citloginnow.gezuxuru.workers.dev Open in urlscan Pro
172.67.137.174 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://citloginnow.gezuxuru.workers.dev/
Submission: On July 30 via api (July 30th 2024, 3:29:14 am UTC) from BY — Scanned from DE

Summary HTTP 64 Redirects Behaviour Indicators

Summary

This website contacted 15 IPs in 4 countries across 13 domains to perform 64 HTTP transactions. The main IP is 172.67.137.174, located in United States and belongs to CLOUDFLARENET, US. The main domain is citloginnow.gezuxuru.workers.dev.
TLS certificate: Issued by WE1 on June 26th 2024. Valid for: 3 months.

This is the only time citloginnow.gezuxuru.workers.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citibank (Banking) Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 6	172.67.137.174 172.67.137.174	13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	2620:100:6022... 2620:100:6022:15::a27d:420f	19679 (DROPBOX) (DROPBOX)
1	2a00:1450:400... 2a00:1450:4001:80f::200a	15169 (GOOGLE) (GOOGLE)
1	23.45.98.135 23.45.98.135	16625 (AKAMAI-AS) (AKAMAI-AS)
1	162.19.58.157 162.19.58.157	16276 (OVH) (OVH)
1	172.67.74.152 172.67.74.152	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2600:9000:206... 2600:9000:206f:de00:2:8f43:5780:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:214... 2600:9000:214f:f200:1:76cf:fe80:93a1	16509 (AMAZON-02) (AMAZON-02)
5	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
1	193.0.160.131 193.0.160.131	54312 (ROCKETFUEL) (ROCKETFUEL)
11	104.17.209.240 104.17.209.240	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	216.58.206.40 216.58.206.40	15169 (GOOGLE) (GOOGLE)
1	35.244.154.8 35.244.154.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	95.101.149.99 95.101.149.99	16625 (AKAMAI-AS) (AKAMAI-AS)
64	15

6 172.67.137.174 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

citloginnow.gezuxuru.workers.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2620:100:6022:15::a27d:420f (United States)

ASN19679 (DROPBOX, US)

dl.dropboxusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.45.98.135 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-45-98-135.deploy.static.akamaitechnologies.com

www.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.58.157 (France)

ASN16276 (OVH, FR)
PTR: ns3096589.ip-162-19-58.eu

i.ibb.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.74.152 (United States)

ASN13335 (CLOUDFLARENET, US)

api.ipify.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2600:9000:206f:de00:2:8f43:5780:93a1 (United States)

ASN16509 (AMAZON-02, US)

nexus.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:214f:f200:1:76cf:fe80:93a1 (United States)

ASN16509 (AMAZON-02, US)

c1.rfihub.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.131 (United States)

ASN54312 (ROCKETFUEL, US)

20766699p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 104.17.209.240 (None, )

ASN13335 (CLOUDFLARENET, US)

zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
siteintercept.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 216.58.206.40 (United States)

ASN15169 (GOOGLE, US)
PTR: lcfraa-aa-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.154.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.154.244.35.bc.googleusercontent.com

sr.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.101.149.99 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a95-101-149-99.deploy.static.akamaitechnologies.com

iad1.qualtrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 112	1 MB
16	dropboxusercontent.com dl.dropboxusercontent.com — Cisco Umbrella Rank: 27137	794 KB
12	qualtrics.com zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com — Cisco Umbrella Rank: 39831 siteintercept.qualtrics.com — Cisco Umbrella Rank: 1504 iad1.qualtrics.com — Cisco Umbrella Rank: 18627	94 KB
7	ensighten.com nexus.ensighten.com — Cisco Umbrella Rank: 5862	63 KB
6	workers.dev 1 redirects citloginnow.gezuxuru.workers.dev	308 KB
1	rlcdn.com sr.rlcdn.com — Cisco Umbrella Rank: 37438
1	rfihub.com 20766699p.rfihub.com — Cisco Umbrella Rank: 208554
1	rfihub.net c1.rfihub.net — Cisco Umbrella Rank: 6745	6 KB
1	ipify.org api.ipify.org — Cisco Umbrella Rank: 2512	166 B
1	ibb.co i.ibb.co — Cisco Umbrella Rank: 9712	3 KB
1	citi.com www.citi.com — Cisco Umbrella Rank: 29463	2 KB
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 641	31 KB
0	amazon-adsystem.com Failed s.amazon-adsystem.com — Cisco Umbrella Rank: 399 Failed
64	13

	Domain	Requested by
16	www.googletagmanager.com	dl.dropboxusercontent.com www.googletagmanager.com
16	dl.dropboxusercontent.com	citloginnow.gezuxuru.workers.dev
10	siteintercept.qualtrics.com	zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com siteintercept.qualtrics.com
7	nexus.ensighten.com	citloginnow.gezuxuru.workers.dev dl.dropboxusercontent.com
6	citloginnow.gezuxuru.workers.dev	1 redirects citloginnow.gezuxuru.workers.dev
1	iad1.qualtrics.com
1	sr.rlcdn.com	nexus.ensighten.com
1	zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com	nexus.ensighten.com
1	20766699p.rfihub.com	c1.rfihub.net
1	c1.rfihub.net	nexus.ensighten.com
1	api.ipify.org	citloginnow.gezuxuru.workers.dev
1	i.ibb.co	citloginnow.gezuxuru.workers.dev
1	www.citi.com	citloginnow.gezuxuru.workers.dev
1	ajax.googleapis.com	citloginnow.gezuxuru.workers.dev
0	s.amazon-adsystem.com Failed
64	15

This site contains no links.

Subject Issuer	Validity	Valid
gezuxuru.workers.dev WE1	`2024-06-26` - `2024-09-24`	3 months	crt.sh
*.dl.dropboxusercontent.com DigiCert TLS RSA SHA256 2020 CA1	`2024-03-25` - `2025-03-11`	a year	crt.sh
upload.video.google.com WR2	`2024-07-01` - `2024-09-23`	3 months	crt.sh
www.citi.com DigiCert EV RSA CA G2	`2024-05-09` - `2024-12-05`	7 months	crt.sh
ibb.co R10	`2024-06-21` - `2024-09-19`	3 months	crt.sh
ipify.org WE1	`2024-07-18` - `2024-10-16`	3 months	crt.sh
nexus.ensighten.com Amazon RSA 2048 M02	`2023-09-29` - `2024-10-27`	a year	crt.sh
*.rfihub.net Amazon RSA 2048 M03	`2023-10-31` - `2024-11-28`	a year	crt.sh
*.google-analytics.com WR2	`2024-07-01` - `2024-09-23`	3 months	crt.sh
*.rfihub.com Sectigo RSA Domain Validation Secure Server CA	`2024-04-08` - `2025-04-27`	a year	crt.sh
*.qualtrics.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-03-27` - `2025-02-19`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2024-02-06` - `2025-03-05`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://citloginnow.gezuxuru.workers.dev/
Frame ID: 46A0B220D3EC6350CBF67AEAD2184C0B
Requests: 62 HTTP requests in this frame

Frame: https://20766699p.rfihub.com/ca.html?ver=9&ra=252&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=https%3A%2F%2Fcitloginnow.gezuxuru.workers.dev%2F&pf=https%3A%2F%2Fcitloginnow.gezuxuru.workers.dev%2F&ra=7223306663913933
Frame ID: 01C33059CC3FA23A2B63D9B25FD5558F
Requests: 1 HTTP requests in this frame

Frame: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Frame ID: F4184E9514782B0763260E9BE65E077A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign On to Your Citi Account - Citibank

Page URL History Show full URLs

https://citloginnow.gezuxuru.workers.dev/ Page URL
https://citloginnow.gezuxuru.workers.dev/cdn-cgi/phish-bypass?atok=C2RF8SpF8R4Ch62qO7ZFf7KOafMU87FY8i5XbCKMvtw-172231... HTTP 301
https://citloginnow.gezuxuru.workers.dev/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Ensighten (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

//nexus\.ensighten\.com/

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

64
Requests

98 %
HTTPS

36 %
IPv6

13
Domains

15
Subdomains

15
IPs

4
Countries

2543 kB
Transfer

13352 kB
Size

11
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://citloginnow.gezuxuru.workers.dev/ Page URL
https://citloginnow.gezuxuru.workers.dev/cdn-cgi/phish-bypass?atok=C2RF8SpF8R4Ch62qO7ZFf7KOafMU87FY8i5XbCKMvtw-1722310141-0.0.1.1-%2F HTTP 301
https://citloginnow.gezuxuru.workers.dev/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 40

https://s.amazon-adsystem.com/iu3?pid=c3702eea-109e-48b0-9ef4-c856bdd405e2&event=PageView HTTP 302
https://s.amazon-adsystem.com/iu3?pid=c3702eea-109e-48b0-9ef4-c856bdd405e2&event=PageView&dcc=t

64 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 / Show response
citloginnow.gezuxuru.workers.dev/ 4 KB
2 KB 2952ms
30ms Document
text/html 172.67.137.174
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://citloginnow.gezuxuru.workers.dev/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.137.174 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b20c7a06ae36e7e897023af45b2b85587d00921244171bf462660f2704bf3c2a

