ardacademy.org Open in urlscan Pro
35.229.76.23 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Submission Tags: @ipnigh
Submission: On March 29 via api (March 29th 2020, 6:29:50 am UTC) from GB

Summary HTTP 233 Redirects Links 25 Behaviour Indicators

Summary

This website contacted 44 IPs in 7 countries across 31 domains to perform 233 HTTP transactions. The main IP is 35.229.76.23, located in United States and belongs to GOOGLE, US. The main domain is ardacademy.org.
TLS certificate: Issued by Let's Encrypt Authority X3 on March 24th 2020. Valid for: 3 months.

This is the only time ardacademy.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citibank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
16	35.229.76.23 35.229.76.23	15169 (GOOGLE) (GOOGLE)
9 34	2a00:1450:400... 2a00:1450:4001:81c::2004	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:819::2008	15169 (GOOGLE) (GOOGLE)
1	151.101.113.175 151.101.113.175	54113 (FASTLY) (FASTLY)
2	23.38.48.101 23.38.48.101	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	143.204.202.119 143.204.202.119	16509 (AMAZON-02) (AMAZON-02)
2	143.204.207.113 143.204.207.113	16509 (AMAZON-02) (AMAZON-02)
1	104.111.245.241 104.111.245.241	16625 (AKAMAI-AS) (AKAMAI-AS)
19	18.195.42.228 18.195.42.228	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:824::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:817::200e	15169 (GOOGLE) (GOOGLE)
3	3.212.137.125 3.212.137.125	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:4001:81d::200e	15169 (GOOGLE) (GOOGLE)
38	104.109.92.187 104.109.92.187	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	104.111.235.198 104.111.235.198	16625 (AKAMAI-AS) (AKAMAI-AS)
2	66.117.29.11 66.117.29.11	15224 (OMNITURE) (OMNITURE)
2	52.129.74.14 52.129.74.14	395492 (IOVATION3) (IOVATION3)
11	91.235.134.21 91.235.134.21	30286 (THM) (THM)
4	151.101.14.133 151.101.14.133	54113 (FASTLY) (FASTLY)
9 28	2a00:1450:400... 2a00:1450:4001:824::2002	15169 (GOOGLE) (GOOGLE)
3	35.190.72.21 35.190.72.21	15169 (GOOGLE) (GOOGLE)
1 1	185.31.128.129 185.31.128.129	54312 (ROCKETFUEL) (ROCKETFUEL)
1	23.67.129.14 23.67.129.14	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 5	52.30.78.155 52.30.78.155	16509 (AMAZON-02) (AMAZON-02)
2 4	2a00:1450:400... 2a00:1450:4001:806::2013	15169 (GOOGLE) (GOOGLE)
2 2	35.177.239.109 35.177.239.109	16509 (AMAZON-02) (AMAZON-02)
1	15.188.105.205 15.188.105.205	16509 (AMAZON-02) (AMAZON-02)
1 1	66.117.28.86 66.117.28.86	15224 (OMNITURE) (OMNITURE)
28	2a00:1450:400... 2a00:1450:4001:815::2003	15169 (GOOGLE) (GOOGLE)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
2	52.208.194.150 52.208.194.150	16509 (AMAZON-02) (AMAZON-02)
1	40.122.110.249 40.122.110.249	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	23.45.237.36 23.45.237.36	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 4	216.58.207.70 216.58.207.70	15169 (GOOGLE) (GOOGLE)
5	66.102.1.154 66.102.1.154	15169 (GOOGLE) (GOOGLE)
2	99.81.228.121 99.81.228.121	16509 (AMAZON-02) (AMAZON-02)
2	193.0.160.129 193.0.160.129	54312 (ROCKETFUEL) (ROCKETFUEL)
2	35.241.45.82 35.241.45.82	15169 (GOOGLE) (GOOGLE)
1	2600:9000:205... 2600:9000:2057:8400:19:fc2c:a140:93a1	16509 (AMAZON-02) (AMAZON-02)
1 1	216.200.122.11 216.200.122.11	6461 (ZAYO-6461) (ZAYO-6461)
2 2	172.217.18.166 172.217.18.166	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	151.101.14.109 151.101.14.109	54113 (FASTLY) (FASTLY)
4	192.193.200.243 192.193.200.243	32287 (SOLANA-CI...) (SOLANA-CITIPLEX)
1	216.58.207.34 216.58.207.34	15169 (GOOGLE) (GOOGLE)
2	91.235.132.130 91.235.132.130	30286 (THM) (THM)
1	91.235.134.131 91.235.134.131	30286 (THM) (THM)
233	44

16 35.229.76.23 (United States)

ASN15169 (GOOGLE, US)
PTR: 23.76.229.35.bc.googleusercontent.com

ardacademy.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

34 2a00:1450:4001:81c::2004 (Frankfurt am Main, Germany) 9 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:819::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.113.175 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

nebula-cdn.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.38.48.101 (Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-38-48-101.deploy.static.akamaitechnologies.com

c1.rfihub.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 143.204.202.119 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-202-119.fra53.r.cloudfront.net

cdn.pbbl.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.207.113 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-207-113.fra53.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.245.241 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-245-241.deploy.static.akamaitechnologies.com

tags.bkrtx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 18.195.42.228 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com

nexus.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:824::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:817::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.212.137.125 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-212-137-125.compute-1.amazonaws.com

cyseal.cyveillance.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81d::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cse.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

38 104.109.92.187 (Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a104-109-92-187.deploy.static.akamaitechnologies.com

online.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.235.198 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-235-198.deploy.static.akamaitechnologies.com

cdn.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 66.117.29.11 (United States)

ASN15224 (OMNITURE, US)

citicorpcreditservic.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.129.74.14 (United States)

ASN395492 (IOVATION3, US)
PTR: mpsnare.iesnare.com

mpsnare.iesnare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 91.235.134.21 (Netherlands)

ASN30286 (THM, US)

content22.online.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.101.14.133 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

resources.digital-cloud-citi.medallia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

28 2a00:1450:4001:824::2002 (Frankfurt am Main, Germany) 9 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.190.72.21 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 21.72.190.35.bc.googleusercontent.com

di.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sr.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.31.128.129 (Netherlands) 1 redirects

ASN54312 (ROCKETFUEL, US)

s.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.67.129.14 (Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-67-129-14.deploy.static.akamaitechnologies.com

www.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.30.78.155 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-78-155.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:806::2013 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

px0.pbbl.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.177.239.109 (London, United Kingdom) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-177-239-109.eu-west-2.compute.amazonaws.com

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.188.105.205 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-188-105-205.eu-west-3.compute.amazonaws.com

metrics1.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.117.28.86 (United States) 1 redirects

ASN15224 (OMNITURE, US)

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

28 2a00:1450:4001:815::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

api.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.208.194.150 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-208-194-150.eu-west-1.compute.amazonaws.com

citi.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 40.122.110.249 (Des Moines, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

cfr.us.v2.we-stats.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.45.237.36 (United States)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-45-237-36.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 216.58.207.70 (Mountain View, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s25-in-f6.1e100.net

6260004.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 66.102.1.154 (United States)

ASN15169 (GOOGLE, US)
PTR: wb-in-f154.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 99.81.228.121 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-99-81-228-121.eu-west-1.compute.amazonaws.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 193.0.160.129 (Netherlands)

ASN54312 (ROCKETFUEL, US)

a.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
20766699p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.241.45.82 (Ascension Island)

ASN15169 (GOOGLE, US)
PTR: 82.45.241.35.bc.googleusercontent.com

udc-neb.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:8400:19:fc2c:a140:93a1 (United States)

ASN16509 (AMAZON-02, US)

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.200.122.11 (United States) 1 redirects

ASN6461 (ZAYO-6461, US)
PTR: 216.200.122.11.IPYX-141870-ZYO.zip.zayo.com

gwmtracking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.18.166 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s29-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f12d:83:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.14.109 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

pt.ispot.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 192.193.200.243 (United States)

ASN32287 (SOLANA-CITIPLEX, US)

prod.report.nacustomerexperience.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.207.34 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: fra16s24-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 91.235.132.130 (Netherlands)

ASN30286 (THM, US)
PTR: h.online-metrix.net

h.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.235.134.131 (Netherlands)

ASN30286 (THM, US)

89oebq5k6e5aknuqnxl5yc3ng5orx6szfks7ezmd262a5b284af0ef00am1.e.aa.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
55	citi.com online.citi.com content22.online.citi.com www.citi.com metrics1.citi.com prod.report.nacustomerexperience.citi.com	1 MB
39	doubleclick.net 13 redirects googleads.g.doubleclick.net 6260004.fls.doubleclick.net bid.g.doubleclick.net ad.doubleclick.net	28 KB
36	google.com 9 redirects www.google.com cse.google.com adservice.google.com	211 KB
28	google.de www.google.de	3 KB
19	ensighten.com nexus.ensighten.com	260 KB
16	ardacademy.org ardacademy.org	99 KB
8	pbbl.co 2 redirects cdn.pbbl.co px0.pbbl.co	19 KB
7	demdex.net 1 redirects dpm.demdex.net citi.demdex.net	4 KB
7	googletagmanager.com www.googletagmanager.com	196 KB
4	rlcdn.com di.rlcdn.com api.rlcdn.com sr.rlcdn.com	62 B
4	medallia.com resources.digital-cloud-citi.medallia.com	116 KB
4	adsrvr.org js.adsrvr.org insight.adsrvr.org	9 KB
3	online-metrix.net h.online-metrix.net 89oebq5k6e5aknuqnxl5yc3ng5orx6szfks7ezmd262a5b284af0ef00am1.e.aa.online-metrix.net	825 B
3	agkn.com 2 redirects aa.agkn.com d.agkn.com	1 KB
3	rfihub.com 1 redirects s.rfihub.com a.rfihub.com 20766699p.rfihub.com	1 KB
3	omtrdc.net cdn.tt.omtrdc.net citicorpcreditservic.tt.omtrdc.net	16 KB
3	cyveillance.com cyseal.cyveillance.com	1 KB
3	kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com	6 KB
2	bluekai.com stags.bluekai.com
2	iesnare.com mpsnare.iesnare.com	14 KB
2	ytimg.com s.ytimg.com	27 KB
2	rfihub.net c1.rfihub.net	13 KB
1	googleadservices.com www.googleadservices.com	10 KB
1	ispot.tv pt.ispot.tv	313 B
1	facebook.com www.facebook.com	249 B
1	gwmtracking.com 1 redirects gwmtracking.com	387 B
1	we-stats.com cfr.us.v2.we-stats.com	375 B
1	everesttech.net 1 redirects cm.everesttech.net	554 B
1	youtube.com www.youtube.com	923 B
1	bkrtx.com tags.bkrtx.com	11 KB
0	Failed function sub() { [native code] }. Failed
233	31

	Domain	Requested by
38	online.citi.com	ardacademy.org online.citi.com
34	www.google.com	9 redirects ardacademy.org cse.google.com
28	www.google.de	ardacademy.org
28	googleads.g.doubleclick.net	9 redirects ardacademy.org www.googleadservices.com
19	nexus.ensighten.com	ardacademy.org nexus.ensighten.com
16	ardacademy.org	ardacademy.org
11	content22.online.citi.com	ardacademy.org content22.online.citi.com
7	www.googletagmanager.com	ardacademy.org nexus.ensighten.com
5	bid.g.doubleclick.net	ardacademy.org
5	dpm.demdex.net	1 redirects ardacademy.org
4	prod.report.nacustomerexperience.citi.com	ardacademy.org
4	6260004.fls.doubleclick.net	2 redirects ardacademy.org www.googletagmanager.com
4	px0.pbbl.co	2 redirects ardacademy.org
4	resources.digital-cloud-citi.medallia.com	ardacademy.org resources.digital-cloud-citi.medallia.com
4	cdn.pbbl.co	ardacademy.org nexus.ensighten.com cdn.pbbl.co
3	cyseal.cyveillance.com	ardacademy.org cyseal.cyveillance.com
2	h.online-metrix.net	content22.online.citi.com
2	ad.doubleclick.net	2 redirects
2	udc-neb.kampyle.com	ardacademy.org
2	insight.adsrvr.org	ardacademy.org js.adsrvr.org
2	stags.bluekai.com	ardacademy.org tags.bkrtx.com
2	sr.rlcdn.com	ardacademy.org nexus.ensighten.com
2	citi.demdex.net	nexus.ensighten.com ardacademy.org
2	aa.agkn.com	2 redirects
2	mpsnare.iesnare.com	ardacademy.org online.citi.com
2	citicorpcreditservic.tt.omtrdc.net	ardacademy.org nexus.ensighten.com
2	s.ytimg.com	ardacademy.org www.youtube.com
2	js.adsrvr.org	ardacademy.org nexus.ensighten.com
2	c1.rfihub.net	ardacademy.org nexus.ensighten.com
1	89oebq5k6e5aknuqnxl5yc3ng5orx6szfks7ezmd262a5b284af0ef00am1.e.aa.online-metrix.net
1	www.googleadservices.com	www.googletagmanager.com
1	pt.ispot.tv
1	www.facebook.com
1	adservice.google.com
1	gwmtracking.com	1 redirects
1	d.agkn.com
1	20766699p.rfihub.com	c1.rfihub.net
1	a.rfihub.com	c1.rfihub.net
1	cfr.us.v2.we-stats.com	ardacademy.org
1	api.rlcdn.com	ardacademy.org
1	cm.everesttech.net	1 redirects
1	metrics1.citi.com	ardacademy.org
1	www.citi.com	ardacademy.org
1	s.rfihub.com	1 redirects
1	di.rlcdn.com	ardacademy.org
1	cdn.tt.omtrdc.net	ardacademy.org
1	cse.google.com	ardacademy.org
1	www.youtube.com	ardacademy.org
1	tags.bkrtx.com	ardacademy.org
1	nebula-cdn.kampyle.com	ardacademy.org
0	0d22d313-900b-4c1e-b14c-8f366968c366 Failed	ardacademy.org
233	51

This site contains links to these domains. Also see Links.

Domain
www.citi.com
www.citicards.com
banking.citi.com
online.citi.com
www.lifeandmoney.citi.com
www.citigroup.com
www.facebook.com
www.twitter.com
www.youtube.com
jobs.citi.com
citieasydeals.com
www.citiprivatepass.com
www.privatebank.citibank.com
itunes.apple.com
play.google.com
www.ipbus.citi.com
www.jdpower.com

Subject Issuer	Validity	Valid
ardacademy.org Let's Encrypt Authority X3	`2020-03-24` - `2020-06-22`	3 months	crt.sh
www.google.com GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
j.ssl.fastly.net GlobalSign Organization Validation CA - SHA256 - G2	`2020-02-28` - `2020-06-11`	3 months	crt.sh
*.rfihub.net DigiCert SHA2 Secure Server CA	`2019-01-25` - `2020-04-25`	a year	crt.sh
*.pbbl.co Amazon	`2020-01-01` - `2021-02-01`	a year	crt.sh
*.adsrvr.org Trustwave Organization Validation SHA256 CA, Level 1	`2019-03-07` - `2021-04-19`	2 years	crt.sh
*.bkrtx.com DigiCert SHA2 Secure Server CA	`2020-02-28` - `2021-05-29`	a year	crt.sh
nexus.ensighten.com DigiCert SHA2 Secure Server CA	`2019-10-03` - `2020-10-02`	a year	crt.sh
*.google.com GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
cyseal.cyveillance.com Amazon	`2020-01-05` - `2021-02-05`	a year	crt.sh
online.citibank.com DigiCert SHA2 Extended Validation Server CA	`2018-03-14` - `2020-05-14`	2 years	crt.sh
*.tt.omtrdc.net DigiCert SHA2 High Assurance Server CA	`2017-10-26` - `2020-11-25`	3 years	crt.sh
mpsnare.iesnare.com DigiCert SHA2 High Assurance Server CA	`2019-04-24` - `2020-05-26`	a year	crt.sh
content22.online.citi.com DigiCert SHA2 Extended Validation Server CA	`2018-08-06` - `2020-08-06`	2 years	crt.sh
*.digital-cloud-citi.medallia.com SSL.com DV CA	`2018-11-13` - `2020-11-12`	2 years	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2019-04-24` - `2020-04-23`	a year	crt.sh
www.citi.com DigiCert SHA2 Extended Validation Server CA	`2019-10-17` - `2022-01-01`	2 years	crt.sh
*.demdex.net DigiCert SHA2 High Assurance Server CA	`2018-01-09` - `2021-02-12`	3 years	crt.sh
px0.pbbl.co GTS CA 1D2	`2020-02-29` - `2020-05-29`	3 months	crt.sh
metrics1.citi.com DigiCert SHA2 Extended Validation Server CA	`2018-08-31` - `2020-08-30`	2 years	crt.sh
www.google.de GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
*.us.v2.we-stats.com COMODO RSA Domain Validation Secure Server CA	`2018-10-11` - `2020-10-10`	2 years	crt.sh
odc-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2020-01-10` - `2021-04-10`	a year	crt.sh
*.doubleclick.net GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
*.rfihub.com DigiCert SHA2 Secure Server CA	`2019-08-27` - `2020-08-31`	a year	crt.sh
*.kampyle.com RapidSSL RSA CA 2018	`2020-02-11` - `2022-03-06`	2 years	crt.sh
*.agkn.com RapidSSL RSA CA 2018	`2018-06-21` - `2020-09-16`	2 years	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-03-01` - `2020-05-30`	3 months	crt.sh
f3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2019-05-29` - `2020-04-23`	a year	crt.sh
prod.report.nacustomerexperience.citi.com DigiCert Global CA G2	`2018-07-05` - `2020-07-04`	2 years	crt.sh
www.googleadservices.com GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
h.online-metrix.net Trustwave Organization Validation SHA256 CA, Level 1	`2020-02-20` - `2021-02-19`	a year	crt.sh
*.e.aa.online-metrix.net Go Daddy Secure Certificate Authority - G2	`2019-09-13` - `2021-09-13`	2 years	crt.sh

This page contains 23 frames:

Primary Page: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Frame ID: D7509720E11BC4A5B1408E0B3B3C34E8
Requests: 202 HTTP requests in this frame

Frame: https://citi.demdex.net/dest5.html?d_nsid=0
Frame ID: E26AC74B07C645B883674B7A3306F1B8
Requests: 1 HTTP requests in this frame

Frame: https://citi.demdex.net/dest5.html?d_nsid=0
Frame ID: E07789FA294ACFF459B128D43A2F2551
Requests: 1 HTTP requests in this frame

Frame: https://sr.rlcdn.com/425466.html?es=80676&u=cc87838e4caaadeb999f06d0f97757adab8948ed
Frame ID: FCA91D98FD7B84C87763E020CCACE42F
Requests: 1 HTTP requests in this frame

Frame: https://stags.bluekai.com/site/63068?ret=html&phint=language%3Denglish&phint=product%3D&phint=event&phint=category%3Dpre-login%20Sign%20on%20page&phint=page%3DCookied%20Username%20Password&phint=section1%3DPublic&phint=section2%3DSignOn&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DOnline%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&phint=__bk_k%3Dbanking%2C%20citi%2C%20financial%20services%2C%20checking%20account%2C%20savings%20account%2C%20credit%20cards&phint=__bk_l%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&phint=__bk_v%3D3.1.4&limit=10&r=50577286
Frame ID: AE64212F1414B22E3C27504E9BBA04DA
Requests: 1 HTTP requests in this frame

Frame: https://cdn.pbbl.co/i/pp.html
Frame ID: 1288B95C61F43C27DDB9FA9B2DC5BC61
Requests: 1 HTTP requests in this frame

Frame: https://6260004.fls.doubleclick.net/activityi;dc_pre=CK-G_6iHv-gCFRC63godBRgBXA;src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=74583402463.05983;gtm=2od3i0;auiddc=505230407.1578884161;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do
Frame ID: 0D9664C8E3DFB4ECAD074A13A9FD89FD
Requests: 1 HTTP requests in this frame

Frame: https://bid.g.doubleclick.net/xbbe/pixel?d=KAE
Frame ID: CC8D795A8608E84DE92F01BF58619DD4
Requests: 1 HTTP requests in this frame

Frame: https://bid.g.doubleclick.net/xbbe/pixel?d=KAE
Frame ID: BB78EF460FE0FCDC73FFC02E824F5036
Requests: 1 HTTP requests in this frame

Frame: https://bid.g.doubleclick.net/xbbe/pixel?d=KAE
Frame ID: BA5468C3EC746BE8C7306B1E53E3B51C
Requests: 1 HTTP requests in this frame

Frame: https://bid.g.doubleclick.net/xbbe/pixel?d=KAE
Frame ID: 61E2D25250FFAAC587DC771979ABE588
Requests: 1 HTTP requests in this frame

Frame: https://bid.g.doubleclick.net/xbbe/pixel?d=KAE
Frame ID: 6CB2D11FFC4F0E94586B9A570E96D24F
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=1jw5cvl&ref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&upid=t1sl5ty&upv=1.1.0&orderid={orderid}&v={v}&vf={vf}&td1=jUSCBOL_Loginpage_Cookied&td2=undefined&td3=undefined&td4=Cookied%20Username%20Password&td5=https://online.citi.com/US/login.do&td6={td6}&td7={td7}&td8={td8}&td9={td9}&td10={td10}
Frame ID: 8D89222B0FBA8E8DF589944503AE0097
Requests: 1 HTTP requests in this frame

Frame: https://20766699p.rfihub.com/ca.html?rfiidc=1040683384972661705&rfiaid=79712e51b6f24225921ccccb3e1afcbe&ver=9&ra=390&rb=648&ca=20766699&_o=17169175&_t=cookiedusernamepassword&ssv_cuuid=&ssv_pagename=cookiedusernamepassword&pe=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&pf=&ra=30145205170759515
Frame ID: 9F50E82FAF6E52F18645A8D3CDE0619D
Requests: 1 HTTP requests in this frame

Frame: https://6260004.fls.doubleclick.net/activityi;dc_pre=CM6zlamHv-gCFRcI4Aodo80OTw;src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=4108207491547.7993;gtm=2od3i0;auiddc=897128195.1585463373;~oref=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd
Frame ID: 136953ECD822E4F2FC2EDA34405660A9
Requests: 1 HTTP requests in this frame

Frame: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Frame ID: B776B432088A579166D78385F784BC5B
Requests: 1 HTTP requests in this frame

Frame: https://content22.online.citi.com/fp/check.js;CIS3SID=F94468767BB82824F8B49132D3726D07?org_id=89oebq5k&session_id=9646094ba7b58acb03dad3f75e50dcf29574f85b76dd9ada42ddaf7cafc1207c&nonce=262a5b284af0ef00&pageid=1&jb=3b3526246a7b6f773d4e6b6e7d782468736d3d4c696c777a266a73623d416a70676d672530383736
Frame ID: B702DF7E36833F03DE458837BD679F2D
Requests: 10 HTTP requests in this frame

Frame: https://stags.bluekai.com/site/63068?ret=html&phint=language%3Denglish&phint=product%3D&phint=event&phint=category%3Dpre-login%20Sign%20on%20page&phint=page%3DCookied%20Username%20Password&phint=section1%3DPublic&phint=section2%3DSignOn&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DOnline%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&phint=__bk_k%3Dbanking%2C%20citi%2C%20financial%20services%2C%20checking%20account%2C%20savings%20account%2C%20credit%20cards&phint=__bk_l%3Dhttps%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&phint=__bk_v%3D3.1.4&limit=10&r=85110072
Frame ID: FE70B5EB9F6F1BCE2B27F4816B6B4823
Requests: 1 HTTP requests in this frame

Frame: https://cdn.pbbl.co/i/pp.html
Frame ID: 32D0A4A4E4084BE9815F3C6BC0A68E74
Requests: 1 HTTP requests in this frame

Frame: https://content22.online.citi.com/fp/ls_fp.html;CIS3SID=F94468767BB82824F8B49132D3726D07?org_id=89oebq5k&session_id=9646094ba7b58acb03dad3f75e50dcf29574f85b76dd9ada42ddaf7cafc1207c&nonce=262a5b284af0ef00&pageid=1
Frame ID: C289F3079AECF5B8B8A0762DF98E9776
Requests: 1 HTTP requests in this frame

Frame: https://h.online-metrix.net/fp/sid_fp.html;CIS3SID=F94468767BB82824F8B49132D3726D07?org_id=89oebq5k&session_id=9646094ba7b58acb03dad3f75e50dcf29574f85b76dd9ada42ddaf7cafc1207c&nonce=262a5b284af0ef00&pageid=1
Frame ID: B544C69E2952958DA22000F92712F7F5
Requests: 1 HTTP requests in this frame

Frame: https://content22.online.citi.com/fp/top_fp.html;CIS3SID=F94468767BB82824F8B49132D3726D07?org_id=89oebq5k&session_id=9646094ba7b58acb03dad3f75e50dcf29574f85b76dd9ada42ddaf7cafc1207c&nonce=262a5b284af0ef00&pageid=1
Frame ID: C85DD915C2BABE185C9085D7134FAB4C
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=1jw5cvl&ref=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&upid=t1sl5ty&upv=1.1.0&orderid={orderid}&v={v}&vf={vf}&td1=jUSCBOL_Loginpage_Cookied&td2=undefined&td3=undefined&td4=Cookied%20Username%20Password&td5=https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd&td6={td6}&td7={td7}&td8={td8}&td9={td9}&td10={td10}
Frame ID: B27E7D01CBC86D7495E10E411B646532
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Ensighten (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

script /\/\/nexus\.ensighten\.com\//i

Page Statistics

233
Requests

99 %
HTTPS

23 %
IPv6

31
Domains

51
Subdomains

44
IPs

7
Countries

2475 kB
Transfer

6656 kB
Size

4
Cookies

25 Outgoing links

These are links going to different origins than the main page.

