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

content-encoding
gzip
x-amz-version-id
TUtp2N9e.3Mq3kFsEinWRYvNz9Zemh3C
etag
W/"e4e9e801aca9bba5a66c95552720097c"
age
26016283
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
V8JrNcvWSvMF6MuX4o8INpml0T15pDKrM9lGxDgJG5ShDymEb8bWUw==
date
Fri, 15 Dec 2023 01:09:37 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
last-modified
Tue, 19 Sep 2023 17:48:03 GMT
x-amz-replication-status
COMPLETED
cache-control
max-age=315360000
via
1.1 cc275df4032e534bfa7c3c156b598f5a.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS58-P6
server
CloudFront
x-amz-server-side-encryption
AES256
f120449dcdb84c3b6d0f58c8b98ad8a3.js
nexus.ensighten.com/citi/na_prod/code/ 		24 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/citi/na_prod/code/f120449dcdb84c3b6d0f58c8b98ad8a3.js?conditionId0=467299
Requested by
Host: www.cevik.dev
URL: https://www.cevik.dev/verify/js/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.239.18.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-239-18-30.ams58.r.cloudfront.net
Software
CloudFront /
Resource Hash
bf39c7a23da56a09d7fba494ab7a46604dc02a19fabfaf8d4c3ab6629aad0692

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

content-encoding
gzip
x-amz-version-id
nWKpv6NjQeNKdUj5cLa_yhYRraA7P2n3
etag
W/"79a1f615128893a73faf5e48cfd01107"
age
26019369
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
a62p5U5yzUSG4ckj8RaM_Gs5nj1oc61-XUMy_pyRpRdbOXGk2UzVKA==
date
Fri, 15 Dec 2023 00:18:11 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
last-modified
Tue, 19 Sep 2023 17:48:03 GMT
x-amz-replication-status
COMPLETED
cache-control
max-age=315360000
via
1.1 cc275df4032e534bfa7c3c156b598f5a.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS58-P6
server
CloudFront
x-amz-server-side-encryption
AES256
tc.min.js
c1.rfihub.net/js/ 		19 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c1.rfihub.net/js/tc.min.js
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/f0db1cf4496c8b42c5a1b2fa40b4f157.js?conditionId0=4897099
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-39.fra53.r.cloudfront.net
Software
Jetty(9.4.51.v20230217) /
Resource Hash
7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

x-amz-cf-id
M6g-udBJuzmh6wYNdxXJ52LaNkdV6kYIKiiFkM_X2ZN7_0B2BGR-qQ==
cache-control
public, max-age=3600
content-encoding
gzip
age
1365
via
1.1 89cb19c6f2c9ed0983294d3b12e80e42.cloudfront.net (CloudFront)
expires
Fri, 11 Oct 2024 04:31:34 GMT
x-cache
Hit from cloudfront
p3p
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length
6162
date
Fri, 11 Oct 2024 03:31:34 GMT
content-type
application/x-javascript
last-modified
Fri, 11 Oct 2024 03:31:24 GMT
server
Jetty(9.4.51.v20230217)
x-amz-cf-pop
FRA53-C1
js
www.googletagmanager.com/gtag/ 		224 KB
81 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-6260004
Requested by
Host: www.cevik.dev
URL: https://www.cevik.dev/verify/js/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.200 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s65-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
58a3a336b2f82198b57e41cb02196249c34bfe440db68ea612b25b8a1ca1e9e4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Fri, 11 Oct 2024 03:54:19 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 11 Oct 2024 03:54:19 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Fri, 11 Oct 2024 03:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
82032
x-xss-protection
0
server
Google Tag Manager
ca.html
20766699p.rfihub.com/ Frame 3143 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://20766699p.rfihub.com/ca.html?ver=9&ra=126&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&pf=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&ra=3366642338878276
Requested by
Host: c1.rfihub.net
URL: https://c1.rfihub.net/js/tc.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.0.160.131 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software
Jetty(9.4.51.v20230217) /
Resource Hash

Request headers

Referer
https://www.cevik.dev/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Cache-Control
no-cache
Content-Length
3027
Content-Type
text/html;charset=utf-8
Date
Fri, 11 Oct 2024 03:54:20 GMT
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server
Jetty(9.4.51.v20230217)
js
www.googletagmanager.com/gtag/ 		224 KB
80 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-6269322&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.200 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s65-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
623bf13bfa2056e2152404c0ab90827bc24a14f8bcfae2e94e242ce16268bc86
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Fri, 11 Oct 2024 03:54:19 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 11 Oct 2024 03:54:19 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Fri, 11 Oct 2024 03:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
81962
x-xss-protection
0
server
Google Tag Manager
js
www.googletagmanager.com/gtag/ 		223 KB
80 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-6256710&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.200 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s65-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
a4c994da911def7253f0d2a00f96ab2f0ce69ef2c3c57720bfb34e112a17c691
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Fri, 11 Oct 2024 03:54:19 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 11 Oct 2024 03:54:19 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Fri, 11 Oct 2024 03:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
81535
x-xss-protection
0
server
Google Tag Manager
js
www.googletagmanager.com/gtag/ 		223 KB
80 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-6415812&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.200 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s65-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
c304858d1ead0b1f7f47693f0d3d06527618a2b06df01b9b49bcba6b5f036c8f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Fri, 11 Oct 2024 03:54:19 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 11 Oct 2024 03:54:19 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Fri, 11 Oct 2024 03:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
81487
x-xss-protection
0
server
Google Tag Manager
js
www.googletagmanager.com/gtag/ 		223 KB
80 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-6268858&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.200 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s65-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
8e9eb22c82e11456b57dfaba55b61c5fb1e1129f34ed6f7703a069ec00b64fd9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Fri, 11 Oct 2024 03:54:19 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 11 Oct 2024 03:54:19 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Fri, 11 Oct 2024 03:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
81476
x-xss-protection
0
server
Google Tag Manager
/
zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com/SIE/ 		10 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_3VI8kkudS0JJRFc
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/7c8ae1f9c206930028672949c6703f6d.js?conditionId0=4849963
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1893007ca7cb8dc906acac1b9aeeaed5695d720b4cbe63fa78bbcc34a8d3c3cf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"26a8-k8rQvEtwqloWOMconTZjuCft7cg"
age
124914
x-content-type-options
nosniff
date
Fri, 11 Oct 2024 03:54:20 GMT
edge-control
max-age=604800
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=3600, s-maxage=604800
timing-allow-origin
*
referrer-policy
strict-origin-when-cross-origin
content-security-policy-report-only
frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report
cf-ray
8d0be8859f0cbb2c-MXP
permissions-policy
camera=(), geolocation=(), microphone=()
access-control-allow-origin
*
server
cloudflare
js
www.googletagmanager.com/gtag/ 		280 KB
96 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-916451471
Requested by
Host: www.cevik.dev
URL: https://www.cevik.dev/verify/js/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.200 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s65-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
f031bc6e3b93de044a8d2b35364e66b31b29009eb5b7583b88f96b75848c93d6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Fri, 11 Oct 2024 03:54:20 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 11 Oct 2024 03:54:20 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Fri, 11 Oct 2024 03:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
98187
x-xss-protection
0
server
Google Tag Manager
425466.html
sr.rlcdn.com/ Frame AB1B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/f120449dcdb84c3b6d0f58c8b98ad8a3.js?conditionId0=467299
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.154.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.154.244.35.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