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

cf-ray: 8ab2430f2ab29b55-FRA
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 30 Jul 2024 03:29:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F2hOLTatM5jyImVShoDngIcwOZas60RXb0UVdQ2dXtrU5A0OMowjLZcg39PqXvV2QwBDhaYYImTf8f0wxBsqeS4duLBcfkSTiwf7FjYrN14WWlQVFf2o6Bw5PzEyHB99A7TJO6XbpTxnejzBBG90Pljllg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H3 200 cf.errors.css
citloginnow.gezuxuru.workers.dev/cdn-cgi/styles/ 23 KB
5 KB 25ms
25ms Stylesheet
text/css 172.67.137.174
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://citloginnow.gezuxuru.workers.dev/cdn-cgi/styles/cf.errors.css

Requested by

Host: citloginnow.gezuxuru.workers.dev
URL: https://citloginnow.gezuxuru.workers.dev/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.137.174 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 03:29:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2024 16:34:40 GMT
server: cloudflare
etag: W/"669fdba0-5df3"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200, public
cf-ray: 8ab2430f5ac89b55-FRA
expires: Tue, 30 Jul 2024 05:29:01 GMT

GET
H3 200 icon-exclamation.png
citloginnow.gezuxuru.workers.dev/cdn-cgi/images/ 452 B
634 B 24ms
24ms Image
image/png 172.67.137.174
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citloginnow.gezuxuru.workers.dev/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: citloginnow.gezuxuru.workers.dev
URL: https://citloginnow.gezuxuru.workers.dev/cdn-cgi/styles/cf.errors.css

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.137.174 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/cdn-cgi/styles/cf.errors.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 03:29:01 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2024 16:34:40 GMT
server: cloudflare
etag: "669fdba0-1c4"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=7200, public
accept-ranges: bytes
cf-ray: 8ab2430f8ad59b55-FRA
content-length: 452
expires: Tue, 30 Jul 2024 05:29:01 GMT

GET
H3 200 favicon.ico
citloginnow.gezuxuru.workers.dev/ 3 MB
150 KB 101ms
101ms Other
text/html 172.67.137.174
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://citloginnow.gezuxuru.workers.dev/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.137.174 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d85294e27c6d8e2ca68fe77d76d663c96c68d971f7d0d221409fd089db5c7df8

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 03:29:01 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x8lVfV2uCdJWoRkApBCttdJ%2Fr77adk95qg2kV6jHw8oER6oK0NyYP2l%2FwuuJEPueK1ocLOWqYiE6IZ%2FGZlJ4G01y1xk7wLA7Wvsq1BMTtxnSiLEfytAar2Fv6f2sTdecMSzJ4PTxQlKv8NsKtxhi6TgVHA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html;charset=UTF-8
cf-ray: 8ab2430fbae99b55-FRA
alt-svc: h3=":443"; ma=86400

GET
H3

200

Primary Request / Show response
citloginnow.gezuxuru.workers.dev/
Redirect Chain

https://citloginnow.gezuxuru.workers.dev/cdn-cgi/phish-bypass?atok=C2RF8SpF8R4Ch62qO7ZFf7KOafMU87FY8i5XbCKMvtw-1722310141-0.0.1.1-%2F
https://citloginnow.gezuxuru.workers.dev/

3 MB
150 KB

29ms
29ms

Document
text/html

172.67.137.174
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://citloginnow.gezuxuru.workers.dev/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.137.174 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d85294e27c6d8e2ca68fe77d76d663c96c68d971f7d0d221409fd089db5c7df8

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-ray: 8ab2432f09bf9b55-FRA
content-encoding: br
content-type: text/html;charset=UTF-8
date: Tue, 30 Jul 2024 03:29:06 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BMNO9rOsGRGH4dWNY%2FM8ZhhfuGExR%2FUnIFjM9cdPeibru33%2FkB5sEGhY0GH8j1rbp%2Brqb%2Bjog04J15hkIcd%2BkCcajOQD8eHJezUYL4ToujtvaS9TKn%2Bg1yb7sjUWP7rcchMda%2BMH47qSY47BpKTXwvuB2w%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

cache-control: private, no-cache
cf-ray: 8ab2432ee9b09b55-FRA
content-length: 167
content-type: text/html
date: Tue, 30 Jul 2024 03:29:06 GMT
location: https://citloginnow.gezuxuru.workers.dev/
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY

GET
H2 200 Bootstrap.js Show response
dl.dropboxusercontent.com/s/z095l2wk45dt9ci/ 280 KB
101 KB 571ms
483ms Script
application/javascript 2620:100:6022:15::a27d:420f
DROPBOX

General

Check archive.org

Show headers Download Go to

Full URL

https://dl.dropboxusercontent.com/s/z095l2wk45dt9ci/Bootstrap.js

Requested by

Host: citloginnow.gezuxuru.workers.dev
URL: https://citloginnow.gezuxuru.workers.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:6022:15::a27d:420f , United States, ASN19679 (DROPBOX, US),

Reverse DNS

Software

envoy /

Resource Hash

c73e69a929ce513e05bba4a3359296cf41064aaff3355d900b971ca39175a935

Security Headers

Name	Value
Content-Security-Policy	report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
date: Tue, 30 Jul 2024 03:29:06 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-dropbox-request-id: b3c6f06e775d4c96940e278de99c3e8e
x-dropbox-response-origin: far_remote
content-disposition: inline; filename="Bootstrap.js"; filename*=UTF-8''Bootstrap.js
pragma: public
server: envoy
x-server-response-time: 340
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=60
accept-ranges: bytes
x-robots-tag: noindex, nofollow, noimageindex

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.6.0/ 87 KB
31 KB 76ms
20ms Script
text/javascript 2a00:1450:4001:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js

Requested by

Host: citloginnow.gezuxuru.workers.dev
URL: https://citloginnow.gezuxuru.workers.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Tue, 23 Jul 2024 14:47:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 564116
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31017
x-xss-protection: 0
last-modified: Wed, 10 Mar 2021 14:28:09 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 23 Jul 2025 14:47:10 GMT

GET
H2 200 Interstate-Light.woff
dl.dropboxusercontent.com/s/5pecxff6thpa7bk/ 74 KB
74 KB 637ms
567ms Font
application/octet-stream 2620:100:6022:15::a27d:420f
DROPBOX

General

Check archive.org

Show headers Download Go to

Full URL

https://dl.dropboxusercontent.com/s/5pecxff6thpa7bk/Interstate-Light.woff

Requested by

Host: citloginnow.gezuxuru.workers.dev
URL: https://citloginnow.gezuxuru.workers.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:6022:15::a27d:420f , United States, ASN19679 (DROPBOX, US),

Reverse DNS

Software

envoy /

Resource Hash

f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296

Security Headers

Name	Value
Content-Security-Policy	report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
Origin: https://citloginnow.gezuxuru.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
date: Tue, 30 Jul 2024 03:29:06 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-dropbox-request-id: d1fecd4a325e488487eb5e9563c5c5a7
x-dropbox-response-origin: far_remote
content-disposition: inline; filename="Interstate-Light.woff"; filename*=UTF-8''Interstate-Light.woff
content-length: 75538
pragma: public
server: envoy
etag: 1661968851764500n
x-server-response-time: 326
content-type: application/octet-stream
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Disposition, Content-Encoding, Content-Length, Content-Range, X-Dropbox-Metadata, X-Dropbox-Request-Id, X-JSON, X-Server-Response-Time, Timing-Allow-Origin, x-dropbox-pdf-password-needed
cache-control: max-age=60
accept-ranges: bytes
x-robots-tag: noindex, nofollow, noimageindex

GET
H2 200 Interstate-Bold.woff
dl.dropboxusercontent.com/s/onrn6uufd9w6dw9/ 70 KB
70 KB 654ms
585ms Font
application/octet-stream 2620:100:6022:15::a27d:420f
DROPBOX

General

Check archive.org

Show headers Download Go to

Full URL

https://dl.dropboxusercontent.com/s/onrn6uufd9w6dw9/Interstate-Bold.woff

Requested by

Host: citloginnow.gezuxuru.workers.dev
URL: https://citloginnow.gezuxuru.workers.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:6022:15::a27d:420f , United States, ASN19679 (DROPBOX, US),

Reverse DNS

Software

envoy /

Resource Hash

e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7

Security Headers

Name	Value
Content-Security-Policy	report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
Origin: https://citloginnow.gezuxuru.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
date: Tue, 30 Jul 2024 03:29:06 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-dropbox-request-id: 38ac91b761874cfea8c737c8211b49b5
x-dropbox-response-origin: far_remote
content-disposition: inline; filename="Interstate-Bold.woff"; filename*=UTF-8''Interstate-Bold.woff
content-length: 71874
pragma: public
server: envoy
etag: 1661968844676205n
x-server-response-time: 334
content-type: application/octet-stream
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Disposition, Content-Encoding, Content-Length, Content-Range, X-Dropbox-Metadata, X-Dropbox-Request-Id, X-JSON, X-Server-Response-Time, Timing-Allow-Origin, x-dropbox-pdf-password-needed
cache-control: max-age=60
accept-ranges: bytes
x-robots-tag: noindex, nofollow, noimageindex

