urlscan.io logo urlscan.io
SecurityTrails logo

answers.citizensbank.com Open in urlscan Pro
2606:4700::6812:7134  Public Scan

Go To Rescan Add Verdict Report
URL: https://answers.citizensbank.com/
Submission: On April 08 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 18 IPs in 6 countries across 21 domains to perform 37 HTTP transactions. The main IP is 2606:4700::6812:7134, located in United States and belongs to CLOUDFLARENET, US. The main domain is answers.citizensbank.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on April 8th 2022. Valid for: a year.
This is the only time answers.citizensbank.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
8 2606:4700::68... 13335 (CLOUDFLAR...)
4 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 18.195.42.228 16509 (AMAZON-02)
1 54.161.181.151 14618 (AMAZON-AES)
1 8 34.243.37.47 16509 (AMAZON-02)
1 52.212.211.89 16509 (AMAZON-02)
2 15.188.95.229 16509 (AMAZON-02)
1 1 54.216.2.121 16509 (AMAZON-02)
2 2 35.244.174.68 15169 (GOOGLE)
1 1 69.192.160.219 16625 (AKAMAI-AS)
2 3 172.217.18.98 15169 (GOOGLE)
1 1 193.0.160.128 54312 (ROCKETFUEL)
1 3.121.27.153 16509 (AMAZON-02)
2 2 52.30.14.23 16509 (AMAZON-02)
8 8 151.101.130.49 54113 (FASTLY)
1 69.173.144.139 26667 (RUBICONPR...)
1 2 23.35.236.247 16625 (AKAMAI-AS)
1 2 185.33.221.13 29990 (ASN-APPNEX)
1 35.244.159.8 15169 (GOOGLE)
1 185.64.189.110 62713 (AS-PUBMATIC)
1 2 185.94.180.125 35220 (SPOTX-AMS)
1 2a03:2880:f11... 32934 (FACEBOOK)
1 2 54.208.98.135 14618 (AMAZON-AES)
37 18
8    2606:4700::6812:7134 (United States)

ASN13335 (CLOUDFLARENET, US)
answers.citizensbank.com
4    2606:4700::6812:7334 (United States)

ASN13335 (CLOUDFLARENET, US)
assets.sitescdn.net
1    2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
3    18.195.42.228 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
nexus.ensighten.com
1    54.161.181.151 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-161-181-151.compute-1.amazonaws.com
realtimeanalytics.yext.com
8    34.243.37.47 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-243-37-47.eu-west-1.compute.amazonaws.com
dpm.demdex.net
1    52.212.211.89 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-212-211-89.eu-west-1.compute.amazonaws.com
citizensbank.demdex.net
2    15.188.95.229 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-188-95-229.eu-west-3.compute.amazonaws.com
smetrics.citizensbank.com
1    54.216.2.121 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-216-2-121.eu-west-1.compute.amazonaws.com
cm.everesttech.net
2    35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com
idsync.rlcdn.com
1    69.192.160.219 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a69-192-160-219.deploy.static.akamaitechnologies.com
x.dlx.addthis.com
3    172.217.18.98 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s05-in-f98.1e100.net
cm.g.doubleclick.net
1    193.0.160.128 (United States)

ASN54312 (ROCKETFUEL, US)
p.rfihub.com
1    3.121.27.153 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-121-27-153.eu-central-1.compute.amazonaws.com
ps.eyeota.net
2    52.30.14.23 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-14-23.eu-west-1.compute.amazonaws.com
sync.crwdcntrl.net
8    151.101.130.49 (United States)

ASN54113 (FASTLY, US)
sync-tm.everesttech.net
1    69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
2    23.35.236.247 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-247.deploy.static.akamaitechnologies.com
dsum-sec.casalemedia.com
2    185.33.221.13 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
ib.adnxs.com
1    35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com
us-u.openx.net
1    185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image2.pubmatic.com
2    185.94.180.125 (Amsterdam, Netherlands)

ASN35220 (SPOTX-AMS, US)
sync.search.spotxchange.com
1    2a03:2880:f11c:8083:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
2    54.208.98.135 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-208-98-135.compute-1.amazonaws.com
mid.rkdms.com
Apex Domain
Subdomains		 Transfer
10 citizensbank.com
answers.citizensbank.com
smetrics.citizensbank.com — Cisco Umbrella Rank: 72606
264 KB
9 everesttech.net
cm.everesttech.net — Cisco Umbrella Rank: 1009
sync-tm.everesttech.net — Cisco Umbrella Rank: 576
2 KB
9 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 216
citizensbank.demdex.net — Cisco Umbrella Rank: 50041
12 KB
4 sitescdn.net
assets.sitescdn.net — Cisco Umbrella Rank: 11787
230 KB
3 doubleclick.net
cm.g.doubleclick.net — Cisco Umbrella Rank: 211
898 B
3 ensighten.com
nexus.ensighten.com — Cisco Umbrella Rank: 2747
69 KB
2 rkdms.com
mid.rkdms.com — Cisco Umbrella Rank: 1135
71 B
2 spotxchange.com
sync.search.spotxchange.com — Cisco Umbrella Rank: 531
1 KB
2 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 248
2 KB
2 casalemedia.com
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 575
2 KB
2 crwdcntrl.net
sync.crwdcntrl.net — Cisco Umbrella Rank: 662
587 B
2 rlcdn.com
idsync.rlcdn.com — Cisco Umbrella Rank: 327
802 B
1 facebook.com
www.facebook.com — Cisco Umbrella Rank: 100
605 B
1 pubmatic.com
image2.pubmatic.com — Cisco Umbrella Rank: 898
546 B
1 openx.net
us-u.openx.net — Cisco Umbrella Rank: 411
274 B
1 rubiconproject.com
pixel.rubiconproject.com — Cisco Umbrella Rank: 350
239 B
1 eyeota.net
ps.eyeota.net — Cisco Umbrella Rank: 960
344 B
1 rfihub.com
p.rfihub.com — Cisco Umbrella Rank: 718
753 B
1 addthis.com
x.dlx.addthis.com — Cisco Umbrella Rank: 1140
175 B
1 yext.com
realtimeanalytics.yext.com — Cisco Umbrella Rank: 36368
139 B
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 238
5 KB
37 21
Domain Requested by
8 sync-tm.everesttech.net 8 redirects
8 dpm.demdex.net 1 redirects
8 answers.citizensbank.com answers.citizensbank.com
4 assets.sitescdn.net answers.citizensbank.com
3 cm.g.doubleclick.net 2 redirects
3 nexus.ensighten.com answers.citizensbank.com
nexus.ensighten.com
2 mid.rkdms.com 1 redirects
2 sync.search.spotxchange.com 1 redirects
2 ib.adnxs.com 1 redirects
2 dsum-sec.casalemedia.com 1 redirects
2 sync.crwdcntrl.net 2 redirects
2 idsync.rlcdn.com 2 redirects
2 smetrics.citizensbank.com nexus.ensighten.com
1 www.facebook.com
1 image2.pubmatic.com
1 us-u.openx.net
1 pixel.rubiconproject.com
1 ps.eyeota.net
1 p.rfihub.com 1 redirects
1 x.dlx.addthis.com 1 redirects
1 cm.everesttech.net 1 redirects
1 citizensbank.demdex.net nexus.ensighten.com
1 realtimeanalytics.yext.com assets.sitescdn.net
1 cdnjs.cloudflare.com answers.citizensbank.com
37 24

This site contains links to these domains. Also see Links.