URL: https://www.citi.com/credit-cards/compare-credit-cards/citi.action?ID=view-all-credit-cards
Title: View All Credit Cards

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare-credit-cards/citi.action?ID=low-interest-credit-card
Title: 0% Intro APR Credit Cards

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare-credit-cards/citi.action?ID=balance-transfer-credit-cards
Title: Balance Transfer Credit Cards

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare-credit-cards/citi.action?ID=reward-credit-cards
Title: Rewards Credit Cards

Search URL Search Domain Scan URL

URL: https://www.citicards.com/cards/credit/application/flow.action?isInvitation=N&OC=CC-CITI-3D5
Title: See If You're Pre-Qualified

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare-credit-cards/citi.action?ID=all-small-business-credit-cards&m=f
Title: Small Business Credit Cards

Search URL Search Domain Scan URL

URL: https://banking.citi.com/cbol/savings/high-yield-savings/default.htm?channel=onsite&promo_ID=4CEWQH4ZENCHPC&intc=1~1~52~6~BANR~2~HYS_SaveOOBTA_Dont~XPX
Title: Get Details

Search URL Search Domain Scan URL

URL: https://banking.citi.com/cbol/checking-700/default.htm?Promo_ID=4FWVDEFPBWCHP7&intc=1~1~52~6~BANR~2~CheckQ419_700SA~HP
Title: Earn $700 with Citi Priority

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/credit-card-details/citi.action?ID=citi-rewards-plus-credit-card&afc=106
Title: The Citi Rewards+SM Card

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare-credit-cards/citi.action?ID=view-all-credit-cards&afc=105&intc=1~1~52~6~BANR~1~mpc_Default_citicomREDPE_aug2016
Title: Choose the Right Citi® Credit Card for You

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=what-is-a-savings-account&intc=1~1~52~6~BANR~2~Save_Hub1~HP

Search URL Search Domain Scan URL

URL: https://www.lifeandmoney.citi.com/culture/sports/noah-syndergaard-on-long-term-financial-wellness

Search URL Search Domain Scan URL

URL: https://www.citigroup.com/citi/progress-maker-stories/#CITI-WELCOME

Search URL Search Domain Scan URL

URL: https://www.facebook.com/citi
Title:

Search URL Search Domain Scan URL

URL: https://www.twitter.com/citi
Title:

Search URL Search Domain Scan URL

URL: https://www.youtube.com/citi
Title:

Search URL Search Domain Scan URL

URL: http://www.citigroup.com/citi/
Title: Our Story

Search URL Search Domain Scan URL

URL: https://jobs.citi.com/
Title: Careers

Search URL Search Domain Scan URL

URL: https://citieasydeals.com/
Title: Citi Easy DealsSM

Search URL Search Domain Scan URL

URL: http://www.citiprivatepass.com/
Title: Citi EntertainmentSM

Search URL Search Domain Scan URL

URL: https://www.privatebank.citibank.com/
Title: Citi Private Bank

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/app/citi-mobile-sm/id301724680?mt=8
Title:

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.citi.citimobile
Title:

Search URL Search Domain Scan URL

URL: https://www.ipbus.citi.com/
Title: International Personal Bank U.S.

Search URL Search Domain Scan URL

URL: http://www.jdpower.com/awards
Title: jdpower.com/awards

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 90

https://s.rfihub.com/uidm?_o=17169175&_u=18d2cc3c-4653-4936-a204-8147a1c1bd20&_sm=:R22534S@A3RIZZC24944S@A3RIZZC2232L2@A3RIZZS2233L2@A3RIZZS28259S1@A3RIZZS28266S1@A3RIZZS28267S1@A3RIZZS28227S1@A3RIZZS49119S@A3RIZZC47010S1@A3RIZZS48781S1@A3RIZZS38573S1@A3RIZZS&redirect=32 HTTP 302
https://www.citi.com/credit-cards/rfuidmatch/citi.action?XP_UID=SY-00DnFABlzyU8k=566

Request Chain 94

https://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1585463371204 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1585463371204

Request Chain 95

https://px0.pbbl.co/ns/__p2.gif?ppid=&chk=true&brid=&brcid=&email=&orderId=&orderValue=&productId=&offerCode=&label=&pageUrl=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&referrerUrl=&targetUrl=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&sessionId=&markerType=seg&rand=x9zlDmWZCIJ6RIhz&iabOptOut=-&jsVer=3.2.1&frVer=&markerId=348192 HTTP 302
https://aa.agkn.com/adscores/g.pixel?sid=9212282598&_ppid=6839300e-99ee-4a46-8dee-f70229aed582&_segid=99&iid=5ab97ac5-83ec-46f4-86e6-0f45ca8a58cf HTTP 302
https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=6839300e-99ee-4a46-8dee-f70229aed582&_segid=99&_zip=&hk=&iid=5ab97ac5-83ec-46f4-86e6-0f45ca8a58cf&mt=&bd=

Request Chain 99

https://cm.everesttech.net/cm/dd?d_uuid=16923313425522552951636859846844350684 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=XoBASwAAAtFG4FL0

Request Chain 157

https://6260004.fls.doubleclick.net/activityi;src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=74583402463.05983;gtm=2od3i0;auiddc=505230407.1578884161;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do HTTP 302
https://6260004.fls.doubleclick.net/activityi;dc_pre=CK-G_6iHv-gCFRC63godBRgBXA;src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=74583402463.05983;gtm=2od3i0;auiddc=505230407.1578884161;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do

Request Chain 173

https://6260004.fls.doubleclick.net/activityi;src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=4108207491547.7993;gtm=2od3i0;auiddc=897128195.1585463373;~oref=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd HTTP 302
https://6260004.fls.doubleclick.net/activityi;dc_pre=CM6zlamHv-gCFRcI4Aodo80OTw;src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=4108207491547.7993;gtm=2od3i0;auiddc=897128195.1585463373;~oref=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd

Request Chain 177

https://gwmtracking.com/p/v/1/5c54c477f870814b6fd57129/format/img HTTP 302
https://ad.doubleclick.net/ddm/activity/src=8825552;type=invmedia;cat=citio0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1 HTTP 302
https://ad.doubleclick.net/ddm/activity/src=8825552;dc_pre=CKrgx6mHv-gCFYYaGwodU_ALlQ;type=invmedia;cat=citio0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1 HTTP 302
https://adservice.google.com/ddm/fls/z/src=8825552;dc_pre=CKrgx6mHv-gCFYYaGwodU_ALlQ;type=invmedia;cat=citio0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1

Request Chain 202

https://px0.pbbl.co/ns/__p2.gif?ppid=3705963a-edda-428f-bcdf-640fbb1c7ed9&chk=false&brid=1560&brcid=&email=&orderId=&orderValue=&productId=&offerCode=&label=&pageUrl=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&referrerUrl=&targetUrl=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&sessionId=&markerType=seg&rand=0sDqbHf8b3IWSath&iabOptOut=-&jsVer=3.2.1&frVer=1.1&markerId=348192 HTTP 302
https://aa.agkn.com/adscores/g.pixel?sid=9212282598&_ppid=3705963a-edda-428f-bcdf-640fbb1c7ed9&_segid=99&iid=cbb91812-3f1c-44f0-b0aa-7a3249d34c60 HTTP 302
https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=3705963a-edda-428f-bcdf-640fbb1c7ed9&_segid=99&_zip=&hk=&iid=cbb91812-3f1c-44f0-b0aa-7a3249d34c60&mt=&bd=

Request Chain 208

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1585463373308&cv=9&fst=1585463373308&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.googleadservices.com&async=1 HTTP 302
https://www.google.com/pagead/1p-user-list/975701947/?random=1585463373308&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=633677421&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-user-list/975701947/?random=1585463373308&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=633677421&resp=GooglemKTybQhCsO&ipr=y

Request Chain 209

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/770961656/?random=1585463373308&cv=9&fst=1585463373308&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.googleadservices.com&async=1 HTTP 302
https://www.google.com/pagead/1p-user-list/770961656/?random=1585463373308&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=3471715082&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-user-list/770961656/?random=1585463373308&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=3471715082&resp=GooglemKTybQhCsO&ipr=y

Request Chain 210

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1585463373308&cv=9&fst=1585463373308&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.googleadservices.com&async=1 HTTP 302
https://www.google.com/pagead/1p-user-list/819500023/?random=1585463373308&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=2055965720&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-user-list/819500023/?random=1585463373308&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=2055965720&resp=GooglemKTybQhCsO&ipr=y

Request Chain 211

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1585463373309&cv=9&fst=1585463373309&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.googleadservices.com&async=1 HTTP 302
https://www.google.com/pagead/1p-user-list/959299794/?random=1585463373309&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=3085419294&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-user-list/959299794/?random=1585463373309&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=3085419294&resp=GooglemKTybQhCsO&ipr=y

Request Chain 212

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1585463373309&cv=9&fst=1585463373309&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.googleadservices.com&async=1 HTTP 302
https://www.google.com/pagead/1p-user-list/960621875/?random=1585463373309&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=3653759252&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-user-list/960621875/?random=1585463373309&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=3653759252&resp=GooglemKTybQhCsO&ipr=y

Request Chain 213

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1585463373309&cv=9&fst=1585463373309&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.googleadservices.com&async=1 HTTP 302
https://www.google.com/pagead/1p-user-list/916451471/?random=1585463373309&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=1839035524&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-user-list/916451471/?random=1585463373309&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=1839035524&resp=GooglemKTybQhCsO&ipr=y

Request Chain 214

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1585463373309&cv=9&fst=1585463373309&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.googleadservices.com&async=1 HTTP 302
https://www.google.com/pagead/1p-user-list/975701947/?random=1585463373309&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=3109698758&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-user-list/975701947/?random=1585463373309&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=3109698758&resp=GooglemKTybQhCsO&ipr=y

Request Chain 215

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/770961656/?random=1585463373309&cv=9&fst=1585463373309&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.googleadservices.com&async=1 HTTP 302
https://www.google.com/pagead/1p-user-list/770961656/?random=1585463373309&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=1192186114&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-user-list/770961656/?random=1585463373309&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=1192186114&resp=GooglemKTybQhCsO&ipr=y

Request Chain 216

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/763960929/?random=1585463373310&cv=9&fst=1585463373310&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.googleadservices.com&async=1 HTTP 302
https://www.google.com/pagead/1p-user-list/763960929/?random=1585463373310&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=2237774098&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-user-list/763960929/?random=1585463373310&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=2237774098&resp=GooglemKTybQhCsO&ipr=y

233 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
ardacademy.org/wp-content/cc/ 347 KB
99 KB 384ms
144ms Document
text/html 35.229.76.23
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.229.76.23 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 23.76.229.35.bc.googleusercontent.com
Software: nginx / WP Engine
Resource Hash: 693b9b91798b4fdd281d3c029cb17eb5f3f24e2735aba88f35696e5197a52be2

Request headers

:method: GET
:authority: ardacademy.org
:scheme: https
:path: /wp-content/cc/?eml=jashye@mail.nasd
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: document
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: document

Response headers

status: 200
server: nginx
date: Sun, 29 Mar 2020 06:29:30 GMT
content-type: text/html
vary: Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
last-modified: Thu, 26 Mar 2020 19:17:30 GMT
x-powered-by: WP Engine
x-cacheable: SHORT
cache-control: max-age=600, must-revalidate
etag: W/"56c88-5a1c6d60b735c-gzip"
x-cache: HIT: 2
x-cache-group: normal
content-encoding: br

GET
H2 200 conversion_async.js Show response
www.google.com/pagead/ 26 KB
10 KB 19ms
15ms Script
text/javascript 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/pagead/conversion_async.js

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

67e8a59dc958df2f9736da74581bbd147eb9613554faa4403c0b6bd3b44f411c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sun, 29 Mar 2020 06:29:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 9981
x-xss-protection: 0
server: cafe
etag: 155591084425688047
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 29 Mar 2020 06:29:30 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 75 KB
28 KB 23ms
20ms Script
application/javascript 2a00:1450:4001:819::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6256710

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

eca1d20a663a7e242fa10ee2c58c742eb6292c898df29e16734ac7d0df29f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sun, 29 Mar 2020 06:29:30 GMT
content-encoding: br
status: 200
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 28637
x-xss-protection: 0
last-modified: Sun, 29 Mar 2020 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://www.googletagmanager.com
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 29 Mar 2020 06:29:30 GMT

GET
H2 200 cool-2.1.15.min.js Show response
nebula-cdn.kampyle.com/resources/onsite/js/ 14 KB
5 KB 77ms
20ms Script
application/javascript 151.101.113.175
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.175 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sun, 29 Mar 2020 06:29:30 GMT
content-encoding: gzip
age: 0
via: 1.1 varnish, 1.1 varnish
x-cache: MISS, HIT
status: 200
content-length: 5197
x-amz-request-id: 9951A5F978E3F1C8
x-amz-id-2: XqVaKHOURU7MwBcpCCMUctvOEFoT/DWescBxrAjf4sZMYSxmxYYg9yZGPXef3JTIqggebmjHsaM=
x-served-by: cache-iad2139-IAD, cache-hhn4022-HHN
last-modified: Tue, 17 Mar 2020 11:10:17 GMT
server: AmazonS3
x-timer: S1585463371.869980,VS0,VE0
etag: "80dd5e3be5152c5c72d552c6a26ef6ff"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-hits: 0, 306605

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 75 KB
28 KB 21ms
18ms Script
application/javascript 2a00:1450:4001:819::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6269322

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b2fc35bcf7ad38c6cbc6d170cc5bf15a688ba76d282272c3f0af4c6b31eb0631

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sun, 29 Mar 2020 06:29:30 GMT
content-encoding: br
status: 200
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 28637
x-xss-protection: 0
last-modified: Sun, 29 Mar 2020 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://www.googletagmanager.com
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 29 Mar 2020 06:29:30 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 75 KB
28 KB 30ms
28ms Script
application/javascript 2a00:1450:4001:819::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6260004

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ca7048dd1a1d15f42c04c8f3db2d3bcffc6c7eb1be4506ca9fe2651b07766641

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sun, 29 Mar 2020 06:29:30 GMT
content-encoding: br
status: 200
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 28637
x-xss-protection: 0
last-modified: Sun, 29 Mar 2020 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://www.googletagmanager.com
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 29 Mar 2020 06:29:30 GMT

GET
H/1.1 200
OK tc.min.js Show response
c1.rfihub.net/js/ 20 KB
7 KB 84ms
21ms Script
application/x-javascript 23.38.48.101
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.rfihub.net/js/tc.min.js
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.38.48.101 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-38-48-101.deploy.static.akamaitechnologies.com
Software: Jetty(9.0.6.v20130930) /
Resource Hash: cb2bb21705b9cce9781d02c9223f3344a65bd5314027d11c5a8518ad4bd84e84

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Sun, 29 Mar 2020 06:29:30 GMT
Content-Encoding: gzip
Last-Modified: Wed, 24 Jul 2019 06:34:16 GMT
Server: Jetty(9.0.6.v20130930)
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: public, max-age=3600
Connection: keep-alive
Content-Type: application/x-javascript
Content-Length: 6375
Expires: Sun, 29 Mar 2020 07:29:30 GMT

GET
H2 200 1560.js Show response
cdn.pbbl.co/r/ 33 KB
9 KB 272ms
202ms Script
application/javascript 143.204.202.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.pbbl.co/r/1560.js

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

143.204.202.119 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-202-119.fra53.r.cloudfront.net

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

8e60e8edaca8a3167fe48e62f9b53ba1989a5b6a23283555f09ab12175fed96e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Tue, 03 Mar 2020 17:36:15 GMT
server: nginx/1.10.3 (Ubuntu)
x-amz-cf-pop: FRA53-C1
date: Sun, 29 Mar 2020 00:16:50 GMT
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
status: 200
x-xss-protection: 1
cache-control: max-age=1800, public
x-amz-cf-id: XRhcwNr6I8w-5RVNo4BMfc2VqO6Nw1VxCXEpvOka_XHzh2yvreD7kA==
via: 1.1 15d3b4db3728feaae1780610a1bac86e.cloudfront.net (CloudFront)
expires: Sun, 29 Mar 2020 00:46:50 GMT

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 4 KB
4 KB 87ms
21ms Script
application/x-javascript 143.204.207.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.207.113 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-207-113.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0615974c40d602afdbf9759533e352bc17b0458c85aad6694b1a1ad20659625b

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Sat, 28 Mar 2020 21:05:30 GMT
Via: 1.1 7d89b6cf83f15400102bd86c47585040.cloudfront.net (CloudFront)
Last-Modified: Mon, 13 Jan 2020 19:16:48 GMT
Server: AmazonS3
Age: 41637
ETag: "45bb7a1f2878be0c29077f7329fca766"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
X-Amz-Cf-Pop: FRA53-C1
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4091
X-Amz-Cf-Id: fyxVNzrZk_0-f3vwANP-98csy22soLPgwDAkpDB8Kve2diQlgyrzHA==

GET
H/1.1 200
OK bk-coretag.js Show response
tags.bkrtx.com/js/ 30 KB
11 KB 82ms
28ms Script
text/javascript 104.111.245.241
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.bkrtx.com/js/bk-coretag.js
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.245.241 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-245-241.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7b8cd61f9d36175fe1b2fc50dfd1585716b9e55a87a82e8ec3c5d9739d6fb939

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Sun, 29 Mar 2020 06:29:31 GMT
Content-Encoding: gzip
Last-Modified: Wed, 04 Mar 2020 16:24:16 GMT
Server: Apache
ETag: "31600f9-7850-5a009da075833"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 10546
Expires: Sun, 05 Apr 2020 06:29:31 GMT

GET
H2 200 557566dc60916e3de69e006bef252459.js Show response
nexus.ensighten.com/citi/na_prod/code/ 2 KB
961 B 31ms
22ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/557566dc60916e3de69e006bef252459.js?conditionId0=4837456
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 31b00ff4929696dfca06885da68e58c3e09f6ecb4ae0fe1ae287e99a3fd1f716

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sun, 29 Mar 2020 06:29:31 GMT
content-encoding: gzip
last-modified: Tue, 27 Aug 2019 16:59:12 GMT
server: nginx
etag: W/"5d656160-887"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H2 200 48070ca8866144aeed1d66dda4fe04f2.js Show response
nexus.ensighten.com/citi/na_prod/code/ 2 KB
1 KB 29ms
21ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/48070ca8866144aeed1d66dda4fe04f2.js?conditionId0=4854834
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: a9cebaefb3003c4944d0d59f71afdca3509d3975af5ff213d2750fdf8f719146

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sun, 29 Mar 2020 06:29:31 GMT
content-encoding: gzip
last-modified: Tue, 25 Jun 2019 17:02:14 GMT
server: nginx
etag: W/"5d125396-95c"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H2 200 ee55763bbebca7805817a98103ec6f50.js Show response
nexus.ensighten.com/citi/na_prod/code/ 1 KB
678 B 30ms
22ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/ee55763bbebca7805817a98103ec6f50.js?conditionId0=4850690
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: a612a8f640434c7aaee47569897c1fee79df6f146ec26115e2a8c9be645592b7

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sun, 29 Mar 2020 06:29:31 GMT
content-encoding: gzip
last-modified: Tue, 29 Oct 2019 17:20:39 GMT
server: nginx
etag: W/"5db874e7-425"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H2 200 c85faa5c0b8da7b1a58cd22d5430c4c5.js Show response
nexus.ensighten.com/citi/na_prod/code/ 2 KB
979 B 31ms
22ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/c85faa5c0b8da7b1a58cd22d5430c4c5.js?conditionId0=405518
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: f82e13743e667ec749b08d88f08a2a2ea1f688de0b2724b9c0b0b61ca6d680e3

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sun, 29 Mar 2020 06:29:31 GMT
content-encoding: gzip
last-modified: Tue, 19 Nov 2019 18:11:34 GMT
server: nginx
etag: W/"5dd43056-83e"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H2 200 d136239f021c14bd86738c333b8132f8.js Show response
nexus.ensighten.com/citi/na_prod/code/ 7 KB
3 KB 31ms
23ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/d136239f021c14bd86738c333b8132f8.js?conditionId0=462132
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1d6b802e59b40aa8540347ab5a754ef472500480deeeea720385753ba96cc8e8

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sun, 29 Mar 2020 06:29:31 GMT
content-encoding: gzip
last-modified: Sun, 23 Feb 2020 11:10:02 GMT
server: nginx
etag: W/"5e525d8a-1cc2"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H2 200 2906f06ed928da15ec22eab16f8f3588.js Show response
nexus.ensighten.com/citi/na_prod/code/ 448 B
630 B 29ms
21ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/2906f06ed928da15ec22eab16f8f3588.js?conditionId0=454466
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 3cb1f89cca21255888919872c51263c08dfc181d2600d2375bdbd8fda57788ce

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sun, 29 Mar 2020 06:29:31 GMT
last-modified: Tue, 07 May 2019 17:03:33 GMT
server: nginx
etag: "5cd1ba65-1c0"
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 448

GET
H2 200 8637af7c210f4e79436bc39f71b49bfa.js Show response
nexus.ensighten.com/citi/na_prod/code/ 1 KB
737 B 30ms
21ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/8637af7c210f4e79436bc39f71b49bfa.js?conditionId0=4827153
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 06dfb367edf9bbff810def9f75f8695b3ccfbcb2813306609fc6e18fcacfc17e

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sun, 29 Mar 2020 06:29:31 GMT
content-encoding: gzip
last-modified: Wed, 10 Jul 2019 12:57:13 GMT
server: nginx
etag: W/"5d25e0a9-412"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H2 200 98eab123fd6eeaefc94916fb10ff0a06.js Show response
nexus.ensighten.com/citi/na_prod/code/ 30 KB
7 KB 31ms
23ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/98eab123fd6eeaefc94916fb10ff0a06.js?conditionId0=467299
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 972256d3bce669df3ed0d7060d4b6897500a1a144c4891700370b6de287ac3d9

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sun, 29 Mar 2020 06:29:31 GMT
content-encoding: gzip
last-modified: Tue, 03 Mar 2020 18:58:07 GMT
server: nginx
etag: W/"5e5ea8bf-76b0"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H2 200 c7fb8fdcd5c59e67afe63c97ddb163c5.js Show response
nexus.ensighten.com/citi/na_prod/code/ 253 KB
80 KB 34ms
25ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/c7fb8fdcd5c59e67afe63c97ddb163c5.js?conditionId0=3013337
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 147d5785b25331ac266f34841b05b4401ec78b0e0de6f85d63993ab0a9b5a253

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sun, 29 Mar 2020 06:29:31 GMT
content-encoding: gzip
last-modified: Wed, 20 Nov 2019 20:35:34 GMT
server: nginx
etag: W/"5dd5a396-3f565"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H2 200 298eff2fda6a766b160eb3fd281b83a1.js Show response
nexus.ensighten.com/citi/na_prod/code/ 126 KB
34 KB 42ms
34ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/298eff2fda6a766b160eb3fd281b83a1.js?conditionId0=486757
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 470006833167eb6002e768cbe0865a86338c1fec3955d551e0f4f1d6a0ef7fa6

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sun, 29 Mar 2020 06:29:31 GMT
content-encoding: gzip
last-modified: Tue, 03 Mar 2020 18:58:07 GMT
server: nginx
etag: W/"5e5ea8bf-1f8d4"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H2 200 ac1983fb1741bbd6bf2b1d3952ef4733.js Show response
nexus.ensighten.com/citi/na_prod/code/ 234 B
416 B 44ms
36ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/ac1983fb1741bbd6bf2b1d3952ef4733.js?conditionId0=4860234
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: c8d8089cd33d869efa694df91d860ce8b4f88135e1f2b590906799dc7a19a65a