GET
H2 200 Interstate-Regular.woff
dl.dropboxusercontent.com/s/eltd16c80yf2gxb/ 77 KB
78 KB 571ms
502ms Font
application/octet-stream 2620:100:6022:15::a27d:420f
DROPBOX

General

Check archive.org

Show headers Download Go to

Full URL

https://dl.dropboxusercontent.com/s/eltd16c80yf2gxb/Interstate-Regular.woff

Requested by

Host: citloginnow.gezuxuru.workers.dev
URL: https://citloginnow.gezuxuru.workers.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:6022:15::a27d:420f , United States, ASN19679 (DROPBOX, US),

Reverse DNS

Software

envoy /

Resource Hash

045cd226594cb32ddf9d4db8ee45611f4d0788675ae50180b68da975e66fe1fe

Security Headers

Name	Value
Content-Security-Policy	report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
Origin: https://citloginnow.gezuxuru.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
date: Tue, 30 Jul 2024 03:29:07 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-dropbox-request-id: e570def2889042e69952668315f680c3
x-dropbox-response-origin: far_remote
content-disposition: inline; filename="Interstate-Regular.woff"; filename*=UTF-8''Interstate-Regular.woff
content-length: 78762
pragma: public
server: envoy
etag: 1661968865208808n
x-server-response-time: 362
content-type: application/octet-stream
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Disposition, Content-Encoding, Content-Length, Content-Range, X-Dropbox-Metadata, X-Dropbox-Request-Id, X-JSON, X-Server-Response-Time, Timing-Allow-Origin, x-dropbox-pdf-password-needed
cache-control: max-age=60
accept-ranges: bytes
x-robots-tag: noindex, nofollow, noimageindex

GET
H2 200 styles.css
dl.dropboxusercontent.com/s/esn6641krlordqt/ 1 MB
197 KB 673ms
605ms Stylesheet
text/css 2620:100:6022:15::a27d:420f
DROPBOX

General

Check archive.org

Show headers Download Go to

Full URL

https://dl.dropboxusercontent.com/s/esn6641krlordqt/styles.css

Requested by

Host: citloginnow.gezuxuru.workers.dev
URL: https://citloginnow.gezuxuru.workers.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:6022:15::a27d:420f , United States, ASN19679 (DROPBOX, US),

Reverse DNS

Software

envoy /

Resource Hash

bd3acb2311f94938e29354d6e37dd710ad4c07703610222551c98da9993366d5

Security Headers

Name	Value
Content-Security-Policy	report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
date: Tue, 30 Jul 2024 03:29:06 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-dropbox-request-id: f52fee3adc614d96b8eaefb76ad42eb7
x-dropbox-response-origin: far_remote
content-disposition: inline; filename="styles.css"; filename*=UTF-8''styles.css
pragma: public
server: envoy
x-server-response-time: 431
vary: Accept-Encoding
content-type: text/css; charset=utf-8
cache-control: max-age=60
accept-ranges: bytes
x-robots-tag: noindex, nofollow, noimageindex

GET
H2 200 citilogoredesign.png
www.citi.com/CBOL/IA/Angular/assets/ 1 KB
2 KB 198ms
66ms Image
image/png 23.45.98.135
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.citi.com/CBOL/IA/Angular/assets/citilogoredesign.png

Requested by

Host: citloginnow.gezuxuru.workers.dev
URL: https://citloginnow.gezuxuru.workers.dev/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.45.98.135 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-45-98-135.deploy.static.akamaitechnologies.com

Software

Resource Hash

cebe6c7d3188cd697399bc4eeb2b7a3d94b8d461b50eebcd145aa0ecc620c522

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
date: Tue, 30 Jul 2024 03:29:07 GMT
last-modified: Fri, 07 Jul 2023 15:38:23 GMT
x-akamai-citisite: GTDC
content-type: image/png
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
access-control-allow-origin: https://citimobile.citibankonline.com
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 1409
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 050-location%402x.svg
dl.dropboxusercontent.com/s/ttemfbjw200ljgk/ 2 KB
916 B 712ms
710ms Image
image/svg+xml 2620:100:6022:15::a27d:420f
DROPBOX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dl.dropboxusercontent.com/s/ttemfbjw200ljgk/050-location%402x.svg

Requested by

Host: citloginnow.gezuxuru.workers.dev
URL: https://citloginnow.gezuxuru.workers.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:6022:15::a27d:420f , United States, ASN19679 (DROPBOX, US),

Reverse DNS

Software

envoy /

Resource Hash

6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b

Security Headers

Name	Value
Content-Security-Policy	sandbox, report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy	sandbox
X-Content-Type-Options	nosniff

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: sandbox, report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
date: Tue, 30 Jul 2024 03:29:07 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-dropbox-request-id: e2c9c9685a7f42a4a3f28182b3d97488
x-dropbox-response-origin: far_remote
content-disposition: attachment; filename=050-location%402x.svg
pragma: public
server: envoy
x-server-response-time: 555
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=60
accept-ranges: bytes
x-robots-tag: noindex, nofollow, noimageindex
x-webkit-csp: sandbox
x-content-security-policy: sandbox

GET
H2 200 icon_globe_med-grey%402x.svg
dl.dropboxusercontent.com/s/0v474zauzy1yqib/ 3 KB
2 KB 487ms
485ms Image
image/svg+xml 2620:100:6022:15::a27d:420f
DROPBOX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dl.dropboxusercontent.com/s/0v474zauzy1yqib/icon_globe_med-grey%402x.svg

Requested by

Host: citloginnow.gezuxuru.workers.dev
URL: https://citloginnow.gezuxuru.workers.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:6022:15::a27d:420f , United States, ASN19679 (DROPBOX, US),

Reverse DNS

Software

envoy /

Resource Hash

a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f

Security Headers

Name	Value
Content-Security-Policy	sandbox, report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy	sandbox
X-Content-Type-Options	nosniff

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: sandbox, report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
date: Tue, 30 Jul 2024 03:29:07 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-dropbox-request-id: 162519b8194340e08699b8d14eeb4dbf
x-dropbox-response-origin: far_remote
content-disposition: attachment; filename=icon_globe_med-grey%402x.svg
pragma: public
server: envoy
x-server-response-time: 331
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=60
accept-ranges: bytes
x-robots-tag: noindex, nofollow, noimageindex
x-webkit-csp: sandbox
x-content-security-policy: sandbox

GET
H2 200 ajax-loader.gif
i.ibb.co/RpLNy4f/ 3 KB
3 KB 103ms
28ms Image
image/gif 162.19.58.157
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.ibb.co/RpLNy4f/ajax-loader.gif
Requested by: Host: citloginnow.gezuxuru.workers.dev
URL: https://citloginnow.gezuxuru.workers.dev/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.19.58.157 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3096589.ip-162-19-58.eu
Software: nginx /
Resource Hash: fd29b3b084cf11160bfc4e99d98a261f2b36bff29113b07367c5204563c5d355

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 03:29:07 GMT
last-modified: Tue, 02 Mar 2021 22:27:30 GMT
server: nginx
access-control-allow-methods: GET, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 3208
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 / Show response
api.ipify.org/ 31 B
166 B 174ms
116ms Script
application/javascript 172.67.74.152
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.ipify.org/?format=jsonp&callback=getIP
Requested by: Host: citloginnow.gezuxuru.workers.dev
URL: https://citloginnow.gezuxuru.workers.dev/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.74.152 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 18234fcb914c48a01c4aa2fe789dc2bf8995f98025f68ed48b31b363464babd9

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Tue, 30 Jul 2024 03:29:06 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8ab24330794c3aa0-FRA
content-length: 31
vary: Origin
content-type: application/javascript

GET
H2 200 320_Citi-PLT%403x.png
dl.dropboxusercontent.com/s/q76kbkh9nbu3304/ 11 KB
11 KB 571ms
569ms Image
image/png 2620:100:6022:15::a27d:420f
DROPBOX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dl.dropboxusercontent.com/s/q76kbkh9nbu3304/320_Citi-PLT%403x.png

Requested by

Host: citloginnow.gezuxuru.workers.dev
URL: https://citloginnow.gezuxuru.workers.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:6022:15::a27d:420f , United States, ASN19679 (DROPBOX, US),

Reverse DNS

Software

envoy /

Resource Hash

f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631

Security Headers

Name	Value
Content-Security-Policy	report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
date: Tue, 30 Jul 2024 03:29:07 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-dropbox-request-id: f07c614a02394cf793ee387151a5a5ab
x-dropbox-response-origin: far_remote
content-disposition: inline; filename="320_Citi-PLT@3x.png"; filename*=UTF-8''320_Citi-PLT%403x.png
content-length: 11562
pragma: public
server: envoy
etag: 1661968563765161n
x-server-response-time: 372
content-type: image/png
cache-control: max-age=60
accept-ranges: bytes
x-robots-tag: noindex, nofollow, noimageindex