Domain
www.yext.com
Subject Issuer Validity Valid
answers.citizensbank.com
Cloudflare Inc ECC CA-3		 2022-04-08 -
2023-04-08		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-09-10 -
2022-09-09		 a year crt.sh
nexus.ensighten.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-14 -
2022-10-12		 a year crt.sh
*.yext.com
Amazon		 2021-09-13 -
2022-10-11		 a year crt.sh
*.demdex.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-19 -
2022-11-19		 a year crt.sh
smetrics.citizensbank.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-06-22 -
2022-07-23		 a year crt.sh
*.eyeota.net
R3		 2022-03-08 -
2022-06-06		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://answers.citizensbank.com/
Frame ID: 8433C0F9E00A1ADC935430DFA82868DD
Requests: 21 HTTP requests in this frame

Frame: https://citizensbank.demdex.net/dest5.html?d_nsid=0
Frame ID: 6984D8136CC48E62BEF3A80BAFD7112D
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Search

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • //nexus\.ensighten\.com/
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com

Page Statistics

37
Requests

57 %
HTTPS

17 %
IPv6

21
Domains

24
Subdomains

18
IPs

6
Countries

584 kB
Transfer

2036 kB
Size

39
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 16
  • https://dpm.demdex.net/id?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1649380639197 HTTP 302
  • https://dpm.demdex.net/id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1649380639197
Request Chain 19
  • https://cm.everesttech.net/cm/dd?d_uuid=82157517533826429491350960852854416446 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yk_NHwAAALc9tAQS
Request Chain 20
  • https://idsync.rlcdn.com/365868.gif?partner_uid=82157517533826429491350960852854416446 HTTP 307
  • https://idsync.rlcdn.com/1000.gif?memo=CKyqFhIxCi0IARCYEhomODIxNTc1MTc1MzM4MjY0Mjk0OTEzNTA5NjA4NTI4NTQ0MTY0NDYQABoNCJ-avpIGEgUI6AcQAEIASgA HTTP 307
  • https://dpm.demdex.net/ibs:dpid=477&dpuuid=a9cf5481e75303f5494ab4a59bc30b1ba8500e9de49749a09822beeb9ca21ff3b0da87c991749652
Request Chain 22
  • https://x.dlx.addthis.com/e/demdex_sync?na_exid=82157517533826429491350960852854416446&ru=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D134096%26dpuuid%3D%3Cna_id%3E%20 HTTP 301
  • https://dpm.demdex.net/ibs:dpid=134096&dpuuid=2022040801171900053064673167
Request Chain 23
  • https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=ODIxNTc1MTc1MzM4MjY0Mjk0OTEzNTA5NjA4NTI4NTQ0MTY0NDY= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=ODIxNTc1MTc1MzM4MjY0Mjk0OTEzNTA5NjA4NTI4NTQ0MTY0NDY=&google_tc= HTTP 302
  • https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEAc72O5BvhcfYwrYFmek8ss&google_cver=1?gdpr=0&gdpr_consent=
Request Chain 24
  • https://p.rfihub.com/cm?in=1&pub=7085 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=1121&dpuuid=5144588519977297025
Request Chain 26
  • https://sync.crwdcntrl.net/map/c=9828/tp=ADBE/gdpr=0/gdpr_consent=/tpid=82157517533826429491350960852854416446?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D121998%26dpuuid%3D${profile_id} HTTP 302
  • https://sync.crwdcntrl.net/map/ct=y/c=9828/tp=ADBE/gdpr=0/gdpr_consent=/tpid=82157517533826429491350960852854416446?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D121998%26dpuuid%3D${profile_id} HTTP 302
  • https://dpm.demdex.net/ibs:dpid=121998&dpuuid=
Request Chain 27
  • https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WWtfTkh3QUFBTGM5dEFRUw==
Request Chain 28
  • https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=Yk_NHwAAALc9tAQS&expires=90
Request Chain 29
  • https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Yk_NHwAAALc9tAQS HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Yk_NHwAAALc9tAQS&C=1
Request Chain 30
  • https://sync-tm.everesttech.net/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D HTTP 302
  • https://ib.adnxs.com/setuid?entity=158&code=Yk_NHwAAALc9tAQS HTTP 307
  • https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D158%26code%3DYk_NHwAAALc9tAQS
Request Chain 31
  • https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537148856&val=Yk_NHwAAALc9tAQS
Request Chain 32
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Yk_NHwAAALc9tAQS
Request Chain 33
  • https://sync-tm.everesttech.net/upi/pid/h0r58thg?redir=https%3A%2F%2Fsync.search.spotxchange.com%2Fpartner%3Fadv_id%3D6409%26uid%3D%24%7BUSER_ID%7D%26img%3D1 HTTP 302
  • https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Yk_NHwAAALc9tAQS&img=1 HTTP 302
  • https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Yk_NHwAAALc9tAQS&img=1&__user_check__=1&sync_id=a3762332-b6d9-11ec-9d04-1d03a5b20106
Request Chain 34
  • https://sync-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fwww.facebook.com%2Ffr%2Fb.php%3Fp%3D1531105787105294%26e%3D%24%7BTM_USER_ID%7D%26t%3D2592000%26o%3D0 HTTP 302
  • https://www.facebook.com/fr/b.php?p=1531105787105294&e=Yk_NHwAAALc9tAQS&t=2592000&o=0
Request Chain 35
  • https://mid.rkdms.com/bct?pid=8bc436aa-e0fc-4baa-9c9a-06fbeca87826&puid=82157517533826429491350960852854416446&_ct=img HTTP 302
  • https://mid.rkdms.com/restricted