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sun, 29 Mar 2020 06:29:31 GMT
last-modified: Tue, 22 Oct 2019 16:59:12 GMT
server: nginx
etag: "5daf3560-ea"
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 234

GET
H2 200 fdf45a7c15c1cee06bb71e10dac4e26e.js Show response
nexus.ensighten.com/citi/na_prod/code/ 989 B
1 KB 44ms
36ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/fdf45a7c15c1cee06bb71e10dac4e26e.js?conditionId0=4849963
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 7df13706eaab8ce9a3dcd2a501f60bc66987c83834d07dfaf07ae56ef814c110

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sun, 29 Mar 2020 06:29:31 GMT
last-modified: Tue, 14 May 2019 17:01:42 GMT
server: nginx
etag: "5cdaf476-3dd"
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 989

GET
H2 200 4b2c20707c9c91f3047831e7c4145026.js Show response
nexus.ensighten.com/citi/na_prod/code/ 97 KB
22 KB 45ms
38ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/4b2c20707c9c91f3047831e7c4145026.js?conditionId0=421908
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 880960ba5b705083263a8a5329436c1e436a4c5bd618e2551e3c313d18ef88e2

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sun, 29 Mar 2020 06:29:31 GMT
content-encoding: gzip
last-modified: Thu, 27 Feb 2020 21:46:14 GMT
server: nginx
etag: W/"5e5838a6-18322"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H2 200 f1c71c10d3e2f87f440821ca1f9e2e65.js Show response
nexus.ensighten.com/citi/na_prod/code/ 2 KB
863 B 46ms
38ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/f1c71c10d3e2f87f440821ca1f9e2e65.js?conditionId0=480881
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e226935ba96b671378a7552d0669729f2b4733fab20624ed8018e86bad35401e

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sun, 29 Mar 2020 06:29:31 GMT
content-encoding: gzip
last-modified: Tue, 04 Feb 2020 18:16:27 GMT
server: nginx
etag: W/"5e39b4fb-631"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=315360000

GET
H2 200 www-widgetapi.js Show response
s.ytimg.com/yts/jsbin/www-widgetapi-vfl13pyi5/ 38 KB
14 KB 15ms
7ms Script
text/javascript 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s.ytimg.com/yts/jsbin/www-widgetapi-vfl13pyi5/www-widgetapi.js

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4734405c034b81eddf4f6a932437523f5ab8ba90e80182371c75736d0f3679fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 27 Mar 2020 12:28:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 151283
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 13922
x-xss-protection: 0
last-modified: Wed, 25 Mar 2020 19:29:21 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=691200
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
expires: Sat, 04 Apr 2020 12:28:08 GMT

GET
H2 200 iframe_api Show response
www.youtube.com/ 859 B
923 B 22ms
20ms Script
application/javascript 2a00:1450:4001:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

331e846c17bf9cd732c1086710cdc3af20bb75a59d7de0fde40846a68b4fefd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sun, 29 Mar 2020 06:29:30 GMT
x-content-type-options: nosniff
server: YouTube Frontend Proxy
content-type: application/javascript
status: 200
cache-control: no-cache
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 859
x-xss-protection: 0
expires: Tue, 27 Apr 1971 19:44:06 GMT

GET
H/1.1 202
Accepted cyss.js Show response
cyseal.cyveillance.com/SiteSeal/ 0
226 B 483ms
115ms Script
application/javascript 3.212.137.125
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://cyseal.cyveillance.com/SiteSeal/cyss.js?ref=online.citi.com
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.212.137.125 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-212-137-125.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.1e-fips mod_jk/1.2.40 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Sun, 29 Mar 2020 06:29:31 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.1e-fips mod_jk/1.2.40
Connection: keep-alive
Content-Length: 0
Content-Type: application/javascript

GET
H2 200 cse.js Show response
cse.google.com/cse/ 11 KB
4 KB 51ms
32ms Script
text/javascript 2a00:1450:4001:81d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gws /

Resource Hash

2e95474478f3d09324901645af8312cb5476c1949a0c869b554daa0fded52881

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sun, 29 Mar 2020 06:29:31 GMT
content-encoding: br
server: gws
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
status: 200
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 3475
x-xss-protection: 0
expires: Sun, 29 Mar 2020 06:29:31 GMT

GET
H2 200 serverComponent.php Show response
nexus.ensighten.com/citi/na_prod/ 2 KB
924 B 81ms
31ms Script
text/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/serverComponent.php?r=3077485.7486930583&ClientID=1129&PageID=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: de785fbfd0f40b4e3eeec03dc79cbaf128fc63a666cf507febc22ec55fd6796c

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sun, 29 Mar 2020 06:29:30 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: no-cache, no-store
expires: Sun, 29 Mar 2020 06:29:29 GMT

GET
H2 200 www-widgetapi.js Show response
s.ytimg.com/yts/jsbin/www-widgetapi-vfln21F5R/ 38 KB
14 KB 13ms
6ms Script
text/javascript 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s.ytimg.com/yts/jsbin/www-widgetapi-vfln21F5R/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

575d697f703ea404e1a023022aaeaaa81e98d1873cf2e7687238bd1606e4f625

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 28 Mar 2020 06:23:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 86754
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 13931
x-xss-protection: 0
last-modified: Fri, 27 Mar 2020 02:58:53 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=691200
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
expires: Sun, 05 Apr 2020 06:23:37 GMT

GET webrtc-patch.js
0d22d313-900b-4c1e-b14c-8f366968c366/scripts/ 0
0

GET
H2 404 tagging.js
ardacademy.org/CBOL/taggingTransformation/ 0
0 151ms
150ms Script
text/html 35.229.76.23
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ardacademy.org/CBOL/taggingTransformation/tagging.js
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.229.76.23 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 23.76.229.35.bc.googleusercontent.com
Software: nginx /
Resource Hash

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

status: 404
date: Sun, 29 Mar 2020 06:29:31 GMT
content-encoding: br
server: nginx
vary: Accept-Encoding, Accept-Encoding
content-type: text/html

GET
H2 200 main.css
online.citi.com/GFC/branding/responsivebranding/css/ 45 KB
7 KB 105ms
37ms Stylesheet
text/css 104.109.92.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/GFC/branding/responsivebranding/css/main.css

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.92.187 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-92-187.deploy.static.akamaitechnologies.com

Software

Resource Hash

429d8af3190c76d5fcb9b1cad2aa6eb555684921323da905d62017fbdbf557c6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Wed, 26 Jun 2019 07:44:47 GMT
x-akamai-citisite: SWDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Sun, 29 Mar 2020 06:29:31 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: text/css
content-length: 7108
expires: Sun, 29 Mar 2020 12:29:31 GMT

GET
H2 200 ddl.min.css
online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/ 624 KB
69 KB 116ms
49ms Stylesheet
text/css 104.109.92.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.92.187 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-92-187.deploy.static.akamaitechnologies.com

Software

Resource Hash

6177c6163dc1ad67fb596a94ef3d18a277bfd437dbb3c1a928cd6caacefeff2e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Sun, 29 Mar 2020 06:29:31 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: text/css
content-length: 69738
expires: Sun, 29 Mar 2020 12:29:31 GMT

GET
H2 200 jfpm.autocomplete.off.js Show response
online.citi.com/JFP/js/modules/ 1 KB
834 B 93ms
86ms Script
application/x-javascript 104.109.92.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JFP/js/modules/jfpm.autocomplete.off.js

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.92.187 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-92-187.deploy.static.akamaitechnologies.com

Software

Resource Hash

9dad502247a8488c21ef5beb32aed1a78b17b748711bec817c472911f76b4ead

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Sun, 29 Mar 2020 06:29:31 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: application/x-javascript
content-length: 344
expires: Sun, 29 Mar 2020 12:29:31 GMT

GET
H2 200 main_branding.css
online.citi.com/GFC/branding/responsivebranding/css/ 272 KB
43 KB 140ms
74ms Stylesheet
text/css 104.109.92.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/GFC/branding/responsivebranding/css/main_branding.css

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.92.187 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-92-187.deploy.static.akamaitechnologies.com

Software

Resource Hash

44d3d4e66e1e7636e57911765054e696958d07ea55189620e27a1e163ba33957

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Wed, 05 Feb 2020 04:55:56 GMT
x-akamai-citisite: SWDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Sun, 29 Mar 2020 06:29:31 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: text/css
content-length: 43631
expires: Sun, 29 Mar 2020 12:29:31 GMT

GET
H2 200 vendor.js Show response
online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/ 204 KB
64 KB 153ms
87ms Script
application/x-javascript 104.109.92.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/vendor.js

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.92.187 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-92-187.deploy.static.akamaitechnologies.com

Software

Resource Hash

f2dd1ff20c3df202418f9d59c76f40bdb304d7a85d7163fc9935391528f3dee8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Sun, 29 Mar 2020 06:29:31 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: application/x-javascript
content-length: 64910
expires: Sun, 29 Mar 2020 12:29:31 GMT

GET
H2 200 Bootstrap.js Show response
nexus.ensighten.com/citi/na_prod/ 327 KB
105 KB 61ms
37ms Script
application/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: ae76982e42ad8bf33cc3a66ed389810d245242bcfa3dd2e3f05baf330f28098f

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sun, 29 Mar 2020 06:29:31 GMT
content-encoding: gzip
last-modified: Wed, 18 Mar 2020 10:04:46 GMT
server: nginx
etag: W/"5e71f23e-51cf6"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=300

GET
H/1.1 200
OK target.js Show response
cdn.tt.omtrdc.net/cdn/ 43 KB
14 KB 109ms
28ms Script
text/javascript 104.111.235.198
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.tt.omtrdc.net/cdn/target.js
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.235.198 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-235-198.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7ecf3bf86151cd72036fb67feb8fcbd8c80359e0ca871e1aeb955428ed43c26d

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Sun, 29 Mar 2020 06:29:31 GMT
Content-Encoding: gzip
Last-Modified: Tue, 01 Oct 2019 05:03:41 GMT
Server: Apache
ETag: "1fcda-aa3e-593d246a6d5b9"
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: must-revalidate, max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 14200

GET
H2 200 ajax Show response
citicorpcreditservic.tt.omtrdc.net/m2/citicorpcreditservic/mbox/ 811 B
1 KB 277ms
184ms Script
text/javascript 66.117.29.11
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://citicorpcreditservic.tt.omtrdc.net/m2/citicorpcreditservic/mbox/ajax?mboxHost=online.citi.com&mboxPage=e995cda6e40847cc8147e10e4a6ac240&screenHeight=768&screenWidth=1366&browserWidth=1366&browserHeight=693&browserTimeOffset=-300&colorDepth=24&mboxSession=e995cda6e40847cc8147e10e4a6ac240&mboxXDomain=enabled&mboxCount=1&mboxTime=1585229667031&mboxPC=7e2af4fc3aa542388607404c4b23e2b6.17_0&mbox=target-global-mbox&mboxId=0&mboxURL=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&mboxReferrer=&mboxVersion=63
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 66.117.29.11 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: /
Resource Hash: 6b869fdcddeb24f7dcbe7223f77eb1f701e74c63581b69d3ef4ec9b445795bba

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:30 GMT
content-type: text/javascript;charset=utf-8
p3p: CP="NOI DSP CURa OUR STP COM"
status: 200
cache-control: no-cache
timing-allow-origin: *
content-length: 811
x-request-id: 1c489bd3-bdda-48e2-bbc1-e98840c937df

GET
H2 200 homePage.min.css
online.citi.com/loginpage/styles/ 24 KB
5 KB 148ms
85ms Stylesheet
text/css 104.109.92.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/loginpage/styles/homePage.min.css

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.92.187 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-92-187.deploy.static.akamaitechnologies.com

Software

Resource Hash

ed48ae9c1a324d49404d9fb4c508b880ca97a65f8fd21d352e241d1e4dfc50e2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 12 Jun 2018 05:31:28 GMT
x-akamai-citisite: GTDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Sun, 29 Mar 2020 06:29:31 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: text/css
content-length: 5032
expires: Sun, 29 Mar 2020 12:29:31 GMT

GET
H2 200 jquery.tmpl.js Show response
online.citi.com/JFP/js/jquery/plugins/ 6 KB
3 KB 148ms
86ms Script
application/x-javascript 104.109.92.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JFP/js/jquery/plugins/jquery.tmpl.js

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.92.187 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-92-187.deploy.static.akamaitechnologies.com

Software

Resource Hash

629b48196dcc270143a42ce57535b251c655617f8d510277d4a05306c426fd38

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 12 Sep 2017 17:24:52 GMT
x-akamai-citisite: GTDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Sun, 29 Mar 2020 06:29:31 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: application/x-javascript
content-length: 2905
expires: Sun, 29 Mar 2020 12:29:31 GMT

GET
H2 200 fp.min.js Show response
online.citi.com/JSO/js/ 15 KB
5 KB 93ms
86ms Script
application/x-javascript 104.109.92.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JSO/js/fp.min.js

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.92.187 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-92-187.deploy.static.akamaitechnologies.com

Software

Resource Hash

c3c994c3fe9bd4e055f6d0eb42067ecd6bdd3247e136bc22835b9882cfe77c61

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 12 Sep 2017 17:20:58 GMT
x-akamai-citisite: GTDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Sun, 29 Mar 2020 06:29:31 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: application/x-javascript
content-length: 4322
expires: Sun, 29 Mar 2020 12:29:31 GMT

GET
H2 200 citilive-search-responsive.css
online.citi.com/JEA/CitiSearch/nexus-platform/css/ 58 KB
13 KB 143ms
81ms Stylesheet
text/css 104.109.92.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JEA/CitiSearch/nexus-platform/css/citilive-search-responsive.css

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.92.187 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-92-187.deploy.static.akamaitechnologies.com

Software

Resource Hash

cdb828e2f4e62e1900133748ba426481b6c8383ebaca93133988da409506d3b4

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Mon, 20 Jan 2020 19:26:26 GMT
x-akamai-citisite: GTDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Sun, 29 Mar 2020 06:29:31 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: text/css
content-length: 12501
expires: Sun, 29 Mar 2020 12:29:31 GMT

GET
H2 200 cse_element__en.js Show response
www.google.com/cse/static/element/8b2252448421acb3/ 257 KB
85 KB 28ms
5ms Script
text/javascript 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/8b2252448421acb3/cse_element__en.js?usqp=CAI%3D

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

02c39275000c1280f9cde808ebe731ec1924477305678759c1140ecaac49eba0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sat, 28 Mar 2020 14:14:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 31 Oct 2019 16:49:36 GMT
server: sffe
age: 58517
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 86820
x-xss-protection: 0
expires: Sun, 28 Mar 2021 14:14:14 GMT

GET
H2 200 default+en.css
www.google.com/cse/static/element/8b2252448421acb3/ 40 KB
9 KB 26ms
4ms Stylesheet
text/css 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/8b2252448421acb3/default+en.css

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

40a20291f9b526cba58796a4bbd0256d5663313e02c9d5ab5a842476562b3108

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Sat, 28 Mar 2020 14:14:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 31 Oct 2019 16:49:36 GMT
server: sffe
age: 58487
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 9042
x-xss-protection: 0
expires: Sun, 28 Mar 2021 14:14:44 GMT

GET
H2 200 default.css
www.google.com/cse/static/style/look/v3/ 11 KB
3 KB 29ms
7ms Stylesheet
text/css 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/style/look/v3/default.css

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9ceaa25ec7654a66294c16e28989fbf1ecb9cebc9debe96ec597529465c7cd50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Sun, 29 Mar 2020 06:05:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 21 Nov 2019 23:30:00 GMT
server: sffe
age: 1470
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=3000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 2719
x-xss-protection: 0
expires: Sun, 29 Mar 2020 06:55:01 GMT

GET
H/1.1 200
OK logo.js Show response
mpsnare.iesnare.com/script/ 96 B
514 B 81ms
20ms Script
text/javascript 52.129.74.14
IOVATION3

General

Check archive.org

Show headers Download Go to

Full URL

https://mpsnare.iesnare.com/script/logo.js

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.129.74.14 , United States, ASN395492 (IOVATION3, US),

Reverse DNS

mpsnare.iesnare.com

Software

nginx /

Resource Hash

612e599199063c7ec2bc02dcf70c12ddf54d0a70e030c9cf40465772df4b1630

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Sun, 29 Mar 2020 06:29:31 GMT
Content-Encoding: gzip
Last-Modified: Tue, 06 May 2014 00:01:40 GMT
Server: nginx
Strict-Transport-Security: max-age=15552000; includeSubDomains
p3p: CP="NON DSP COR CURa"
Cache-Control: private
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Expires: Mon, 29 Mar 2021 06:29:31 GMT

GET
H/1.1 200
OK tags.js Show response
content22.online.citi.com/fp/ 49 KB
11 KB 399ms
21ms Script
text/javascript 91.235.134.21
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/tags.js?org_id=89oebq5k&session_id=9646094ba7b58acb03dad3f75e50dcf29574f85b76dd9ada42ddaf7cafc1207c&allow_reprofile=1

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.134.21 , Netherlands, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

3964fefd584a81ea1900972e303c26f277fcbbd57bde8e4320daed3bf4d8e269

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Pragma: no-cache
Date: Sun, 29 Mar 2020 06:29:31 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
P3P: CP=IVAa PSAa
Cache-Control: no-cache, no-store, must-revalidate
Transfer-Encoding: chunked
Connection: Keep-Alive, Keep-Alive
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=2, max=100
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 embed.js Show response
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ 2 KB
1 KB 101ms
23ms Script
application/javascript 151.101.14.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 128b5eb2de7c92e9be2f566be1ce1a72763a9be9d4c7554f7ea493f57d7e39e9

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

x-amz-version-id: xdVzN.FTbUYeBK.pOoPjKVFQC00uq.2h
content-encoding: gzip
age: 116
x-cache: HIT
status: 200
date: Sun, 29 Mar 2020 06:29:31 GMT
content-length: 675
x-amz-id-2: wKkQBW/502Har2hZC6x0C6pUWng5nEV0vQaV0hQGvd9brtyunQQnl114htxc6acAI64KZJlbZiw=
x-served-by: cache-fra19142-FRA
access-control-allow-origin: *
last-modified: Mon, 09 Mar 2020 13:11:50 GMT
server: AmazonS3
x-timer: S1585463371.088648,VS0,VE0
etag: "57e8540faebd2fcec4adaab077b5e4ec"
vary: Accept-Encoding
x-amz-request-id: 7971E7C24E4488DF
via: 1.1 varnish
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/ 2 KB
1 KB 36ms
16ms Script
text/javascript 2a00:1450:4001:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1585247682996&cv=9&fst=1585247682996&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.google.com&async=1&rfmt=3&fmt=4

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d01c441c88f6256b930e7d2fb911dfc1b264bdf654b6625eccec3a14e0fdb9b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 1058
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/ 2 KB
1 KB 37ms
17ms Script
text/javascript 2a00:1450:4001:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1585247683006&cv=9&fst=1585247683006&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.google.com&async=1&rfmt=3&fmt=4

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2541423db8be5f17c93e9c852f422230739e2b204a1abc48f2834b2d184dc546

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 1061
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/ 2 KB
1 KB 38ms
18ms Script
text/javascript 2a00:1450:4001:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1585247683010&cv=9&fst=1585247683010&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.google.com&async=1&rfmt=3&fmt=4

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

619daadeb92bebb644c3a32acf4ebf70f57aa1064b1adf703d3e429bdb524a54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 1061
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/ 2 KB
1 KB 36ms
18ms Script
text/javascript 2a00:1450:4001:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1585247683013&cv=9&fst=1585247683013&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.google.com&async=1&rfmt=3&fmt=4

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c6e3e61b76a1d9d2cd67823455430ed97578fe65f37ab4fdd04ad0ebfecbedc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 1062
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/770961656/ 2 KB
1 KB 36ms
19ms Script
text/javascript 2a00:1450:4001:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/770961656/?random=1585247683017&cv=9&fst=1585247683017&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.google.com&async=1&rfmt=3&fmt=4

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

95b1b27bcd15218f7f14542a05c03f04c0fbf31dc4de71d5973482a59e2a196d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 1061
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/ 2 KB
1 KB 37ms
21ms Script
text/javascript 2a00:1450:4001:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1585247683020&cv=9&fst=1585247683020&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.google.com&async=1&rfmt=3&fmt=4

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6318b0aa26dd388cac160f2a1c771a5a1da98836bef4592581aec06ac2e949a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 1060
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/763960929/ 2 KB
1 KB 38ms
23ms Script
text/javascript 2a00:1450:4001:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/763960929/?random=1585247683026&cv=9&fst=1585247683026&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&ig=0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.google.com&async=1&rfmt=3&fmt=4

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

af4d410c9522b1daea1904a8fb16da6821d72e7dfd1f9142d42dcae6f333d998

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 1060
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/ 2 KB
1 KB 35ms
21ms Script
text/javascript 2a00:1450:4001:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1585247683029&cv=9&fst=1585247683029&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&ig=0&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.google.com&async=1&rfmt=3&fmt=4

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cb78cd2e83915897bf28b1c54f55789fce418dd8546f31dd025e5fdb6b3ce434

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 1059
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/ 2 KB
1 KB 34ms
20ms Script
text/javascript 2a00:1450:4001:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1585247683033&cv=9&fst=1585247683033&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&ig=0&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.google.com&async=1&rfmt=3&fmt=4

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

93a216194e7d44162680a7c2dca88ca2d985e2e9d66f7a93702a22b2f357d9b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 1059
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/ 2 KB
1 KB 35ms
22ms Script
text/javascript 2a00:1450:4001:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1585247683036&cv=9&fst=1585247683036&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&ig=0&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.google.com&async=1&rfmt=3&fmt=4

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

793638584489a26249bab8f209e4cdcb47307521fd8a85e63a5bb6e3fba95cb2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 1068
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/ 2 KB
1 KB 35ms
23ms Script
text/javascript 2a00:1450:4001:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1585247683049&cv=9&fst=1585247683049&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&ig=0&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.google.com&async=1&rfmt=3&fmt=4

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fd036bf11a7da2351a9130674408a65b14cf28aa583bcfd17229237d14ca92dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 1068
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/770961656/ 2 KB
1 KB 37ms
25ms Script
text/javascript 2a00:1450:4001:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/770961656/?random=1585247683063&cv=9&fst=1585247683063&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&ig=0&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.google.com&async=1&rfmt=3&fmt=4

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

940872b3cf26b29ae6ab5558cc0e03e32e4774e0fe1c8de07f0e747f479d5289

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 1070
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/ 2 KB
1 KB 36ms
24ms Script
text/javascript 2a00:1450:4001:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1585247683075&cv=9&fst=1585247683075&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&ig=0&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.google.com&async=1&rfmt=3&fmt=4

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6f71ae9072b987ff384873d0b722de6f7f854f5e3f26d15807a3a4f045461110

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 1070
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/763960929/ 2 KB
1 KB 34ms
24ms Script
text/javascript 2a00:1450:4001:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/763960929/?random=1585247683083&cv=9&fst=1585247683083&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&ig=0&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.google.com&async=1&rfmt=3&fmt=4

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

24e47d78358ef5f413d2267cd2b1ac3e9c769d8eb2cf91dfcc1d9494c2a4a0af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 1069
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 463166.gif
di.rlcdn.com/ 0
62 B 166ms
120ms Image
text/plain 35.190.72.21
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://di.rlcdn.com/463166.gif?partner_uid=18d2cc3c-4653-4936-a204-8147a1c1bd20
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.72.21 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 21.72.190.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

status: 204
date: Sun, 29 Mar 2020 06:29:31 GMT
via: 1.1 google
alt-svc: clear

GET
H2 200 bcsid.js Show response
online.citi.com/passivebio/ 947 B
917 B 58ms
58ms Script
application/x-javascript 104.109.92.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/passivebio/bcsid.js

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.92.187 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-92-187.deploy.static.akamaitechnologies.com

Software

Resource Hash

7d481eb36581746fd3662c7c452856b695df90cdce24664c48f565aa119c8b16

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 30 Oct 2018 06:18:02 GMT
x-akamai-citisite: GTDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Sun, 29 Mar 2020 06:29:31 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: application/x-javascript
content-length: 427
expires: Sun, 29 Mar 2020 12:29:31 GMT

GET
H2 200 BiocatchATO.js Show response
online.citi.com/passivebio/ 338 KB
88 KB 33ms
32ms Script
application/x-javascript 104.109.92.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/passivebio/BiocatchATO.js

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.92.187 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-92-187.deploy.static.akamaitechnologies.com