GET
H2 200 1440_Citi-PLT%403x.png
dl.dropboxusercontent.com/s/45bc9mcqqrkf7xw/ 27 KB
28 KB 606ms
604ms Image
image/png 2620:100:6022:15::a27d:420f
DROPBOX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dl.dropboxusercontent.com/s/45bc9mcqqrkf7xw/1440_Citi-PLT%403x.png

Requested by

Host: citloginnow.gezuxuru.workers.dev
URL: https://citloginnow.gezuxuru.workers.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:6022:15::a27d:420f , United States, ASN19679 (DROPBOX, US),

Reverse DNS

Software

envoy /

Resource Hash

6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452

Security Headers

Name	Value
Content-Security-Policy	report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
date: Tue, 30 Jul 2024 03:29:07 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-dropbox-request-id: 0c1403f3a3a24889b7acd7d4ba517adc
x-dropbox-response-origin: far_remote
content-disposition: inline; filename="1440_Citi-PLT@3x.png"; filename*=UTF-8''1440_Citi-PLT%403x.png
content-length: 28149
pragma: public
server: envoy
etag: 1661968561558912n
x-server-response-time: 413
content-type: image/png
cache-control: max-age=60
accept-ranges: bytes
x-robots-tag: noindex, nofollow, noimageindex

GET
H2 204 e.gif
nexus.ensighten.com/error/ 0
276 B 98ms
21ms Image
text/plain 2600:9000:206f:de00:2:8f43:5780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nexus.ensighten.com/error/e.gif?msg=_dl%20is%20not%20defined&lnn=-1&fn=&cid=1129&client=citi&publishPath=na_prod&rid=3092996&did=622672&errorName=ReferenceError
Requested by: Host: citloginnow.gezuxuru.workers.dev
URL: https://citloginnow.gezuxuru.workers.dev/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:de00:2:8f43:5780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: CloudFront /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Jul 2024 12:51:00 GMT
via: 1.1 46546eb404789d29bf372f6a3fe43876.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-C1
age: 52687
x-cache: Hit from cloudfront
cache-control: no-cache, no-store
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: U8rNHV6Jc3tfrYgPGy1tFUYBdgAIiYxurWpL7W19ybqVRlbzSEws7g==

GET
H2 200 serverComponent.php Show response
nexus.ensighten.com/citi/na_prod/ 1 KB
916 B 120ms
43ms Script
text/javascript 2600:9000:206f:de00:2:8f43:5780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/serverComponent.php?r=9687.439323134002&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Tue%20Jun%2008%2018:03:25%20GMT%202021&ClientID=1129&PageID=https%3A%2F%2Fcitloginnow.gezuxuru.workers.dev%2F
Requested by: Host: dl.dropboxusercontent.com
URL: https://dl.dropboxusercontent.com/s/z095l2wk45dt9ci/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:de00:2:8f43:5780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: CloudFront /
Resource Hash: 4bb39daabbef9516f4492426bb50d9ada9842f33d923051ed2be574383d2e887

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 03:29:07 GMT
content-encoding: gzip
via: 1.1 46546eb404789d29bf372f6a3fe43876.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-C1
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/javascript
cache-control: no-cache, no-store
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 2QfEKdeZYFyvcuPEUwLP_SvQ1dABYHH_k7Befi19AhwV7nL-twJ76Q==
expires: Tue, 30 Jul 2024 03:29:06 GMT

GET
H2 200 LSO_4959.jpg
dl.dropboxusercontent.com/s/8om9e8hgtt1ovl2/ 171 KB
171 KB 536ms
535ms Image
image/jpeg 2620:100:6022:15::a27d:420f
DROPBOX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dl.dropboxusercontent.com/s/8om9e8hgtt1ovl2/LSO_4959.jpg

Requested by

Host: citloginnow.gezuxuru.workers.dev
URL: https://citloginnow.gezuxuru.workers.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:6022:15::a27d:420f , United States, ASN19679 (DROPBOX, US),

Reverse DNS

Software

envoy /

Resource Hash

48e89b7e40e096b89d864a5c8ee340ce44ca60fe9675310ef2f3f40a53a7d593

Security Headers

Name	Value
Content-Security-Policy	report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
date: Tue, 30 Jul 2024 03:29:07 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-dropbox-request-id: 86a2491451fe423d92e237a62b72f331
x-dropbox-response-origin: far_remote
content-disposition: inline; filename="LSO_4959.jpg"; filename*=UTF-8''LSO_4959.jpg
content-length: 174933
pragma: public
server: envoy
etag: 1661968910563788n
x-server-response-time: 403
content-type: image/jpeg
cache-control: max-age=60
accept-ranges: bytes
x-robots-tag: noindex, nofollow, noimageindex

GET
H2 200 Citi-Branding-Sprite.png
dl.dropboxusercontent.com/s/13p0ciw1yl1ifq5/ 5 KB
5 KB 569ms
568ms Image
image/png 2620:100:6022:15::a27d:420f
DROPBOX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dl.dropboxusercontent.com/s/13p0ciw1yl1ifq5/Citi-Branding-Sprite.png

Requested by

Host: citloginnow.gezuxuru.workers.dev
URL: https://citloginnow.gezuxuru.workers.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:6022:15::a27d:420f , United States, ASN19679 (DROPBOX, US),

Reverse DNS

Software

envoy /

Resource Hash

3fca3de24621f0f10186594054444d608016297c2e853e548710b3521e42a609

Security Headers

Name	Value
Content-Security-Policy	report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
date: Tue, 30 Jul 2024 03:29:07 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-dropbox-request-id: e8b2eccf8df840dfac61832616fd1693
x-dropbox-response-origin: far_remote
content-disposition: inline; filename="Citi-Branding-Sprite.png"; filename*=UTF-8''Citi-Branding-Sprite.png
content-length: 4952
pragma: public
server: envoy
etag: 1661968652168104n
x-server-response-time: 395
content-type: image/png
cache-control: max-age=60
accept-ranges: bytes
x-robots-tag: noindex, nofollow, noimageindex

GET
H2 200 Appstore-Googleplay-JDPower-Sprite.png
dl.dropboxusercontent.com/s/fcfmeua8xtc4hqg/ 44 KB
44 KB 479ms
478ms Image
image/png 2620:100:6022:15::a27d:420f
DROPBOX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dl.dropboxusercontent.com/s/fcfmeua8xtc4hqg/Appstore-Googleplay-JDPower-Sprite.png

Requested by

Host: citloginnow.gezuxuru.workers.dev
URL: https://citloginnow.gezuxuru.workers.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:6022:15::a27d:420f , United States, ASN19679 (DROPBOX, US),

Reverse DNS

Software

envoy /

Resource Hash

b8e446605f92c29a178dd6494688103ac268004592afe06643df46f4bff68577

Security Headers

Name	Value
Content-Security-Policy	report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
date: Tue, 30 Jul 2024 03:29:07 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-dropbox-request-id: 7927131f6ece414bb42f460bc1eb01cf
x-dropbox-response-origin: far_remote
content-disposition: inline; filename="Appstore-Googleplay-JDPower-Sprite.png"; filename*=UTF-8''Appstore-Googleplay-JDPower-Sprite.png
content-length: 44996
pragma: public
server: envoy
etag: 1661968650157896n
x-server-response-time: 345
content-type: image/png
cache-control: max-age=60
accept-ranges: bytes
x-robots-tag: noindex, nofollow, noimageindex

GET
H2 200 social-media_facebook%403x.png
dl.dropboxusercontent.com/s/tx4dbqw0bze09il/ 445 B
613 B 489ms
488ms Image
image/png 2620:100:6022:15::a27d:420f
DROPBOX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dl.dropboxusercontent.com/s/tx4dbqw0bze09il/social-media_facebook%403x.png

Requested by

Host: citloginnow.gezuxuru.workers.dev
URL: https://citloginnow.gezuxuru.workers.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:6022:15::a27d:420f , United States, ASN19679 (DROPBOX, US),

Reverse DNS

Software

envoy /

Resource Hash

695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b

Security Headers

Name	Value
Content-Security-Policy	report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
date: Tue, 30 Jul 2024 03:29:07 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-dropbox-request-id: 9cbaba8abfbf4e3fbf79436c21d56d59
x-dropbox-response-origin: far_remote
content-disposition: inline; filename="social-media_facebook@3x.png"; filename*=UTF-8''social-media_facebook%403x.png
content-length: 445
pragma: public
server: envoy
etag: 1661968884486105n
x-server-response-time: 354
content-type: image/png
cache-control: max-age=60
accept-ranges: bytes
x-robots-tag: noindex, nofollow, noimageindex

GET
H2 200 social-media_twitter%403x.png
dl.dropboxusercontent.com/s/al8h1wt4q4z80q1/ 1 KB
1 KB 520ms
519ms Image
image/png 2620:100:6022:15::a27d:420f
DROPBOX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dl.dropboxusercontent.com/s/al8h1wt4q4z80q1/social-media_twitter%403x.png

Requested by

Host: citloginnow.gezuxuru.workers.dev
URL: https://citloginnow.gezuxuru.workers.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:6022:15::a27d:420f , United States, ASN19679 (DROPBOX, US),