37 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
answers.citizensbank.com/ 		651 KB
132 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://answers.citizensbank.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6812:7134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0f347f7bfe111b3071e5f5078010346f82626c85c65508a0b83661515e146fc5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
max-age=0, s-maxage=7200, must-revalidate
cf-cache-status
HIT
cf-ray
6f87299f3d4d0211-ZRH
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Fri, 08 Apr 2022 01:17:18 GMT
etag
"a1c84c420d86070ebd121527582ce4a8"-gzip
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires
Fri, 08 Apr 2022 01:16:17 GMT
last-modified
Wed, 06 Apr 2022 14:22:26 GMT
owner
sitescog-1529
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
surrogate-key
answers.citizensbank.com answers.citizensbank.com%2Findex.html
vary
Accept-Encoding
x-goog-generation
1649254945962419
x-goog-hash
md5=ochMQg2GBw69EhUnWCzkqA==
x-goog-metageneration
1
x-goog-storage-class
STANDARD
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
666947
x-guploader-uploadid
ADPycdvuumknGRjjPAETMVCW6kDzI3meb-7hCmE0ni1sHrOQEyeH-_jilpmxF0ZasiKLHs0fwT0ilD1Timz1XeigDp9R
x-yext-site
gcp-euw3a-prod
x-yext-subendpoint
static
source-sans-pro-v14-latin-300.woff
answers.citizensbank.com/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://answers.citizensbank.com/source-sans-pro-v14-latin-300.woff
Requested by
Host: answers.citizensbank.com
URL: https://answers.citizensbank.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6812:7134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4c24262a87fdf021d377bf7e4d6c08ce81a1862e774facca70713391a4cd3bc7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://answers.citizensbank.com/
Origin
https://answers.citizensbank.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 08 Apr 2022 01:17:18 GMT
vary
Accept-Encoding
cf-cache-status
HIT
x-amz-request-id
92CYZD5YD72K84JF
x-amz-server-side-encryption
AES256
cf-ray
6f8729a03dd90211-ZRH
x-yext-subendpoint
static
content-length
20204
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-version-id
null
x-amz-id-2
fusEKW+o8DrBLFq4DBxf3eN4V+bAS+ONmFCI4ta30KBR2rXxgBRkA4SgnlLTxuAh6FTYqJn0Bps=
surrogate-key
answers.citizensbank.com answers.citizensbank.com%2Fsource-sans-pro-v14-latin-300.woff
last-modified
Thu, 10 Feb 2022 16:49:11 GMT
server
cloudflare
etag
"a5002963b0570a073e28156403c78670"-gzip
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains
x-yext-site
jp2
cache-control
max-age=0, s-maxage=7200, must-revalidate
accept-ranges
bytes
content-type
font/woff
owner
sitescog-1529
source-sans-pro-v14-latin-600.woff
answers.citizensbank.com/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://answers.citizensbank.com/source-sans-pro-v14-latin-600.woff
Requested by
Host: answers.citizensbank.com
URL: https://answers.citizensbank.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6812:7134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c08efa91781865d1a2e9fcb030f8ac55c2d8eadbf8822c2ea251556333f99d9c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://answers.citizensbank.com/
Origin
https://answers.citizensbank.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 08 Apr 2022 01:17:18 GMT
vary
Accept-Encoding
cf-cache-status
HIT
x-amz-request-id
92CR93YAC57CC6YB
x-amz-server-side-encryption
AES256
cf-ray
6f8729a03ddb0211-ZRH
x-yext-subendpoint
static
content-length
20096
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-version-id
null
x-amz-id-2
fub/uyMJ+vlI8l8UZy1EUCuqGWEg31psLnTTn5bdlZWMGNuCKFjbiKCtggaz1271Sk6s4BzJvM8=
surrogate-key
answers.citizensbank.com answers.citizensbank.com%2Fsource-sans-pro-v14-latin-600.woff
last-modified
Thu, 10 Feb 2022 16:49:11 GMT
server
cloudflare
etag
"a75563d7b9e5b1db163971b9a2e66216"-gzip
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains
x-yext-site
jp2
cache-control
max-age=0, s-maxage=7200, must-revalidate
accept-ranges
bytes
content-type
font/woff
owner
sitescog-1529
source-sans-pro-v14-latin-700.woff
answers.citizensbank.com/ 		19 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://answers.citizensbank.com/source-sans-pro-v14-latin-700.woff
Requested by
Host: answers.citizensbank.com
URL: https://answers.citizensbank.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6812:7134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d8dd0de638293eb62dba15a6e410fb0af9a5b36c35df226237b1b609d573c63e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://answers.citizensbank.com/
Origin
https://answers.citizensbank.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 08 Apr 2022 01:17:18 GMT
vary
Accept-Encoding
cf-cache-status
HIT
x-amz-request-id
92CM3SNECA5JKYMV
x-amz-server-side-encryption
AES256
cf-ray
6f8729a03ddc0211-ZRH
x-yext-subendpoint
static
content-length
19896
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-version-id
null
x-amz-id-2
x3EiZM4fae7nysQveHMzrSMTueS1iQ1wY34i7OaTv+So+FfulPAEht2dZkJ/UIwcq2wdA49dfWo=
surrogate-key
answers.citizensbank.com answers.citizensbank.com%2Fsource-sans-pro-v14-latin-700.woff
last-modified
Thu, 10 Feb 2022 16:49:11 GMT
server
cloudflare
etag
"b03f2ec28f8e60e61974dd8c57610e5b"-gzip
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains
x-yext-site
jp2
cache-control
max-age=0, s-maxage=7200, must-revalidate
accept-ranges
bytes
content-type
font/woff
owner
sitescog-1529
source-sans-pro-v14-latin-regular.woff
answers.citizensbank.com/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://answers.citizensbank.com/source-sans-pro-v14-latin-regular.woff
Requested by
Host: answers.citizensbank.com
URL: https://answers.citizensbank.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6812:7134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
38399efe707a8ffc12359a0086e7340315b42194a10fd2e1d1288be12da9e39c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://answers.citizensbank.com/
Origin
https://answers.citizensbank.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 08 Apr 2022 01:17:18 GMT
vary
Accept-Encoding
cf-cache-status
HIT
x-amz-request-id
92CSAYT0YTAQGRC2
x-amz-server-side-encryption
AES256
cf-ray
6f8729a03ddd0211-ZRH
x-yext-subendpoint
static
content-length
20180
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-version-id
null
x-amz-id-2
p62jhRhmoWTukbiJkQr1hLIIFsuO4ZIpjl4iTPcs8TfyZp4lk94HmPV49zNY0LspWCsR1nf02Q0=
surrogate-key
answers.citizensbank.com answers.citizensbank.com%2Fsource-sans-pro-v14-latin-regular.woff
last-modified
Thu, 10 Feb 2022 16:49:11 GMT
server
cloudflare
etag
"5cc3aae674ea3b199313b3b83bd795bc"-gzip
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains
x-yext-site
jp2
cache-control
max-age=0, s-maxage=7200, must-revalidate
accept-ranges
bytes
content-type
font/woff
owner
sitescog-1529
ytag.min.js
assets.sitescdn.net/ytag/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.sitescdn.net/ytag/ytag.min.js
Requested by
Host: answers.citizensbank.com
URL: https://answers.citizensbank.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6812:7334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4bf7b4335f93390740535b1e55da9296acbda0b1740ab5d0be17d75cfe32ebfe

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://answers.citizensbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 08 Apr 2022 01:17:18 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 14 Jun 2021 15:45:54 GMT
server
cloudflare
age
2308
etag
W/"2c59d483e66e9b95db2f13a78bbb50de"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
null
content-type
application/javascript
cf-ray
6f8729a06e4523af-ZRH
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id
W1K0749MZK0D36D0
x-amz-id-2
PZCe43Y9KV2tNJuXnEBZOO0QVC5eCKgQ1HElifYaqqbGCo2YA3bPUwGX5Pim02FWPYS4mkWX0r0=
iframeResizer.contentWindow.min.js
cdnjs.cloudflare.com/ajax/libs/iframe-resizer/4.2.10/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/4.2.10/iframeResizer.contentWindow.min.js
Requested by
Host: answers.citizensbank.com
URL: https://answers.citizensbank.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d4a1916cb402e1fba4eed335fb19c68c23a283554f749c23e75dc90ca79bb80f
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://answers.citizensbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 08 Apr 2022 01:17:18 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
4570179
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
4395
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:11:11 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e9f-348e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6fsGRFa5cQaFVqGWJmCr3WfQxVnvXiC9CzjOHn6bQiGGfHhtSzWUvzinzCy5ZRStmpfvqYRrh80%2BiRwh2Bt%2Fdh%2BjgLmjkmvufuzEFJDOymfXJNqi7RwMBIQJLQ47M1oKk9DHTsYMFwbwj1cgRve3D4V2"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6f8729a0994523df-ZRH
expires
Wed, 29 Mar 2023 01:17:18 GMT
answers.css
assets.sitescdn.net/answers/v1.12/ 		103 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://assets.sitescdn.net/answers/v1.12/answers.css
Requested by
Host: answers.citizensbank.com
URL: https://answers.citizensbank.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6812:7334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
115546b0bec1e5c7f38bd2e8dd7136b1063a96202676afe2470b26c06bcce6c6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://answers.citizensbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 08 Apr 2022 01:17:18 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 28 Mar 2022 22:40:12 GMT
server
cloudflare
x-amz-request-id
9C7F8BNX8D3Q126Y
etag
W/"bfef112d67bf727a467e04042f82ab26"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
iKE6LQ1F9rfagHCz0Au9Yo7zyMj9JZam
content-type
text/css
cache-control
max-age=43200
cf-ray
6f8729a06e4423af-ZRH
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
3xYTRZW2LED+GVg11TaetoTiToyHK9Zl2cb60Mla1v7mbqvkxi7PDiRojg9+AoXUslnfh7LVxg8=
answerstemplates.compiled.min.js
assets.sitescdn.net/answers/v1.12/ 		333 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.sitescdn.net/answers/v1.12/answerstemplates.compiled.min.js
Requested by
Host: answers.citizensbank.com
URL: https://answers.citizensbank.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:7334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ada334fef426e1c312d85b7bc0267d5f825bf0da6a5e0da6a847afaa0fba12a3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://answers.citizensbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 08 Apr 2022 01:17:18 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 28 Mar 2022 22:40:12 GMT
server
cloudflare
x-amz-request-id
9C71SG0B334Q7BYG
etag
W/"b8a48dc02440ca07478132363b12d342"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
khK3iGhKPKwcVLAJSLz.uugusMDkcLgN
content-type
application/javascript
cache-control
max-age=43200
cf-ray
6f8729a0e9242373-ZRH
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
1boIosLZ1NDNTlO1VYmQS/ZxxkVJR/tRk3B+Md1ogmXbeAw/uWPqlNud5R6bnxcBeBZ+58cuuUg=
answers-modern.min.js
assets.sitescdn.net/answers/v1.12/ 		573 KB
148 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.sitescdn.net/answers/v1.12/answers-modern.min.js
Requested by
Host: answers.citizensbank.com
URL: https://answers.citizensbank.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6812:7334 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
595be9a60b244441f1d71268273979e1f97bd031525e0c054465af0935c3dd18