Software

Resource Hash

f9baacb75f3cb0e0911a506dbdab685aab38537ac52edda6f9b65bc5f0ea306d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 30 Oct 2018 06:18:02 GMT
x-akamai-citisite: GTDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Sun, 29 Mar 2020 06:29:31 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: application/x-javascript
content-length: 89195
expires: Sun, 29 Mar 2020 12:29:31 GMT

GET
H2 200 cbol-smartSearch.css
online.citi.com/NCCS/smartSearch/css/ 8 KB
1 KB 33ms
33ms Stylesheet
text/css 104.109.92.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/NCCS/smartSearch/css/cbol-smartSearch.css

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.92.187 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-92-187.deploy.static.akamaitechnologies.com

Software

Resource Hash

6d3001c9deac8cb1f88ea5254105f8d678de5532f1998a24eab1b59906eaf86b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 13 Feb 2018 16:10:30 GMT
x-akamai-citisite: GTDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Sun, 29 Mar 2020 06:29:31 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: text/css
content-length: 899
expires: Sun, 29 Mar 2020 12:29:31 GMT

GET
H2 200 search-white.png
online.citi.com/GFC/branding/img/ 429 B
859 B 112ms
105ms Image
image/png 104.109.92.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/GFC/branding/img/search-white.png

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.92.187 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-92-187.deploy.static.akamaitechnologies.com

Software

Resource Hash

e2812b1e3529e5f39e3b0586e82c7ad0dfc3fc61cfa0107edfac16483d0547d7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

strict-transport-security: max-age=300
last-modified: Wed, 14 Jun 2017 18:29:07 GMT
x-akamai-citisite: GTDC
date: Sun, 29 Mar 2020 06:29:31 GMT
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/png
content-length: 429
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 citiHomePage.min.js Show response
online.citi.com/loginpage/scripts/ 14 KB
5 KB 26ms
26ms Script
application/x-javascript 104.109.92.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/loginpage/scripts/citiHomePage.min.js

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.92.187 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-92-187.deploy.static.akamaitechnologies.com

Software

Resource Hash

d118102507b97407ebf1533cc98ccd2e9d244524b456fd9c2b469b553396238a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Mon, 20 Jan 2020 19:26:26 GMT
x-akamai-citisite: GTDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Sun, 29 Mar 2020 06:29:31 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: application/x-javascript
content-length: 4228
expires: Sun, 29 Mar 2020 12:29:31 GMT

GET
H2 200 rsa.js Show response
online.citi.com/CBOL/sec/debcaract/js/ 36 KB
11 KB 28ms
28ms Script
application/x-javascript 104.109.92.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/sec/debcaract/js/rsa.js

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.92.187 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-92-187.deploy.static.akamaitechnologies.com

Software

Resource Hash

793c2f3d02d0bc3ad8a2cdc901b2134159b66245e951ac258fee1ac8b2709f44

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 12 Sep 2017 17:12:06 GMT
x-akamai-citisite: GTDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Sun, 29 Mar 2020 06:29:31 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: application/x-javascript
content-length: 10616
expires: Sun, 29 Mar 2020 12:29:31 GMT

GET
H2 404 peworkflow.min.js
ardacademy.org/personalization/ 0
0 111ms
111ms Script
text/html 35.229.76.23
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ardacademy.org/personalization/peworkflow.min.js
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.229.76.23 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 23.76.229.35.bc.googleusercontent.com
Software: nginx /
Resource Hash

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

status: 404
date: Sun, 29 Mar 2020 06:29:31 GMT
content-encoding: br
server: nginx
vary: Accept-Encoding, Accept-Encoding
content-type: text/html

GET
H2 200 HP3379_H.jpg
online.citi.com/JRS/banners/hero_background/ 201 KB
202 KB 186ms
179ms Image
image/jpeg 104.109.92.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/hero_background/HP3379_H.jpg

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.92.187 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-92-187.deploy.static.akamaitechnologies.com

Software

Resource Hash

e05565885e234eeb2f32d5dabdf0a586c5dab3badbba206b1c27e1b34a75148b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

strict-transport-security: max-age=300
last-modified: Wed, 12 Dec 2018 15:40:28 GMT
x-akamai-citisite: SWDC
date: Sun, 29 Mar 2020 06:29:31 GMT
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
content-length: 205627
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 HP5821_M.jpg
online.citi.com/JRS/banners/modules/ 94 KB
95 KB 175ms
169ms Image
image/jpeg 104.109.92.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/HP5821_M.jpg

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.92.187 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-92-187.deploy.static.akamaitechnologies.com

Software

Resource Hash

7adf69580aead1321588b6f81a92518ac9724f3da846970c349fa91630145bfc

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

strict-transport-security: max-age=300
last-modified: Thu, 26 Sep 2019 14:15:43 GMT
x-akamai-citisite: SWDC
date: Sun, 29 Mar 2020 06:29:31 GMT
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
content-length: 96259
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 M1-M7_Rewards.jpg
online.citi.com/JRS/banners/modules/ 99 KB
100 KB 138ms
131ms Image
image/jpeg 104.109.92.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/M1-M7_Rewards.jpg

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.92.187 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-92-187.deploy.static.akamaitechnologies.com

Software

Resource Hash

b7264725078e153ab3a4af37c52374b3a5d46b8fb5fc7b5f8af2e773364eef93

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

strict-transport-security: max-age=300
last-modified: Thu, 21 Nov 2019 18:59:04 GMT
x-akamai-citisite: SWDC
date: Sun, 29 Mar 2020 06:29:31 GMT
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
content-length: 101509
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 M1-M7_Citi-card-cluster-4.jpg
online.citi.com/JRS/banners/modules/ 102 KB
102 KB 186ms
179ms Image
image/jpeg 104.109.92.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/M1-M7_Citi-card-cluster-4.jpg

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.92.187 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-92-187.deploy.static.akamaitechnologies.com

Software

Resource Hash

fb42046c6feabb3126634752069391d76d8ded5770a936eb1ce0cdd6aa7358b9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

strict-transport-security: max-age=300
last-modified: Thu, 21 Nov 2019 18:59:03 GMT
x-akamai-citisite: SWDC
date: Sun, 29 Mar 2020 06:29:31 GMT
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
content-length: 104105
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 HP5903_M.jpg
online.citi.com/JRS/banners/modules/ 87 KB
88 KB 190ms
184ms Image
image/jpeg 104.109.92.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/HP5903_M.jpg

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.92.187 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-92-187.deploy.static.akamaitechnologies.com

Software

Resource Hash

2c19e11d4471da9bc727265662f6668dc3f142b0ae6a91d5ae908d6a6b2bc8ee

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

strict-transport-security: max-age=300
last-modified: Fri, 11 Oct 2019 18:13:10 GMT
x-akamai-citisite: SWDC
date: Sun, 29 Mar 2020 06:29:31 GMT
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
content-length: 89188
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 00165_NoahSyndergaard.jpg
online.citi.com/JRS/banners/modules/ 90 KB
91 KB 186ms
179ms Image
image/jpeg 104.109.92.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/00165_NoahSyndergaard.jpg

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.92.187 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-92-187.deploy.static.akamaitechnologies.com

Software

Resource Hash

a6cd789bddb9565dd498ea70472bd4c85eef40c5f6a0572b5f870ab93c8f3032

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

strict-transport-security: max-age=300
last-modified: Mon, 17 Feb 2020 23:07:46 GMT
x-akamai-citisite: SWDC
date: Sun, 29 Mar 2020 06:29:31 GMT
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
content-length: 92151
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 2019CertifiedMobileApp.png
online.citi.com/JRS/images/ 28 KB
29 KB 167ms
160ms Image
image/png 104.109.92.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/images/2019CertifiedMobileApp.png

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.92.187 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-92-187.deploy.static.akamaitechnologies.com

Software

Resource Hash

771c92ecc9167287111bc793f6392bfb0dc8a51a830b497f7591e6d3493fc1fc

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

strict-transport-security: max-age=300
last-modified: Tue, 05 Mar 2019 18:17:00 GMT
x-akamai-citisite: GTDC
date: Sun, 29 Mar 2020 06:29:31 GMT
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/png
content-length: 29171
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 404 oo_engine.min.js
ardacademy.org/GFC/branding/olab/js/ 0
0 190ms
189ms Script
text/html 35.229.76.23
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ardacademy.org/GFC/branding/olab/js/oo_engine.min.js
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.229.76.23 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 23.76.229.35.bc.googleusercontent.com
Software: nginx /
Resource Hash

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

status: 404
date: Sun, 29 Mar 2020 06:29:31 GMT
content-encoding: br
server: nginx
vary: Accept-Encoding, Accept-Encoding
content-type: text/html

GET
H2 404 ddl.min.js
ardacademy.org/CBOL/common/ui/ddl/theme/latest/scripts/ 0
0 187ms
177ms Script
text/html 35.229.76.23
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ardacademy.org/CBOL/common/ui/ddl/theme/latest/scripts/ddl.min.js
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.229.76.23 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 23.76.229.35.bc.googleusercontent.com
Software: nginx /
Resource Hash

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

status: 404
date: Sun, 29 Mar 2020 06:29:31 GMT
content-encoding: br
server: nginx
vary: Accept-Encoding, Accept-Encoding
content-type: text/html

GET
H2 404 main.js
ardacademy.org/GFC/branding/responsivebranding/js/ 0
0 187ms
178ms Script
text/html 35.229.76.23
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ardacademy.org/GFC/branding/responsivebranding/js/main.js
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.229.76.23 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 23.76.229.35.bc.googleusercontent.com
Software: nginx /
Resource Hash

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

status: 404
date: Sun, 29 Mar 2020 06:29:31 GMT
content-encoding: br
server: nginx
vary: Accept-Encoding, Accept-Encoding
content-type: text/html

GET
H2 404 citilive-search.js
ardacademy.org/JEA/CitiSearch/nexus-platform/js/ 0
0 188ms
178ms Script
text/html 35.229.76.23
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ardacademy.org/JEA/CitiSearch/nexus-platform/js/citilive-search.js
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.229.76.23 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 23.76.229.35.bc.googleusercontent.com
Software: nginx /
Resource Hash

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

status: 404
date: Sun, 29 Mar 2020 06:29:31 GMT
content-encoding: br
server: nginx
vary: Accept-Encoding, Accept-Encoding
content-type: text/html

GET
H2 404 cbol-smartSearch-inject.js
ardacademy.org/NCCS/smartSearch/js/ 0
0 188ms
178ms Script
text/html 35.229.76.23
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ardacademy.org/NCCS/smartSearch/js/cbol-smartSearch-inject.js
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.229.76.23 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 23.76.229.35.bc.googleusercontent.com
Software: nginx /
Resource Hash

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

status: 404
date: Sun, 29 Mar 2020 06:29:31 GMT
content-encoding: br
server: nginx
vary: Accept-Encoding, Accept-Encoding
content-type: text/html

GET
H2 404 TMXProfiling.js
ardacademy.org/TMX/ 0
0 188ms
179ms Script
text/html 35.229.76.23
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ardacademy.org/TMX/TMXProfiling.js
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.229.76.23 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 23.76.229.35.bc.googleusercontent.com
Software: nginx /
Resource Hash

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

status: 404
date: Sun, 29 Mar 2020 06:29:31 GMT
content-encoding: br
server: nginx
vary: Accept-Encoding, Accept-Encoding
content-type: text/html

GET
H/1.1 200
OK siteseal2p.async.js Show response
cyseal.cyveillance.com/SiteSeal/ 685 B
1004 B 482ms
115ms Script
application/javascript 3.212.137.125
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://cyseal.cyveillance.com/SiteSeal/siteseal2p.async.js
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.212.137.125 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-212-137-125.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.1e-fips mod_jk/1.2.40 /
Resource Hash: 8cad2492e705a54e5c4a634509b1d6c836dfb5bd179c2e58063653cc8635d6df

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Sun, 29 Mar 2020 06:29:31 GMT
Last-Modified: Fri, 30 Jun 2017 16:15:48 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.1e-fips mod_jk/1.2.40
ETag: W/"685-1498839348000"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 685

GET
H2 200 cobrowse_overlay.css
online.citi.com/GPS/portal/css/ 7 KB
2 KB 45ms
35ms Stylesheet
text/css 104.109.92.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/GPS/portal/css/cobrowse_overlay.css

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.92.187 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-92-187.deploy.static.akamaitechnologies.com

Software

Resource Hash

a9623118fb6ec3944d1312cd0d492c3f32455e89bc1e01eafa67628a309d9c60

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 13 Aug 2019 07:17:14 GMT
x-akamai-citisite: SWDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Sun, 29 Mar 2020 06:29:31 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: text/css
content-length: 1597
expires: Sun, 29 Mar 2020 12:29:31 GMT

GET
H2 200 citilive-search-library.js Show response
online.citi.com/JEA/CitiSearch/nexus-platform/js/ 179 KB
61 KB 53ms
44ms Script
application/x-javascript 104.109.92.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-library.js

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.92.187 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-92-187.deploy.static.akamaitechnologies.com

Software

Resource Hash

d57c8034f9c12aa3ce626c9ed1d61a4bb0941c3ef320bb59346f20496fb0096a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Sun, 29 Mar 2020 06:29:31 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: application/x-javascript
content-length: 61658
expires: Sun, 29 Mar 2020 12:29:31 GMT

GET
H2 200 citilive-search-service.js Show response
online.citi.com/JEA/CitiSearch/nexus-platform/js/ 9 KB
3 KB 69ms
59ms Script
application/x-javascript 104.109.92.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-service.js

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.92.187 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-92-187.deploy.static.akamaitechnologies.com

Software

Resource Hash

eec5cc477e7cb4f1eee1f26dce3eb411a63716d89a9b659c7d5559571c837ccb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Tue, 11 Sep 2018 07:31:14 GMT
x-akamai-citisite: SWDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Sun, 29 Mar 2020 06:29:31 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: application/x-javascript
content-length: 2415
expires: Sun, 29 Mar 2020 12:29:31 GMT

GET
H2 200 citi-search-tmpl.js Show response
online.citi.com/JEA/CitiSearch/nexus-platform/js/ 18 KB
6 KB 69ms
60ms Script
application/x-javascript 104.109.92.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JEA/CitiSearch/nexus-platform/js/citi-search-tmpl.js

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.92.187 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-92-187.deploy.static.akamaitechnologies.com

Software

Resource Hash

61e114badfc7677a5ed175cf71afd46968ef8262cd4e5ec64ba0c743daae8e11

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Thu, 11 Jul 2019 10:22:32 GMT
x-akamai-citisite: GTDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Sun, 29 Mar 2020 06:29:31 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: application/x-javascript
content-length: 5146
expires: Sun, 29 Mar 2020 12:29:31 GMT

GET
H2 200 citilive-search-controller.js Show response
online.citi.com/JEA/CitiSearch/nexus-platform/js/ 112 KB
23 KB 86ms
77ms Script
application/x-javascript 104.109.92.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/JEA/CitiSearch/nexus-platform/js/citilive-search-controller.js

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.92.187 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-92-187.deploy.static.akamaitechnologies.com

Software

Resource Hash

99dd8270560893cf9937d476c3fd0cc09b406ee608f67cd568f8fe544aef6fce

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
last-modified: Mon, 20 Jan 2020 19:26:26 GMT
x-akamai-citisite: GTDC
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Sun, 29 Mar 2020 06:29:31 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: application/x-javascript
content-length: 22588
expires: Sun, 29 Mar 2020 12:29:31 GMT

GET
H/1.1

200
OK

citi.action
www.citi.com/credit-cards/rfuidmatch/
Redirect Chain

https://s.rfihub.com/uidm?_o=17169175&_u=18d2cc3c-4653-4936-a204-8147a1c1bd20&_sm=:R22534S@A3RIZZC24944S@A3RIZZC2232L2@A3RIZZS2233L2@A3RIZZS28259S1@A3RIZZS28266S1@A3RIZZS28267S1@A3RIZZS28227S1@A3RI...
https://www.citi.com/credit-cards/rfuidmatch/citi.action?XP_UID=SY-00DnFABlzyU8k=566

0
904 B

795ms
727ms

Image
text/html

23.67.129.14
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.citi.com/credit-cards/rfuidmatch/citi.action?XP_UID=SY-00DnFABlzyU8k=566
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.67.129.14 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-67-129-14.deploy.static.akamaitechnologies.com
Software: / Servlet/3.0
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 29 Mar 2020 06:29:32 GMT
X-Akamai-CITISITE: GTDC
P3P: policyref="/w3c/p3p.xml"\,CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
X-Powered-By: Servlet/3.0
Content-Language: en-US
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: no-cache="set-cookie, set-cookie2"
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html
Content-Length: 0
X-UA-Compatible: IE=edge, IE=edge

Redirect headers

Location: https://www.citi.com/credit-cards/rfuidmatch/citi.action?XP_UID=SY-00DnFABlzyU8k=566
Cache-Control: no-cache
Server: Jetty(9.0.6.v20130930)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 generic1583759509314.js Show response
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ 292 KB
56 KB 29ms
23ms Script
application/javascript 151.101.14.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1583759509314.js
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 495c2b78f2deeec56065c5078a56deb4b4b6601773c98224cbe8517d0545adb2

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

x-amz-version-id: uAPRU1.TEa4IccOvtJ5W8HtqM3e6HTPR
content-encoding: gzip
age: 115
x-cache: HIT
status: 200
date: Sun, 29 Mar 2020 06:29:31 GMT
content-length: 57360
x-amz-id-2: mIazVyvwuBp4rl6b4rqWuI288NQ9PJebsBXYr2Nxx74z6NZrVDWXEBYiGPCitw1erzHetRy6jA8=
x-served-by: cache-fra19142-FRA
access-control-allow-origin: *
last-modified: Mon, 09 Mar 2020 13:11:50 GMT
server: AmazonS3
x-timer: S1585463371.431433,VS0,VE1
etag: "554d96b22cd4fa4f07c79604a171a56f"
vary: Accept-Encoding
x-amz-request-id: 1593E55C3DF1132E
via: 1.1 varnish
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 1

GET
H2 200 copy_copy_1551286869362_Feedback.png
resources.digital-cloud-citi.medallia.com/wdcusciti/50/resources/image/ 2 KB
2 KB 29ms
23ms Image
image/png 151.101.14.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/resources/image/copy_copy_1551286869362_Feedback.png
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 506575b752d10714465811aec4dd67a7bfb471fcbc2e9619c1faad68c110759e

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-amz-version-id: c4QPIOt7jeoG0ZVKM.gnL_o4mPR3HO8Y
content-encoding: gzip
age: 114
x-cache: HIT
status: 200
date: Sun, 29 Mar 2020 06:29:31 GMT
content-length: 2016
x-amz-id-2: zFx5tKfVu9c6VEzMWpi/0QBv1v/rhs78q4GDD4SXrkk9DMMRyGkY0Q64kLEcyIPKGVZ79rQc+MU=
x-served-by: cache-fra19142-FRA
access-control-allow-origin: *
last-modified: Thu, 14 Nov 2019 20:30:23 GMT
server: AmazonS3
x-timer: S1585463371.431440,VS0,VE0
etag: "8515c838c29a9151befa4f4350e41381"
vary: Accept-Encoding
x-amz-request-id: F28D4231A2969D25
via: 1.1 varnish
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: image/png
x-cache-hits: 1

GET
H2 200 ajax Show response
citicorpcreditservic.tt.omtrdc.net/m2/citicorpcreditservic/mbox/ 142 B
638 B 21ms
21ms Script
text/javascript 66.117.29.11
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://citicorpcreditservic.tt.omtrdc.net/m2/citicorpcreditservic/mbox/ajax?mboxHost=ardacademy.org&mboxPage=c382641f4b7141188fba0e9c1a121508&screenHeight=1200&screenWidth=1600&browserWidth=1600&browserHeight=1200&browserTimeOffset=120&colorDepth=24&mboxSession=c382641f4b7141188fba0e9c1a121508&mboxXDomain=enabled&mboxCount=1&mboxTime=1585470571200&pageDef=jUSCBOL_Loginpage_Cookied&ProspectCustomer=true&pageLanguage=english&pageLang=en&mbox=target-global-mbox&mboxId=0&mboxURL=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&mboxReferrer=&mboxVersion=63
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 66.117.29.11 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: /
Resource Hash: dd256ae72a5f42f07046db6419e33dca617fe970ccb3844663a4fef8c23875e2

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Sec-Fetch-Dest: script
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:30 GMT
content-type: text/javascript;charset=utf-8
p3p: CP="NOI DSP CURa OUR STP COM"
status: 200
cache-control: no-cache
timing-allow-origin: *
content-length: 142
x-request-id: 172eb278-73d2-44e7-ab84-84f9b0e0a8fc

GET
H/1.1

302
Found

rd Show response
dpm.demdex.net/id/
Redirect Chain

https://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1585463371204
https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1585463371204

0
-1 B

147ms
37ms

XHR

52.30.78.155
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1585463371204

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.30.78.155 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-30-78-155.eu-west-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Location: https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1585463371204
X-TID: 8ogNmkegTPU=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://ardacademy.org
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: https://ardacademy.org
X-TID: 8ogNmkegTPU=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1585463371204
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

adadvisor.gif
px0.pbbl.co/
Redirect Chain

https://px0.pbbl.co/ns/__p2.gif?ppid=&chk=true&brid=&brcid=&email=&orderId=&orderValue=&productId=&offerCode=&label=&pageUrl=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail....
https://aa.agkn.com/adscores/g.pixel?sid=9212282598&_ppid=6839300e-99ee-4a46-8dee-f70229aed582&_segid=99&iid=5ab97ac5-83ec-46f4-86e6-0f45ca8a58cf
https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=6839300e-99ee-4a46-8dee-f70229aed582&_segid=99&_zip=&hk=&iid=5ab97ac5-83ec-46f4-86e6-0f45ca8a58cf&mt=&bd=

42 B
135 B

138ms
138ms

Image
image/gif

2a00:1450:4001:806::2013
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=6839300e-99ee-4a46-8dee-f70229aed582&_segid=99&_zip=&hk=&iid=5ab97ac5-83ec-46f4-86e6-0f45ca8a58cf&mt=&bd=

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
x-content-type-options: nosniff
server: Google Frontend
content-type: image/gif
status: 200
x-cloud-trace-context: 9351e68fe7627d4de2417e2562b9d409
cache-control: must-revalidate, no-cache, no-store
content-length: 42
x-xss-protection: 1
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
server: AAWebServer
location: https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=6839300e-99ee-4a46-8dee-f70229aed582&_segid=99&_zip=&hk=&iid=5ab97ac5-83ec-46f4-86e6-0f45ca8a58cf&mt=&bd=
p3p: policyref="http://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-length: 0
expires: 0

GET
H2 200 serverComponent.php Show response
nexus.ensighten.com/citi/na_prod/ 1 KB
704 B 48ms
42ms Script
text/javascript 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/serverComponent.php?r=7759.6560879844765&ClientID=1129&PageID=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 12f74d25b3d96f8d3c0895b550e37283adf75fc9e2fd6df63d1d77c59db897ea

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sun, 29 Mar 2020 06:29:31 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: no-cache, no-store
expires: Sun, 29 Mar 2020 06:29:30 GMT

GET
H/1.1 200
OK rd Show response
dpm.demdex.net/id/ 363 B
1 KB 39ms
39ms XHR
application/json 52.30.78.155
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1585463371204

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.30.78.155 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-30-78-155.eu-west-1.compute.amazonaws.com

Software

Resource Hash

69f3b623b3af5295b4499e023a4936ac55e8404a572ab4584edaba3681cbe872

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Origin: https://ardacademy.org
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-v064-05fe7f84f.edge-irl1.demdex.com 5.66.0.20200310121811 2ms (+0ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-TID: mcg9/PxBT60=
Vary: Origin, Accept-Encoding, User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://ardacademy.org
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 296
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 id Show response
metrics1.citi.com/ 89 B
625 B 460ms
30ms XHR
application/x-javascript 15.188.105.205
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics1.citi.com/id?d_visid_ver=3.1.2&d_fieldgroup=A&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&mid=22247126333902322202239645133913471359&ts=1585463371395

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.188.105.205 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-105-205.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

bf54fd8acc1c7b963ac5bd7eb9ab9d5ae3e5ec58fcfaba98044a000dfe621d1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Origin: https://ardacademy.org
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

status: 200
date: Sun, 29 Mar 2020 06:29:31 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-5cd6d4f775-scvwj
vary: Origin
x-c: master-1216.I0bfb28.M0-370
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://ardacademy.org
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-type: application/x-javascript;charset=utf-8
content-length: 89
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=XoBASwAAAtFG4FL0
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=16923313425522552951636859846844350684
https://dpm.demdex.net/ibs:dpid=411&dpuuid=XoBASwAAAtFG4FL0