Reverse DNS

Software

envoy /

Resource Hash

5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837

Security Headers

Name	Value
Content-Security-Policy	report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
date: Tue, 30 Jul 2024 03:29:07 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-dropbox-request-id: 37a110df04464940a04504156dca6154
x-dropbox-response-origin: far_remote
content-disposition: inline; filename="social-media_twitter@3x.png"; filename*=UTF-8''social-media_twitter%403x.png
content-length: 1277
pragma: public
server: envoy
etag: 1661968891955128n
x-server-response-time: 346
content-type: image/png
cache-control: max-age=60
accept-ranges: bytes
x-robots-tag: noindex, nofollow, noimageindex

GET
H2 200 social-media_youtube%403x.png
dl.dropboxusercontent.com/s/d7sibblybve5blb/ 1 KB
1 KB 544ms
544ms Image
image/png 2620:100:6022:15::a27d:420f
DROPBOX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dl.dropboxusercontent.com/s/d7sibblybve5blb/social-media_youtube%403x.png

Requested by

Host: citloginnow.gezuxuru.workers.dev
URL: https://citloginnow.gezuxuru.workers.dev/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:6022:15::a27d:420f , United States, ASN19679 (DROPBOX, US),

Reverse DNS

Software

envoy /

Resource Hash

be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8

Security Headers

Name	Value
Content-Security-Policy	report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
date: Tue, 30 Jul 2024 03:29:07 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-dropbox-request-id: 7da3c14a6c9e407a8a3245316b2c94fd
x-dropbox-response-origin: far_remote
content-disposition: inline; filename="social-media_youtube@3x.png"; filename*=UTF-8''social-media_youtube%403x.png
content-length: 1175
pragma: public
server: envoy
etag: 1661968897745048n
x-server-response-time: 360
content-type: image/png
cache-control: max-age=60
accept-ranges: bytes
x-robots-tag: noindex, nofollow, noimageindex

GET
H2 200 7c8ae1f9c206930028672949c6703f6d.js Show response
nexus.ensighten.com/citi/na_prod/code/ 2 KB
2 KB 22ms
21ms Script
application/javascript 2600:9000:206f:de00:2:8f43:5780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/7c8ae1f9c206930028672949c6703f6d.js?conditionId0=4849963
Requested by: Host: dl.dropboxusercontent.com
URL: https://dl.dropboxusercontent.com/s/z095l2wk45dt9ci/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:de00:2:8f43:5780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: CloudFront /
Resource Hash: 9a74546a8f511f31b5252f115d2db7aa69370ca5eeaf6828f60abb197f35a169

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 07 May 2024 04:18:32 GMT
x-amz-version-id: fn0OQIG24n9jjHSfN2OozphT08M6eW_x
content-encoding: gzip
via: 1.1 46546eb404789d29bf372f6a3fe43876.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 7254636
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 18 Oct 2022 17:52:59 GMT
server: CloudFront
etag: W/"7df0440e45009010a99db868682aafb3"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: T_BKyxKDRa_ZI3Dh8zl4eWhWLYow2uao6SwrTuiZuueXGCbTXzohNQ==

GET
H2 200 f0db1cf4496c8b42c5a1b2fa40b4f157.js Show response
nexus.ensighten.com/citi/na_prod/code/ 5 KB
2 KB 23ms
22ms Script
application/javascript 2600:9000:206f:de00:2:8f43:5780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/f0db1cf4496c8b42c5a1b2fa40b4f157.js?conditionId0=4897099
Requested by: Host: dl.dropboxusercontent.com
URL: https://dl.dropboxusercontent.com/s/z095l2wk45dt9ci/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:de00:2:8f43:5780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: CloudFront /
Resource Hash: 13a59cfac1785dd94d0005457ed1e12cf77fee65b975fe6fd91af77b7ac6cd77

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 29 May 2024 09:37:20 GMT
x-amz-version-id: _NJEt9Au7TfYHRltPN9x_4PZSTxTzbkJ
content-encoding: gzip
via: 1.1 46546eb404789d29bf372f6a3fe43876.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 5334708
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 02 Aug 2023 16:06:47 GMT
server: CloudFront
etag: W/"f21df27f4d3e67ca5151a737dacd6837"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: CdUVYGhjwSMHnKIJ1C_gHOndrBpufhlFSRSJ8oPO8h2VWDiSMPstqQ==

GET
H2 200 161d679ce52e285769353ab0490207c5.js Show response
nexus.ensighten.com/citi/na_prod/code/ 440 KB
46 KB 24ms
23ms Script
application/javascript 2600:9000:206f:de00:2:8f43:5780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/161d679ce52e285769353ab0490207c5.js?conditionId0=421908
Requested by: Host: dl.dropboxusercontent.com
URL: https://dl.dropboxusercontent.com/s/z095l2wk45dt9ci/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:de00:2:8f43:5780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: CloudFront /
Resource Hash: adfff3fedf4e9973c1791063d16ae7e30f83365c95aa6753efdabd66f053284b

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 23 Jul 2024 18:10:44 GMT
x-amz-version-id: cZX4WDHiFJkc5dOoQ8HM2qV_iNcWyPUN
content-encoding: br
via: 1.1 46546eb404789d29bf372f6a3fe43876.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 551904
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 23 Jul 2024 18:10:35 GMT
server: CloudFront
etag: W/"bb29dfcc1ea174eef20e19106ef9ef40"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: s5yAfqKBaS9SB5akoPxv0qKY3PNsivujOUxZctcl9xD_Tb-Iz1UGmg==

GET
H2 200 a9607bbeb2e6e06c07801d4745900799.js Show response
nexus.ensighten.com/citi/na_prod/code/ 23 KB
5 KB 21ms
20ms Script
application/javascript 2600:9000:206f:de00:2:8f43:5780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/a9607bbeb2e6e06c07801d4745900799.js?conditionId0=486757
Requested by: Host: dl.dropboxusercontent.com
URL: https://dl.dropboxusercontent.com/s/z095l2wk45dt9ci/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:de00:2:8f43:5780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: CloudFront /
Resource Hash: 3556b4fa28a41290454dc84939dae439fcf5bda8a1eac70efdf2647bf041d43d

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 11 Jun 2024 09:17:01 GMT
x-amz-version-id: TUtp2N9e.3Mq3kFsEinWRYvNz9Zemh3C
content-encoding: gzip
via: 1.1 46546eb404789d29bf372f6a3fe43876.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 4212727
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 19 Sep 2023 17:48:03 GMT
server: CloudFront
etag: W/"e4e9e801aca9bba5a66c95552720097c"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: oQ_OphZ44T1qvFyCHYWtLM36U0utUuX1ghsB2ly1O5Tal8QNWfvx5g==

GET
H2 200 f120449dcdb84c3b6d0f58c8b98ad8a3.js Show response
nexus.ensighten.com/citi/na_prod/code/ 24 KB
7 KB 25ms
24ms Script
application/javascript 2600:9000:206f:de00:2:8f43:5780:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citi/na_prod/code/f120449dcdb84c3b6d0f58c8b98ad8a3.js?conditionId0=467299
Requested by: Host: dl.dropboxusercontent.com
URL: https://dl.dropboxusercontent.com/s/z095l2wk45dt9ci/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:de00:2:8f43:5780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: CloudFront /
Resource Hash: bf39c7a23da56a09d7fba494ab7a46604dc02a19fabfaf8d4c3ab6629aad0692

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 15 Dec 2023 00:18:11 GMT
x-amz-version-id: nWKpv6NjQeNKdUj5cLa_yhYRraA7P2n3
content-encoding: gzip
via: 1.1 46546eb404789d29bf372f6a3fe43876.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 19710657
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 19 Sep 2023 17:48:03 GMT
server: CloudFront
etag: W/"79a1f615128893a73faf5e48cfd01107"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: 1rB2PWSwdqOhrFrIRwziYxAug8MnFlwDlEScMuk5Je1hrMYQJ2Jwhw==

GET
H2 200 tc.min.js Show response
c1.rfihub.net/js/ 19 KB
6 KB 112ms
22ms Script
application/x-javascript 2600:9000:214f:f200:1:76cf:fe80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.rfihub.net/js/tc.min.js
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/f0db1cf4496c8b42c5a1b2fa40b4f157.js?conditionId0=4897099
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:f200:1:76cf:fe80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Jetty(9.4.51.v20230217) /
Resource Hash: 7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 02:44:25 GMT
content-encoding: br
via: 1.1 d01ad8df731d3f120823f9e20df55146.cloudfront.net (CloudFront)
last-modified: Tue, 30 Jul 2024 02:44:15 GMT
server: Jetty(9.4.51.v20230217)
x-amz-cf-pop: FRA53-C1
age: 2682
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: public, max-age=3600
x-amz-cf-id: QLCRwaUJ8Bgi8k1J2weIIPfQ-d0wAY8iKOTk_cbTqB9zogfrM9Muxw==
expires: Tue, 30 Jul 2024 03:44:25 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 213 KB
77 KB 89ms
35ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6260004

Requested by

Host: dl.dropboxusercontent.com
URL: https://dl.dropboxusercontent.com/s/z095l2wk45dt9ci/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ca07386bd9ad725c1768b472a7f96bc1237719c05cc225909a55f31b8d0ef60d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 03:29:07 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78094
x-xss-protection: 0
last-modified: Tue, 30 Jul 2024 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 30 Jul 2024 03:29:07 GMT