Referer
https://www.cevik.dev/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Fri, 11 Oct 2024 03:54:20 GMT
via
1.1 google
iu3
s.amazon-adsystem.com/
Redirect Chain
  • https://s.amazon-adsystem.com/iu3?pid=c3702eea-109e-48b0-9ef4-c856bdd405e2&event=PageView
  • https://s.amazon-adsystem.com/iu3?pid=c3702eea-109e-48b0-9ef4-c856bdd405e2&event=PageView&dcc=t
0
0
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/ 		43 B
571 B 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1728618860352&cv=11&fst=1728618860352&bg=ffffff&guid=ON&async=1&gtm=45be4a90v867929579za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&ref=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&hn=www.googleadservices.com&frm=0&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&npa=0&pscdl=noapi&auid=372054761.1728618860&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-916451471
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
content-encoding
br
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
37
date
Fri, 11 Oct 2024 03:54:20 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
916451471
td.doubleclick.net/td/rul/ Frame 5742 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://td.doubleclick.net/td/rul/916451471?random=1728618860352&cv=11&fst=1728618860352&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v867929579za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&ref=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&hn=www.googleadservices.com&frm=0&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&npa=0&pscdl=noapi&auid=372054761.1728618860&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-916451471
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.cevik.dev/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 11 Oct 2024 03:54:20 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/11474974432/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/11474974432/?random=1728618860374&cv=11&fst=1728618860374&bg=ffffff&guid=ON&async=1&gtm=45be4a90v867929579za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&ref=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&hn=www.googleadservices.com&frm=0&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&npa=0&pscdl=noapi&auid=372054761.1728618860&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-916451471
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
4dc6130ac9e0f8e0b692929db9c068f4b503c6ce78338014e135f7cabb8ca1ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
content-encoding
br
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
2346
date
Fri, 11 Oct 2024 03:54:20 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
11474974432
td.doubleclick.net/td/rul/ Frame C173 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://td.doubleclick.net/td/rul/11474974432?random=1728618860374&cv=11&fst=1728618860374&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v867929579za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&ref=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&hn=www.googleadservices.com&frm=0&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&npa=0&pscdl=noapi&auid=372054761.1728618860&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-916451471
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.cevik.dev/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 11 Oct 2024 03:54:20 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
js
www.googletagmanager.com/gtag/ 		242 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.200 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s65-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
036312a37a7faca0e7a16cb56b63e7a3cc0d280b82ddc17247f6171408287fc0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Fri, 11 Oct 2024 03:54:20 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 11 Oct 2024 03:54:20 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Fri, 11 Oct 2024 03:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
88758
x-xss-protection
0
server
Google Tag Manager
js
www.googletagmanager.com/gtag/ 		249 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.200 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s65-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
42ac00f237ed896c2b22af2be3b746d2496946f79b3bd7c47599450cae935448
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Fri, 11 Oct 2024 03:54:20 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 11 Oct 2024 03:54:20 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Fri, 11 Oct 2024 03:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
90244
x-xss-protection
0
server
Google Tag Manager
js
www.googletagmanager.com/gtag/ 		249 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.200 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s65-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
ef445bc3b72b8ebbcd3dd7a7f97394e37ebcf3bf35f8e8fc615a6f1982dcdfd8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Fri, 11 Oct 2024 03:54:20 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 11 Oct 2024 03:54:20 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Fri, 11 Oct 2024 03:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
90202
x-xss-protection
0
server
Google Tag Manager
js
www.googletagmanager.com/gtag/ 		255 KB
90 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.200 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s65-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
03cc17f2aa27b0da6959fa61583bc6f37d33ec22f8044f183f4f041a02c472da
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Fri, 11 Oct 2024 03:54:20 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 11 Oct 2024 03:54:20 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Fri, 11 Oct 2024 03:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
92211
x-xss-protection
0
server
Google Tag Manager
js
www.googletagmanager.com/gtag/ 		237 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.200 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s65-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
9e3831a5fa92babfce6045e2d72af71079474cfb25ec7e910e94e04d9d93ccf6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Fri, 11 Oct 2024 03:54:20 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 11 Oct 2024 03:54:20 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Fri, 11 Oct 2024 03:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
87137
x-xss-protection
0
server
Google Tag Manager
js
www.googletagmanager.com/gtag/ 		245 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.200 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s65-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
715b210f3fc4af3b2df9281d24b3eb4d13555cf32d82d295224788163e135cf1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Fri, 11 Oct 2024 03:54:20 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 11 Oct 2024 03:54:20 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Fri, 11 Oct 2024 03:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
89250
x-xss-protection
0
server
Google Tag Manager
js
www.googletagmanager.com/gtag/ 		283 KB
96 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.200 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s65-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
76e9d970755984c3ff283c8bb3425fc818b8dd90465cc1db9010d5b171182508
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Fri, 11 Oct 2024 03:54:20 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 11 Oct 2024 03:54:20 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Fri, 11 Oct 2024 03:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
98432
x-xss-protection
0
server
Google Tag Manager
js
www.googletagmanager.com/gtag/ 		242 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.200 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s65-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
026f9c4daeb0573cefaf931cc1b15e301913c198949d71fe413211215295ad77
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Fri, 11 Oct 2024 03:54:20 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 11 Oct 2024 03:54:20 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Fri, 11 Oct 2024 03:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
88797
x-xss-protection
0
server
Google Tag Manager
js
www.googletagmanager.com/gtag/ 		276 KB