42 B
915 B

38ms
38ms

Image
image/gif

52.30.78.155
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=XoBASwAAAtFG4FL0

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.30.78.155 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-30-78-155.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

DCS: dcs-prod-irl1-v064-0d33db7a3.edge-irl1.demdex.com 5.66.0.20200310121811 1ms (+1ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: sBFJDYCQSE0=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date: Sun, 29 Mar 2020 06:29:31 GMT
Server: AMO-cookiemap/1.1
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=XoBASwAAAtFG4FL0
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=15,max=100
Content-Length: 0

GET
H2 200 /
www.google.com/pagead/1p-user-list/959299794/ 42 B
110 B 25ms
20ms Image
image/gif 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/959299794/?random=1585247682996&cv=9&fst=1585245600000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=817682170&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/959299794/ 42 B
110 B 19ms
18ms Image
image/gif 2a00:1450:4001:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/959299794/?random=1585247682996&cv=9&fst=1585245600000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=817682170&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/960621875/ 42 B
110 B 30ms
30ms Image
image/gif 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/960621875/?random=1585247683006&cv=9&fst=1585245600000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=1668138388&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/960621875/ 42 B
110 B 19ms
19ms Image
image/gif 2a00:1450:4001:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/960621875/?random=1585247683006&cv=9&fst=1585245600000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=1668138388&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/916451471/ 42 B
110 B 20ms
20ms Image
image/gif 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/916451471/?random=1585247683010&cv=9&fst=1585245600000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2680512215&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/916451471/ 42 B
110 B 19ms
18ms Image
image/gif 2a00:1450:4001:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/916451471/?random=1585247683010&cv=9&fst=1585245600000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2680512215&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/975701947/ 42 B
110 B 19ms
19ms Image
image/gif 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/975701947/?random=1585247683013&cv=9&fst=1585245600000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=4026205889&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/975701947/ 42 B
110 B 18ms
18ms Image
image/gif 2a00:1450:4001:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/975701947/?random=1585247683013&cv=9&fst=1585245600000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=4026205889&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/770961656/ 42 B
110 B 30ms
30ms Image
image/gif 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/770961656/?random=1585247683017&cv=9&fst=1585245600000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=665327487&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/770961656/ 42 B
110 B 20ms
18ms Image
image/gif 2a00:1450:4001:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/770961656/?random=1585247683017&cv=9&fst=1585245600000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=665327487&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/819500023/ 42 B
110 B 30ms
30ms Image
image/gif 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/819500023/?random=1585247683020&cv=9&fst=1585245600000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2588333556&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/819500023/ 42 B
110 B 21ms
21ms Image
image/gif 2a00:1450:4001:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/819500023/?random=1585247683020&cv=9&fst=1585245600000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2588333556&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/763960929/ 42 B
110 B 29ms
29ms Image
image/gif 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/763960929/?random=1585247683026&cv=9&fst=1585245600000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=39739282&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/763960929/ 42 B
110 B 20ms
20ms Image
image/gif 2a00:1450:4001:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/763960929/?random=1585247683026&cv=9&fst=1585245600000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=39739282&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/959299794/ 42 B
110 B 29ms
29ms Image
image/gif 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/959299794/?random=1585247683029&cv=9&fst=1585245600000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2534162279&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/959299794/ 42 B
110 B 19ms
18ms Image
image/gif 2a00:1450:4001:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/959299794/?random=1585247683029&cv=9&fst=1585245600000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2534162279&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/960621875/ 42 B
110 B 65ms
64ms Image
image/gif 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/960621875/?random=1585247683033&cv=9&fst=1585245600000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=1905289588&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/960621875/ 42 B
110 B 26ms
25ms Image
image/gif 2a00:1450:4001:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/960621875/?random=1585247683033&cv=9&fst=1585245600000&num=1&bg=ffffff&guid=ON&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=1905289588&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/916451471/ 42 B
110 B 30ms
29ms Image
image/gif 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/916451471/?random=1585247683036&cv=9&fst=1585245600000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=830378031&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/916451471/ 42 B
110 B 18ms
18ms Image
image/gif 2a00:1450:4001:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/916451471/?random=1585247683036&cv=9&fst=1585245600000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=830378031&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/975701947/ 42 B
110 B 29ms
28ms Image
image/gif 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/975701947/?random=1585247683049&cv=9&fst=1585245600000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=1610830402&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/975701947/ 42 B
110 B 19ms
19ms Image
image/gif 2a00:1450:4001:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/975701947/?random=1585247683049&cv=9&fst=1585245600000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=1610830402&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/770961656/ 42 B
110 B 27ms
27ms Image
image/gif 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/770961656/?random=1585247683063&cv=9&fst=1585245600000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=335117516&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/770961656/ 42 B
110 B 19ms
19ms Image
image/gif 2a00:1450:4001:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/770961656/?random=1585247683063&cv=9&fst=1585245600000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=335117516&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/819500023/ 42 B
110 B 29ms
28ms Image
image/gif 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/819500023/?random=1585247683075&cv=9&fst=1585245600000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=373688552&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/819500023/ 42 B
110 B 18ms
18ms Image
image/gif 2a00:1450:4001:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/819500023/?random=1585247683075&cv=9&fst=1585245600000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=373688552&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/763960929/ 42 B
110 B 32ms
31ms Image
image/gif 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/763960929/?random=1585247683083&cv=9&fst=1585245600000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=1253758214&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/763960929/ 42 B
110 B 19ms
19ms Image
image/gif 2a00:1450:4001:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/763960929/?random=1585247683083&cv=9&fst=1585245600000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=768&u_w=1366&u_ah=768&u_aw=1366&u_cd=24&u_his=1&u_tz=-300&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=1253758214&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:31 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 404 identity
api.rlcdn.com/api/ 0
0 68ms
25ms XHR
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.rlcdn.com/api/identity?pid=1&rt=idl
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.244.174.68 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Origin: https://ardacademy.org
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
BLOB 200
OK 8ae4dc5e-bd5a-45ab-a54b-e5f4a70665aa
https://ardacademy.org/ 138 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://ardacademy.org/8ae4dc5e-bd5a-45ab-a54b-e5f4a70665aa
Requested by: Host: online.citi.com
URL: https://online.citi.com/passivebio/BiocatchATO.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e5168b3d0c8f929a1b8c4c1b4e4ebac60ee0e1ecfd759aeb4be4c2b15e3fc097

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: worker

Response headers

Content-Length: 140879
Content-Type: application/javascript

GET
H2 200 Citi-Enterprise-White.png
online.citi.com/GFC/branding/img/ 1 KB
1 KB 133ms
132ms Image
image/png 104.109.92.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/GFC/branding/img/Citi-Enterprise-White.png

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.92.187 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-92-187.deploy.static.akamaitechnologies.com

Software

Resource Hash

7cb24e06c00e47bb6bc6c38b935d6bc62817f656703387e4fb7591add96c7454

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://online.citi.com/GFC/branding/responsivebranding/css/main_branding.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

strict-transport-security: max-age=300
last-modified: Wed, 14 Jun 2017 18:29:05 GMT
x-akamai-citisite: GTDC
date: Sun, 29 Mar 2020 06:29:31 GMT
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/png
content-length: 1040
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 Interstate-Light.woff
online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/ 74 KB
74 KB 78ms
36ms Font
application/octet-stream 104.109.92.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Light.woff

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.92.187 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-92-187.deploy.static.akamaitechnologies.com

Software

Resource Hash

f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css
Origin: https://ardacademy.org
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
date: Sun, 29 Mar 2020 06:29:31 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: text/plain
access-control-allow-origin: *
content-length: 75483
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 Interstate-Bold.woff
online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/ 70 KB
71 KB 108ms
66ms Font
application/octet-stream 104.109.92.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Bold.woff

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.92.187 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-92-187.deploy.static.akamaitechnologies.com

Software

Resource Hash

e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css
Origin: https://ardacademy.org
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
date: Sun, 29 Mar 2020 06:29:31 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-type: text/plain
access-control-allow-origin: *
content-length: 71859
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 404 peworkflow.min.js
ardacademy.org/personalization/ 0
0 155ms
155ms Script
text/html 35.229.76.23
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ardacademy.org/personalization/peworkflow.min.js
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.229.76.23 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 23.76.229.35.bc.googleusercontent.com
Software: nginx /
Resource Hash

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

status: 404
date: Sun, 29 Mar 2020 06:29:31 GMT
content-encoding: br
server: nginx
vary: Accept-Encoding, Accept-Encoding
content-type: text/html

GET
H/1.1 200
OK Cookie set dest5.html
citi.demdex.net/ Frame E26A 0
0 417ms
53ms Document
text/html 52.208.194.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://citi.demdex.net/dest5.html?d_nsid=0

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.208.194.150 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-208-194-150.eu-west-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Host: citi.demdex.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: demdex=16923313425522552951636859846844350684
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=21600
Content-Encoding: gzip
Content-Type: text/html
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified: Wed, 18 Mar 2020 14:29:55 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Set-Cookie: demdex=16923313425522552951636859846844350684;Path=/;Domain=.demdex.net;Expires=Fri, 25-Sep-2020 06:29:31 GMT;Max-Age=15552000;Secure;SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding, User-Agent
X-TID: MVN+apP3Ro8=
Content-Length: 2785
Connection: keep-alive

GET
H2 200 cse_element__de.js Show response
www.google.com/cse/static/element/8b2252448421acb3/ 257 KB
85 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/8b2252448421acb3/cse_element__de.js?usqp=CAI%3D

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2233a44f005e8d416636e52aca33bc7ce726c1ab4d0801865162829d762c6de2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 27 Mar 2020 22:12:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 31 Oct 2019 16:49:36 GMT
server: sffe
age: 116215
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 86952
x-xss-protection: 0
expires: Sat, 27 Mar 2021 22:12:36 GMT

GET
H2 200 default+de.css
www.google.com/cse/static/element/8b2252448421acb3/ 40 KB
9 KB 7ms
6ms Stylesheet
text/css 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/8b2252448421acb3/default+de.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse/cse.js?cx=009695499870347544712:e3dyicpbrwu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

40a20291f9b526cba58796a4bbd0256d5663313e02c9d5ab5a842476562b3108

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Fri, 27 Mar 2020 22:12:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 31 Oct 2019 16:49:36 GMT
server: sffe
age: 116215
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 9042
x-xss-protection: 0
expires: Sat, 27 Mar 2021 22:12:36 GMT

GET
H2 200 HP4782_M.jpg
online.citi.com/JRS/banners/modules/ 90 KB
90 KB 41ms
40ms Image
image/jpeg 104.109.92.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/JRS/banners/modules/HP4782_M.jpg

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.92.187 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-92-187.deploy.static.akamaitechnologies.com

Software

Resource Hash

043494ebdb60e363e2e8e0fa548a3863505bda2d81f28d2bf87d4f11380f39f4

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

strict-transport-security: max-age=300
last-modified: Wed, 15 May 2019 15:20:42 GMT
x-akamai-citisite: SWDC
date: Sun, 29 Mar 2020 06:29:31 GMT
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
content-length: 91963
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 arrow-btn-next-blue-sm-bold.svg
online.citi.com/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/ 918 B
1000 B 162ms
161ms Image
image/svg+xml 104.109.92.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-blue-sm-bold.svg

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.92.187 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-92-187.deploy.static.akamaitechnologies.com

Software

Resource Hash

e90fb0eba512ed6473f6fb8acf4cd09b38732f150f43c396246c12bb2aacbb67

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://online.citi.com/GFC/branding/responsivebranding/css/main.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 17:20:58 GMT
x-akamai-citisite: GTDC
date: Sun, 29 Mar 2020 06:29:31 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/svg+xml
content-length: 499
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 Citi-Branding-Sprite.png
online.citi.com/GFC/branding/img/ 5 KB
5 KB 53ms
52ms Image
image/png 104.109.92.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/GFC/branding/img/Citi-Branding-Sprite.png

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.92.187 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-92-187.deploy.static.akamaitechnologies.com

Software

Resource Hash

3fca3de24621f0f10186594054444d608016297c2e853e548710b3521e42a609

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://online.citi.com/GFC/branding/responsivebranding/css/main_branding.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

strict-transport-security: max-age=300
last-modified: Wed, 14 Jun 2017 18:29:01 GMT
x-akamai-citisite: SWDC
date: Sun, 29 Mar 2020 06:29:31 GMT
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/png
content-length: 4952
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 appStore_1px.png
online.citi.com/GFC/branding/responsivebranding/img/ 3 KB
4 KB 60ms
60ms Image
image/png 104.109.92.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/GFC/branding/responsivebranding/img/appStore_1px.png

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.92.187 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-92-187.deploy.static.akamaitechnologies.com

Software

Resource Hash

f44e4692a52b6a382cb481e23f8bcb9a6d4c24eec8aa60143c7e2ca3a85758b2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://online.citi.com/GFC/branding/responsivebranding/css/main_branding.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

strict-transport-security: max-age=300
last-modified: Thu, 27 Sep 2018 21:19:09 GMT
x-akamai-citisite: GTDC
date: Sun, 29 Mar 2020 06:29:31 GMT
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/png
content-length: 3513
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 googlePlay_1px.png
online.citi.com/GFC/branding/responsivebranding/img/ 4 KB
4 KB 61ms
60ms Image
image/png 104.109.92.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/GFC/branding/responsivebranding/img/googlePlay_1px.png

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.92.187 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-92-187.deploy.static.akamaitechnologies.com

Software

Resource Hash

1cc4ec61057f30cea6d47126e0444f119b2606720b1fe8d7e0deff1f5742a82b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://online.citi.com/GFC/branding/responsivebranding/css/main_branding.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

strict-transport-security: max-age=300
last-modified: Thu, 27 Sep 2018 21:21:52 GMT
x-akamai-citisite: SWDC
date: Sun, 29 Mar 2020 06:29:31 GMT
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/png
content-length: 3900
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 arrow-btn-next-white-sm-bold.svg
online.citi.com/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/ 918 B
997 B 200ms
199ms Image
image/svg+xml 104.109.92.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/arrows/arrow-btn-next-white-sm-bold.svg

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.92.187 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-92-187.deploy.static.akamaitechnologies.com

Software

Resource Hash

4f918cd256712c03a1b88007176cabf623cc63740e919d35a217c18dc7ebe607

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://online.citi.com/loginpage/styles/homePage.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
date: Sun, 29 Mar 2020 06:29:31 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/svg+xml
content-length: 496
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 oo_icon_retina.gif
online.citi.com/GFC/branding/olab/images/ 2 KB
3 KB 69ms
68ms Image
image/gif 104.109.92.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/GFC/branding/olab/images/oo_icon_retina.gif

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.92.187 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-92-187.deploy.static.akamaitechnologies.com

Software

Resource Hash

701d2f9f02741b8429f4fb892b2b48c34a8a0f9189cb09013b2799031f22e484

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://online.citi.com/GFC/branding/responsivebranding/css/main_branding.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

strict-transport-security: max-age=300
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
date: Sun, 29 Mar 2020 06:29:31 GMT
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/gif
content-length: 2204
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 404 oo_engine.min.js
ardacademy.org/GFC/branding/olab/js/ 0
0 120ms
120ms Script
text/html 35.229.76.23
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ardacademy.org/GFC/branding/olab/js/oo_engine.min.js
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.229.76.23 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 23.76.229.35.bc.googleusercontent.com
Software: nginx /
Resource Hash

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

status: 404
date: Sun, 29 Mar 2020 06:29:31 GMT
content-encoding: br
server: nginx
vary: Accept-Encoding, Accept-Encoding
content-type: text/html

GET
H2 404 ddl.min.js
ardacademy.org/CBOL/common/ui/ddl/theme/latest/scripts/ 0
0 112ms
111ms Script
text/html 35.229.76.23
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ardacademy.org/CBOL/common/ui/ddl/theme/latest/scripts/ddl.min.js
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.229.76.23 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 23.76.229.35.bc.googleusercontent.com
Software: nginx /
Resource Hash

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

status: 404
date: Sun, 29 Mar 2020 06:29:31 GMT
content-encoding: br
server: nginx
vary: Accept-Encoding, Accept-Encoding
content-type: text/html

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 363 B
1 KB 54ms
53ms XHR
application/json 52.30.78.155
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&d_mid=22247126333902322202239645133913471359&d_blob=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&d_cid_ic=AVID%012F4020258515E58C-600007AC045B1657&ts=1585463371857

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.30.78.155 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-30-78-155.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7296bff05c272c7a8ff8b65ef5cbb9245ff55d54328ca6b9ba888f35c0cbbfff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Origin: https://ardacademy.org
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-v064-0de25091d.edge-irl1.demdex.com 5.66.0.20200310121811 2ms (+1ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-TID: XgzElmvbSBg=
Vary: Origin, Accept-Encoding, User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://ardacademy.org
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 296
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 404 main.js
ardacademy.org/GFC/branding/responsivebranding/js/ 0
0 113ms
111ms Script
text/html 35.229.76.23
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ardacademy.org/GFC/branding/responsivebranding/js/main.js
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.229.76.23 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 23.76.229.35.bc.googleusercontent.com
Software: nginx /
Resource Hash

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

status: 404
date: Sun, 29 Mar 2020 06:29:32 GMT
content-encoding: br
server: nginx
vary: Accept-Encoding, Accept-Encoding
content-type: text/html

GET
H/1.1 200
OK cr.png Show response
cfr.us.v2.we-stats.com/api/v1/ 4 B
375 B 397ms
133ms XHR
application/json 40.122.110.249
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://cfr.us.v2.we-stats.com/api/v1/cr.png?cid=cedric&snum=1585463371909-sjn0000942-256396ea-60b0-462f-8073-ae4f2787d461&muid=1585463371436-543179A3-A380-40E5-89AB-7EAC0BAF1E67
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 40.122.110.249 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Origin: https://ardacademy.org
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
Date: Sun, 29 Mar 2020 06:29:32 GMT
Server: nginx
tail-id: 24cdfb6e-7474-459e-a014-b4912eb4bbcb
X-Kong-Proxy-Latency: 0
Content-Type: application/json
access-control-allow-origin: *
X-Kong-Upstream-Latency: 2
cache-control: no-cache, no-store
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 4

GET
H2 404 citilive-search.js
ardacademy.org/JEA/CitiSearch/nexus-platform/js/ 0
0 112ms
112ms Script
text/html 35.229.76.23
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ardacademy.org/JEA/CitiSearch/nexus-platform/js/citilive-search.js
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.229.76.23 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 23.76.229.35.bc.googleusercontent.com
Software: nginx /
Resource Hash

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

status: 404
date: Sun, 29 Mar 2020 06:29:32 GMT
content-encoding: br
server: nginx
vary: Accept-Encoding, Accept-Encoding
content-type: text/html

GET
H2 404 cbol-smartSearch-inject.js
ardacademy.org/NCCS/smartSearch/js/ 0
0 112ms
111ms Script
text/html 35.229.76.23
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ardacademy.org/NCCS/smartSearch/js/cbol-smartSearch-inject.js
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.229.76.23 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 23.76.229.35.bc.googleusercontent.com
Software: nginx /
Resource Hash

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

status: 404
date: Sun, 29 Mar 2020 06:29:32 GMT
content-encoding: br
server: nginx
vary: Accept-Encoding, Accept-Encoding
content-type: text/html

GET
H2 404 TMXProfiling.js
ardacademy.org/TMX/ 0
0 111ms
111ms Script
text/html 35.229.76.23
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ardacademy.org/TMX/TMXProfiling.js
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.229.76.23 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 23.76.229.35.bc.googleusercontent.com
Software: nginx /
Resource Hash

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

status: 404
date: Sun, 29 Mar 2020 06:29:32 GMT
content-encoding: br
server: nginx
vary: Accept-Encoding, Accept-Encoding
content-type: text/html

GET
H/1.1 202
Accepted cyss.js Show response
cyseal.cyveillance.com/SiteSeal/ 0
226 B 122ms
122ms Script
application/javascript 3.212.137.125
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://cyseal.cyveillance.com/SiteSeal/cyss.js?ref=ardacademy.org
Requested by: Host: cyseal.cyveillance.com
URL: https://cyseal.cyveillance.com/SiteSeal/siteseal2p.async.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.212.137.125 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-212-137-125.compute-1.amazonaws.com
Software: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.1e-fips mod_jk/1.2.40 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Sun, 29 Mar 2020 06:29:32 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.1e-fips mod_jk/1.2.40
Connection: keep-alive
Content-Length: 0
Content-Type: application/javascript

GET
H/1.1 200
OK Cookie set dest5.html
citi.demdex.net/ Frame E077 0
0 41ms
40ms Document
text/html 52.208.194.150
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://citi.demdex.net/dest5.html?d_nsid=0

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.208.194.150 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-208-194-150.eu-west-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Host: citi.demdex.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: demdex=16923313425522552951636859846844350684
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=21600
Content-Encoding: gzip
Content-Type: text/html
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified: Wed, 18 Mar 2020 13:01:00 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Set-Cookie: demdex=16923313425522552951636859846844350684;Path=/;Domain=.demdex.net;Expires=Fri, 25-Sep-2020 06:29:32 GMT;Max-Age=15552000;Secure;SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding, User-Agent
X-TID: p5OJ+liRSf4=
Content-Length: 2785
Connection: keep-alive

GET
H2 204 425466.html
sr.rlcdn.com/ Frame FCA9 0
0 154ms
143ms Document
text/plain 35.190.72.21
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sr.rlcdn.com/425466.html?es=80676&u=cc87838e4caaadeb999f06d0f97757adab8948ed
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.72.21 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 21.72.190.35.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: sr.rlcdn.com
:scheme: https
:path: /425466.html?es=80676&u=cc87838e4caaadeb999f06d0f97757adab8948ed
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Response headers

status: 204
date: Sun, 29 Mar 2020 06:29:32 GMT
via: 1.1 google
alt-svc: clear

GET
H/1.1 200
OK 63068
stags.bluekai.com/site/ Frame AE64 0
0 249ms
207ms Document
text/html 23.45.237.36
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://stags.bluekai.com/site/63068?ret=html&phint=language%3Denglish&phint=product%3D&phint=event&phint=category%3Dpre-login%20Sign%20on%20page&phint=page%3DCookied%20Username%20Password&phint=section1%3DPublic&phint=section2%3DSignOn&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DOnline%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&phint=__bk_k%3Dbanking%2C%20citi%2C%20financial%20services%2C%20checking%20account%2C%20savings%20account%2C%20credit%20cards&phint=__bk_l%3Dhttps%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&phint=__bk_v%3D3.1.4&limit=10&r=50577286
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.237.36 , United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-45-237-36.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Host: stags.bluekai.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Response headers

Content-Type: text/html
Content-Length: 71
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
BK-Server: b08a
Date: Sun, 29 Mar 2020 06:29:32 GMT
Connection: keep-alive
X-N: S

GET
H2 200 pp.html
cdn.pbbl.co/i/ Frame 1288 0
0 148ms
147ms Document
text/html 143.204.202.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pbbl.co/i/pp.html
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.202.119 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-202-119.fra53.r.cloudfront.net
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash

Request headers

:method: GET
:authority: cdn.pbbl.co
:scheme: https
:path: /i/pp.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: pp_uid=6839300e-99ee-4a46-8dee-f70229aed582
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Response headers

status: 200
content-type: text/html
server: nginx/1.10.3 (Ubuntu)
date: Sun, 29 Mar 2020 00:16:53 GMT
last-modified: Thu, 30 Jan 2020 18:07:58 GMT
content-encoding: gzip
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 15d3b4db3728feaae1780610a1bac86e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: MMScIgKaBXCs2Jum_ryLbAa_1E7i_l2PZ5gzXZDKNXKiFw1y08Ys3A==

GET
H2

200

activityi;dc_pre=CK-G_6iHv-gCFRC63godBRgBXA;src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=74583402463.05983;gtm=2od3i0;auiddc=505230407.1578884161;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2F...
6260004.fls.doubleclick.net/ Frame 0D96
Redirect Chain

https://6260004.fls.doubleclick.net/activityi;src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=74583402463.05983;gtm=2od3i0;auiddc=505230407.1578884161;~oref=https%3A%2F%2Fonline.citi.com%2FUS%...
https://6260004.fls.doubleclick.net/activityi;dc_pre=CK-G_6iHv-gCFRC63godBRgBXA;src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=74583402463.05983;gtm=2od3i0;auiddc=505230407.1578884161;~oref=h...

0
0

37ms
36ms

Document
text/html

216.58.207.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6260004.fls.doubleclick.net/activityi;dc_pre=CK-G_6iHv-gCFRC63godBRgBXA;src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=74583402463.05983;gtm=2od3i0;auiddc=505230407.1578884161;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do?