GET
H/1.1 200
OK ca.html
20766699p.rfihub.com/ Frame 01C3 0
0 221ms
37ms Document
text/html 193.0.160.131
ROCKETFUEL

General

Check archive.org

Show headers Download Go to

Full URL: https://20766699p.rfihub.com/ca.html?ver=9&ra=252&rb=648&ca=20766699&_o=17169175&_t=&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=&pe=https%3A%2F%2Fcitloginnow.gezuxuru.workers.dev%2F&pf=https%3A%2F%2Fcitloginnow.gezuxuru.workers.dev%2F&ra=7223306663913933
Requested by: Host: c1.rfihub.net
URL: https://c1.rfihub.net/js/tc.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 193.0.160.131 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.4.51.v20230217) /
Resource Hash

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Cache-Control: no-cache
Content-Length: 3027
Content-Type: text/html;charset=utf-8
Date: Tue, 30 Jul 2024 03:29:07 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server: Jetty(9.4.51.v20230217)

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 213 KB
76 KB 62ms
60ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6269322&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bb50c7620321071dfd9def50e2786957146ac64a67b2781fabe1e5852302a112

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 03:29:07 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78105
x-xss-protection: 0
last-modified: Tue, 30 Jul 2024 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 30 Jul 2024 03:29:07 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 211 KB
76 KB 39ms
38ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6256710&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

53b6fcb218589649571053c9c679351bcbdc60989cc4921eef71e5ae462e3371

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 03:29:07 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 77662
x-xss-protection: 0
last-modified: Tue, 30 Jul 2024 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 30 Jul 2024 03:29:07 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 211 KB
76 KB 37ms
36ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6415812&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b4c562a97056c3de70119834849fc4ecd105fc62f3324472d1c5b840ef49de69

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 03:29:07 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 77662
x-xss-protection: 0
last-modified: Tue, 30 Jul 2024 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 30 Jul 2024 03:29:07 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 211 KB
76 KB 35ms
34ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6268858&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ce46d5b88f27e4bd3150d0b99e3c457cf950c5f1923ac533b65fa6193f617940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 03:29:07 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 77658
x-xss-protection: 0
last-modified: Tue, 30 Jul 2024 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 30 Jul 2024 03:29:07 GMT

GET
H2 200 / Show response
zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com/SIE/ 10 KB
5 KB 102ms
36ms Script
application/javascript 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_3VI8kkudS0JJRFc

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/7c8ae1f9c206930028672949c6703f6d.js?conditionId0=4849963

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d9c46900eb71a9958e0beca97dedf5040aeef61d166bda8b404db8ea9740b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 03:29:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 129501
content-security-policy-report-only: frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"268f-ENBCzZc6hJpsB06BOOhS4paxCAI"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-ray: 8ab243390e1fa5f9-FRA

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 269 KB
92 KB 33ms
32ms Script
application/javascript 216.58.206.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-916451471

Requested by

Host: dl.dropboxusercontent.com
URL: https://dl.dropboxusercontent.com/s/z095l2wk45dt9ci/Bootstrap.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.206.40 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

b539f3e630b5989d95c351e207ea7529b2e4a4117c0aa633871f2ea6ea8323d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 03:29:07 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 94557
x-xss-protection: 0
last-modified: Tue, 30 Jul 2024 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 30 Jul 2024 03:29:07 GMT

GET
H2 451 425466.html
sr.rlcdn.com/ Frame F418 0
0 221ms
135ms Document
text/plain 35.244.154.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/code/f120449dcdb84c3b6d0f58c8b98ad8a3.js?conditionId0=467299
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.154.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.154.244.35.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Tue, 30 Jul 2024 03:29:08 GMT
via: 1.1 google

GET

iu3
s.amazon-adsystem.com/
Redirect Chain

https://s.amazon-adsystem.com/iu3?pid=c3702eea-109e-48b0-9ef4-c856bdd405e2&event=PageView
https://s.amazon-adsystem.com/iu3?pid=c3702eea-109e-48b0-9ef4-c856bdd405e2&event=PageView&dcc=t

0
0

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 232 KB
83 KB 41ms
40ms Script
application/javascript 216.58.206.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.206.40 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

0647f73610e22e219d1b09d1963adc5aaed48b8d42e12fb860d7776ec64f2b31

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 03:29:08 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85066
x-xss-protection: 0
last-modified: Tue, 30 Jul 2024 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 30 Jul 2024 03:29:08 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 226 KB
82 KB 43ms
43ms Script
application/javascript 216.58.206.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.206.40 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

bdec27dedd14be3bbf9c628978041cc138c657f2def0fbf29dc2be9935d0599d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 03:29:08 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 83463
x-xss-protection: 0
last-modified: Tue, 30 Jul 2024 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 30 Jul 2024 03:29:08 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 238 KB
84 KB 33ms
33ms Script
application/javascript 216.58.206.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.206.40 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

c60daec7bda33c276e4a25b9e8385897ed4834d46b56b34bfc508f9edc478484

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 03:29:08 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 86433
x-xss-protection: 0
last-modified: Tue, 30 Jul 2024 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 30 Jul 2024 03:29:08 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 244 KB
86 KB 63ms
63ms Script
application/javascript 216.58.206.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.206.40 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

d1e07c27191ff31bf7b4d9f335080b5be42c3ca0f8d8d86d89ab94e5ac4adf97

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 03:29:08 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 88486
x-xss-protection: 0
last-modified: Tue, 30 Jul 2024 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 30 Jul 2024 03:29:08 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 227 KB
82 KB 60ms
60ms Script
application/javascript 216.58.206.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.206.40 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

d6bd8382fb3a256e8011c55cf45bdf5192c79aeb467dd81ce1982d00e500ae02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 03:29:08 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 83500
x-xss-protection: 0
last-modified: Tue, 30 Jul 2024 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 30 Jul 2024 03:29:08 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 234 KB
84 KB 55ms
54ms Script
application/javascript 216.58.206.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.206.40 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

5a1455b9743c9501d22d68e70634d7b14f86107c8028fcb958ec03737500b05f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 03:29:08 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85508
x-xss-protection: 0
last-modified: Tue, 30 Jul 2024 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 30 Jul 2024 03:29:08 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 271 KB
93 KB 36ms
35ms Script
application/javascript 216.58.206.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.206.40 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

3db207035c356b024c5710c093297f3e7472c2fc32cd0b4da851d9dc9a88b4f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 03:29:08 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 94716
x-xss-protection: 0
last-modified: Tue, 30 Jul 2024 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 30 Jul 2024 03:29:08 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 232 KB
83 KB 66ms
65ms Script
application/javascript 216.58.206.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.206.40 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

318d4ea25dfd50a11c554ad88a89bf5d080511e8a511ee874d73086352cbb509

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 03:29:08 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85054
x-xss-protection: 0
last-modified: Tue, 30 Jul 2024 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 30 Jul 2024 03:29:08 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 265 KB
91 KB 76ms
75ms Script
application/javascript 216.58.206.40
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-11172302925&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6260004

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.206.40 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

4a916e6f357894132e94072a902fff57d152a00eec006fa937dd1d3676a792c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 03:29:08 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 93221
x-xss-protection: 0
last-modified: Tue, 30 Jul 2024 03:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 30 Jul 2024 03:29:08 GMT

GET
H3 204 td
www.googletagmanager.com/ 0
15 B 29ms
29ms Image
text/plain 216.58.206.40
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.googletagmanager.com/td?id=AW-916451471&v=3&t=t&pid=370488610&dl=citloginnow.gezuxuru.workers.dev%2F&tdp=AW-916451471;67929579;0;0;0&frm=0&rtg=67929579&rlo=33&slo=15&hlo=0&lst=3&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 216.58.206.40 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lcfraa-aa-in-f8.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 30 Jul 2024 03:29:08 GMT
server: Golfe2
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 12.f83656fbc6c9f02061b2.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 74 KB
21 KB 38ms
32ms Script
application/javascript 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/12.f83656fbc6c9f02061b2.chunk.js?Q_CLIENTVERSION=2.10.0&Q_CLIENTTYPE=web&Q_BRANDID=citloginnow.gezuxuru.workers.dev

Requested by

Host: zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com
URL: https://zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_3VI8kkudS0JJRFc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

369a904e6a2a6cb6fef3e935c723dead810c01aa74ff7771983a06e5f3cf8f39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 03:29:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 530485
content-security-policy-report-only: frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 01 Jul 2024 18:09:29 GMT
server: cloudflare
etag: W/"12863-1906f7ccfa8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-ray: 8ab243395e4da5f9-FRA

POST
H2 200 Targeting.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 9 KB
2 KB 42ms
41ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_3VI8kkudS0JJRFc&Q_CLIENTVERSION=2.10.0&Q_CLIENTTYPE=web

Requested by

Host: siteintercept.qualtrics.com
URL: https://siteintercept.qualtrics.com/dxjsmodule/12.f83656fbc6c9f02061b2.chunk.js?Q_CLIENTVERSION=2.10.0&Q_CLIENTTYPE=web&Q_BRANDID=citloginnow.gezuxuru.workers.dev

