cltlbank-heip.serveirc.com Open in urlscan Pro
162.243.171.38 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://cltlbank-heip.serveirc.com/
Submission: On October 06 via automatic, source openphish (October 6th 2021, 1:15:39 pm UTC) — Scanned from DE

Summary HTTP 83 Redirects Links 33 Behaviour Indicators

Summary

This website contacted 14 IPs in 1 countries across 10 domains to perform 83 HTTP transactions. The main IP is 162.243.171.38, located in North Bergen, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is cltlbank-heip.serveirc.com.

This is the only time cltlbank-heip.serveirc.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citibank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	162.243.171.38 162.243.171.38	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
16	104.106.211.171 104.106.211.171	16625 (AKAMAI-AS) (AKAMAI-AS)
26	91.235.133.67 91.235.133.67	30286 (THM) (THM)
1	69.16.175.42 69.16.175.42	20446 (HIGHWINDS3) (HIGHWINDS3)
2	151.101.130.133 151.101.130.133	54113 (FASTLY) (FASTLY)
4	204.79.197.200 204.79.197.200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	23.44.210.190 23.44.210.190	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	35.190.60.146 35.190.60.146	15169 (GOOGLE) (GOOGLE)
6	142.250.110.154 142.250.110.154	15169 (GOOGLE) (GOOGLE)
1	151.101.129.175 151.101.129.175	54113 (FASTLY) (FASTLY)
1	35.241.45.82 35.241.45.82	15169 (GOOGLE) (GOOGLE)
2	91.235.132.130 91.235.132.130	30286 (THM) (THM)
2	91.235.134.131 91.235.134.131	30286 (THM) (THM)
83	14

1 162.243.171.38 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: host.services-neversurrender.tech

cltlbank-heip.serveirc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 104.106.211.171 (Lithia Springs, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a104-106-211-171.deploy.static.akamaitechnologies.com

www.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 91.235.133.67 (United States)

ASN30286 (THM, US)

content22.online.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.16.175.42 (United States)

ASN20446 (HIGHWINDS3, US)
PTR: hwcdn.net

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.130.133 (United States)

ASN54113 (FASTLY, US)

resources.digital-cloud-citi.medallia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 204.79.197.200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
PTR: a-0001.a-msedge.net

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.44.210.190 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-44-210-190.deploy.static.akamaitechnologies.com

online.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.60.146 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com

sr.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.110.154 (United States)

ASN15169 (GOOGLE, US)
PTR: wf-in-f154.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.129.175 (United States)

ASN54113 (FASTLY, US)

nebula-cdn.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.82 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 82.45.241.35.bc.googleusercontent.com

udc-neb.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 91.235.132.130 (United States)

ASN30286 (THM, US)
PTR: h.online-metrix.net

h.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 91.235.134.131 (United States)

ASN30286 (THM, US)

89oebq5kqqx7z42riyrsy6cpslwy4pp75dxampwm5b34b35a169f0058am1.e.aa.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
89oebq5k3oq2sxzj2zyuj3a5gpalkba73xkzm5kd2b9f4b37dcd6d4bbam1.e.aa.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
44	citi.com www.citi.com Failed content22.online.citi.com online.citi.com contents3.00110.citi.com Failed	1 MB
6	doubleclick.net bid.g.doubleclick.net	1 KB
4	online-metrix.net h.online-metrix.net 89oebq5kqqx7z42riyrsy6cpslwy4pp75dxampwm5b34b35a169f0058am1.e.aa.online-metrix.net 89oebq5k3oq2sxzj2zyuj3a5gpalkba73xkzm5kd2b9f4b37dcd6d4bbam1.e.aa.online-metrix.net	30 KB
4	bing.com bat.bing.com	924 B
2	kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com	6 KB
2	rlcdn.com 1 redirects sr.rlcdn.com	348 B
2	medallia.com resources.digital-cloud-citi.medallia.com	90 KB
1	jquery.com code.jquery.com	30 KB
1	serveirc.com cltlbank-heip.serveirc.com	333 KB
0	Failed function sub() { [native code] }. Failed
83	10