Request headers

Referer
https://answers.citizensbank.com/
Origin
https://answers.citizensbank.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 08 Apr 2022 01:17:18 GMT
content-encoding
gzip
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status
HIT
x-amz-request-id
E58H9AKDG8P0RQED
cf-ray
6f8729a07bce23f7-ZRH
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
LXiHkDX+b6tfODw1wd5E65plaUzMjHcGKj7YJGCy6WB4Szo6gnRVoOPBIraJL2HohkD9fa56hOc=
last-modified
Mon, 28 Mar 2022 22:40:12 GMT
server
cloudflare
etag
W/"ba6fc2a21fb393d47ce62046be9899ba"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-version-id
fr1T8yMmSamTsPaIYig9hF0X6sgeSd_K
access-control-allow-origin
*
cache-control
max-age=43200
content-type
application/javascript
citisa-bold.ab844807.woff
answers.citizensbank.com/ 		24 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://answers.citizensbank.com/citisa-bold.ab844807.woff
Requested by
Host: answers.citizensbank.com
URL: https://answers.citizensbank.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:7134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
da3241e8118ae86bbe09bb4f04eff598178548d14b01656559b27f5e9e7ce1b8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://answers.citizensbank.com/
Origin
https://answers.citizensbank.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 08 Apr 2022 01:17:19 GMT
vary
Accept-Encoding
cf-cache-status
HIT
x-amz-request-id
92CMC8MD277F6K3C
x-amz-server-side-encryption
AES256
cf-ray
6f8729a16ab4cc5a-ZRH
x-yext-subendpoint
static
content-length
24484
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-version-id
null
x-amz-id-2
5z7chS+L+EG4QBp8AF5POyOY0ehxURF4I6RRd2pwq4hoG3NIYx0uYrZ4y/Fec/xGyYh69eAleOE=
surrogate-key
answers.citizensbank.com answers.citizensbank.com%2Fcitisa-bold.ab844807.woff
last-modified
Thu, 10 Feb 2022 16:49:11 GMT
server
cloudflare
etag
"ab844807e1dac8757f55b1efd16fae17"-gzip
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains
x-yext-site
jp2
cache-control
max-age=0, s-maxage=7200, must-revalidate
accept-ranges
bytes
content-type
font/woff
owner
sitescog-1529
citisa.3ced9fb4.woff
answers.citizensbank.com/ 		25 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://answers.citizensbank.com/citisa.3ced9fb4.woff
Requested by
Host: answers.citizensbank.com
URL: https://answers.citizensbank.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:7134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
20a29036fe4a46137c8df7bd672f8bd5673a657e338a709a9ccc629ad886d7fb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://answers.citizensbank.com/
Origin
https://answers.citizensbank.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 08 Apr 2022 01:17:19 GMT
vary
Accept-Encoding
cf-cache-status
HIT
x-amz-request-id
92CVDWQ46S10Y0RQ
x-amz-server-side-encryption
AES256
cf-ray
6f8729a16ab9cc5a-ZRH
x-yext-subendpoint
static
content-length
25372
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-version-id
null
x-amz-id-2
T6xo+T03mZFPDvb1v4heKS/fXG5qsUoQmiv3HkQRP8iQ+f1xpRq7QMqllwQsduxelIaVp4QpSBY=
surrogate-key
answers.citizensbank.com answers.citizensbank.com%2Fcitisa.3ced9fb4.woff
last-modified
Thu, 10 Feb 2022 16:49:11 GMT
server
cloudflare
etag
"3ced9fb48dc9f1952487fa279b96275e"-gzip
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains
x-yext-site
jp2
cache-control
max-age=0, s-maxage=7200, must-revalidate
accept-ranges
bytes
content-type
font/woff
owner
sitescog-1529
Bootstrap.js
nexus.ensighten.com/citizensbank/answersprod/ 		47 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/citizensbank/answersprod/Bootstrap.js
Requested by
Host: answers.citizensbank.com
URL: https://answers.citizensbank.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
359ddc2cb6d45372850dd616ee82385c5a8d76c5981afba50765732925356832

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://answers.citizensbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 08 Apr 2022 01:17:19 GMT
content-encoding
gzip
last-modified
Fri, 04 Feb 2022 18:53:21 GMT
server
nginx
etag
W/"61fd7621-bd3f"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=300
1049031
realtimeanalytics.yext.com/realtimeanalytics/data/answers/ 		0
139 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://realtimeanalytics.yext.com/realtimeanalytics/data/answers/1049031
Requested by
Host: assets.sitescdn.net
URL: https://assets.sitescdn.net/answers/v1.12/answers-modern.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.161.181.151 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-181-151.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://answers.citizensbank.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Fri, 08 Apr 2022 01:17:19 GMT
content-length
0
magnifying_glass.svg
answers.citizensbank.com/static/assets/images/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://answers.citizensbank.com/static/assets/images/magnifying_glass.svg
Requested by
Host: answers.citizensbank.com
URL: https://answers.citizensbank.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:7134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7c63f9dfacdcdef381482136bf548e721c3e300c6f001d562467375b4fe9720c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://answers.citizensbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 08 Apr 2022 01:17:19 GMT
content-encoding
gzip
vary
Accept-Encoding
cf-cache-status
HIT
x-amz-request-id
Z9D2K7S3EPECNEJ2
x-amz-server-side-encryption
AES256
cf-ray
6f8729a28b16cc5a-ZRH
x-yext-subendpoint
static
content-length
935
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-version-id
null
x-amz-id-2
0zus6LyQhqtUqvHGjXe8oweJyV2XOAIKf5M8oN4kYp31sE5BTxgKB2kiyra2mVt7ejNP8xIql0Q=
surrogate-key
answers.citizensbank.com answers.citizensbank.com%2Fstatic%2Fassets%2Fimages%2Fmagnifying_glass.svg
last-modified
Thu, 10 Feb 2022 16:49:11 GMT
server
cloudflare
etag
"4be84eed1f61c141d540c9127f7f8960"-gzip
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains
x-yext-site
us2
cache-control
max-age=0, s-maxage=7200, must-revalidate
accept-ranges
bytes
content-type
image/svg+xml
owner
sitescog-1529
serverComponent.php
nexus.ensighten.com/citizensbank/answersprod/ 		285 B
427 B 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/citizensbank/answersprod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citizensbank/answersprod/code/&publishedOn=Fri%20Feb%2004%2018:53:21%20GMT%202022&ClientID=397&PageID=https%3A%2F%2Fanswers.citizensbank.com%2F
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citizensbank/answersprod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
9f70009f6f037af220e6718648cdcb577d5520c6076f70f8991b2c6146079e96