95 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-11172302925&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.200 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s65-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
e2a675a62cec029adfd5989a31bc78c9aafe231df0a88b0b0e688455be41d18d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Fri, 11 Oct 2024 03:54:20 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 11 Oct 2024 03:54:20 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Fri, 11 Oct 2024 03:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
96929
x-xss-protection
0
server
Google Tag Manager
12.8fb54ff2c385347a3180.chunk.js
siteintercept.qualtrics.com/dxjsmodule/ 		75 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/12.8fb54ff2c385347a3180.chunk.js?Q_CLIENTVERSION=2.15.1&Q_CLIENTTYPE=web&Q_BRANDID=www.cevik.dev
Requested by
Host: zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com
URL: https://zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_3VI8kkudS0JJRFc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
57103bc25d647144e5613e9e68d5a9132929ef4502108e4eae900139b5455926
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"12c78-192303fde28"
age
118098
x-content-type-options
nosniff
date
Fri, 11 Oct 2024 03:54:20 GMT
edge-control
max-age=604800
content-type
application/javascript
last-modified
Thu, 26 Sep 2024 21:32:25 GMT
vary
Accept-Encoding
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=604800, s-maxage=604800
timing-allow-origin
*
referrer-policy
strict-origin-when-cross-origin
content-security-policy-report-only
frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report
cf-ray
8d0be8863f80bb2c-MXP
permissions-policy
camera=(), geolocation=(), microphone=()
access-control-allow-origin
*
server
cloudflare
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/ 		43 B
198 B 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1728618860544&cv=11&fst=1728618860544&bg=ffffff&guid=ON&async=1&gtm=45be4a90za200zb9180781895&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685~101836705&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&ref=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&hn=www.googleadservices.com&frm=0&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&npa=0&pscdl=noapi&auid=372054761.1728618860&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
content-encoding
br
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
37
date
Fri, 11 Oct 2024 03:54:20 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
960621875
td.doubleclick.net/td/rul/ Frame 52D3 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://td.doubleclick.net/td/rul/960621875?random=1728618860544&cv=11&fst=1728618860544&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90za200zb9180781895&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685~101836705&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&ref=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&hn=www.googleadservices.com&frm=0&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&npa=0&pscdl=noapi&auid=372054761.1728618860&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.cevik.dev/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 11 Oct 2024 03:54:20 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/ 		43 B
198 B 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1728618860614&cv=11&fst=1728618860614&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9103212889za200zb9180781895&gcd=13l3l3l3l1l1&dma=0&tag_exp=101529666~101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&ref=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&hn=www.googleadservices.com&frm=0&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&npa=0&pscdl=noapi&auid=372054761.1728618860&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
content-encoding
br
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
37
date
Fri, 11 Oct 2024 03:54:20 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
819500023
td.doubleclick.net/td/rul/ Frame CA89 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://td.doubleclick.net/td/rul/819500023?random=1728618860614&cv=11&fst=1728618860614&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9103212889za200zb9180781895&gcd=13l3l3l3l1l1&dma=0&tag_exp=101529666~101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&ref=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&hn=www.googleadservices.com&frm=0&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&npa=0&pscdl=noapi&auid=372054761.1728618860&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.cevik.dev/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 11 Oct 2024 03:54:20 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1728618860656&cv=11&fst=1728618860656&bg=ffffff&guid=ON&async=1&gtm=45be4a90za200zb9180781895&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&ref=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&hn=www.googleadservices.com&frm=0&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&npa=0&pscdl=noapi&auid=372054761.1728618860&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
143b3dc9d94650fce03e4ba8a20ced784ae2fb896c57b7737c9cfe6f21372d9d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
content-encoding
br
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
2337
date
Fri, 11 Oct 2024 03:54:20 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
695231162
td.doubleclick.net/td/rul/ Frame 2CAC 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://td.doubleclick.net/td/rul/695231162?random=1728618860656&cv=11&fst=1728618860656&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90za200zb9180781895&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&ref=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&hn=www.googleadservices.com&frm=0&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&npa=0&pscdl=noapi&auid=372054761.1728618860&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.cevik.dev/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 11 Oct 2024 03:54:20 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1728618860696&cv=11&fst=1728618860696&bg=ffffff&guid=ON&async=1&gtm=45be4a90v890809048za200zb9180781895&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533421~101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&ref=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&hn=www.googleadservices.com&frm=0&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&npa=0&pscdl=noapi&auid=372054761.1728618860&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
aaf3647c8d2706496993cbd1cdd2771fc7a4facb790390742917bb0541283d0e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
content-encoding
br
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
2354
date
Fri, 11 Oct 2024 03:54:20 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
975701947
td.doubleclick.net/td/rul/ Frame 573E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://td.doubleclick.net/td/rul/975701947?random=1728618860696&cv=11&fst=1728618860696&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v890809048za200zb9180781895&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533421~101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&ref=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&hn=www.googleadservices.com&frm=0&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&npa=0&pscdl=noapi&auid=372054761.1728618860&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.cevik.dev/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 11 Oct 2024 03:54:20 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/ 		43 B
321 B 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1728618860737&cv=11&fst=1728618860737&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9103109856za200zb9180781895&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&ref=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&hn=www.googleadservices.com&frm=0&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&npa=0&pscdl=noapi&auid=372054761.1728618860&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
content-encoding
br
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
37
date
Fri, 11 Oct 2024 03:54:20 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
830907969