	Domain	Requested by
26	content22.online.citi.com	cltlbank-heip.serveirc.com content22.online.citi.com
16	www.citi.com	cltlbank-heip.serveirc.com www.citi.com
6	bid.g.doubleclick.net	cltlbank-heip.serveirc.com
4	bat.bing.com	cltlbank-heip.serveirc.com
2	h.online-metrix.net	content22.online.citi.com
2	sr.rlcdn.com	1 redirects cltlbank-heip.serveirc.com
2	online.citi.com	cltlbank-heip.serveirc.com
2	resources.digital-cloud-citi.medallia.com	cltlbank-heip.serveirc.com
1	89oebq5k3oq2sxzj2zyuj3a5gpalkba73xkzm5kd2b9f4b37dcd6d4bbam1.e.aa.online-metrix.net
1	89oebq5kqqx7z42riyrsy6cpslwy4pp75dxampwm5b34b35a169f0058am1.e.aa.online-metrix.net
1	udc-neb.kampyle.com	cltlbank-heip.serveirc.com
1	nebula-cdn.kampyle.com	resources.digital-cloud-citi.medallia.com
1	code.jquery.com	cltlbank-heip.serveirc.com
1	cltlbank-heip.serveirc.com
0	ghbmnnjooekpmoecnnnilnnbdlolhkhi Failed	content22.online.citi.com
0	contents3.00110.citi.com Failed	www.citi.com
83	16

This site contains links to these domains. Also see Links.

Domain
www.citi.com
online.citi.com
www.citigroup.com
citieasydeals.com
www.citiprivatepass.com
www.privatebank.citibank.com
play.google.com
itunes.apple.com
www.jdpower.com
www.facebook.com
twitter.com
www.youtube.com

Subject Issuer	Validity	Valid
www.citi.com DigiCert SHA2 Extended Validation Server CA	`2019-10-17` - `2022-01-01`	2 years	crt.sh
content22.online.citi.com DigiCert SHA2 Extended Validation Server CA	`2020-07-14` - `2022-08-06`	2 years	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
*.digital-cloud-citi.medallia.com SSL.com RSA SSL subCA	`2020-10-21` - `2021-11-21`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2021-09-30` - `2022-03-30`	6 months	crt.sh
online.citibank.com DigiCert SHA2 Extended Validation Server CA	`2020-03-13` - `2022-05-14`	2 years	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
h.online-metrix.net Trustwave Organization Validation SHA256 CA, Level 1	`2021-01-21` - `2022-01-21`	a year	crt.sh
*.e.aa.online-metrix.net Trustwave Organization Validation SHA256 CA, Level 1	`2021-07-30` - `2022-08-01`	a year	crt.sh

This page contains 16 frames:

Primary Page: http://cltlbank-heip.serveirc.com/
Frame ID: E413FC2BAF1E80F704892DFA6CB368F1
Requests: 46 HTTP requests in this frame

Frame: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Frame ID: F531EA959E11928C998930D5BB306A08
Requests: 1 HTTP requests in this frame

Frame: https://bid.g.doubleclick.net/xbbe/pixel?d=KAE
Frame ID: 6281E3FC07F83E2B9891A40F8643F527
Requests: 1 HTTP requests in this frame

Frame: https://bid.g.doubleclick.net/xbbe/pixel?d=KAE
Frame ID: A5D3D9B78981888D7F6D663452F3A756
Requests: 1 HTTP requests in this frame

Frame: https://bid.g.doubleclick.net/xbbe/pixel?d=KAE
Frame ID: 4DDBCBE551DABCA6DF335D3D252D6A26
Requests: 1 HTTP requests in this frame

Frame: https://bid.g.doubleclick.net/xbbe/pixel?d=KAE
Frame ID: C0DC2640729558EFE0CF3D542C79E82D
Requests: 1 HTTP requests in this frame

Frame: https://bid.g.doubleclick.net/xbbe/pixel?d=KAE
Frame ID: 6B86AC9BF3F3B7A15317D2583621279A
Requests: 1 HTTP requests in this frame