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://answers.citizensbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 08 Apr 2022 01:17:19 GMT
cache-control
no-cache, no-store
server
nginx
content-type
text/javascript
content-length
285
expires
Fri, 08 Apr 2022 01:17:18 GMT
1a3984a910ed3da630a3792ffcec132f.js
nexus.ensighten.com/citizensbank/answersprod/code/ 		171 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/citizensbank/answersprod/code/1a3984a910ed3da630a3792ffcec132f.js?conditionId0=421909
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citizensbank/answersprod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
c8c07815a46f5c991fb065e5e2cb5babcd0b15d1c67bf310a5931adc2138b6c9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://answers.citizensbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 08 Apr 2022 01:17:19 GMT
content-encoding
gzip
last-modified
Fri, 04 Feb 2022 18:53:21 GMT
server
nginx
etag
W/"61fd7621-2ab69"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=315360000
rd
dpm.demdex.net/id/
Redirect Chain
  • https://dpm.demdex.net/id?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1649380639197
  • https://dpm.demdex.net/id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1649380639197
4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1649380639197
Protocol
HTTP/1.1
Server
34.243.37.47 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-243-37-47.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
c1c50d9785311329b25da29a2e2cf6debca99321375e6523b0e0a728614d9f8d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://answers.citizensbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

DCS
dcs-prod-irl1-1-v030-0fe5937e1.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-TID
cUQ5QgvLQns=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://answers.citizensbank.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
1319
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS
dcscanary-prod-irl1-1-v035-0e67bfa71.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Access-Control-Allow-Origin
https://answers.citizensbank.com
X-TID
0lQrn0m6SJU=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://dpm.demdex.net/id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1649380639197
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 UTC
dest5.html
citizensbank.demdex.net/ Frame 6984 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://citizensbank.demdex.net/dest5.html?d_nsid=0
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citizensbank/answersprod/code/1a3984a910ed3da630a3792ffcec132f.js?conditionId0=421909
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.212.211.89 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-212-211-89.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://answers.citizensbank.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
text/html;charset=UTF-8
DCS
dcs-prod-irl1-2-v030-01952d331.edge-irl1.demdex.com UNKNOWN
Expires
Thu, 01 Jan 1970 00:00:00 UTC
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
6Jpfl/6TQ+o=
content-encoding
gzip
date
Fri, 8 Apr 2022 01:17:19 GMT
last-modified
Tue, 15 Mar 2022 12:36:14 GMT
transfer-encoding
chunked
vary
accept-encoding
id
smetrics.citizensbank.com/ 		48 B
519 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://smetrics.citizensbank.com/id?d_visid_ver=5.0.1&d_fieldgroup=A&mcorgid=4C3B0C3755C3822E7F000101%40AdobeOrg&mid=82176677573814342101346752508744456793&ts=1649380639370
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citizensbank/answersprod/code/1a3984a910ed3da630a3792ffcec132f.js?conditionId0=421909
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.95.229 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-188-95-229.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
c284680446e1cbe62840dd2f048fe3cb5c6e2e169d6f51483288251193f0d532
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://answers.citizensbank.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Fri, 08 Apr 2022 01:17:19 GMT
x-content-type-options
nosniff
server
jag
xserver
anedge-7b6f4bb9f7-wq2lx
vary
Origin
x-c
main-1637.I660130.M0-562
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://answers.citizensbank.com
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/x-javascript;charset=utf-8
content-length
48
x-xss-protection
1; mode=block
ibs:dpid=411&dpuuid=Yk_NHwAAALc9tAQS
dpm.demdex.net/
Redirect Chain
  • https://cm.everesttech.net/cm/dd?d_uuid=82157517533826429491350960852854416446
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yk_NHwAAALc9tAQS
42 B
943 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yk_NHwAAALc9tAQS
Protocol
HTTP/1.1
Server
34.243.37.47 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-243-37-47.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://answers.citizensbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

DCS
dcs-prod-irl1-2-v030-0a6c4291d.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
Qu+O0JZFShg=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yk_NHwAAALc9tAQS
Date
Fri, 08 Apr 2022 01:17:19 GMT
Cache-Control
no-cache
Server
AMO-cookiemap/1.1
Connection
keep-alive
Content-Length
0
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
ibs:dpid=477&dpuuid=a9cf5481e75303f5494ab4a59bc30b1ba8500e9de49749a09822beeb9ca21ff3b0da87c991749652
dpm.demdex.net/ Frame 6984
Redirect Chain
  • https://idsync.rlcdn.com/365868.gif?partner_uid=82157517533826429491350960852854416446
  • https://idsync.rlcdn.com/1000.gif?memo=CKyqFhIxCi0IARCYEhomODIxNTc1MTc1MzM4MjY0Mjk0OTEzNTA5NjA4NTI4NTQ0MTY0NDYQABoNCJ-avpIGEgUI6AcQAEIASgA
  • https://dpm.demdex.net/ibs:dpid=477&dpuuid=a9cf5481e75303f5494ab4a59bc30b1ba8500e9de49749a09822beeb9ca21ff3b0da87c991749652
42 B
943 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=477&dpuuid=a9cf5481e75303f5494ab4a59bc30b1ba8500e9de49749a09822beeb9ca21ff3b0da87c991749652
Protocol
HTTP/1.1
Server
34.243.37.47 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-243-37-47.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citizensbank.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

DCS
dcs-prod-irl1-1-v030-0a672e30e.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
UgyDplvEQ+8=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

date
Fri, 08 Apr 2022 01:17:19 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://dpm.demdex.net/ibs:dpid=477&dpuuid=a9cf5481e75303f5494ab4a59bc30b1ba8500e9de49749a09822beeb9ca21ff3b0da87c991749652
cache-control
no-cache, no-store
timing-allow-origin
*
alt-svc
clear
content-length
0
s01673704197535
smetrics.citizensbank.com/b/ss/citizensbankmarketingprod,citizensbankglobalprod/1/JS-2.21.0/ 		43 B
442 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://smetrics.citizensbank.com/b/ss/citizensbankmarketingprod,citizensbankglobalprod/1/JS-2.21.0/s01673704197535?AQB=1&ndh=1&pf=1&t=8%2F3%2F2022%201%3A17%3A19%205%200&mid=82176677573814342101346752508744456793&aamlh=6&ce=UTF-8&ns=citizensbank&pageName=marketing%7Cgeneric%7Canswers%7C%7C%20%7Cview&g=https%3A%2F%2Fanswers.citizensbank.com%2F&c.&expWidth=1600&expOrientation=landscape&getTimeParting=9%3A17%20PM%7CThursday&getDateParting=8%3A17%20PM%7CThursday&newRepeat=New&visitnum=1&lastVisitDay=First%20Visit&.c&cc=USD&ch=marketing%7Cgeneric&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&c1=D%3Dv1&v1=us%7Ceng&c2=D%3Dv2&v2=marketing&c3=D%3Dv3&v3=desk&c4=D%3Dv4&v4=generic&c5=D%3Dv5&v5=consumer&c7=D%3Dv7&v7=answers&c8=D%3Dv8&c10=D%3Dv10&v10=view&v27=D%3Dg&c35=D%3Dv35&v35=generic%7Canswers%7C%7C%7Cview&c62=VisitorAPI%20Present&c73=D%3Dv73&v73=cb&v90=generic%7Canswers%7C%7C%7Cview&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=4C3B0C3755C3822E7F000101%40AdobeOrg&AQE=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.95.229 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-188-95-229.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://answers.citizensbank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 08 Apr 2022 01:17:19 GMT
x-content-type-options
nosniff
x-c
main-1637.I660130.M0-562
p3p
CP="This is not a P3P policy"
vary
*
content-length
43
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Sat, 09 Apr 2022 01:17:19 GMT
server
jag
xserver
anedge-7b6f4bb9f7-87zcw
etag
3542017952178864128-4619360358584724054
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, no-transform, private
expires
Thu, 07 Apr 2022 01:17:19 GMT
ibs:dpid=134096&dpuuid=2022040801171900053064673167
dpm.demdex.net/ Frame 6984
Redirect Chain
  • https://x.dlx.addthis.com/e/demdex_sync?na_exid=82157517533826429491350960852854416446&ru=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D134096%26dpuuid%3D%3Cna_id%3E%20
  • https://dpm.demdex.net/ibs:dpid=134096&dpuuid=2022040801171900053064673167
42 B
943 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=134096&dpuuid=2022040801171900053064673167
Protocol
HTTP/1.1
Server
34.243.37.47 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-243-37-47.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citizensbank.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