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

adae77055b2dc721e1300e734f4d5b196bfe83cb25fa341b452f50dd010836c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Tue, 30 Jul 2024 03:29:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy-report-only: frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
content-type: application/json
access-control-allow-origin: https://citloginnow.gezuxuru.workers.dev
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
permissions-policy: camera=(), geolocation=(), microphone=()
trace-id: 42a1a4e06fdd8ff8
timing-allow-origin: *
cf-ray: 8ab243399e6ea5f9-FRA

GET
H2 200 CoreModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 102 KB
30 KB 32ms
32ms Script
application/javascript 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=2.10.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ddff91efc1be8c97f198fe2fc83ac0150c1bb07a8e06b07f3a4a4deece76a7a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 03:29:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 530477
content-security-policy-report-only: frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 01 Jul 2024 18:09:29 GMT
server: cloudflare
etag: W/"19780-1906f7ccfa8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-ray: 8ab24339ee8ba5f9-FRA

GET
H2 200 7.50a5e5384da9a5f8074a.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 3 KB
1 KB 31ms
31ms Script
application/javascript 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/7.50a5e5384da9a5f8074a.chunk.js?Q_CLIENTVERSION=2.10.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback

Requested by

Host: zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com
URL: https://zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_3VI8kkudS0JJRFc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

406cdcfe71f134b46b922bfde89f980f838e69d9ffa48b3ca4c8d1e63ea76620

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 03:29:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 530477
content-security-policy-report-only: frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 01 Jul 2024 18:09:29 GMT
server: cloudflare
etag: W/"b55-1906f7ccfa8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-ray: 8ab2433b2f3ba5f9-FRA

GET
H2 200 1.54b5112e10a3bab30834.chunk.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 29 KB
7 KB 31ms
30ms Script
application/javascript 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/1.54b5112e10a3bab30834.chunk.js?Q_CLIENTVERSION=2.10.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback

Requested by

Host: zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com
URL: https://zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_3VI8kkudS0JJRFc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bbfa2282ed66c005d5779c7f2246ca9c0fb4249a9eff7ee432e2e6b22a1031a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 03:29:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 530478
content-security-policy-report-only: frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 01 Jul 2024 18:09:29 GMT
server: cloudflare
etag: W/"73fb-1906f7ccfa8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-ray: 8ab2433b2f3da5f9-FRA

GET
H2 200 FeedbackButtonModule.js Show response
siteintercept.qualtrics.com/dxjsmodule/ 64 KB
22 KB 32ms
32ms Script
application/javascript 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/dxjsmodule/FeedbackButtonModule.js?Q_CLIENTVERSION=2.10.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

32a5fe5b244d14e044f25061a014dcabfcb89b6ad8bbd466b1122c0d42237ccc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 03:29:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 530474
content-security-policy-report-only: frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 01 Jul 2024 18:09:29 GMT
server: cloudflare
etag: W/"10099-1906f7ccfa8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800
permissions-policy: camera=(), geolocation=(), microphone=()
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
cf-ray: 8ab2433b2f3ea5f9-FRA

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 10 KB
2 KB 114ms
68ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_0AioryRkl8bxHM2&Version=27&Q_ORIGIN=https://citloginnow.gezuxuru.workers.dev&Q_CLIENTVERSION=2.10.0&Q_CLIENTTYPE=web&Q_BRANDTIER=lIjhYuMl2g&Q_ARCACHEVERSION=21&Q_BRANDDC=iad1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22e922e329a21589f9020b2383d8114b173eb983b3e20d1663fc2446688a9023

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

expires: Fri, 28 Jul 2034 03:29:08 GMT
date: Tue, 30 Jul 2024 03:29:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
content-encoding: br
content-security-policy-report-only: frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 30 Jul 2024 03:29:08 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 8ab2433b7e905c98-FRA
servershortname

GET
H2 200 Asset.php Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 2 KB
713 B 193ms
147ms XHR
application/json 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_6sPqDX4wKQujPO6&Version=9&Q_InterceptID=SI_0AioryRkl8bxHM2&Q_ORIGIN=https://citloginnow.gezuxuru.workers.dev&Q_CLIENTVERSION=2.10.0&Q_CLIENTTYPE=web&Q_BRANDTIER=lIjhYuMl2g&Q_ARCACHEVERSION=21&Q_BRANDDC=iad1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

566095a5f65029a8730735e82ff6cf43336a92723d96484db740011b88467aa1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

expires: Fri, 28 Jul 2034 03:29:08 GMT
date: Tue, 30 Jul 2024 03:29:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
content-encoding: br
content-security-policy-report-only: frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control: max-age=604800
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 30 Jul 2024 03:29:08 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials: false
permissions-policy: camera=(), geolocation=(), microphone=()
cf-ray: 8ab2433b7e935c98-FRA
servershortname

GET
H2 200 favicon.ico
dl.dropboxusercontent.com/s/faq078xaxkrnxze/ 9 KB
8 KB 569ms
569ms Other
image/x-icon 2620:100:6022:15::a27d:420f
DROPBOX

General

Check archive.org

Show headers Download Go to

Full URL

https://dl.dropboxusercontent.com/s/faq078xaxkrnxze/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:6022:15::a27d:420f , United States, ASN19679 (DROPBOX, US),

Reverse DNS

Software

envoy /

Resource Hash

2f6d73a312361b30f573d8f97bf9b345f2316c3d8b40723592b3145e360f8c32

Security Headers

Name	Value
Content-Security-Policy	report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-usercontent ; sandbox allow-forms allow-scripts allow-top-navigation allow-popups, form-action 'none' ; report-uri https://www.dropbox.com/csp_log?policy_name=blockserver-noscript ; script-src 'none'
date: Tue, 30 Jul 2024 03:29:08 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-dropbox-request-id: fde0827d88624761a2d095632987e182
x-dropbox-response-origin: far_remote
content-disposition: inline; filename="favicon.ico"; filename*=UTF-8''favicon.ico
pragma: public
server: envoy
x-server-response-time: 399
vary: Accept-Encoding
content-type: image/x-icon
cache-control: max-age=60
accept-ranges: bytes
x-robots-tag: noindex, nofollow, noimageindex

GET
H2 200 Graphic.php
iad1.qualtrics.com/WRQualtricsSiteIntercept/ 2 KB
3 KB 125ms
34ms Image
image/png 95.101.149.99
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://iad1.qualtrics.com/WRQualtricsSiteIntercept/Graphic.php?IM=IM_2ghDuHHjeSOirNc

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.149.99 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-101-149-99.deploy.static.akamaitechnologies.com

Software

Resource Hash

25f4eeb23f67fe1d74534ed37230ecd54ab4f57524276970dcbeaaf3b0fc64f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Tue, 30 Jul 2024 03:29:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy-report-only: frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report
content-disposition: inline; filename=feedback.png
content-length: 2196
x-request-id: fc1e7afb-972f-4a4b-9420-1226a4343dc6
referrer-policy: strict-origin-when-cross-origin
etag: "e6ed675f115fb1568bb1aabc00aa3f30"
content-type: image/png
access-control-allow-origin: *
x-transaction-id: 8c7b6fcc-a470-442a-adf7-47f74260e617
cache-control: public, max-age=44
permissions-policy: camera=(), geolocation=(), microphone=()
x-robots-tag: noindex
expires: Tue, 30 Jul 2024 03:29:52 GMT

POST
H2 200 / Show response
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 45 B
218 B 127ms
127ms XHR
text/plain 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://siteintercept.qualtrics.com/WRSiteInterceptEngine/?Q_Impress=1&Q_CID=CR_6sPqDX4wKQujPO6&Q_SIID=SI_0AioryRkl8bxHM2&Q_ASID=AS_07210024&Q_CLIENTVERSION=2.10.0&Q_CLIENTTYPE=web&r=1722310148665

Requested by

Host: siteintercept.qualtrics.com
URL: https://siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=2.10.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f47f21063dfdcbdeffed3d97689b45efae7a52401cd7fc5b8d07c42d2f232ab9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Tue, 30 Jul 2024 03:29:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
content-encoding: br
content-security-policy-report-only: frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://citloginnow.gezuxuru.workers.dev
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
permissions-policy: camera=(), geolocation=(), microphone=()
trace-id: f5cd123a5d657c7b
cf-ray: 8ab2433d3f375c98-FRA

GET
H2 200 bwc_close.png
siteintercept.qualtrics.com/WRQualtricsShared/Graphics/siteintercept/ 733 B
1005 B 35ms
35ms Image
image/png 104.17.209.240
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://siteintercept.qualtrics.com/WRQualtricsShared/Graphics/siteintercept/bwc_close.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