Frame: https://bid.g.doubleclick.net/xbbe/pixel?d=KAE
Frame ID: 28CDB1CEC23AB73E46599F46E7F9F3CE
Requests: 1 HTTP requests in this frame

Frame: https://content22.online.citi.com/fp/check.js;CIS3SID=0C8949489CA3EE8FA07E832BF67683F2?org_id=89oebq5k&session_id=7df14171f1e513ba6718c7e8cad3f42a088b3e317dc438b1984c180fb53875dd&nonce=5b34b35a169f0058&pageid=1&jb=363924266a736d753f4c696e757a246a716d3d446b6c7570246a7360773d416872676567246a71623f436a726d6567253a383931
Frame ID: 6D3592E053E0FECD618A09D59ECC52EF
Requests: 11 HTTP requests in this frame

Frame: https://content22.online.citi.com/fp/check.js;CIS3SID=3C4BE841345B2E06D2586308AFE76EC4?org_id=89oebq5k&session_id=0b37b5849ae654d879f3cf3988456a75201a7546d608ee7e551f4ecdf773f47e&nonce=2b9f4b37dcd6d4bb&pageid=1&jb=343b242468736775354c696c7578266271673f4e6b6c77702e627362773d4168706f6d65246a73603d41687a6f6d672532303931
Frame ID: 2155E5EAF8761DF87EB83F1E8BAE99A2
Requests: 11 HTTP requests in this frame

Frame: https://content22.online.citi.com/fp/ls_fp.html;CIS3SID=0C8949489CA3EE8FA07E832BF67683F2?org_id=89oebq5k&session_id=7df14171f1e513ba6718c7e8cad3f42a088b3e317dc438b1984c180fb53875dd&nonce=5b34b35a169f0058&pageid=1
Frame ID: A23A8D2E0B92C10DC7B09374E4A4819B
Requests: 2 HTTP requests in this frame

Frame: https://h.online-metrix.net/fp/sid_fp.html;CIS3SID=0C8949489CA3EE8FA07E832BF67683F2?org_id=89oebq5k&session_id=7df14171f1e513ba6718c7e8cad3f42a088b3e317dc438b1984c180fb53875dd&nonce=5b34b35a169f0058&pageid=1
Frame ID: B9108034C1D8FFAC283B0EAD4C8A1E74
Requests: 1 HTTP requests in this frame

Frame: https://content22.online.citi.com/fp/top_fp.html;CIS3SID=0C8949489CA3EE8FA07E832BF67683F2?org_id=89oebq5k&session_id=7df14171f1e513ba6718c7e8cad3f42a088b3e317dc438b1984c180fb53875dd&nonce=5b34b35a169f0058&pageid=1
Frame ID: 653944301A097A45BD1C6CA97F8ABF08
Requests: 1 HTTP requests in this frame

Frame: https://content22.online.citi.com/fp/ls_fp.html;CIS3SID=3C4BE841345B2E06D2586308AFE76EC4?org_id=89oebq5k&session_id=0b37b5849ae654d879f3cf3988456a75201a7546d608ee7e551f4ecdf773f47e&nonce=2b9f4b37dcd6d4bb&pageid=1
Frame ID: 2DA90F034CC6EF86B9731D628586DF39
Requests: 2 HTTP requests in this frame

Frame: https://h.online-metrix.net/fp/sid_fp.html;CIS3SID=3C4BE841345B2E06D2586308AFE76EC4?org_id=89oebq5k&session_id=0b37b5849ae654d879f3cf3988456a75201a7546d608ee7e551f4ecdf773f47e&nonce=2b9f4b37dcd6d4bb&pageid=1
Frame ID: 2E843D2F02A31E4926A760B64BD07749
Requests: 1 HTTP requests in this frame

Frame: https://content22.online.citi.com/fp/top_fp.html;CIS3SID=3C4BE841345B2E06D2586308AFE76EC4?org_id=89oebq5k&session_id=0b37b5849ae654d879f3cf3988456a75201a7546d608ee7e551f4ecdf773f47e&nonce=2b9f4b37dcd6d4bb&pageid=1
Frame ID: FF148B7B4718398BF64A582F52E04E53
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign On to Your Citi Account - Citibank

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

83
Requests

75 %
HTTPS

0 %
IPv6

10
Domains

16
Subdomains

14
IPs

1
Countries

1581 kB
Transfer

6069 kB
Size

11
Cookies

33 Outgoing links

These are links going to different origins than the main page.