DCS
dcs-prod-irl1-1-v030-0cacb0317.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
ZywJaebmQr0=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

location
https://dpm.demdex.net/ibs:dpid=134096&dpuuid=2022040801171900053064673167
pragma
no-cache
date
Fri, 08 Apr 2022 01:17:19 GMT
cache-control
max-age=0, no-cache, no-store
content-length
0
strict-transport-security
max-age=2628000
expires
Fri, 08 Apr 2022 01:17:19 GMT
ibs:dpid=771&dpuuid=CAESEAc72O5BvhcfYwrYFmek8ss&google_cver=1
dpm.demdex.net/ Frame 6984
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=ODIxNTc1MTc1MzM4MjY0Mjk0OTEzNTA5NjA4NTI4NTQ0MTY0NDY=
  • https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm=&gdpr=0&gdpr_consent=&google_hm=ODIxNTc1MTc1MzM4MjY0Mjk0OTEzNTA5NjA4NTI4NTQ0MTY0NDY=&google_tc=
  • https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEAc72O5BvhcfYwrYFmek8ss&google_cver=1?gdpr=0&gdpr_consent=
42 B
943 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEAc72O5BvhcfYwrYFmek8ss&google_cver=1?gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Server
34.243.37.47 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-243-37-47.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citizensbank.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

DCS
dcs-prod-irl1-1-v030-0ee01b566.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
9fnMrgTNSoM=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma
no-cache
date
Fri, 08 Apr 2022 01:17:19 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dpm.demdex.net/ibs:dpid=771&dpuuid=CAESEAc72O5BvhcfYwrYFmek8ss&google_cver=1?gdpr=0&gdpr_consent=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
314
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ibs:dpid=1121&dpuuid=5144588519977297025
dpm.demdex.net/ Frame 6984
Redirect Chain
  • https://p.rfihub.com/cm?in=1&pub=7085
  • https://dpm.demdex.net/ibs:dpid=1121&dpuuid=5144588519977297025
42 B
943 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=1121&dpuuid=5144588519977297025
Protocol
HTTP/1.1
Server
34.243.37.47 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-243-37-47.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citizensbank.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

DCS
dcs-prod-irl1-2-v030-0c2f95966.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
2hBtvwYLSYY=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location
https://dpm.demdex.net/ibs:dpid=1121&dpuuid=5144588519977297025
Date
Fri, 08 Apr 2022 01:17:19 GMT
Server
Jetty(9.3.29.v20201019)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
match
ps.eyeota.net/ Frame 6984 		0
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ps.eyeota.net/match?bid=6j5b2cv&uid=82157517533826429491350960852854416446&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30064%26dpuuid%3D%7BUUID_6j5b2cv%7D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.121.27.153 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-121-27-153.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citizensbank.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Fri, 08 Apr 2022 01:17:20 GMT
Content-Length
0
P3P
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
ibs:dpid=121998&dpuuid=
dpm.demdex.net/ Frame 6984
Redirect Chain
  • https://sync.crwdcntrl.net/map/c=9828/tp=ADBE/gdpr=0/gdpr_consent=/tpid=82157517533826429491350960852854416446?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D121998%26dpuuid%3D${profile_id}
  • https://sync.crwdcntrl.net/map/ct=y/c=9828/tp=ADBE/gdpr=0/gdpr_consent=/tpid=82157517533826429491350960852854416446?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D121998%26dpuuid%3D${profile_id}
  • https://dpm.demdex.net/ibs:dpid=121998&dpuuid=
42 B
961 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=121998&dpuuid=
Protocol
HTTP/1.1
Server
34.243.37.47 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-243-37-47.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citizensbank.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

DCS
dcs-prod-irl1-2-v030-0123cbe82.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-Error
300,104
X-TID
Zr2URT42S7o=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma
no-cache
date
Fri, 08 Apr 2022 01:17:20 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location
https://dpm.demdex.net/ibs:dpid=121998&dpuuid=
expires
0
cache-control
no-cache
x-server
10.45.23.235
content-length
0
x-consent
absent
pixel
cm.g.doubleclick.net/ Frame 6984
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_...
  • https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WWtfTkh3QUFBTGM5dEFRUw==
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WWtfTkh3QUFBTGM5dEFRUw==
Protocol
H3
Server
172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
zrh04s05-in-f98.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citizensbank.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 Apr 2022 01:17:20 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 08 Apr 2022 01:17:20 GMT
via
1.1 varnish
server
Varnish
x-timer
S1649380640.171580,VS0,VE0
x-served-by
cache-hhn4037-HHN
x-cache
HIT
location
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=WWtfTkh3QUFBTGM5dEFRUw==
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
tap.php
pixel.rubiconproject.com/ Frame 6984
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90
  • https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=Yk_NHwAAALc9tAQS&expires=90
0
239 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=Yk_NHwAAALc9tAQS&expires=90
Protocol
HTTP/1.1
Server
69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citizensbank.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
3bafef7aa4e37890defcd73f0a080481
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Fri, 08 Apr 2022 01:17:20 GMT
via
1.1 varnish
server
Varnish
x-timer
S1649380640.248816,VS0,VE0
x-served-by
cache-hhn4037-HHN
x-cache
HIT
location
https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=Yk_NHwAAALc9tAQS&expires=90
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
rum
dsum-sec.casalemedia.com/ Frame 6984
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Yk_NHwAAALc9tAQS
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Yk_NHwAAALc9tAQS&C=1
43 B
1003 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Yk_NHwAAALc9tAQS&C=1
Protocol
HTTP/1.1
Server
23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-236-247.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citizensbank.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 08 Apr 2022 01:17:20 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Fri, 08 Apr 2022 01:17:20 GMT