td.doubleclick.net/td/rul/ Frame 9C63 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://td.doubleclick.net/td/rul/830907969?random=1728618860737&cv=11&fst=1728618860737&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9103109856za200zb9180781895&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&ref=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&hn=www.googleadservices.com&frm=0&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&npa=0&pscdl=noapi&auid=372054761.1728618860&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.cevik.dev/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 11 Oct 2024 03:54:20 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/ 		43 B
322 B 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1728618860784&cv=11&fst=1728618860784&bg=ffffff&guid=ON&async=1&gtm=45be4a90v896983788za200zb9180781895&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&ref=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&hn=www.googleadservices.com&frm=0&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&npa=0&pscdl=noapi&auid=372054761.1728618860&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
content-encoding
br
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
37
date
Fri, 11 Oct 2024 03:54:20 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
644574043
td.doubleclick.net/td/rul/ Frame DA66 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://td.doubleclick.net/td/rul/644574043?random=1728618860784&cv=11&fst=1728618860784&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v896983788za200zb9180781895&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&ref=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&hn=www.googleadservices.com&frm=0&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&npa=0&pscdl=noapi&auid=372054761.1728618860&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.cevik.dev/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 11 Oct 2024 03:54:20 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/ 		43 B
198 B 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/?random=1728618860826&cv=11&fst=1728618860826&bg=ffffff&guid=ON&async=1&gtm=45be4a90v891068819za200zb9180781895&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&ref=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&hn=www.googleadservices.com&frm=0&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&npa=0&pscdl=noapi&auid=372054761.1728618860&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
content-encoding
br
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
37
date
Fri, 11 Oct 2024 03:54:20 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
10955006959
td.doubleclick.net/td/rul/ Frame 997F 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://td.doubleclick.net/td/rul/10955006959?random=1728618860826&cv=11&fst=1728618860826&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v891068819za200zb9180781895&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&ref=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&hn=www.googleadservices.com&frm=0&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&npa=0&pscdl=noapi&auid=372054761.1728618860&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.cevik.dev/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 11 Oct 2024 03:54:20 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/ 		43 B
324 B 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1728618860884&cv=11&fst=1728618860884&bg=ffffff&guid=ON&async=1&gtm=45be4a90v868557816za200zb9180781895&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&ref=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&hn=www.googleadservices.com&frm=0&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&npa=0&pscdl=noapi&auid=372054761.1728618860&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
content-encoding
br
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
37
date
Fri, 11 Oct 2024 03:54:21 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
959299794
td.doubleclick.net/td/rul/ Frame 1757 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://td.doubleclick.net/td/rul/959299794?random=1728618860884&cv=11&fst=1728618860884&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v868557816za200zb9180781895&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&ref=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&hn=www.googleadservices.com&frm=0&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&npa=0&pscdl=noapi&auid=372054761.1728618860&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.cevik.dev/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 11 Oct 2024 03:54:21 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/658128868/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/658128868/?random=1728618860913&cv=11&fst=1728618860913&bg=ffffff&guid=ON&async=1&gtm=45be4a90v868557816za200zb9180781895&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&ref=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&hn=www.googleadservices.com&frm=0&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&npa=0&pscdl=noapi&auid=372054761.1728618860&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
0ca0baef36b114ff6f75ecd7f3fbd461f5bc25d9dae7b7db7c744a73cd30e8a2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
content-encoding
br
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
2364
date
Fri, 11 Oct 2024 03:54:21 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
658128868
td.doubleclick.net/td/rul/ Frame 0D37 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://td.doubleclick.net/td/rul/658128868?random=1728618860913&cv=11&fst=1728618860913&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v868557816za200zb9180781895&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&ref=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&hn=www.googleadservices.com&frm=0&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&npa=0&pscdl=noapi&auid=372054761.1728618860&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.cevik.dev/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 11 Oct 2024 03:54:21 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/11172302925/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/11172302925/?random=1728618860937&cv=11&fst=1728618860937&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9136005172za200zb9180781895&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&ref=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&hn=www.googleadservices.com&frm=0&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&npa=0&pscdl=noapi&auid=372054761.1728618860&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-11172302925&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
1577ecd3f2733f58232bc529e624ddf3d9129671ee2a293df32424f31348a710
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
content-encoding
br
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
2367
date
Fri, 11 Oct 2024 03:54:21 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
11172302925
td.doubleclick.net/td/rul/ Frame 1CEA 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://td.doubleclick.net/td/rul/11172302925?random=1728618860937&cv=11&fst=1728618860937&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9136005172za200zb9180781895&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&ref=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&hn=www.googleadservices.com&frm=0&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&npa=0&pscdl=noapi&auid=372054761.1728618860&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-11172302925&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.cevik.dev/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 11 Oct 2024 03:54:21 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
Targeting.php
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 		9 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_3VI8kkudS0JJRFc&Q_CLIENTVERSION=2.15.1&Q_CLIENTTYPE=web
Requested by
Host: siteintercept.qualtrics.com
URL: https://siteintercept.qualtrics.com/dxjsmodule/12.8fb54ff2c385347a3180.chunk.js?Q_CLIENTVERSION=2.15.1&Q_CLIENTTYPE=web&Q_BRANDID=www.cevik.dev
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3186c0c0da88e68b23434e0fa35ad3aa1e206102233b663239190b35ea8ee64c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded
Referer
https://www.cevik.dev/