URL: https://www.citi.com/

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/citibank-location-finder
Title: ATM / BRANCH

Search URL Search Domain Scan URL

URL: http://www.citigroup.com/citi/
Title: Our Story

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=ServicesOverview
Title: Benefits and Services

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=Rewards
Title: Rewards

Search URL Search Domain Scan URL

URL: https://citieasydeals.com/
Title: Citi Easy DealsSM

Search URL Search Domain Scan URL

URL: http://www.citiprivatepass.com/
Title: Citi EntertainmentSM

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=SpecialOffers
Title: Special Offers

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/citigold-private-client
Title: Citigold® Private Client

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=CitigoldOverview
Title: Citigold®

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=CitiPriorityOverview
Title: Citi Priority

Search URL Search Domain Scan URL

URL: https://www.privatebank.citibank.com/
Title: Citi Private Bank

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/small-business-banking
Title: Small Business Accounts

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=CitiCommercialBanking
Title: Commercial Accounts

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/current-interest-rates/checking-saving-accounts
Title: Personal Banking

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare-credit-cards/citi.action?ID=view-all-credit-cards
Title: Credit Cards

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=todays_mortgage_rates&type=buy
Title: Mortgage

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=home_equity_rates
Title: Home Equity

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/current-interest-rates/personal-loans-and-lines-of-credit
Title: Lending

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/contactus
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/helptopic
Title: Help & FAQs

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/security-center
Title: Security Center

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.citi.citimobile
Title: Continue

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/app/citi-mobile-sm/id301724680?mt=8
Title: Continue

Search URL Search Domain Scan URL

URL: http://www.jdpower.com/awards
Title: Continue

Search URL Search Domain Scan URL

URL: https://www.facebook.com/citibank
Title: Continue

Search URL Search Domain Scan URL

URL: https://twitter.com/Citibank/
Title: Continue

Search URL Search Domain Scan URL

URL: https://www.youtube.com/citi
Title: Continue

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/termsdisclaimer/termsdisclaimerhome
Title: Terms & Conditions

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=Privacy
Title: Privacy

Search URL Search Domain Scan URL

URL: https://online.citi.com/JRS/portal/template.do?ID=Privacy#notice-at-collection
Title: Notice at Collection

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/dataprivacyhub
Title: CA Privacy Hub

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=Accessibility
Title: Accessibility

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 36

http://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709 HTTP 301
https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709

83 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
cltlbank-heip.serveirc.com/ 333 KB
333 KB 213ms
117ms Document
text/html 162.243.171.38
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://cltlbank-heip.serveirc.com/
Protocol: HTTP/1.1
Server: 162.243.171.38 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: host.services-neversurrender.tech
Software: Apache /
Resource Hash: 2163fe2faf4f293e04c6015ac36804bd7caf707b52c021a59d67f4ec37d76a69

Request headers

Host: cltlbank-heip.serveirc.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Date: Wed, 06 Oct 2021 13:15:31 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET Interstate-Light.woff
www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0

GET Interstate-Bold.woff
www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0

GET Interstate-Regular.woff
www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0

GET
H/1.1 200
OK styles.07893b721f6dae561ac2.css
www.citi.com/cbol-pre-login-static-assets/ 1 MB
149 KB 474ms
127ms Stylesheet
text/css 104.106.211.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.citi.com/cbol-pre-login-static-assets/styles.07893b721f6dae561ac2.css