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.207.70 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s25-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 6260004.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=CK-G_6iHv-gCFRC63godBRgBXA;src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=74583402463.05983;gtm=2od3i0;auiddc=505230407.1578884161;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmFxGUaI2dmCejYoR65NHXa1VrkGQBRd-TBU7sM_WdimJ8I_JbaA2jwzEaf
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
date: Sun, 29 Mar 2020 06:29:32 GMT
expires: Sun, 29 Mar 2020 06:29:32 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 345
x-xss-protection: 0
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000

Redirect headers

status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
date: Sun, 29 Mar 2020 06:29:32 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://6260004.fls.doubleclick.net/activityi;dc_pre=CK-G_6iHv-gCFRC63godBRgBXA;src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=74583402463.05983;gtm=2od3i0;auiddc=505230407.1578884161;~oref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000

GET
H2 200 pixel
bid.g.doubleclick.net/xbbe/ Frame CC8D 0
0 85ms
35ms Document
text/html 66.102.1.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/pixel?d=KAE

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.102.1.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wb-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: bid.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=KAE
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmFxGUaI2dmCejYoR65NHXa1VrkGQBRd-TBU7sM_WdimJ8I_JbaA2jwzEaf
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 29 Mar 2020 06:29:32 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000

GET
H2 200 pixel
bid.g.doubleclick.net/xbbe/ Frame BB78 0
0 85ms
36ms Document
text/html 66.102.1.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/pixel?d=KAE

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.102.1.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wb-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: bid.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=KAE
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmFxGUaI2dmCejYoR65NHXa1VrkGQBRd-TBU7sM_WdimJ8I_JbaA2jwzEaf
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 29 Mar 2020 06:29:32 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000

GET
H2 200 pixel
bid.g.doubleclick.net/xbbe/ Frame BA54 0
0 84ms
36ms Document
text/html 66.102.1.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/pixel?d=KAE

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.102.1.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wb-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: bid.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=KAE
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmFxGUaI2dmCejYoR65NHXa1VrkGQBRd-TBU7sM_WdimJ8I_JbaA2jwzEaf
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 29 Mar 2020 06:29:32 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000

GET
H2 200 pixel
bid.g.doubleclick.net/xbbe/ Frame 61E2 0
0 83ms
36ms Document
text/html 66.102.1.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/pixel?d=KAE

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.102.1.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wb-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: bid.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=KAE
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmFxGUaI2dmCejYoR65NHXa1VrkGQBRd-TBU7sM_WdimJ8I_JbaA2jwzEaf
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 29 Mar 2020 06:29:32 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000

GET
H2 200 pixel
bid.g.doubleclick.net/xbbe/ Frame 6CB2 0
0 82ms
35ms Document
text/html 66.102.1.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/pixel?d=KAE

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.102.1.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wb-in-f154.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: bid.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=KAE
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmFxGUaI2dmCejYoR65NHXa1VrkGQBRd-TBU7sM_WdimJ8I_JbaA2jwzEaf
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 29 Mar 2020 06:29:32 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000

GET
H2 200 up
insight.adsrvr.org/track/ Frame 8D89 0
0 47ms
47ms Document
text/html 99.81.228.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=1jw5cvl&ref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&upid=t1sl5ty&upv=1.1.0&orderid={orderid}&v={v}&vf={vf}&td1=jUSCBOL_Loginpage_Cookied&td2=undefined&td3=undefined&td4=Cookied%20Username%20Password&td5=https://online.citi.com/US/login.do&td6={td6}&td7={td7}&td8={td8}&td9={td9}&td10={td10}
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.81.228.121 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-99-81-228-121.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: insight.adsrvr.org
:scheme: https
:path: /track/up?adv=1jw5cvl&ref=https%3A%2F%2Fonline.citi.com%2FUS%2Flogin.do&upid=t1sl5ty&upv=1.1.0&orderid={orderid}&v={v}&vf={vf}&td1=jUSCBOL_Loginpage_Cookied&td2=undefined&td3=undefined&td4=Cookied%20Username%20Password&td5=https://online.citi.com/US/login.do&td6={td6}&td7={td7}&td8={td8}&td9={td9}&td10={td10}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Response headers

status: 200
date: Sun, 29 Mar 2020 06:29:32 GMT
content-type: text/html
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1 200
OK snare.js Show response
mpsnare.iesnare.com/ 38 KB
13 KB 27ms
27ms Script
text/javascript 52.129.74.14
IOVATION3

General

Check archive.org

Show headers Download Go to

Full URL

https://mpsnare.iesnare.com/snare.js?_=1585463371175

Requested by

Host: online.citi.com
URL: https://online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/vendor.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.129.74.14 , United States, ASN395492 (IOVATION3, US),

Reverse DNS

mpsnare.iesnare.com

Software

nginx /

Resource Hash

1a650af702eca0f982f09ca0cb143ff60bef52e734fdc997d72e10a0454d6320

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Pragma: no-cache
Date: Sun, 29 Mar 2020 06:29:32 GMT
Content-Encoding: gzip
Server: nginx
Strict-Transport-Security: max-age=15552000; includeSubDomains
p3p: CP="NON DSP COR CURa"
Cache-Control: no-cache, private
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Expires: 0

GET
H2 200 close.svg
online.citi.com/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/ 1 KB
1 KB 157ms
157ms Image
image/svg+xml 104.109.92.187
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/CBOL/common/ui/ddl/theme/latest/images/icons/svgs/close.svg

Requested by

Host: online.citi.com
URL: https://online.citi.com/CBOL/common/ui/ddl/theme/latest/scripts/vendor.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.92.187 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-92-187.deploy.static.akamaitechnologies.com

Software

Resource Hash

55e066703c69d4d89a1f4d66794d474aa93d710624d8f807096bac17a7867b17

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/ddl.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 17:16:57 GMT
x-akamai-citisite: GTDC
date: Sun, 29 Mar 2020 06:29:32 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status: 200
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/svg+xml
content-length: 641
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H/1.1 200
OK idr.js Show response
a.rfihub.com/ 83 B
686 B 110ms
19ms Script
application/javascript 193.0.160.129
ROCKETFUEL

General

Check archive.org

Show headers Download Go to

Full URL: https://a.rfihub.com/idr.js?_callback=window.RocketfuelBCP.jsonpCallbacks.request_cmZpSWRJbkNhY2hl
Requested by: Host: c1.rfihub.net
URL: https://c1.rfihub.net/js/tc.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.129 , Netherlands, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.0.6.v20130930) /
Resource Hash: 6d784be9e33d5a590fd2e40ad1abd79d201db6547b078aa1a42e6272e75ffeb8

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Expires: Fri, 23 Apr 2021 06:29:32 GMT
Cache-Control: public, max-age=33696000
Server: Jetty(9.0.6.v20130930)
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 83
Content-Type: application/javascript

GET
H2 204 perf.rnc
nexus.ensighten.com/citi/na_prod/ 0
106 B 21ms
20ms Image
text/plain 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nexus.ensighten.com/citi/na_prod/perf.rnc?cid=1129&ns=1585463370407&ce=239&cs=18&dc=0&dclee=2135&dcles=2115&di=2105&dl=391&dle=18&dls=0&fs=0&lee=0&les=0&rede=0&reds=0&reqs=240&resps=383&respe=643&scs=31&ues=0&uee=0
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

status: 204
date: Sun, 29 Mar 2020 06:29:32 GMT
cache-control: no-cache, no-store
server: nginx
expires: Sun, 29 Mar 2020 06:29:31 GMT

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
321 B 145ms
104ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKE1hY2ludG9zaDsgSW50ZWwgTWFjIE9TIFggMTBfMTRfNSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzc0LjAuMzcyOS4xNjkgU2FmYXJpLzUzNy4zNiIsInNlc3Npb25fcGxhdGZvcm0iOiAiTGludXggeDg2XzY0IiwidHJhY2tlcl90eXBlIjogImphdmFzY3JpcHQiLCJ0cmFja2VyX3ZlcnNpb24iOiAiMi4xLjE1IiwiZXZlbnRfbmFtZSI6ICJuZWJ1bGFfcGFnZV92aWV3IiwiZXZlbnRfdGltZXN0YW1wX2Vwb2NoIjogIjE1ODU0NjMzNzI2NTgiLCJldmVudF90aW1lem9uZV9vZmZzZXQiOiAyLCJ1c2VyX2lkIjogIjE3MTI0ZmIyYjcwZDcyLTAzZjUzYjY1MjRlYzBmLTM3NjQ3ZTAzLTFkNGMwMC0xNzEyNGZiMmI3MWQ3OCIsImVudmlyb21lbnQiOiAiZGlnaXRhbC1jbG91ZC11cy1jaXRpIiwiYWNjb3VudElkIjogNDksInVybCI6ICJodHRwczovL2FyZGFjYWRlbXkub3JnL3dwLWNvbnRlbnQvY2MvP2VtbD1qYXNoeWVAbWFpbC5uYXNkIiwid2Vic2l0ZUlkIjogNTAsImZlZWRiYWNrX3V1aWQiOiBudWxsLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICIzN2YwLTQ2MWYtZTBlMS0wOWEzLTY1MzMtYmM5Ny0wMDNiLTI3OWEiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTU4NTQ2MzM3MjU2NCIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiAxMDc4LCJrYW1weWxlX3ZlcnNpb24iOiAiMC4wLjAuMCIsImhpc3RvcnlfbGVuZ3RoIjogMiwiZXZlbnRfbG9jYWxfdGltZXN0YW1wIjogMTU4NTQ2MzM3MjU2NywicG9zaXRpb24iOiBudWxsLCJpc1VzZXJJZGVudGlmaWVkIjogZmFsc2V9Cl19
Requested by: Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.241.45.82 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-me: prod-instance-gatewayservice-green-33b2
date: Sun, 29 Mar 2020 06:29:32 GMT
via: 1.1 google
alt-svc: clear
server: Jetty(9.2.11.v20150529)
access-control-allow-origin: *
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
status: 200
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
content-length: 0
x-application-context: application:9090

GET
H/1.1 200
OK Cookie set ca.html
20766699p.rfihub.com/ Frame 9F50 0
0 86ms
22ms Document
text/html 193.0.160.129
ROCKETFUEL

General

Check archive.org

Show headers Download Go to

Full URL: https://20766699p.rfihub.com/ca.html?rfiidc=1040683384972661705&rfiaid=79712e51b6f24225921ccccb3e1afcbe&ver=9&ra=390&rb=648&ca=20766699&_o=17169175&_t=cookiedusernamepassword&ssv_cuuid=&ssv_pagename=cookiedusernamepassword&pe=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&pf=&ra=30145205170759515
Requested by: Host: c1.rfihub.net
URL: https://c1.rfihub.net/js/tc.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.129 , Netherlands, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.0.6.v20130930) /
Resource Hash

Request headers

Host: 20766699p.rfihub.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Response headers

P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: ruds=H4sIAAAAAAAAAOMSNjQwMTCzMDa2MLE0NzIzMzQ3MBXiM9T19vIoczMsz_LPcUoDALuWoeUlAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None rud=H4sIAAAAAAAAAOMSNjQwMTCzMDa2MLE0NzIzMzQ3MBXiM9T19vIoczMsz_LPcUqT4jU0tTA1MTM2NjeyMLYAAJ-XGcI0AAAA; Path=/; Domain=.rfihub.com; Expires=Fri, 23 Apr 2021 06:29:32 GMT; Secure; SameSite=None
Cache-Control: no-cache
Content-Type: text/html
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Transfer-Encoding: chunked
Server: Jetty(9.0.6.v20130930)

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 4 KB
4 KB 21ms
21ms Script
application/x-javascript 143.204.207.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.207.113 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-207-113.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0615974c40d602afdbf9759533e352bc17b0458c85aad6694b1a1ad20659625b

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Sat, 28 Mar 2020 21:05:30 GMT
Via: 1.1 7d89b6cf83f15400102bd86c47585040.cloudfront.net (CloudFront)
Last-Modified: Mon, 13 Jan 2020 19:16:48 GMT
Server: AmazonS3
Age: 41639
ETag: "45bb7a1f2878be0c29077f7329fca766"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
X-Amz-Cf-Pop: FRA53-C1
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4091
X-Amz-Cf-Id: 3nFaZHLkFUQgO0CVdY9IGZ5tNn_eLuJEqwmLR5i6_YSCPaRQ9V4UPQ==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 74 KB
28 KB 14ms
14ms Script
application/javascript 2a00:1450:4001:819::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-959299794

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

920a1269c4469182796fcaef9661e4a89fd9667ae24fa5e70b16317a020f3062

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sun, 29 Mar 2020 06:29:32 GMT
content-encoding: br
status: 200
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 28423
x-xss-protection: 0
last-modified: Sun, 29 Mar 2020 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://www.googletagmanager.com
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 29 Mar 2020 06:29:32 GMT

GET
H2 200 1560.js Show response
cdn.pbbl.co/r/ 33 KB
9 KB 29ms
29ms Script
application/javascript 143.204.202.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.pbbl.co/r/1560.js

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/8637af7c210f4e79436bc39f71b49bfa.js?conditionId0=4827153

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

143.204.202.119 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-202-119.fra53.r.cloudfront.net

Software

nginx/1.10.3 (Ubuntu) /

Resource Hash

8e60e8edaca8a3167fe48e62f9b53ba1989a5b6a23283555f09ab12175fed96e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Tue, 03 Mar 2020 17:36:15 GMT
server: nginx/1.10.3 (Ubuntu)
x-amz-cf-pop: FRA53-C1
date: Sun, 29 Mar 2020 00:16:50 GMT
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
x-xss-protection: 1
cache-control: max-age=1800, public
x-amz-cf-id: Z__cPto6XjJIjxrMC2iVo7IZRsDOz46TgNP6FYfZdWfkAhZN-qkHKA==
via: 1.1 15d3b4db3728feaae1780610a1bac86e.cloudfront.net (CloudFront)
expires: Sun, 29 Mar 2020 00:46:50 GMT

GET
H2

200

activityi;dc_pre=CM6zlamHv-gCFRcI4Aodo80OTw;src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=4108207491547.7993;gtm=2od3i0;auiddc=897128195.1585463373;~oref=https%3A%2F%2Fardacademy.org%2Fwp-co...
6260004.fls.doubleclick.net/ Frame 1369
Redirect Chain

https://6260004.fls.doubleclick.net/activityi;src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=4108207491547.7993;gtm=2od3i0;auiddc=897128195.1585463373;~oref=https%3A%2F%2Fardacademy.org%2Fwp-...
https://6260004.fls.doubleclick.net/activityi;dc_pre=CM6zlamHv-gCFRcI4Aodo80OTw;src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=4108207491547.7993;gtm=2od3i0;auiddc=897128195.1585463373;~oref=...

0
0

39ms
39ms

Document
text/html

216.58.207.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6260004.fls.doubleclick.net/activityi;dc_pre=CM6zlamHv-gCFRcI4Aodo80OTw;src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=4108207491547.7993;gtm=2od3i0;auiddc=897128195.1585463373;~oref=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.207.70 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s25-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 6260004.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=CM6zlamHv-gCFRcI4Aodo80OTw;src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=4108207491547.7993;gtm=2od3i0;auiddc=897128195.1585463373;~oref=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: about:blank

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
date: Sun, 29 Mar 2020 06:29:32 GMT
expires: Sun, 29 Mar 2020 06:29:32 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 370
x-xss-protection: 0
set-cookie: IDE=AHWqTUn1hV0woa_IttB1ljGgS0tODy8KZNdVxFcZO9JJDbBGZKzwBmbkvAp1Jxk5; expires=Fri, 23-Apr-2021 06:29:32 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT; SameSite=none; Secure
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000

Redirect headers

status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
date: Sun, 29 Mar 2020 06:29:32 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://6260004.fls.doubleclick.net/activityi;dc_pre=CM6zlamHv-gCFRcI4Aodo80OTw;src=6260004;type=citih0;cat=citih00;qty=1;cost=1;ord=4108207491547.7993;gtm=2od3i0;auiddc=897128195.1585463373;~oref=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 29-Mar-2020 06:44:32 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000

GET
H/1.1 200
OK tc.min.js Show response
c1.rfihub.net/js/ 20 KB
7 KB 23ms
22ms Script
application/x-javascript 23.38.48.101
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.rfihub.net/js/tc.min.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/d136239f021c14bd86738c333b8132f8.js?conditionId0=462132
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.38.48.101 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-38-48-101.deploy.static.akamaitechnologies.com
Software: Jetty(9.0.6.v20130930) /
Resource Hash: cb2bb21705b9cce9781d02c9223f3344a65bd5314027d11c5a8518ad4bd84e84

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Sun, 29 Mar 2020 06:29:32 GMT
Content-Encoding: gzip
Last-Modified: Wed, 24 Jul 2019 06:34:16 GMT
Server: Jetty(9.0.6.v20130930)
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: public, max-age=3600
Connection: keep-alive
Content-Type: application/x-javascript
Content-Length: 6375
Expires: Sun, 29 Mar 2020 07:29:32 GMT

GET
H2 204 425466.html
sr.rlcdn.com/ Frame B776 0
0 119ms
119ms Document
text/plain 35.190.72.21
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/98eab123fd6eeaefc94916fb10ff0a06.js?conditionId0=467299
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.72.21 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 21.72.190.35.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: sr.rlcdn.com
:scheme: https
:path: /425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Response headers

status: 204
date: Sun, 29 Mar 2020 06:29:32 GMT
via: 1.1 google
alt-svc: clear

GET
H2 200 /
d.agkn.com/pixel/9340/ 43 B
590 B 26ms
8ms Image
image/gif 2600:9000:2057:8400:19:fc2c:a140:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.agkn.com/pixel/9340/?che=4527941735.712244&abid=undefined
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2057:8400:19:fc2c:a140:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:32 GMT
via: 1.1 35c75b7f0ca8c787d67c8ebd22bc7fc3.cloudfront.net (CloudFront)
server: Apache-Coyote/1.1
x-amz-cf-pop: FRA6-C1
x-cache: Miss from cloudfront
p3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
status: 200
cache-control: no-cache, must-revalidate
content-type: image/gif
content-length: 43
x-amz-cf-id: hpuodeKL23r21020Ls3zcH6yjQbuDz7wWiVttH38xYXgrOdujXNdDA==
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

src=8825552;dc_pre=CKrgx6mHv-gCFYYaGwodU_ALlQ;type=invmedia;cat=citio0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1
adservice.google.com/ddm/fls/z/
Redirect Chain

https://gwmtracking.com/p/v/1/5c54c477f870814b6fd57129/format/img
https://ad.doubleclick.net/ddm/activity/src=8825552;type=invmedia;cat=citio0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1?
https://ad.doubleclick.net/ddm/activity/src=8825552;dc_pre=CKrgx6mHv-gCFYYaGwodU_ALlQ;type=invmedia;cat=citio0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1?
https://adservice.google.com/ddm/fls/z/src=8825552;dc_pre=CKrgx6mHv-gCFYYaGwodU_ALlQ;type=invmedia;cat=citio0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1

42 B
109 B

17ms
17ms

Image
image/gif

2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/src=8825552;dc_pre=CKrgx6mHv-gCFYYaGwodU_ALlQ;type=invmedia;cat=citio0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:33 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, must-revalidate
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://adservice.google.com/ddm/fls/z/src=8825552;dc_pre=CKrgx6mHv-gCFYYaGwodU_ALlQ;type=invmedia;cat=citio0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 302
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 tr
www.facebook.com/ 44 B
249 B 9ms
6ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr?id=313693532491635&ev=PageView&cd[order_id]=undefined

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Sun, 29 Mar 2020 06:29:32 GMT, Sun, 29 Mar 2020 06:29:32 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-27=":443"; ma=3600
content-length: 44
expires: Sun, 29 Mar 2020 06:29:32 GMT

GET
H2 200 TC-3498-2.gif
pt.ispot.tv/v2/ 43 B
313 B 75ms
23ms Image
image/gif 151.101.14.109
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pt.ispot.tv/v2/TC-3498-2.gif?app=web&type=citi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.109 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 0227e0e4dea130eb6f3163aa3ab03720dce83a0e219c282189b03bc5b8a727e3

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:32 GMT
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
accept-ranges: bytes
content-length: 43
expires: 0

GET
H/1.1 200
OK check.js;CIS3SID=F94468767BB82824F8B49132D3726D07 Show response
content22.online.citi.com/fp/ Frame B702 173 KB
44 KB 39ms
38ms Script
text/javascript 91.235.134.21
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/check.js;CIS3SID=F94468767BB82824F8B49132D3726D07?org_id=89oebq5k&session_id=9646094ba7b58acb03dad3f75e50dcf29574f85b76dd9ada42ddaf7cafc1207c&nonce=262a5b284af0ef00&pageid=1&jb=3b3526246a7b6f773d4e6b6e7d782468736d3d4c696c777a266a73623d416a70676d672530383736

Requested by

Host: content22.online.citi.com
URL: https://content22.online.citi.com/fp/tags.js?org_id=89oebq5k&session_id=9646094ba7b58acb03dad3f75e50dcf29574f85b76dd9ada42ddaf7cafc1207c&allow_reprofile=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.134.21 , Netherlands, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

216379419be7a7e2018bdccd7b95991e9e7725c1723ab06c29fa0448acaa4ae8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Sun, 29 Mar 2020 06:29:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
P3P: CP=IVAa PSAa
tmx-nonce: 262a5b284af0ef00
Connection: Keep-Alive, Keep-Alive
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Keep-Alive: timeout=2, max=99
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK clear.png
content22.online.citi.com/fp/ Frame B702 81 B
475 B 57ms
17ms Image
image/png 91.235.134.21
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=9646094ba7b58acb03dad3f75e50dcf29574f85b76dd9ada42ddaf7cafc1207c&nonce=262a5b284af0ef00&pageid=1&w=542b64601830854e&ck=0&m=1

Requested by

Host: content22.online.citi.com
URL: https://content22.online.citi.com/fp/tags.js?org_id=89oebq5k&session_id=9646094ba7b58acb03dad3f75e50dcf29574f85b76dd9ada42ddaf7cafc1207c&allow_reprofile=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.134.21 , Netherlands, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Sun, 29 Mar 2020 06:29:32 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK clear.png
content22.online.citi.com/fp/ Frame B702 81 B
474 B 59ms
17ms Image
image/png 91.235.134.21
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=9646094ba7b58acb03dad3f75e50dcf29574f85b76dd9ada42ddaf7cafc1207c&nonce=262a5b284af0ef00&pageid=1&ck=0&m=2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.134.21 , Netherlands, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Sun, 29 Mar 2020 06:29:32 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=98
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 generic1583759509314.js Show response
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ 292 KB
56 KB 23ms
22ms Script
application/javascript 151.101.14.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1583759509314.js
Requested by: Host: resources.digital-cloud-citi.medallia.com
URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/embed.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.133 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 495c2b78f2deeec56065c5078a56deb4b4b6601773c98224cbe8517d0545adb2

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

x-amz-version-id: uAPRU1.TEa4IccOvtJ5W8HtqM3e6HTPR
content-encoding: gzip
age: 116
x-cache: HIT
status: 200
date: Sun, 29 Mar 2020 06:29:32 GMT
content-length: 57360
x-amz-id-2: mIazVyvwuBp4rl6b4rqWuI288NQ9PJebsBXYr2Nxx74z6NZrVDWXEBYiGPCitw1erzHetRy6jA8=
x-served-by: cache-fra19142-FRA
access-control-allow-origin: *
last-modified: Mon, 09 Mar 2020 13:11:50 GMT
server: AmazonS3
x-timer: S1585463373.923120,VS0,VE0
etag: "554d96b22cd4fa4f07c79604a171a56f"
vary: Accept-Encoding
x-amz-request-id: 1593E55C3DF1132E
via: 1.1 varnish
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 2

GET
H/1.1 200
OK 63068
stags.bluekai.com/site/ Frame FE70 0
0 736ms
736ms Document
text/html 23.45.237.36
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://stags.bluekai.com/site/63068?ret=html&phint=language%3Denglish&phint=product%3D&phint=event&phint=category%3Dpre-login%20Sign%20on%20page&phint=page%3DCookied%20Username%20Password&phint=section1%3DPublic&phint=section2%3DSignOn&phint=section3%3D&phint=section4%3D&phint=bankappstatus&phint=productID&phint=__bk_t%3DOnline%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&phint=__bk_k%3Dbanking%2C%20citi%2C%20financial%20services%2C%20checking%20account%2C%20savings%20account%2C%20credit%20cards&phint=__bk_l%3Dhttps%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&phint=__bk_v%3D3.1.4&limit=10&r=85110072
Requested by: Host: tags.bkrtx.com
URL: https://tags.bkrtx.com/js/bk-coretag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.237.36 , United States, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-45-237-36.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Host: stags.bluekai.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Response headers