Response headers

content-encoding
gzip
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
date
Fri, 11 Oct 2024 03:54:21 GMT
content-type
application/json
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
no-store, no-cache, must-revalidate, max-age=0
timing-allow-origin
*
trace-id
ce53ef75116408a0
access-control-allow-credentials
true
referrer-policy
strict-origin-when-cross-origin
content-security-policy-report-only
frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report
cf-ray
8d0be889e9d0bb2c-MXP
permissions-policy
camera=(), geolocation=(), microphone=()
access-control-allow-origin
https://www.cevik.dev
server
cloudflare
/
www.google.com/pagead/1p-user-list/11474974432/ 		42 B
455 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/11474974432/?random=1728618860374&cv=11&fst=1728615600000&bg=ffffff&guid=ON&async=1&gtm=45be4a90v867929579za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533422~101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&ref=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&hn=www.googleadservices.com&frm=0&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&npa=0&pscdl=noapi&auid=372054761.1728618860&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnf5V46sdsslWfqJDAV4-vpmRTRvcEFGw&random=1442684663&rmt_tld=0&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.68 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f4.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Fri, 11 Oct 2024 03:54:21 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
/
www.google.com/pagead/1p-user-list/695231162/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/695231162/?random=1728618860656&cv=11&fst=1728615600000&bg=ffffff&guid=ON&async=1&gtm=45be4a90za200zb9180781895&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&ref=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&hn=www.googleadservices.com&frm=0&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&npa=0&pscdl=noapi&auid=372054761.1728618860&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfXYT07GUqlgyZni3l9FnrwyIyU4cuGQ&random=3867551985&rmt_tld=0&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.68 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f4.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Fri, 11 Oct 2024 03:54:21 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
/
www.google.com/pagead/1p-user-list/975701947/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/975701947/?random=1728618860696&cv=11&fst=1728615600000&bg=ffffff&guid=ON&async=1&gtm=45be4a90v890809048za200zb9180781895&gcd=13l3l3l3l1l1&dma=0&tag_exp=101533421~101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&ref=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&hn=www.googleadservices.com&frm=0&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&npa=0&pscdl=noapi&auid=372054761.1728618860&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfNj002tXfiUXVRAPovVoVZYjpRPpGCA&random=2526125328&rmt_tld=0&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.68 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f4.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Fri, 11 Oct 2024 03:54:21 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
/
www.google.com/pagead/1p-user-list/11172302925/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/11172302925/?random=1728618860937&cv=11&fst=1728615600000&bg=ffffff&guid=ON&async=1&gtm=45be4a90v9136005172za200zb9180781895&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&ref=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&hn=www.googleadservices.com&frm=0&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&npa=0&pscdl=noapi&auid=372054761.1728618860&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfTPHVGkMM2n57GdCMdSruSOL56q0QODYh6e6qIr450pdRlGVP&random=4086915367&rmt_tld=0&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.68 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f4.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Fri, 11 Oct 2024 03:54:21 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
/
www.google.com/pagead/1p-user-list/658128868/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/658128868/?random=1728618860913&cv=11&fst=1728615600000&bg=ffffff&guid=ON&async=1&gtm=45be4a90v868557816za200zb9180781895&gcd=13l3l3l3l1l1&dma=0&tag_exp=101671035~101686685&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Flogin.php&ref=https%3A%2F%2Fwww.cevik.dev%2Fverify%2Findex.php&hn=www.googleadservices.com&frm=0&tiba=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&npa=0&pscdl=noapi&auid=372054761.1728618860&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfSNscPfO7cTZCafoP84VOPLpdmqm7HLbHDIiiH-6O0TI8wp15&random=3334212694&rmt_tld=0&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.68 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f4.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Fri, 11 Oct 2024 03:54:21 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
CoreModule.js
siteintercept.qualtrics.com/dxjsmodule/ 		102 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=2.15.1&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
Requested by
Host: siteintercept.qualtrics.com
URL: https://siteintercept.qualtrics.com/dxjsmodule/12.8fb54ff2c385347a3180.chunk.js?Q_CLIENTVERSION=2.15.1&Q_CLIENTTYPE=web&Q_BRANDID=www.cevik.dev
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2ddf233b2287a31b45a210e5457693812cddb388f6e194c0c69defe6bfeea64a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"197d6-192303fde28"
age
118099
x-content-type-options
nosniff
date
Fri, 11 Oct 2024 03:54:21 GMT
edge-control
max-age=604800
content-type
application/javascript
last-modified
Thu, 26 Sep 2024 21:32:25 GMT
vary
Accept-Encoding
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=604800, s-maxage=604800
timing-allow-origin
*
referrer-policy
strict-origin-when-cross-origin
content-security-policy-report-only
frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report
cf-ray
8d0be88b1a95bb2c-MXP
permissions-policy
camera=(), geolocation=(), microphone=()
access-control-allow-origin
*
server
cloudflare
7.73c42dd91dd4024bdc8b.chunk.js
siteintercept.qualtrics.com/dxjsmodule/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/7.73c42dd91dd4024bdc8b.chunk.js?Q_CLIENTVERSION=2.15.1&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
Requested by
Host: zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com
URL: https://zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_3VI8kkudS0JJRFc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cd99af0cb9d4c434a60d555702421c7651bd8de2a2eccea1175df7078056572d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"b55-192303fde28"
age
118099
x-content-type-options
nosniff
date
Fri, 11 Oct 2024 03:54:21 GMT
edge-control
max-age=604800
content-type
application/javascript
last-modified
Thu, 26 Sep 2024 21:32:25 GMT
vary
Accept-Encoding
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=604800, s-maxage=604800
timing-allow-origin
*
referrer-policy
strict-origin-when-cross-origin
content-security-policy-report-only
frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report
cf-ray
8d0be88baafabb2c-MXP
permissions-policy
camera=(), geolocation=(), microphone=()
access-control-allow-origin
*
server
cloudflare
1.9be9741a35135c39570b.chunk.js
siteintercept.qualtrics.com/dxjsmodule/ 		29 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/1.9be9741a35135c39570b.chunk.js?Q_CLIENTVERSION=2.15.1&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
Requested by
Host: zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com
URL: https://zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_3VI8kkudS0JJRFc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5d8c684005410ebd09215aae45d44c6ecf19bad869192647a37a9460650806cf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"7421-192303fde28"
age
118098
x-content-type-options
nosniff
date
Fri, 11 Oct 2024 03:54:21 GMT
edge-control
max-age=604800
content-type
application/javascript
last-modified
Thu, 26 Sep 2024 21:32:25 GMT
vary
Accept-Encoding
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=604800, s-maxage=604800
timing-allow-origin
*
referrer-policy
strict-origin-when-cross-origin
content-security-policy-report-only
frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report
cf-ray
8d0be88baafbbb2c-MXP
permissions-policy
camera=(), geolocation=(), microphone=()
access-control-allow-origin
*
server
cloudflare
FeedbackButtonModule.js
siteintercept.qualtrics.com/dxjsmodule/ 		96 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/FeedbackButtonModule.js?Q_CLIENTVERSION=2.15.1&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
Requested by
Host: siteintercept.qualtrics.com
URL: https://siteintercept.qualtrics.com/dxjsmodule/12.8fb54ff2c385347a3180.chunk.js?Q_CLIENTVERSION=2.15.1&Q_CLIENTTYPE=web&Q_BRANDID=www.cevik.dev
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
915709687d064f47b0327189996de17b8367544397a87c4f4a29bae29341fa03
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"180b6-192303fde28"
age
118099
x-content-type-options
nosniff
date
Fri, 11 Oct 2024 03:54:21 GMT
edge-control
max-age=604800
content-type
application/javascript
last-modified
Thu, 26 Sep 2024 21:32:25 GMT
vary
Accept-Encoding
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=604800, s-maxage=604800
timing-allow-origin
*
referrer-policy
strict-origin-when-cross-origin
content-security-policy-report-only
frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report
cf-ray
8d0be88baafcbb2c-MXP
permissions-policy
camera=(), geolocation=(), microphone=()
access-control-allow-origin
*
server
cloudflare
Asset.php
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 		10 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_0AioryRkl8bxHM2&Version=28&Q_ORIGIN=https://www.cevik.dev&Q_CLIENTVERSION=2.15.1&Q_CLIENTTYPE=web&Q_BrandTier=Pn2UP9lWlr&Q_ARCACHEVERSION=21&Q_BRANDDC=iad1
Requested by
Host: siteintercept.qualtrics.com
URL: https://siteintercept.qualtrics.com/dxjsmodule/12.8fb54ff2c385347a3180.chunk.js?Q_CLIENTVERSION=2.15.1&Q_CLIENTTYPE=web&Q_BRANDID=www.cevik.dev
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c36fb550b47afef13cdc8fa2a984f29fb59145ca02cd362d8d98ea6f2d76ad74
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