Redirect headers

Pragma
no-cache
Date
Fri, 08 Apr 2022 01:17:20 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Yk_NHwAAALc9tAQS&C=1
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
279
Expires
Fri, 08 Apr 2022 01:17:20 GMT
bounce
ib.adnxs.com/ Frame 6984
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D
  • https://ib.adnxs.com/setuid?entity=158&code=Yk_NHwAAALc9tAQS
  • https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D158%26code%3DYk_NHwAAALc9tAQS
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D158%26code%3DYk_NHwAAALc9tAQS
Protocol
HTTP/1.1
Server
185.33.221.13 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citizensbank.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 08 Apr 2022 01:17:20 GMT
X-Proxy-Origin
217.64.151.28; 217.64.151.28; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
8a2a0e6c-0048-495d-994f-968e5133f287
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Fri, 08 Apr 2022 01:17:20 GMT
X-Proxy-Origin
217.64.151.28; 217.64.151.28; 729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid
8255a7db-50ab-4d69-a14a-66a6f0d24719
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D158%26code%3DYk_NHwAAALc9tAQS
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 6984
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D
  • https://us-u.openx.net/w/1.0/sd?id=537148856&val=Yk_NHwAAALc9tAQS
43 B
274 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537148856&val=Yk_NHwAAALc9tAQS
Protocol
H2
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/18.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citizensbank.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 Apr 2022 01:17:20 GMT
via
1.1 google
server
OXGW/18.0.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 08 Apr 2022 01:17:20 GMT
via
1.1 varnish
server
Varnish
x-timer
S1649380641.552821,VS0,VE0
x-served-by
cache-hhn4037-HHN
x-cache
HIT
location
https://us-u.openx.net/w/1.0/sd?id=537148856&val=Yk_NHwAAALc9tAQS
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
Pug
image2.pubmatic.com/AdServer/ Frame 6984
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER...
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Yk_NHwAAALc9tAQS
1 B
546 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Yk_NHwAAALc9tAQS
Protocol
H2
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citizensbank.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Fri, 08 Apr 2022 01:17:19 GMT
cache-control
no-store, no-cache, private
x-lat
amspug008:0:416
server
nginx
content-type
text/html; charset=utf-8
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Fri, 08 Apr 2022 01:17:20 GMT
via
1.1 varnish
server
Varnish
x-timer
S1649380641.656803,VS0,VE0
x-served-by
cache-hhn4037-HHN
x-cache
HIT
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=Yk_NHwAAALc9tAQS
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
partner
sync.search.spotxchange.com/ Frame 6984
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/h0r58thg?redir=https%3A%2F%2Fsync.search.spotxchange.com%2Fpartner%3Fadv_id%3D6409%26uid%3D%24%7BUSER_ID%7D%26img%3D1
  • https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Yk_NHwAAALc9tAQS&img=1
  • https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Yk_NHwAAALc9tAQS&img=1&__user_check__=1&sync_id=a3762332-b6d9-11ec-9d04-1d03a5b20106
43 B
549 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.search.spotxchange.com/partner?adv_id=6409&uid=Yk_NHwAAALc9tAQS&img=1&__user_check__=1&sync_id=a3762332-b6d9-11ec-9d04-1d03a5b20106
Protocol
HTTP/1.1
Server
185.94.180.125 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software
nginx /
Resource Hash
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citizensbank.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Fri, 08 Apr 2022 01:17:20 GMT
Server
nginx
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials
false
X-fe
107
Connection
keep-alive
Content-Length
43

Redirect headers

Date
Fri, 08 Apr 2022 01:17:20 GMT
Server
nginx
Location
/partner?adv_id=6409&uid=Yk_NHwAAALc9tAQS&img=1&__user_check__=1&sync_id=a3762332-b6d9-11ec-9d04-1d03a5b20106
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
text/plain
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials
false
X-fe
87
Connection
keep-alive
Content-Length
0
b.php
www.facebook.com/fr/ Frame 6984
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fwww.facebook.com%2Ffr%2Fb.php%3Fp%3D1531105787105294%26e%3D%24%7BTM_USER_ID%7D%26t%3D2592000%26o%3D0
  • https://www.facebook.com/fr/b.php?p=1531105787105294&e=Yk_NHwAAALc9tAQS&t=2592000&o=0
43 B
605 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/fr/b.php?p=1531105787105294&e=Yk_NHwAAALc9tAQS&t=2592000&o=0
Protocol
H2
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citizensbank.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Thu, 07 Apr 2022 18:17:20 PDT
content-encoding
br
x-content-type-options
nosniff
document-policy
force-load-at-top
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-fb-rlafr
0
pragma
public
x-fb-debug
rjeRN5Vwtt8hGPmr/Cn/VXWYH3Sh5BcGH5SvT1zaX0YxnwuqnAgibxzkKT9WuYs7+iWRNk2VmVK+nl2KBZ6Hbw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
strict-transport-security
max-age=15552000; preload
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
image/gif
vary
Accept-Encoding
cache-control
public, max-age=0
priority
u=3,i
expires
Thu, 07 Apr 2022 18:17:20 PDT

Redirect headers

pragma
no-cache
date
Fri, 08 Apr 2022 01:17:20 GMT
via
1.1 varnish
server
Varnish
x-timer
S1649380641.864298,VS0,VE0
x-served-by
cache-hhn4037-HHN
x-cache
HIT
location
https://www.facebook.com/fr/b.php?p=1531105787105294&e=Yk_NHwAAALc9tAQS&t=2592000&o=0
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
restricted
mid.rkdms.com/ Frame 6984
Redirect Chain
  • https://mid.rkdms.com/bct?pid=8bc436aa-e0fc-4baa-9c9a-06fbeca87826&puid=82157517533826429491350960852854416446&_ct=img
  • https://mid.rkdms.com/restricted
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mid.rkdms.com/restricted
Protocol
H2
Server
54.208.98.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-208-98-135.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citizensbank.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Redirect headers

location
/restricted
date
Fri, 08 Apr 2022 01:17:21 GMT
server
nginx
content-length
0

Verdicts & Comments Add Verdict or Comment

90 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails object| hitchhiker_theme_translations function| yextConversionTag function| ytag function| iframeGetSearchParams function| iframeLoadedResolve object| iframeLoaded object| iFrameResizer function| _typeof function| _extends function| _objectWithoutProperties function| _objectWithoutPropertiesLoose function| _classCallCheck function| _defineProperties function| _createClass function| _get function| _superPropBase function| _inherits function| _setPrototypeOf function| _createSuper function| _possibleConstructorReturn function| _assertThisInitialized function| _isNativeReflectConstruct function| _getPrototypeOf function| ownKeys function| _objectSpread function| _defineProperty function| initAnswers object| webpackChunk_name_ function| sprintf function| vsprintf object| regeneratorRuntime object| Formatter object| Overlay object| CollapsibleFilters object| AnswersExperience object| HitchhikerJS object| bundle object| TemplateBundle function| setImmediate function| clearImmediate function| swal function| sweetAlert object| ANSWERS number| screenWidth string| device object| CBDL object| ensBootstraps object| Bootstrapper number| _delay function| _log object| _enslog object| adobe function| Visitor object| s_c_il number| s_c_in object| visitor string| sName string| s_account object| s function| getUrlVars function| getIntUrlVars object| today object| currentDate number| sundays number| currentDayNum function| AppMeasurement_Module_Integrate function| AppMeasurement_Module_AudienceManagement function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq function| DIL number| s_objectID number| s_giq string| k object| s_Obj string| s_PPVid function| s_PPVevent number| s_PPVi number| s_PPVt number| d object| eo number| y string| f0 object| s_i_citizensbankmarketingprod_citizensbankglobalprod