Content-Type: text/html
Content-Length: 71
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
BK-Server: c246
Date: Sun, 29 Mar 2020 06:29:33 GMT
Connection: keep-alive
X-N: S

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 75 KB
28 KB 15ms
14ms Script
application/javascript 2a00:1450:4001:819::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6260004

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ca7048dd1a1d15f42c04c8f3db2d3bcffc6c7eb1be4506ca9fe2651b07766641

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sun, 29 Mar 2020 06:29:32 GMT
content-encoding: br
status: 200
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 28637
x-xss-protection: 0
last-modified: Sun, 29 Mar 2020 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://www.googletagmanager.com
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 29 Mar 2020 06:29:32 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 75 KB
28 KB 15ms
14ms Script
application/javascript 2a00:1450:4001:819::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6269322

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b2fc35bcf7ad38c6cbc6d170cc5bf15a688ba76d282272c3f0af4c6b31eb0631

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sun, 29 Mar 2020 06:29:32 GMT
content-encoding: br
status: 200
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 28637
x-xss-protection: 0
last-modified: Sun, 29 Mar 2020 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://www.googletagmanager.com
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 29 Mar 2020 06:29:32 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 75 KB
28 KB 17ms
17ms Script
application/javascript 2a00:1450:4001:819::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6256710

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

eca1d20a663a7e242fa10ee2c58c742eb6292c898df29e16734ac7d0df29f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sun, 29 Mar 2020 06:29:32 GMT
content-encoding: br
status: 200
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 28637
x-xss-protection: 0
last-modified: Sun, 29 Mar 2020 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://www.googletagmanager.com
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 29 Mar 2020 06:29:32 GMT

GET
H2 200 pp.html
cdn.pbbl.co/i/ Frame 32D0 0
0 29ms
29ms Document
text/html 143.204.202.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pbbl.co/i/pp.html
Requested by: Host: cdn.pbbl.co
URL: https://cdn.pbbl.co/r/1560.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.202.119 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-202-119.fra53.r.cloudfront.net
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash

Request headers

:method: GET
:authority: cdn.pbbl.co
:scheme: https
:path: /i/pp.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Response headers

status: 200
content-type: text/html
server: nginx/1.10.3 (Ubuntu)
date: Sun, 29 Mar 2020 00:16:53 GMT
last-modified: Thu, 30 Jan 2020 18:07:58 GMT
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 15d3b4db3728feaae1780610a1bac86e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: vf8A9JrOba5pP70uQMJX2EJTW_snQbDHjyfYjx86521stNBlf4JWLQ==

GET
H/1.1 200
OK cls_report Show response
prod.report.nacustomerexperience.citi.com/glassbox/reporting/ 0
613 B 608ms
120ms XHR
text/plain 192.193.200.243
SOLANA-CITIPLEX

General

Check archive.org

Show headers Download Go to

Full URL

https://prod.report.nacustomerexperience.citi.com/glassbox/reporting/cls_report?_cls_s=da4b5f8e-3d2f-432c-909d-2b6557338382%3A0&_cls_v=2c78ff14-c676-45be-bd3b-b6274a2fe3f1

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.193.200.243 , United States, ASN32287 (SOLANA-CITIPLEX, US),

Reverse DNS

Software

GlassBox Cligate /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Origin: https://ardacademy.org
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 29 Mar 2020 06:29:33 GMT
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Vary: Origin
Server: GlassBox Cligate
X-Akamai-CITISITE: SWDC
X-Frame-Options: SAMEORIGIN
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://ardacademy.org
Access-Control-Allow-Credentials: true
Connection: close
Content-Length: 0

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 26 KB
10 KB 34ms
34ms Script
text/javascript 216.58.207.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6256710

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.207.34 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s24-in-f2.1e100.net

Software

cafe /

Resource Hash

c5b1ef448841c8a0f34532d4be5f5656d9eb4eea66e04755c0b64f2662d35eed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sun, 29 Mar 2020 06:29:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 9982
x-xss-protection: 0
server: cafe
etag: 13837497077581106518
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 29 Mar 2020 06:29:33 GMT

GET
H/1.1 200
OK clear.png Show response
content22.online.citi.com/fp/ Frame B702 81 B
530 B 59ms
17ms XHR
image/png 91.235.134.21
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/clear.png

Requested by

Host: content22.online.citi.com
URL: https://content22.online.citi.com/fp/check.js;CIS3SID=F94468767BB82824F8B49132D3726D07?org_id=89oebq5k&session_id=9646094ba7b58acb03dad3f75e50dcf29574f85b76dd9ada42ddaf7cafc1207c&nonce=262a5b284af0ef00&pageid=1&jb=3b3526246a7b6f773d4e6b6e7d782468736d3d4c696c777a266a73623d416a70676d672530383736

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.134.21 , Netherlands, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*, 89oebq5k/262a5b284af0ef009646094ba7b58acb03dad3f75e50dcf29574f85b76dd9ada42ddaf7cafc1207c
Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Origin: https://ardacademy.org
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 29 Mar 2020 06:29:33 GMT
Last-Modified: Sun, 29 Mar 2020 06:29:33 GMT
Server: Apache
Etag: 3512ff3dc55c407ea856b0cebb1f4700
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Access-Control-Allow-Origin: https://ardacademy.org
Cache-Control: private, must-revalidate, max-age=0
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
Expires: Fri, 28 Mar 2025 06:29:33 GMT

GET
H/1.1 200
OK ls_fp.html;CIS3SID=F94468767BB82824F8B49132D3726D07
content22.online.citi.com/fp/ Frame C289 0
0 20ms
20ms Document
text/html 91.235.134.21
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/ls_fp.html;CIS3SID=F94468767BB82824F8B49132D3726D07?org_id=89oebq5k&session_id=9646094ba7b58acb03dad3f75e50dcf29574f85b76dd9ada42ddaf7cafc1207c&nonce=262a5b284af0ef00&pageid=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.134.21 , Netherlands, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: content22.online.citi.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: thx_guid=a5f0ad76c8c349ef8e64e26d931d2c12
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Response headers

Date: Sun, 29 Mar 2020 06:29:33 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=99
Transfer-Encoding: chunked

GET
H/1.1 204
No Content clear.png Show response
content22.online.citi.com/fp/ Frame B702 0
387 B 18ms
17ms Script
text/javascript 91.235.134.21
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=9646094ba7b58acb03dad3f75e50dcf29574f85b76dd9ada42ddaf7cafc1207c&nonce=262a5b284af0ef00&if=ls

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.134.21 , Netherlands, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Pragma: no-cache
Date: Sun, 29 Mar 2020 06:29:33 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=97
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK sid_fp.html;CIS3SID=F94468767BB82824F8B49132D3726D07
h.online-metrix.net/fp/ Frame B544 0
0 68ms
21ms Document
text/html 91.235.132.130
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/fp/sid_fp.html;CIS3SID=F94468767BB82824F8B49132D3726D07?org_id=89oebq5k&session_id=9646094ba7b58acb03dad3f75e50dcf29574f85b76dd9ada42ddaf7cafc1207c&nonce=262a5b284af0ef00&pageid=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.132.130 , Netherlands, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: h.online-metrix.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Response headers

Date: Sun, 29 Mar 2020 06:29:33 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=100
Transfer-Encoding: chunked

GET
H/1.1 204
No Content clear.png Show response
h.online-metrix.net/fp/ Frame B702 0
387 B 92ms
17ms Script
text/javascript 91.235.132.130
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/fp/clear.png?org_id=89oebq5k&session_id=9646094ba7b58acb03dad3f75e50dcf29574f85b76dd9ada42ddaf7cafc1207c&nonce=262a5b284af0ef00&if=sid

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.132.130 , Netherlands, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Pragma: no-cache
Date: Sun, 29 Mar 2020 06:29:33 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=99
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
No Content clear.png Show response
content22.online.citi.com/fp/ Frame B702 0
387 B 17ms
17ms Script
text/javascript 91.235.134.21
THM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.134.21 , Netherlands, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Pragma: no-cache
Date: Sun, 29 Mar 2020 06:29:33 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=98
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK top_fp.html;CIS3SID=F94468767BB82824F8B49132D3726D07
content22.online.citi.com/fp/ Frame C85D 0
0 20ms
20ms Document
text/html 91.235.134.21
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/top_fp.html;CIS3SID=F94468767BB82824F8B49132D3726D07?org_id=89oebq5k&session_id=9646094ba7b58acb03dad3f75e50dcf29574f85b76dd9ada42ddaf7cafc1207c&nonce=262a5b284af0ef00&pageid=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.134.21 , Netherlands, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: content22.online.citi.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: thx_guid=a5f0ad76c8c349ef8e64e26d931d2c12
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Response headers

Date: Sun, 29 Mar 2020 06:29:33 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=96
Transfer-Encoding: chunked

GET
H/1.1 204
204 clear.png Show response
content22.online.citi.com/fp/ Frame B702 0
218 B 36ms
18ms Script
text/javascript 91.235.134.21
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=9646094ba7b58acb03dad3f75e50dcf29574f85b76dd9ada42ddaf7cafc1207c&nonce=262a5b284af0ef00&pageid=1&ja=3e363124267f3d37343061363c3632333831303835366724633d363026783f343826643d333e30327a33323038266470723f312c31343232783330303226636435333632307031303032247370793f327832267363663f3034266c683d6a767678732733432d3244273046617a6461636166656d792c6d706727304675702f61676c74676e7c2530466161253a46273146676d6c25314668617368796527363265616b6c2c666171662464723526703d706e7567696c5d646c6371685c66636e7b6721726c7d676b6e5d756966646d75735d6d65646b635d706c617965705c64696c716523786c77656b6e5f69646f62655d6163726d6063745c64616e736723786e756569665f73756b616b7c696f675e64616c736723726c7567696e5d716a67636977637e655c64636c736d21706c7565696e5f7067636c726e617b65705c6e636c716529706e75656b6e57766e615f726c617967705c66616c736523726e7d676b6e5d6c6574636e76725666616c736721706c77656b6e5d7176655f746b6d7565705e6e616e736723706475656b6e5d6a6176635c64616c7365266a6a3f3166663630316630333330653c346433356436623133373b393a3a63336237322e68736d3d44696c757a246a7b623f4168706f6d652730323734266a736d773f44696c757a2e6e6a613f31362e6e646d3d3a26747a663f4775706d70672530444a67726e6966266f61766a72353432323366316332606761303265366361373438303a32636c3137373630316e643435383a3134316634676163303466633b3669646266373a333333333b366926677a333f34656264303a32383265656032343f306430363d6167616461306a38613564323165653732666634246361643f303832303230&jb=393430246c793d4f6f786b6c6461273046372e302530322a4d6163696e766d7160253142273a304b6c76656c2d32304d61612532304d512732325a25303033325733345d352125303043727064655567624969742530443733372e3336273032204b4a544f4425304127323064696b65253030476561696d292730304168706d65672530463f342c302c31373a392c33363b25323051636461726925324437313f2e3136

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.134.21 , Netherlands, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Sun, 29 Mar 2020 06:29:33 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=97
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript;charset=UTF-8

GET
H/1.1 200
OK clear.png
89oebq5k6e5aknuqnxl5yc3ng5orx6szfks7ezmd262a5b284af0ef00am1.e.aa.online-metrix.net/fp/ Frame B702 81 B
438 B 304ms
17ms Image
image/png 91.235.134.131
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://89oebq5k6e5aknuqnxl5yc3ng5orx6szfks7ezmd262a5b284af0ef00am1.e.aa.online-metrix.net/fp/clear.png?org_id=89oebq5k&session_id=9646094ba7b58acb03dad3f75e50dcf29574f85b76dd9ada42ddaf7cafc1207c&nonce=262a5b284af0ef00&pageid=1&di=yes

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.134.131 , Netherlands, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Pragma: no-cache
Date: Sun, 29 Mar 2020 06:29:33 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: close
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
80 B 108ms
108ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKE1hY2ludG9zaDsgSW50ZWwgTWFjIE9TIFggMTBfMTRfNSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzc0LjAuMzcyOS4xNjkgU2FmYXJpLzUzNy4zNiIsInNlc3Npb25fcGxhdGZvcm0iOiAiTGludXggeDg2XzY0IiwidHJhY2tlcl90eXBlIjogImphdmFzY3JpcHQiLCJ0cmFja2VyX3ZlcnNpb24iOiAiMi4xLjE1IiwiZXZlbnRfbmFtZSI6ICJuZWJ1bGFfcGFnZV92aWV3IiwiZXZlbnRfdGltZXN0YW1wX2Vwb2NoIjogIjE1ODU0NjMzNzMxNTgiLCJldmVudF90aW1lem9uZV9vZmZzZXQiOiAyLCJ1c2VyX2lkIjogIjE3MTI0ZmIyYjcwZDcyLTAzZjUzYjY1MjRlYzBmLTM3NjQ3ZTAzLTFkNGMwMC0xNzEyNGZiMmI3MWQ3OCIsImVudmlyb21lbnQiOiAiZGlnaXRhbC1jbG91ZC11cy1jaXRpIiwiYWNjb3VudElkIjogNDksInVybCI6ICJodHRwczovL2FyZGFjYWRlbXkub3JnL3dwLWNvbnRlbnQvY2MvP2VtbD1qYXNoeWVAbWFpbC5uYXNkIiwid2Vic2l0ZUlkIjogNTAsImZlZWRiYWNrX3V1aWQiOiBudWxsLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICI0NWIzLTY2ZDktNGVjZi05OTBlLTliMjMtNDM5My0xM2QyLWU5YzIiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTU4NTQ2MzM3MzE1NCIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiAyMjIsImthbXB5bGVfdmVyc2lvbiI6ICIwLjAuMC4wIiwiaGlzdG9yeV9sZW5ndGgiOiAyLCJldmVudF9sb2NhbF90aW1lc3RhbXAiOiAxNTg1NDYzMzczMTU4LCJwb3NpdGlvbiI6IG51bGwsImlzVXNlcklkZW50aWZpZWQiOiBmYWxzZX0KXX0=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.241.45.82 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

x-me: prod-instance-gatewayservice-green-lbfs
date: Sun, 29 Mar 2020 06:29:33 GMT
via: 1.1 google
alt-svc: clear
server: Jetty(9.2.11.v20150529)
access-control-allow-origin: *
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
status: 200
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
content-length: 0
x-application-context: application:9090

GET
H2 200 up
insight.adsrvr.org/track/ Frame B27E 0
0 39ms
39ms Document
text/html 99.81.228.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=1jw5cvl&ref=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&upid=t1sl5ty&upv=1.1.0&orderid={orderid}&v={v}&vf={vf}&td1=jUSCBOL_Loginpage_Cookied&td2=undefined&td3=undefined&td4=Cookied%20Username%20Password&td5=https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd&td6={td6}&td7={td7}&td8={td8}&td9={td9}&td10={td10}
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.81.228.121 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-99-81-228-121.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: insight.adsrvr.org
:scheme: https
:path: /track/up?adv=1jw5cvl&ref=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&upid=t1sl5ty&upv=1.1.0&orderid={orderid}&v={v}&vf={vf}&td1=jUSCBOL_Loginpage_Cookied&td2=undefined&td3=undefined&td4=Cookied%20Username%20Password&td5=https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd&td6={td6}&td7={td7}&td8={td8}&td9={td9}&td10={td10}
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Response headers

status: 200
date: Sun, 29 Mar 2020 06:29:33 GMT
content-type: text/html
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2

200

adadvisor.gif
px0.pbbl.co/
Redirect Chain

https://px0.pbbl.co/ns/__p2.gif?ppid=3705963a-edda-428f-bcdf-640fbb1c7ed9&chk=false&brid=1560&brcid=&email=&orderId=&orderValue=&productId=&offerCode=&label=&pageUrl=https%3A%2F%2Fardacademy.org%2F...
https://aa.agkn.com/adscores/g.pixel?sid=9212282598&_ppid=3705963a-edda-428f-bcdf-640fbb1c7ed9&_segid=99&iid=cbb91812-3f1c-44f0-b0aa-7a3249d34c60
https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=3705963a-edda-428f-bcdf-640fbb1c7ed9&_segid=99&_zip=&hk=&iid=cbb91812-3f1c-44f0-b0aa-7a3249d34c60&mt=&bd=

42 B
131 B

135ms
135ms

Image
image/gif

2a00:1450:4001:806::2013
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=3705963a-edda-428f-bcdf-640fbb1c7ed9&_segid=99&_zip=&hk=&iid=cbb91812-3f1c-44f0-b0aa-7a3249d34c60&mt=&bd=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:33 GMT
x-content-type-options: nosniff
server: Google Frontend
content-type: image/gif
status: 200
x-cloud-trace-context: 5f6806a7cebe3efca306d46334bae609
cache-control: must-revalidate, no-cache, no-store
content-length: 42
x-xss-protection: 1
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:33 GMT
server: AAWebServer
location: https://px0.pbbl.co/adadvisor.gif?segment=000&_ppid=3705963a-edda-428f-bcdf-640fbb1c7ed9&_segid=99&_zip=&hk=&iid=cbb91812-3f1c-44f0-b0aa-7a3249d34c60&mt=&bd=
p3p: policyref="http://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-length: 0
expires: 0

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/ 2 KB
1 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1585463373306&cv=9&fst=1585463373306&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

848a06c47ef736e477a8466b1a228459e85dd9752237e23c9f5a4b31949323a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 1088
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/ 2 KB
1 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1585463373307&cv=9&fst=1585463373307&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

21ca021cfda8fc2a445e18e56bd48e182c4d9e54ac2f4ccfab541515b8e07b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 1089
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/ 2 KB
1 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1585463373308&cv=9&fst=1585463373308&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8e1fc7f8edb2be5313594eb75ba5d1f99c1cb7cbfd868e7c132a6f74aa84fc69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 1087
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/763960929/ 2 KB
1 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/763960929/?random=1585463373309&cv=9&fst=1585463373309&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1a2ec2f51a399e0d11fbe48867f3f977b80684a349449c5ee362c4c613fd13ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 1087
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/ 2 KB
1 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1585463373310&cv=9&fst=1585463373310&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&ig=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

66545c7596d6780821513f98ff33d96ad42d36eb5a6b2c6171f866c7b69dabb7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: text/javascript; charset=UTF-8
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 1087
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.de/pagead/1p-user-list/975701947/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1585463373308&cv=9&fst=1585463373308&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=12...
https://www.google.com/pagead/1p-user-list/975701947/?random=1585463373308&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java...
https://www.google.de/pagead/1p-user-list/975701947/?random=1585463373308&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=...

42 B
110 B

19ms
19ms

Image
image/gif

2a00:1450:4001:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/975701947/?random=1585463373308&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=633677421&resp=GooglemKTybQhCsO&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:33 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/pagead/1p-user-list/975701947/?random=1585463373308&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=633677421&resp=GooglemKTybQhCsO&ipr=y
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.de/pagead/1p-user-list/770961656/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/770961656/?random=1585463373308&cv=9&fst=1585463373308&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=12...
https://www.google.com/pagead/1p-user-list/770961656/?random=1585463373308&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java...
https://www.google.de/pagead/1p-user-list/770961656/?random=1585463373308&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=...

42 B
110 B

19ms
18ms

Image
image/gif

2a00:1450:4001:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/770961656/?random=1585463373308&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=3471715082&resp=GooglemKTybQhCsO&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:33 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/pagead/1p-user-list/770961656/?random=1585463373308&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=3471715082&resp=GooglemKTybQhCsO&ipr=y
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.de/pagead/1p-user-list/819500023/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1585463373308&cv=9&fst=1585463373308&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=12...
https://www.google.com/pagead/1p-user-list/819500023/?random=1585463373308&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java...
https://www.google.de/pagead/1p-user-list/819500023/?random=1585463373308&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=...

42 B
110 B

20ms
19ms

Image
image/gif

2a00:1450:4001:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/819500023/?random=1585463373308&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=2055965720&resp=GooglemKTybQhCsO&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:33 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/pagead/1p-user-list/819500023/?random=1585463373308&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=2055965720&resp=GooglemKTybQhCsO&ipr=y
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.de/pagead/1p-user-list/959299794/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1585463373309&cv=9&fst=1585463373309&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=12...
https://www.google.com/pagead/1p-user-list/959299794/?random=1585463373309&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java...
https://www.google.de/pagead/1p-user-list/959299794/?random=1585463373309&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=...

42 B
110 B

19ms
19ms

Image
image/gif

2a00:1450:4001:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/959299794/?random=1585463373309&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=3085419294&resp=GooglemKTybQhCsO&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:33 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/pagead/1p-user-list/959299794/?random=1585463373309&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=3085419294&resp=GooglemKTybQhCsO&ipr=y
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.de/pagead/1p-user-list/960621875/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1585463373309&cv=9&fst=1585463373309&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=12...
https://www.google.com/pagead/1p-user-list/960621875/?random=1585463373309&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java...
https://www.google.de/pagead/1p-user-list/960621875/?random=1585463373309&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=...

42 B
110 B

19ms
19ms

Image
image/gif

2a00:1450:4001:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/960621875/?random=1585463373309&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=3653759252&resp=GooglemKTybQhCsO&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:33 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/pagead/1p-user-list/960621875/?random=1585463373309&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=3653759252&resp=GooglemKTybQhCsO&ipr=y
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.de/pagead/1p-user-list/916451471/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1585463373309&cv=9&fst=1585463373309&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=12...
https://www.google.com/pagead/1p-user-list/916451471/?random=1585463373309&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java...
https://www.google.de/pagead/1p-user-list/916451471/?random=1585463373309&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=...

42 B
110 B

25ms
24ms

Image
image/gif

2a00:1450:4001:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/916451471/?random=1585463373309&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=1839035524&resp=GooglemKTybQhCsO&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:33 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/pagead/1p-user-list/916451471/?random=1585463373309&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=1839035524&resp=GooglemKTybQhCsO&ipr=y
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.de/pagead/1p-user-list/975701947/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1585463373309&cv=9&fst=1585463373309&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=12...
https://www.google.com/pagead/1p-user-list/975701947/?random=1585463373309&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java...
https://www.google.de/pagead/1p-user-list/975701947/?random=1585463373309&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=...

42 B
110 B

19ms
19ms

Image
image/gif

2a00:1450:4001:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/975701947/?random=1585463373309&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=3109698758&resp=GooglemKTybQhCsO&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:33 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/pagead/1p-user-list/975701947/?random=1585463373309&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=3109698758&resp=GooglemKTybQhCsO&ipr=y
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.de/pagead/1p-user-list/770961656/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/770961656/?random=1585463373309&cv=9&fst=1585463373309&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=12...
https://www.google.com/pagead/1p-user-list/770961656/?random=1585463373309&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java...
https://www.google.de/pagead/1p-user-list/770961656/?random=1585463373309&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=...

42 B
110 B

18ms
18ms

Image
image/gif

2a00:1450:4001:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/770961656/?random=1585463373309&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=1192186114&resp=GooglemKTybQhCsO&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:33 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/pagead/1p-user-list/770961656/?random=1585463373309&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=1192186114&resp=GooglemKTybQhCsO&ipr=y
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.de/pagead/1p-user-list/763960929/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/763960929/?random=1585463373310&cv=9&fst=1585463373310&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=12...
https://www.google.com/pagead/1p-user-list/763960929/?random=1585463373310&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java...
https://www.google.de/pagead/1p-user-list/763960929/?random=1585463373310&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=...