x-request-id
f5b3ba78-7053-49b6-bc1a-3bbd1530c9c7
x-transaction-id
add8accd-1828-406f-8145-4c69d6f899bd
content-encoding
gzip
cf-cache-status
HIT
etag
W/"282d-gTiBWFb0c5KGWkW3d6wD6iOW4X0"
age
0
x-content-type-options
nosniff
date
Fri, 11 Oct 2024 03:54:21 GMT
edge-control
max-age=604800
content-type
application/json; charset=utf-8
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=604800, s-maxage=604800
referrer-policy
strict-origin-when-cross-origin
content-security-policy-report-only
frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report
cf-ray
8d0be88c7c1dba9d-MXP
permissions-policy
camera=(), geolocation=(), microphone=()
access-control-allow-origin
*
server
cloudflare
Asset.php
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 		2 KB
799 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_6F54YSt4iL0fWT4&Version=1&Q_InterceptID=SI_0AioryRkl8bxHM2&Q_ORIGIN=https://www.cevik.dev&Q_CLIENTVERSION=2.15.1&Q_CLIENTTYPE=web&Q_BrandTier=Pn2UP9lWlr&Q_ARCACHEVERSION=21&Q_BRANDDC=iad1
Requested by
Host: siteintercept.qualtrics.com
URL: https://siteintercept.qualtrics.com/dxjsmodule/12.8fb54ff2c385347a3180.chunk.js?Q_CLIENTVERSION=2.15.1&Q_CLIENTTYPE=web&Q_BRANDID=www.cevik.dev
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fc368d7fa49f320a38741dc571da27b9ccd3afff19423a05b6b92b47fb453d8f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/