303a63eba6c865675648d239512940b718f60d9d65911793aac6a4632c6f1df9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://citloginnow.gezuxuru.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

expires: Sun, 23 Apr 2034 01:09:43 GMT
date: Tue, 30 Jul 2024 03:29:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 8302765
cf-polished: origSize=1253
content-security-policy-report-only: frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report
p3p: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:85,h2pri
last-modified: Thu, 28 Mar 2024 20:06:21 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=315360000, public
permissions-policy: camera=(), geolocation=(), microphone=()
trace-id: dcae989c31ce9c14
cf-ray: 8ab2433d384aa5f9-FRA
servershortname

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/iu3?pid=c3702eea-109e-48b0-9ef4-c856bdd405e2&event=PageView&dcc=t

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citibank (Banking) Generic Cloudflare (Online)

35 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.citloginnow.gezuxuru.workers.dev/	1970-01-20 22:26:36	Name: __cf_mw_byp Value: C2RF8SpF8R4Ch62qO7ZFf7KOafMU87FY8i5XbCKMvtw-1722310141-0.0.1.1-/
.dropboxusercontent.com/	1969-12-31 23:59:59	Name: uc_session Value: JMZ5hr3s4pDMGkKjWCm3gDy5zBHv7bLIK43Zubi6ZX3D7Y2GXRHriIXNNTYcNm4L
citloginnow.gezuxuru.workers.dev/	1970-01-20 22:25:11	Name: 7018 Value:
citloginnow.gezuxuru.workers.dev/	1970-01-20 22:25:11	Name: 7830 Value: error
citloginnow.gezuxuru.workers.dev/	1970-01-20 22:25:11	Name: 69250 Value: null
citloginnow.gezuxuru.workers.dev/	1970-01-21 00:34:46	Name: 64072 Value:
.gezuxuru.workers.dev/	1970-01-21 00:34:46	Name: _gcl_au Value: 1.1.1592634040.1722310148
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAA_-MSNjU0MTG1sDA1NjQ0MLY0tbSwMBbiM9StyEquKs-qSipNjEwEADdSzCYlAAAA
.rfihub.com/	1970-01-21 07:46:46	Name: rud Value: H4sIAAAAAAAA_-MSNjU0MTG1sDA1NjQ0MLY0tbSwMBbiM9StyEquKs-qSipNjEwEADdSzCYlAAAA
.amazon-adsystem.com/	1970-01-21 04:17:58	Name: ad-id Value: AxkaZjVVa0k1sPTIvfIqcrk
.amazon-adsystem.com/	1970-01-21 08:01:10	Name: ad-privacy Value: 0

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://dl.dropboxusercontent.com/s/z095l2wk45dt9ci/Bootstrap.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://dl.dropboxusercontent.com/s/z095l2wk45dt9ci/Bootstrap.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://api.ipify.org/?format=jsonp&callback=getIP, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
recommendation	verbose	URL: https://citloginnow.gezuxuru.workers.dev/ Message: [DOM] Password field is not contained in a form: (More info: https://goo.gl/9p2vKq) %o
recommendation	verbose	URL: https://citloginnow.gezuxuru.workers.dev/ Message: [DOM] Password field is not contained in a form: (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

20766699p.rfihub.com
ajax.googleapis.com
api.ipify.org
c1.rfihub.net
citloginnow.gezuxuru.workers.dev
dl.dropboxusercontent.com
i.ibb.co
iad1.qualtrics.com
nexus.ensighten.com
s.amazon-adsystem.com
siteintercept.qualtrics.com
sr.rlcdn.com
www.citi.com
www.googletagmanager.com
zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com
s.amazon-adsystem.com
104.17.209.240
162.19.58.157
172.67.137.174
172.67.74.152
193.0.160.131
216.58.206.40
23.45.98.135
2600:9000:206f:de00:2:8f43:5780:93a1
2600:9000:214f:f200:1:76cf:fe80:93a1
2620:100:6022:15::a27d:420f
2a00:1450:4001:80f::2008
2a00:1450:4001:80f::200a
35.244.154.8
95.101.149.99
045cd226594cb32ddf9d4db8ee45611f4d0788675ae50180b68da975e66fe1fe
0647f73610e22e219d1b09d1963adc5aaed48b8d42e12fb860d7776ec64f2b31
13a59cfac1785dd94d0005457ed1e12cf77fee65b975fe6fd91af77b7ac6cd77
18234fcb914c48a01c4aa2fe789dc2bf8995f98025f68ed48b31b363464babd9
22e922e329a21589f9020b2383d8114b173eb983b3e20d1663fc2446688a9023
25f4eeb23f67fe1d74534ed37230ecd54ab4f57524276970dcbeaaf3b0fc64f9
2f6d73a312361b30f573d8f97bf9b345f2316c3d8b40723592b3145e360f8c32
303a63eba6c865675648d239512940b718f60d9d65911793aac6a4632c6f1df9
318d4ea25dfd50a11c554ad88a89bf5d080511e8a511ee874d73086352cbb509
32a5fe5b244d14e044f25061a014dcabfcb89b6ad8bbd466b1122c0d42237ccc
3556b4fa28a41290454dc84939dae439fcf5bda8a1eac70efdf2647bf041d43d
369a904e6a2a6cb6fef3e935c723dead810c01aa74ff7771983a06e5f3cf8f39
3db207035c356b024c5710c093297f3e7472c2fc32cd0b4da851d9dc9a88b4f6
3fca3de24621f0f10186594054444d608016297c2e853e548710b3521e42a609
406cdcfe71f134b46b922bfde89f980f838e69d9ffa48b3ca4c8d1e63ea76620
48e89b7e40e096b89d864a5c8ee340ce44ca60fe9675310ef2f3f40a53a7d593
4a916e6f357894132e94072a902fff57d152a00eec006fa937dd1d3676a792c3
4bb39daabbef9516f4492426bb50d9ada9842f33d923051ed2be574383d2e887
5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837
53b6fcb218589649571053c9c679351bcbdc60989cc4921eef71e5ae462e3371
566095a5f65029a8730735e82ff6cf43336a92723d96484db740011b88467aa1
5a1455b9743c9501d22d68e70634d7b14f86107c8028fcb958ec03737500b05f
6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452
7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
9a74546a8f511f31b5252f115d2db7aa69370ca5eeaf6828f60abb197f35a169
a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f
adae77055b2dc721e1300e734f4d5b196bfe83cb25fa341b452f50dd010836c3
adfff3fedf4e9973c1791063d16ae7e30f83365c95aa6753efdabd66f053284b
b20c7a06ae36e7e897023af45b2b85587d00921244171bf462660f2704bf3c2a
b4c562a97056c3de70119834849fc4ecd105fc62f3324472d1c5b840ef49de69
b539f3e630b5989d95c351e207ea7529b2e4a4117c0aa633871f2ea6ea8323d7
b8e446605f92c29a178dd6494688103ac268004592afe06643df46f4bff68577
bb50c7620321071dfd9def50e2786957146ac64a67b2781fabe1e5852302a112
bbfa2282ed66c005d5779c7f2246ca9c0fb4249a9eff7ee432e2e6b22a1031a9
bd3acb2311f94938e29354d6e37dd710ad4c07703610222551c98da9993366d5
bdec27dedd14be3bbf9c628978041cc138c657f2def0fbf29dc2be9935d0599d
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8
bf39c7a23da56a09d7fba494ab7a46604dc02a19fabfaf8d4c3ab6629aad0692
c60daec7bda33c276e4a25b9e8385897ed4834d46b56b34bfc508f9edc478484
c73e69a929ce513e05bba4a3359296cf41064aaff3355d900b971ca39175a935
ca07386bd9ad725c1768b472a7f96bc1237719c05cc225909a55f31b8d0ef60d
ce46d5b88f27e4bd3150d0b99e3c457cf950c5f1923ac533b65fa6193f617940
cebe6c7d3188cd697399bc4eeb2b7a3d94b8d461b50eebcd145aa0ecc620c522
d1e07c27191ff31bf7b4d9f335080b5be42c3ca0f8d8d86d89ab94e5ac4adf97
d6bd8382fb3a256e8011c55cf45bdf5192c79aeb467dd81ce1982d00e500ae02
d85294e27c6d8e2ca68fe77d76d663c96c68d971f7d0d221409fd089db5c7df8
d9c46900eb71a9958e0beca97dedf5040aeef61d166bda8b404db8ea9740b743
ddff91efc1be8c97f198fe2fc83ac0150c1bb07a8e06b07f3a4a4deece76a7a8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296
f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631
f47f21063dfdcbdeffed3d97689b45efae7a52401cd7fc5b8d07c42d2f232ab9
fd29b3b084cf11160bfc4e99d98a261f2b36bff29113b07367c5204563c5d355
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

citloginnow.gezuxuru.workers.dev Open in urlscan Pro 172.67.137.174 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

64 Requests

98 %HTTPS

36 %IPv6

13 Domains

15 Subdomains

15 IPs

4 Countries

2543 kBTransfer

13352 kBSize

11 Cookies

0 Outgoing links

Page URL History

Redirected requests

64 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

citloginnow.gezuxuru.workers.dev Open in urlscan Pro
172.67.137.174 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

64
Requests

98 %
HTTPS

36 %
IPv6

13
Domains

15
Subdomains

15
IPs

4
Countries

2543 kB
Transfer

13352 kB
Size

11
Cookies

64 HTTP transactions
0 data transactions