39 Cookies

Domain/Path Name / Value
.answers.citizensbank.com/ Name: __cf_bm
Value: AkaNjL8oNsVTRb1sQE5iu50LKz_A24F1AeieG3oyx58-1649380638-0-Ae2Njcq0HLWgEnm7IKvGQGwCiRVofiwjIz5ouPFsB8ltPVEu3hruaKIddJXya61IpyWfA8lgOM6WYOWA3BsO2JU=
.sitescdn.net/ Name: __cf_bm
Value: lUGSFHeG4etGaw8jwEqQhpqO7BqP87KvpY2CaqZMt5c-1649380638-0-AYQaUtSJWkCXI6DnV3BNZCsa9jo3QI5GthhGUcgZuYpvGXxPgJfh5CR+orGxR7wnxMIj/A4kikC1mQirlLoPMTw=
.citizensbank.com/ Name: _yfpc
Value: 738768036230
.demdex.net/ Name: demdex
Value: 82157517533826429491350960852854416446
.citizensbank.com/ Name: AMCVS_4C3B0C3755C3822E7F000101%40AdobeOrg
Value: 1
.citizensbank.com/ Name: s_ecid
Value: MCMID%7C82176677573814342101346752508744456793
realtimeanalytics.yext.com/ Name: cookieId
Value: 738768036230
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~Yk_NHwAAALc9tAQS
.dpm.demdex.net/ Name: dpm
Value: 82157517533826429491350960852854416446
.citizensbank.com/ Name: AMCV_4C3B0C3755C3822E7F000101%40AdobeOrg
Value: 359503849%7CMCIDTS%7C19091%7CMCMID%7C82176677573814342101346752508744456793%7CMCAAMLH-1649985439%7C6%7CMCAAMB-1649985439%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1649387839s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19098%7CvVersion%7C5.0.1
.rlcdn.com/ Name: rlas3
Value: H4NBQi4wwmvlNEDzkoB86s9dCfHtvwjOTEkAIpZDAlQ=
.citizensbank.com/ Name: s_ppvl
Value: %5B%5BB%5D%5D
.citizensbank.com/ Name: gpv_p5
Value: marketing%7Cgeneric%7Canswers%7C%7C%20%7Cview
.citizensbank.com/ Name: s_nr
Value: 1649380639579-New
.citizensbank.com/ Name: s_vnum
Value: 1651363200582%26vn%3D1
.citizensbank.com/ Name: s_invisit
Value: true
.citizensbank.com/ Name: s_lv
Value: 1649380639586
.citizensbank.com/ Name: s_lv_s
Value: First%20Visit
.citizensbank.com/ Name: s_cc
Value: true
.rlcdn.com/ Name: pxrc
Value: CJ+avpIGEgUI6AcQABIGCPHrARAA
.doubleclick.net/ Name: IDE
Value: AHWqTUnfMNo2wofPeQMitTyny5vnD3BuNMPm0VBn4J-0WpGApHLqppwtXqo3vawRIMU
.rfihub.com/ Name: eud
Value: H4sIAAAAAAAAAFvFxGtoZmJpbGFgZmxpYWkBAFSRkD0QAAAA
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAAAOMSNjU0MTG1sDA1tLQ0NzeyNDcwMhXiM9TNS_EzzI5PTkl08QsFAJCkQUklAAAA
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAAAOMSNjU0MTG1sDA1tLQ0NzeyNDcwMhXiM9TNS_EzzI5PTkl08QuV4jU0M7E0tjAwM7a0sLQAABEU7aI0AAAA
.citizensbank.com/ Name: s_ppv
Value: marketing%257Cgeneric%257Canswers%257C%257C%2520%257Cview%2C100%2C100%2C1200%2C1600%2C1200%2C1600%2C1200%2C1%2CP
.crwdcntrl.net/ Name: _cc_cc
Value: ctst
.eyeota.net/ Name: SERVERID
Value: 24069~DM
.adnxs.com/ Name: uuid2
Value: 5075256717949320384
.casalemedia.com/ Name: CMID
Value: Yk.NILHtUslUmrvQgnU4uQAA
.casalemedia.com/ Name: CMPS
Value: 5204
.adnxs.com/ Name: anj
Value: dTM7k!M4.FErk#WF']wIg2E>0gJc*G!]tbPl1MwL(!R7qUY$++bYvc+YWJW`_AWq(D)MJzAt3TR<QG=%9sk?bIRwi:w9Ld14D-^417Mco/y@Yw#u!pq*S8za
.casalemedia.com/ Name: CMPRO
Value: 1135
.casalemedia.com/ Name: CMRUM3
Value: 58624f8d202760Yk_NHwAAALc9tAQS
.casalemedia.com/ Name: CMST
Value: Yk+NIGJPjSAA
.pubmatic.com/ Name: KRTBCOOKIE_218
Value: 4056-Yk_NHwAAALc9tAQS&KRTB&22978-Yk_NHwAAALc9tAQS&KRTB&23194-Yk_NHwAAALc9tAQS&KRTB&23209-Yk_NHwAAALc9tAQS
.pubmatic.com/ Name: PugT
Value: 1649380639
.pubmatic.com/ Name: PUBMDCID
Value: 3
.spotxchange.com/ Name: audience
Value: a37622eb-b6d9-11ec-9d04-1d03a5b20106
.demdex.net/ Name: dextp
Value: 60-1-1649380639522|843-1-1649380639626|771-1-1649380639727|1121-1-1649380639827|30064-1-1649380639929|121998-1-1649380640036|144230-1-1649380640140|144231-1-1649380640242|144232-1-1649380640343|144233-1-1649380640444|144234-1-1649380640546|144235-1-1649380640650|144236-1-1649380640756|144237-1-1649380640860|129099-1-1649380640963

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

answers.citizensbank.com
assets.sitescdn.net
cdnjs.cloudflare.com
citizensbank.demdex.net
cm.everesttech.net
cm.g.doubleclick.net
dpm.demdex.net
dsum-sec.casalemedia.com
ib.adnxs.com
idsync.rlcdn.com
image2.pubmatic.com
mid.rkdms.com
nexus.ensighten.com
p.rfihub.com
pixel.rubiconproject.com
ps.eyeota.net
realtimeanalytics.yext.com
smetrics.citizensbank.com
sync-tm.everesttech.net
sync.crwdcntrl.net
sync.search.spotxchange.com
us-u.openx.net
www.facebook.com
x.dlx.addthis.com
15.188.95.229
151.101.130.49
172.217.18.98
18.195.42.228
185.33.221.13
185.64.189.110
185.94.180.125
193.0.160.128
23.35.236.247
2606:4700::6811:190e
2606:4700::6812:7134
2606:4700::6812:7334
2a03:2880:f11c:8083:face:b00c:0:25de
3.121.27.153
34.243.37.47
35.244.159.8
35.244.174.68
52.212.211.89
52.30.14.23
54.161.181.151
54.208.98.135
54.216.2.121
69.173.144.139
69.192.160.219
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0f347f7bfe111b3071e5f5078010346f82626c85c65508a0b83661515e146fc5
115546b0bec1e5c7f38bd2e8dd7136b1063a96202676afe2470b26c06bcce6c6
20a29036fe4a46137c8df7bd672f8bd5673a657e338a709a9ccc629ad886d7fb
359ddc2cb6d45372850dd616ee82385c5a8d76c5981afba50765732925356832
38399efe707a8ffc12359a0086e7340315b42194a10fd2e1d1288be12da9e39c
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4bf7b4335f93390740535b1e55da9296acbda0b1740ab5d0be17d75cfe32ebfe
4c24262a87fdf021d377bf7e4d6c08ce81a1862e774facca70713391a4cd3bc7
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
595be9a60b244441f1d71268273979e1f97bd031525e0c054465af0935c3dd18
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7c63f9dfacdcdef381482136bf548e721c3e300c6f001d562467375b4fe9720c
9f70009f6f037af220e6718648cdcb577d5520c6076f70f8991b2c6146079e96
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
ada334fef426e1c312d85b7bc0267d5f825bf0da6a5e0da6a847afaa0fba12a3
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
c08efa91781865d1a2e9fcb030f8ac55c2d8eadbf8822c2ea251556333f99d9c
c1c50d9785311329b25da29a2e2cf6debca99321375e6523b0e0a728614d9f8d
c284680446e1cbe62840dd2f048fe3cb5c6e2e169d6f51483288251193f0d532
c8c07815a46f5c991fb065e5e2cb5babcd0b15d1c67bf310a5931adc2138b6c9
d4a1916cb402e1fba4eed335fb19c68c23a283554f749c23e75dc90ca79bb80f
d8dd0de638293eb62dba15a6e410fb0af9a5b36c35df226237b1b609d573c63e
da3241e8118ae86bbe09bb4f04eff598178548d14b01656559b27f5e9e7ce1b8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629