Response headers

x-request-id
b764cae0-edd2-4a7d-ba4a-30abfa459717
x-transaction-id
9e2ddd06-052d-4db6-a2d9-5b92509874c2
content-encoding
gzip
cf-cache-status
HIT
etag
W/"777-fEDrx1+g8aMwvQG9BJPt9H1KTqg"
age
0
x-content-type-options
nosniff
date
Fri, 11 Oct 2024 03:54:21 GMT
edge-control
max-age=604800
content-type
application/json; charset=utf-8
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=604800, s-maxage=604800
referrer-policy
strict-origin-when-cross-origin
content-security-policy-report-only
frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report
cf-ray
8d0be88c7c1fba9d-MXP
permissions-policy
camera=(), geolocation=(), microphone=()
access-control-allow-origin
*
server
cloudflare
/
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 		45 B
229 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_Impress=1&Q_CID=CR_6F54YSt4iL0fWT4&Q_SIID=SI_0AioryRkl8bxHM2&Q_ASID=AS_07210024&Q_CLIENTVERSION=2.15.1&Q_CLIENTTYPE=web&r=1728618861578
Requested by
Host: siteintercept.qualtrics.com
URL: https://siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=2.15.1&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f47f21063dfdcbdeffed3d97689b45efae7a52401cd7fc5b8d07c42d2f232ab9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded
Referer
https://www.cevik.dev/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
br
cf-cache-status
DYNAMIC
trace-id
3e7432e344bd44b8
access-control-allow-credentials
true
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
cf-ray
8d0be88cfc6eba9d-MXP
permissions-policy
camera=(), geolocation=(), microphone=()
access-control-allow-origin
https://www.cevik.dev
date
Fri, 11 Oct 2024 03:54:21 GMT
content-type
text/plain; charset=UTF-8
server
cloudflare
content-security-policy-report-only
frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report
favicon.ico
www.cevik.dev/verify/img/ 		9 KB
8 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.cevik.dev/verify/img/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
213.238.183.89 , Turkey, ASN213252 (CENUTA, TR),
Reverse DNS
89.183.238.213.static.cenuta.com
Software
/
Resource Hash
2f6d73a312361b30f573d8f97bf9b345f2316c3d8b40723592b3145e360f8c32

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.cevik.dev/verify/login.php

Response headers

cache-control
public, max-age=604800
content-encoding
br
expires
Fri, 18 Oct 2024 03:54:20 GMT
accept-ranges
bytes
content-length
8181
date
Fri, 11 Oct 2024 03:54:20 GMT
content-type
image/x-icon
last-modified
Wed, 09 Jun 2021 16:09:58 GMT
vary
Accept-Encoding

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
s.amazon-adsystem.com
URL
https://s.amazon-adsystem.com/iu3?pid=c3702eea-109e-48b0-9ef4-c856bdd405e2&event=PageView&dcc=t

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citibank (Banking)

41 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| ensBootstraps object| Bootstrapper function| Visitor object| s_c_il number| s_c_in object| adobe_visitor function| targetPageParams object| adobe object| ___target_traces function| mboxCreate function| mboxDefine function| mboxUpdate object| citiData function| _rfi object| dataLayer function| extend function| RocketfuelBCPInclude function| RocketfuelBCPClass function| RocketfuelUtils object| RocketfuelBCP object| google_tag_manager object| google_tag_data function| gtag object| GooglebQhCsO object| QSI object| WAFQualtricsWebpackJsonP-cloud-2.15.1 object| _qsie

19 Cookies

Domain/Path Name / Value
.cevik.dev/ Name: check
Value: true
.demdex.net/ Name: demdex
Value: 87083073922005263021024912409994560269
.cevik.dev/ Name: AMCVS_61834D9B5228A7430A490D45%40AdobeOrg
Value: 1
.citi.com/ Name: s_ecid
Value: MCMID%7C81767132066500732130547928776542501550
www.cevik.dev/ Name: 7018
Value:
www.cevik.dev/ Name: 7830
Value: error
www.cevik.dev/ Name: 64072
Value:
.dpm.demdex.net/ Name: dpm
Value: 87083073922005263021024912409994560269
.cevik.dev/ Name: AMCV_61834D9B5228A7430A490D45%40AdobeOrg
Value: -330454231%7CMCIDTS%7C20008%7CMCMID%7C81767132066500732130547928776542501550%7CMCAAMLH-1729223658%7C6%7CMCAAMB-1729223658%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1728626058s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-20015%7CvVersion%7C3.1.2
.citicorpcreditservic.tt.omtrdc.net/ Name: citicorpcreditservic!mboxSession
Value: 6f658210b79843558d6532bf6250dca3
.citicorpcreditservic.tt.omtrdc.net/ Name: citicorpcreditservic!mboxPC
Value: 6f658210b79843558d6532bf6250dca3.37_0
.cevik.dev/ Name: mbox
Value: session#6f658210b79843558d6532bf6250dca3#1728620720|PC#6f658210b79843558d6532bf6250dca3.37_0#1791863660
.cevik.dev/ Name: mboxEdgeCluster
Value: 37
.cevik.dev/ Name: _gcl_au
Value: 1.1.372054761.1728618860
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAA_-MSNjU0MTG1sDA1NrQ0NrI0NTAwshTiM9SNcHcqTswoi_CtcvEDAAUrUoElAAAA
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAA_-MSNjU0MTG1sDA1NrQ0NrI0NTAwshTiM9SNcHcqTswoi_CtcvEDAAUrUoElAAAA
.amazon-adsystem.com/ Name: ad-id
Value: A-EqSq6KtEgAudZQ4gKIlCQ
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.doubleclick.net/ Name: IDE
Value: AHWqTUlzReG_JP8FXBSr2yw5mzOja33z9Yf5DXduRowlIK_ZnPHwl0RP1FWf3B9J

1 Console Messages

Source Level URL
Text
network error URL: https://www.cevik.dev/verify/img/Citi-Branding-Sprite.png
Message:
Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