42 B
110 B

19ms
18ms

Image
image/gif

2a00:1450:4001:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/763960929/?random=1585463373310&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=2237774098&resp=GooglemKTybQhCsO&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:33 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/pagead/1p-user-list/763960929/?random=1585463373310&cv=9&fst=1585461600000&num=1&fmt=3&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&is_vtc=1&random=2237774098&resp=GooglemKTybQhCsO&ipr=y
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/959299794/ 42 B
110 B 22ms
20ms Image
image/gif 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/959299794/?random=1585463373306&cv=9&fst=1585461600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2880114307&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:33 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/959299794/ 42 B
110 B 18ms
18ms Image
image/gif 2a00:1450:4001:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/959299794/?random=1585463373306&cv=9&fst=1585461600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2880114307&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:33 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/916451471/ 42 B
110 B 20ms
20ms Image
image/gif 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/916451471/?random=1585463373308&cv=9&fst=1585461600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=1192630005&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:33 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/916451471/ 42 B
110 B 21ms
20ms Image
image/gif 2a00:1450:4001:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/916451471/?random=1585463373308&cv=9&fst=1585461600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=1192630005&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:33 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/763960929/ 42 B
110 B 20ms
20ms Image
image/gif 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/763960929/?random=1585463373309&cv=9&fst=1585461600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2865890513&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:33 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/763960929/ 42 B
110 B 18ms
18ms Image
image/gif 2a00:1450:4001:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/763960929/?random=1585463373309&cv=9&fst=1585461600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2865890513&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:33 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/960621875/ 42 B
110 B 20ms
20ms Image
image/gif 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/960621875/?random=1585463373307&cv=9&fst=1585461600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2579175085&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:33 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/960621875/ 42 B
110 B 19ms
17ms Image
image/gif 2a00:1450:4001:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/960621875/?random=1585463373307&cv=9&fst=1585461600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=2579175085&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:33 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/819500023/ 42 B
111 B 28ms
27ms Image
image/gif 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/819500023/?random=1585463373310&cv=9&fst=1585461600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3855831125&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:33 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/819500023/ 42 B
110 B 20ms
20ms Image
image/gif 2a00:1450:4001:815::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/819500023/?random=1585463373310&cv=9&fst=1585461600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2od3i0&sendb=1&data=event%3Dconversion&frm=0&url=https%3A%2F%2Fardacademy.org%2Fwp-content%2Fcc%2F%3Feml%3Djashye%40mail.nasd&tiba=Online%20Banking%2C%20Mortgages%2C%20Personal%20Loans%2C%20Investing%20%7C%20Citi.com&async=1&fmt=3&is_vtc=1&random=3855831125&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Sun, 29 Mar 2020 06:29:33 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK cls_report Show response
prod.report.nacustomerexperience.citi.com/glassbox/reporting/ 9 KB
2 KB 488ms
121ms XHR
application/json 192.193.200.243
SOLANA-CITIPLEX

General

Check archive.org

Show headers Download Go to

Full URL

https://prod.report.nacustomerexperience.citi.com/glassbox/reporting/cls_report?clsjsv=6.2.78B29&_cls_s=da4b5f8e-3d2f-432c-909d-2b6557338382:0&_cls_v=2c78ff14-c676-45be-bd3b-b6274a2fe3f1&pid=75434e12-de75-452e-a67a-3b8eb7c4bcd7&sn=1

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.193.200.243 , United States, ASN32287 (SOLANA-CITIPLEX, US),

Reverse DNS

Software

GlassBox Cligate /

Resource Hash

ff7d814cbb96916fae7ce978f9c7ec5a53d2246dfe3bd568399060c882779a05

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Origin: https://ardacademy.org
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Date: Sun, 29 Mar 2020 06:29:34 GMT
Content-Encoding: gzip
Vary: Origin
Server: GlassBox Cligate
X-Akamai-CITISITE: SWDC
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: application/json
Access-Control-Allow-Origin: https://ardacademy.org
Access-Control-Allow-Credentials: true
Connection: close
Transfer-Encoding: chunked

GET
H/1.1 204
No Content clear.png Show response
content22.online.citi.com/fp/ Frame B702 0
387 B 18ms
18ms Script
text/javascript 91.235.134.21
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=9646094ba7b58acb03dad3f75e50dcf29574f85b76dd9ada42ddaf7cafc1207c&nonce=262a5b284af0ef00&pageid=1&jac=1&je=3a363924267f65607276615f616e7667726c616c5f6b723f30633232646631332565676460253460343b2d623930332d36356230623a3b3b623337342c6c6d61696e2c36646c30633334322d3c3230662d363733362f603334662d37643130306d306635363f612c6e6d636164267765627074635f677a7665706c616e5f6b72353a322c3138322c313b2c313b322460617673743d79206e6576656c2238332c38302e22717c61767771223a2a6368617265696e67207f24617766683f6466606d316361363d3330613067663b653735356432666537666031373733306367353d353330633f3032646361313f65376331313233353030363732643464

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.134.21 , Netherlands, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Pragma: no-cache
Date: Sun, 29 Mar 2020 06:29:33 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=96
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 204 TagAuditBeacon.rnc
nexus.ensighten.com/citi/na_prod/ 0
106 B 21ms
21ms Image
text/plain 18.195.42.228
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nexus.ensighten.com/citi/na_prod/TagAuditBeacon.rnc?cid=1129&data=[-1|-1|1;-1|-1|1;-1|-1|1;583873|2897425|1;624610|3105501|1;358910|3100252|1;354602|1124213|1;578278|3039001|1;373773|1482837|1;552021|3186763|1;490004|2776545|1;622672|3092996|1;567637|2916890|1;-1|-1|1;-1|-1|1;565689|2928848|1;492646|3046499|1;606935|2975859|1;560579|2762393|1;523202|2801110|1;536797|2644001|1;560576|2762395|1;423185|1815185|1;534325|2547863|1;508299|2278935|1;620980|3111290|1;623461|3178704|1;507276|2366488|1;531459|3186762|1;494437|3180827|1;609397|3161671|1;486892|2929498|1;600937|2897286|1;609396|3183109|1;388219|1865473|1;617299|3014233|1;569456|2878472|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;582775|2742760|1;593700|2834829|1;-1|-1|1;510670|2923227|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;495376|2108794|1;-1|-1|1;-1|-1|1;495377|2108795|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;512346|2923041|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;521100|2431984|1;-1|-1|1;-1|-1|1;584566|2776548|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;574962|3111577|1;-1|-1|1;-1|-1|1;495374|2108797|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;495375|2108796|1;573017|2670646|1;593103|3183484|1;-1|-1|1;-1|-1|1;522574|2923043|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;588511|2801138|1;-1|-1|1;-1|-1|1;578262|3183485|1;-1|-1|1;-1|-1|1;542251|3183206|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;632449|3161673|1;522572|2923042|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;490141|2904126|1;-1|-1|1;-1|-1|1;580663|2734578|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;626438|3111536|1;-1|-1|1;-1|-1|1;515853|2923044|1;528144|2923045|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;522576|2923046|1;613371|2980693|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;562734|2742762|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;551962|2532572|1;-1|-1|1;-1|-1|1;578343|2836703|1;555592|3094951|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;-1|-1|1;551970|2532573|1;571630|2670712|1;385436|2514756|1;359218|3161777|1;488122|2028951|1;369351|3154250|1;359214|2900561|1;572752|2670634|1;572750|2680754|1;-1|-1|0;-1|-1|0]&idx=0&r=7759.6560879844765
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

status: 204
date: Sun, 29 Mar 2020 06:29:34 GMT
cache-control: no-cache, no-store
server: nginx
expires: Sun, 29 Mar 2020 06:29:33 GMT

POST
H/1.1 200
OK cls_report Show response
prod.report.nacustomerexperience.citi.com/glassbox/reporting/ 9 KB
2 KB 637ms
272ms XHR
application/json 192.193.200.243
SOLANA-CITIPLEX

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.193.200.243 , United States, ASN32287 (SOLANA-CITIPLEX, US),

Reverse DNS

Software

GlassBox Cligate /

Resource Hash

ff7d814cbb96916fae7ce978f9c7ec5a53d2246dfe3bd568399060c882779a05

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Origin: https://ardacademy.org
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Date: Sun, 29 Mar 2020 06:29:43 GMT
Content-Encoding: gzip
Vary: Origin
Server: GlassBox Cligate
X-Akamai-CITISITE: SWDC
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: application/json
Access-Control-Allow-Origin: https://ardacademy.org
Access-Control-Allow-Credentials: true
Connection: close
Transfer-Encoding: chunked

POST
H/1.1 200
OK cls_report Show response
prod.report.nacustomerexperience.citi.com/glassbox/reporting/ 9 KB
2 KB 486ms
121ms XHR
application/json 192.193.200.243
SOLANA-CITIPLEX

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: ardacademy.org
URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

192.193.200.243 , United States, ASN32287 (SOLANA-CITIPLEX, US),

Reverse DNS

Software

GlassBox Cligate /

Resource Hash

ff7d814cbb96916fae7ce978f9c7ec5a53d2246dfe3bd568399060c882779a05

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd
Origin: https://ardacademy.org
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Date: Sun, 29 Mar 2020 06:29:43 GMT
Content-Encoding: gzip
Vary: Origin
Server: GlassBox Cligate
X-Akamai-CITISITE: SWDC
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Content-Type: application/json
Access-Control-Allow-Origin: https://ardacademy.org
Access-Control-Allow-Credentials: true
Connection: close
Transfer-Encoding: chunked

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: 0d22d313-900b-4c1e-b14c-8f366968c366
URL: moz-extension://0d22d313-900b-4c1e-b14c-8f366968c366/scripts/webrtc-patch.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citibank (Banking)

494 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.rfihub.com/	1970-01-19 17:45:59	Name: rud Value: H4sIAAAAAAAAAOMSNjQwMTCzMDa2MLE0NzIzMzQ3MBXiM9T19vIoczMsz_LPcUqT4jU0tTA1MTM2NjeyMLYAAJ-XGcI0AAAA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAAAOMSNjQwMTCzMDa2MLE0NzIzMzQ3MBXiM9T19vIoczMsz_LPcUoDALuWoeUlAAAA
.doubleclick.net/	1970-01-19 08:24:24	Name: test_cookie Value: CheckForPermission
.ardacademy.org/	1970-01-19 10:33:59	Name: _gcl_au Value: 1.1.897128195.1585463373

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	error	URL: https://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js(Line 13) Message: Cooladata error: 'cooladata' object not initialized. Ensure you are using the latest version of the Cooladata JS Library along with the snippet we provide.
console-api	log	URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js(Line 136) Message: addMbox_tnt_cards value is false
console-api	log	URL: https://online.citi.com/passivebio/bcsid.js(Line 5) Message: Setting new bcsid Cookie
console-api	log	URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd(Line 1581) Message: rsa flagtrue
console-api	log	URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd(Line 1601) Message: isDCAFallback flag value is : false
console-api	log	URL: https://ardacademy.org/wp-content/cc/?eml=jashye@mail.nasd(Line 2581) Message: qrsignon cookie not found!
console-api	log	(Line 11) Message: test 12
console-api	log	URL: https://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js(Line 13) Message: You must name your new library: init(token, config, name)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0d22d313-900b-4c1e-b14c-8f366968c366
20766699p.rfihub.com
6260004.fls.doubleclick.net
89oebq5k6e5aknuqnxl5yc3ng5orx6szfks7ezmd262a5b284af0ef00am1.e.aa.online-metrix.net
a.rfihub.com
aa.agkn.com
ad.doubleclick.net
adservice.google.com
api.rlcdn.com
ardacademy.org
bid.g.doubleclick.net
c1.rfihub.net
cdn.pbbl.co
cdn.tt.omtrdc.net
cfr.us.v2.we-stats.com
citi.demdex.net
citicorpcreditservic.tt.omtrdc.net
cm.everesttech.net
content22.online.citi.com
cse.google.com
cyseal.cyveillance.com
d.agkn.com
di.rlcdn.com
dpm.demdex.net
googleads.g.doubleclick.net
gwmtracking.com
h.online-metrix.net
insight.adsrvr.org
js.adsrvr.org
metrics1.citi.com
mpsnare.iesnare.com
nebula-cdn.kampyle.com
nexus.ensighten.com
online.citi.com
prod.report.nacustomerexperience.citi.com
pt.ispot.tv
px0.pbbl.co
resources.digital-cloud-citi.medallia.com
s.rfihub.com
s.ytimg.com
sr.rlcdn.com
stags.bluekai.com
tags.bkrtx.com
udc-neb.kampyle.com
www.citi.com
www.facebook.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.youtube.com
0d22d313-900b-4c1e-b14c-8f366968c366
104.109.92.187
104.111.235.198
104.111.245.241
143.204.202.119
143.204.207.113
15.188.105.205
151.101.113.175
151.101.14.109
151.101.14.133
172.217.18.166
18.195.42.228
185.31.128.129
192.193.200.243
193.0.160.129
216.200.122.11
216.58.207.34
216.58.207.70
23.38.48.101
23.45.237.36
23.67.129.14
2600:9000:2057:8400:19:fc2c:a140:93a1
2a00:1450:4001:806::2002
2a00:1450:4001:806::2013
2a00:1450:4001:815::2003
2a00:1450:4001:817::200e
2a00:1450:4001:819::2008
2a00:1450:4001:81c::2004
2a00:1450:4001:81d::200e
2a00:1450:4001:824::2002
2a00:1450:4001:824::200e
2a03:2880:f12d:83:face:b00c:0:25de
3.212.137.125
35.177.239.109
35.190.72.21
35.229.76.23
35.241.45.82
35.244.174.68
40.122.110.249
52.129.74.14
52.208.194.150
52.30.78.155
66.102.1.154
66.117.28.86
66.117.29.11
91.235.132.130
91.235.134.131
91.235.134.21
99.81.228.121
0227e0e4dea130eb6f3163aa3ab03720dce83a0e219c282189b03bc5b8a727e3
02c39275000c1280f9cde808ebe731ec1924477305678759c1140ecaac49eba0
043494ebdb60e363e2e8e0fa548a3863505bda2d81f28d2bf87d4f11380f39f4
0615974c40d602afdbf9759533e352bc17b0458c85aad6694b1a1ad20659625b
06dfb367edf9bbff810def9f75f8695b3ccfbcb2813306609fc6e18fcacfc17e
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
128b5eb2de7c92e9be2f566be1ce1a72763a9be9d4c7554f7ea493f57d7e39e9
12f74d25b3d96f8d3c0895b550e37283adf75fc9e2fd6df63d1d77c59db897ea
147d5785b25331ac266f34841b05b4401ec78b0e0de6f85d63993ab0a9b5a253
1a2ec2f51a399e0d11fbe48867f3f977b80684a349449c5ee362c4c613fd13ec
1a650af702eca0f982f09ca0cb143ff60bef52e734fdc997d72e10a0454d6320
1cc4ec61057f30cea6d47126e0444f119b2606720b1fe8d7e0deff1f5742a82b
1d6b802e59b40aa8540347ab5a754ef472500480deeeea720385753ba96cc8e8
216379419be7a7e2018bdccd7b95991e9e7725c1723ab06c29fa0448acaa4ae8
21ca021cfda8fc2a445e18e56bd48e182c4d9e54ac2f4ccfab541515b8e07b14
2233a44f005e8d416636e52aca33bc7ce726c1ab4d0801865162829d762c6de2
24e47d78358ef5f413d2267cd2b1ac3e9c769d8eb2cf91dfcc1d9494c2a4a0af
2541423db8be5f17c93e9c852f422230739e2b204a1abc48f2834b2d184dc546
2c19e11d4471da9bc727265662f6668dc3f142b0ae6a91d5ae908d6a6b2bc8ee
2e95474478f3d09324901645af8312cb5476c1949a0c869b554daa0fded52881
31b00ff4929696dfca06885da68e58c3e09f6ecb4ae0fe1ae287e99a3fd1f716
331e846c17bf9cd732c1086710cdc3af20bb75a59d7de0fde40846a68b4fefd6
3964fefd584a81ea1900972e303c26f277fcbbd57bde8e4320daed3bf4d8e269
3cb1f89cca21255888919872c51263c08dfc181d2600d2375bdbd8fda57788ce
3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1
3fca3de24621f0f10186594054444d608016297c2e853e548710b3521e42a609
40a20291f9b526cba58796a4bbd0256d5663313e02c9d5ab5a842476562b3108
429d8af3190c76d5fcb9b1cad2aa6eb555684921323da905d62017fbdbf557c6
44d3d4e66e1e7636e57911765054e696958d07ea55189620e27a1e163ba33957
470006833167eb6002e768cbe0865a86338c1fec3955d551e0f4f1d6a0ef7fa6
4734405c034b81eddf4f6a932437523f5ab8ba90e80182371c75736d0f3679fd
495c2b78f2deeec56065c5078a56deb4b4b6601773c98224cbe8517d0545adb2
4f918cd256712c03a1b88007176cabf623cc63740e919d35a217c18dc7ebe607
506575b752d10714465811aec4dd67a7bfb471fcbc2e9619c1faad68c110759e
55e066703c69d4d89a1f4d66794d474aa93d710624d8f807096bac17a7867b17
575d697f703ea404e1a023022aaeaaa81e98d1873cf2e7687238bd1606e4f625
612e599199063c7ec2bc02dcf70c12ddf54d0a70e030c9cf40465772df4b1630
6177c6163dc1ad67fb596a94ef3d18a277bfd437dbb3c1a928cd6caacefeff2e
619daadeb92bebb644c3a32acf4ebf70f57aa1064b1adf703d3e429bdb524a54
61e114badfc7677a5ed175cf71afd46968ef8262cd4e5ec64ba0c743daae8e11
629b48196dcc270143a42ce57535b251c655617f8d510277d4a05306c426fd38
6318b0aa26dd388cac160f2a1c771a5a1da98836bef4592581aec06ac2e949a7
66545c7596d6780821513f98ff33d96ad42d36eb5a6b2c6171f866c7b69dabb7
67e8a59dc958df2f9736da74581bbd147eb9613554faa4403c0b6bd3b44f411c
693b9b91798b4fdd281d3c029cb17eb5f3f24e2735aba88f35696e5197a52be2
69f3b623b3af5295b4499e023a4936ac55e8404a572ab4584edaba3681cbe872
6b869fdcddeb24f7dcbe7223f77eb1f701e74c63581b69d3ef4ec9b445795bba
6d3001c9deac8cb1f88ea5254105f8d678de5532f1998a24eab1b59906eaf86b
6d784be9e33d5a590fd2e40ad1abd79d201db6547b078aa1a42e6272e75ffeb8
6f71ae9072b987ff384873d0b722de6f7f854f5e3f26d15807a3a4f045461110
701d2f9f02741b8429f4fb892b2b48c34a8a0f9189cb09013b2799031f22e484
7296bff05c272c7a8ff8b65ef5cbb9245ff55d54328ca6b9ba888f35c0cbbfff
74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b
771c92ecc9167287111bc793f6392bfb0dc8a51a830b497f7591e6d3493fc1fc
793638584489a26249bab8f209e4cdcb47307521fd8a85e63a5bb6e3fba95cb2
793c2f3d02d0bc3ad8a2cdc901b2134159b66245e951ac258fee1ac8b2709f44
7adf69580aead1321588b6f81a92518ac9724f3da846970c349fa91630145bfc
7b8cd61f9d36175fe1b2fc50dfd1585716b9e55a87a82e8ec3c5d9739d6fb939
7cb24e06c00e47bb6bc6c38b935d6bc62817f656703387e4fb7591add96c7454
7d481eb36581746fd3662c7c452856b695df90cdce24664c48f565aa119c8b16
7df13706eaab8ce9a3dcd2a501f60bc66987c83834d07dfaf07ae56ef814c110
7ecf3bf86151cd72036fb67feb8fcbd8c80359e0ca871e1aeb955428ed43c26d
848a06c47ef736e477a8466b1a228459e85dd9752237e23c9f5a4b31949323a8
880960ba5b705083263a8a5329436c1e436a4c5bd618e2551e3c313d18ef88e2
8cad2492e705a54e5c4a634509b1d6c836dfb5bd179c2e58063653cc8635d6df
8e1fc7f8edb2be5313594eb75ba5d1f99c1cb7cbfd868e7c132a6f74aa84fc69
8e60e8edaca8a3167fe48e62f9b53ba1989a5b6a23283555f09ab12175fed96e
920a1269c4469182796fcaef9661e4a89fd9667ae24fa5e70b16317a020f3062
93a216194e7d44162680a7c2dca88ca2d985e2e9d66f7a93702a22b2f357d9b7
940872b3cf26b29ae6ab5558cc0e03e32e4774e0fe1c8de07f0e747f479d5289
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
95b1b27bcd15218f7f14542a05c03f04c0fbf31dc4de71d5973482a59e2a196d
972256d3bce669df3ed0d7060d4b6897500a1a144c4891700370b6de287ac3d9
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
99dd8270560893cf9937d476c3fd0cc09b406ee608f67cd568f8fe544aef6fce
9ceaa25ec7654a66294c16e28989fbf1ecb9cebc9debe96ec597529465c7cd50
9dad502247a8488c21ef5beb32aed1a78b17b748711bec817c472911f76b4ead
a612a8f640434c7aaee47569897c1fee79df6f146ec26115e2a8c9be645592b7
a6cd789bddb9565dd498ea70472bd4c85eef40c5f6a0572b5f870ab93c8f3032
a9623118fb6ec3944d1312cd0d492c3f32455e89bc1e01eafa67628a309d9c60
a9cebaefb3003c4944d0d59f71afdca3509d3975af5ff213d2750fdf8f719146
ae76982e42ad8bf33cc3a66ed389810d245242bcfa3dd2e3f05baf330f28098f
af4d410c9522b1daea1904a8fb16da6821d72e7dfd1f9142d42dcae6f333d998
b2fc35bcf7ad38c6cbc6d170cc5bf15a688ba76d282272c3f0af4c6b31eb0631
b7264725078e153ab3a4af37c52374b3a5d46b8fb5fc7b5f8af2e773364eef93
bf54fd8acc1c7b963ac5bd7eb9ab9d5ae3e5ec58fcfaba98044a000dfe621d1d
c3c994c3fe9bd4e055f6d0eb42067ecd6bdd3247e136bc22835b9882cfe77c61
c5b1ef448841c8a0f34532d4be5f5656d9eb4eea66e04755c0b64f2662d35eed
c6e3e61b76a1d9d2cd67823455430ed97578fe65f37ab4fdd04ad0ebfecbedc7
c8d8089cd33d869efa694df91d860ce8b4f88135e1f2b590906799dc7a19a65a
ca7048dd1a1d15f42c04c8f3db2d3bcffc6c7eb1be4506ca9fe2651b07766641
cb2bb21705b9cce9781d02c9223f3344a65bd5314027d11c5a8518ad4bd84e84
cb78cd2e83915897bf28b1c54f55789fce418dd8546f31dd025e5fdb6b3ce434
cdb828e2f4e62e1900133748ba426481b6c8383ebaca93133988da409506d3b4
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d01c441c88f6256b930e7d2fb911dfc1b264bdf654b6625eccec3a14e0fdb9b9
d118102507b97407ebf1533cc98ccd2e9d244524b456fd9c2b469b553396238a
d57c8034f9c12aa3ce626c9ed1d61a4bb0941c3ef320bb59346f20496fb0096a
dd256ae72a5f42f07046db6419e33dca617fe970ccb3844663a4fef8c23875e2
de785fbfd0f40b4e3eeec03dc79cbaf128fc63a666cf507febc22ec55fd6796c
e05565885e234eeb2f32d5dabdf0a586c5dab3badbba206b1c27e1b34a75148b
e226935ba96b671378a7552d0669729f2b4733fab20624ed8018e86bad35401e
e2812b1e3529e5f39e3b0586e82c7ad0dfc3fc61cfa0107edfac16483d0547d7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5168b3d0c8f929a1b8c4c1b4e4ebac60ee0e1ecfd759aeb4be4c2b15e3fc097
e90fb0eba512ed6473f6fb8acf4cd09b38732f150f43c396246c12bb2aacbb67
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7
eca1d20a663a7e242fa10ee2c58c742eb6292c898df29e16734ac7d0df29f277
ed48ae9c1a324d49404d9fb4c508b880ca97a65f8fd21d352e241d1e4dfc50e2
eec5cc477e7cb4f1eee1f26dce3eb411a63716d89a9b659c7d5559571c837ccb
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2dd1ff20c3df202418f9d59c76f40bdb304d7a85d7163fc9935391528f3dee8
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296
f44e4692a52b6a382cb481e23f8bcb9a6d4c24eec8aa60143c7e2ca3a85758b2
f82e13743e667ec749b08d88f08a2a2ea1f688de0b2724b9c0b0b61ca6d680e3
f9baacb75f3cb0e0911a506dbdab685aab38537ac52edda6f9b65bc5f0ea306d
fb42046c6feabb3126634752069391d76d8ded5770a936eb1ce0cdd6aa7358b9
fd036bf11a7da2351a9130674408a65b14cf28aa583bcfd17229237d14ca92dd
ff7d814cbb96916fae7ce978f9c7ec5a53d2246dfe3bd568399060c882779a05

ardacademy.org Open in urlscan Pro 35.229.76.23 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

233 Requests

99 %HTTPS

23 %IPv6

31 Domains

51 Subdomains

44 IPs

7 Countries

2475 kBTransfer

6656 kBSize

4 Cookies

25 Outgoing links

Redirected requests

233 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

ardacademy.org Open in urlscan Pro
35.229.76.23 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

233
Requests

99 %
HTTPS

23 %
IPv6

31
Domains

51
Subdomains

44
IPs

7
Countries

2475 kB
Transfer

6656 kB
Size

4
Cookies

233 HTTP transactions
0 data transactions