20766699p.rfihub.com
c1.rfihub.net
citi.demdex.net
citicorpcreditservic.tt.omtrdc.net
cm.everesttech.net
dpm.demdex.net
googleads.g.doubleclick.net
metrics1.citi.com
nexus.ensighten.com
s.amazon-adsystem.com
siteintercept.qualtrics.com
sr.rlcdn.com
td.doubleclick.net
www.cevik.dev
www.google.com
www.googletagmanager.com
zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com
s.amazon-adsystem.com
104.17.208.240
142.250.181.226
142.250.185.194
142.250.185.68
143.204.215.39
172.217.16.200
18.203.182.207
18.239.18.30
193.0.160.131
213.238.183.89
35.244.154.8
52.18.168.199
52.210.48.33
63.140.62.27
66.235.152.221
026f9c4daeb0573cefaf931cc1b15e301913c198949d71fe413211215295ad77
036312a37a7faca0e7a16cb56b63e7a3cc0d280b82ddc17247f6171408287fc0
03cc17f2aa27b0da6959fa61583bc6f37d33ec22f8044f183f4f041a02c472da
045cd226594cb32ddf9d4db8ee45611f4d0788675ae50180b68da975e66fe1fe
0ca0baef36b114ff6f75ecd7f3fbd461f5bc25d9dae7b7db7c744a73cd30e8a2
1057037191d4790eb3e231e2c6e7240a2cc3ff275c154641a5e7e380946f509f
13a59cfac1785dd94d0005457ed1e12cf77fee65b975fe6fd91af77b7ac6cd77
143b3dc9d94650fce03e4ba8a20ced784ae2fb896c57b7737c9cfe6f21372d9d
1577ecd3f2733f58232bc529e624ddf3d9129671ee2a293df32424f31348a710
1893007ca7cb8dc906acac1b9aeeaed5695d720b4cbe63fa78bbcc34a8d3c3cf
2ddf233b2287a31b45a210e5457693812cddb388f6e194c0c69defe6bfeea64a
2f6d73a312361b30f573d8f97bf9b345f2316c3d8b40723592b3145e360f8c32
3186c0c0da88e68b23434e0fa35ad3aa1e206102233b663239190b35ea8ee64c
3556b4fa28a41290454dc84939dae439fcf5bda8a1eac70efdf2647bf041d43d
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
42ac00f237ed896c2b22af2be3b746d2496946f79b3bd7c47599450cae935448
48e89b7e40e096b89d864a5c8ee340ce44ca60fe9675310ef2f3f40a53a7d593
4dc6130ac9e0f8e0b692929db9c068f4b503c6ce78338014e135f7cabb8ca1ef
4fd777a5377960c3e03ffd01ec884c569c169ebdf81b53d98e139c7a4657ca86
532bed584fc4f54a77bb2edfd11b1a9d4d1052480e2301c43ffd836ec7be6225
5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837
57103bc25d647144e5613e9e68d5a9132929ef4502108e4eae900139b5455926
58a3a336b2f82198b57e41cb02196249c34bfe440db68ea612b25b8a1ca1e9e4
5d8c684005410ebd09215aae45d44c6ecf19bad869192647a37a9460650806cf
623bf13bfa2056e2152404c0ab90827bc24a14f8bcfae2e94e242ce16268bc86
6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452
70f3cacfaa80a9d270cf98ce26fef532b1004bc471a20611f35bc70cd6d8d899
715b210f3fc4af3b2df9281d24b3eb4d13555cf32d82d295224788163e135cf1
76e9d970755984c3ff283c8bb3425fc818b8dd90465cc1db9010d5b171182508
77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6
79206ccd37edbafc46266406417abb5be984a5d0fb9f38e693d67b6d30cba8bb
7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f
8e9eb22c82e11456b57dfaba55b61c5fb1e1129f34ed6f7703a069ec00b64fd9
915709687d064f47b0327189996de17b8367544397a87c4f4a29bae29341fa03
9a74546a8f511f31b5252f115d2db7aa69370ca5eeaf6828f60abb197f35a169
9e3831a5fa92babfce6045e2d72af71079474cfb25ec7e910e94e04d9d93ccf6
a4c994da911def7253f0d2a00f96ab2f0ce69ef2c3c57720bfb34e112a17c691
a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f
aaf3647c8d2706496993cbd1cdd2771fc7a4facb790390742917bb0541283d0e
ae741a6e8123b9c3cedadb693325a0c0db7cb60d4b82bd01b06d4bec70410143
b8e446605f92c29a178dd6494688103ac268004592afe06643df46f4bff68577
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8
bf39c7a23da56a09d7fba494ab7a46604dc02a19fabfaf8d4c3ab6629aad0692
c304858d1ead0b1f7f47693f0d3d06527618a2b06df01b9b49bcba6b5f036c8f
c36fb550b47afef13cdc8fa2a984f29fb59145ca02cd362d8d98ea6f2d76ad74
c73e69a929ce513e05bba4a3359296cf41064aaff3355d900b971ca39175a935
cd99af0cb9d4c434a60d555702421c7651bd8de2a2eccea1175df7078056572d
e1b476f54423923e3d9dc3b56bf8082b83a5224a3e9a3c6e833bb98e04f79114
e2a675a62cec029adfd5989a31bc78c9aafe231df0a88b0b0e688455be41d18d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef445bc3b72b8ebbcd3dd7a7f97394e37ebcf3bf35f8e8fc615a6f1982dcdfd8
f031bc6e3b93de044a8d2b35364e66b31b29009eb5b7583b88f96b75848c93d6
f15378bf29f9b730b732d0cb3dd9dbdf2b8961debbbcfdf5ba451392a98c686a
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296
f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631
f47f21063dfdcbdeffed3d97689b45efae7a52401cd7fc5b8d07c42d2f232ab9
f94cb7cab7413f3e828c469111e3f9ee7bf21ac163cea343be2cdef866160d40
f94d7f12e3bdb8e4dc6a368dca3616cb6feab780010eccc8ae88fa0b85070cc1
fc368d7fa49f320a38741dc571da27b9ccd3afff19423a05b6b92b47fb453d8f