Requested by

Host: cltlbank-heip.serveirc.com
URL: http://cltlbank-heip.serveirc.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.106.211.171 Lithia Springs, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-106-211-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

a11ffa46316a590d3ac199c8303c3f18eda2bf0ce2a4f9e773847cce36b1d8ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 151390
X-Xss-Protection: 1; mode=block
Last-Modified: Thu, 23 Sep 2021 04:47:54 GMT
Server: nginx
X-Akamai-CITISITE: SWDC
X-Frame-Options: DENY
Date: Wed, 06 Oct 2021 13:15:32 GMT
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Content-Type: text/css;charset=UTF-8
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: a3e616fc-450b-4ba7-4f6f-e8b277332154
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Cache-Control: public, no-transform, max-age=21600
Access-Control-Allow-Credentials: true
ETag: W/"132bb8-17c10fb4090"
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
Expires: Wed, 06 Oct 2021 19:15:32 GMT

GET
H/1.1 200
OK tags.js Show response
content22.online.citi.com/fp/ 81 KB
11 KB 86ms
15ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/tags.js?org_id=89oebq5k&allow_reprofile=1&session_id=7df14171f1e513ba6718c7e8cad3f42a088b3e317dc438b1984c180fb53875dd

Requested by

Host: cltlbank-heip.serveirc.com
URL: http://cltlbank-heip.serveirc.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

59fbd4183d998d134725a77b18536f20e42f55e69be5d5b08fee043c1f07b381

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Oct 2021 13:15:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
P3P: CP=IVAa PSAa
Cache-Control: no-cache, no-store, must-revalidate
Transfer-Encoding: chunked
Connection: Keep-Alive, Keep-Alive
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=2, max=100
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK cedric.js Show response
www.citi.com/cbol-pre-login-static-assets/cbol-core-assets/cedric/ 602 KB
113 KB 472ms
147ms Script
application/javascript 104.106.211.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.citi.com/cbol-pre-login-static-assets/cbol-core-assets/cedric/cedric.js

Requested by

Host: cltlbank-heip.serveirc.com
URL: http://cltlbank-heip.serveirc.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.106.211.171 Lithia Springs, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-106-211-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

48451bef935eba4b7a149a7b6dc16cc7183e75cb2887d571a3382ae3f155686a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 114765
X-Xss-Protection: 1; mode=block
Last-Modified: Thu, 23 Sep 2021 07:32:46 GMT
Server: nginx
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Wed, 06 Oct 2021 13:15:32 GMT
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Content-Type: application/javascript;charset=UTF-8
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: 4eda53c1-3ccf-4269-504c-9d9f2959a1c1
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Cache-Control: public, no-transform, max-age=21600
Access-Control-Allow-Credentials: true
ETag: W/"96983-17c11923130"
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
Expires: Wed, 06 Oct 2021 19:15:32 GMT

GET
H/1.1 200
OK tags.js Show response
content22.online.citi.com/fp/ 81 KB
11 KB 87ms
16ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/tags.js?org_id=89oebq5k&allow_reprofile=1&session_id=0b37b5849ae654d879f3cf3988456a75201a7546d608ee7e551f4ecdf773f47e

Requested by

Host: cltlbank-heip.serveirc.com
URL: http://cltlbank-heip.serveirc.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

3428fb639ef0bc00bc0582c2b6b42d04b1f364782fdefdae3e91a9d73c8726b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Oct 2021 13:15:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
P3P: CP=IVAa PSAa
Cache-Control: no-cache, no-store, must-revalidate
Transfer-Encoding: chunked
Connection: Keep-Alive, Keep-Alive
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=2, max=100
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK citilogoredesign.png
www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 2 KB
3 KB 496ms
119ms Image
image/png 104.106.211.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/citilogoredesign.png

Requested by

Host: cltlbank-heip.serveirc.com
URL: http://cltlbank-heip.serveirc.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.106.211.171 Lithia Springs, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-106-211-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 1799
X-Xss-Protection: 1; mode=block
Last-Modified: Thu, 23 Sep 2021 07:32:47 GMT
Server: nginx
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Wed, 06 Oct 2021 13:15:33 GMT
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Content-Type: image/png
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: b6da3774-e578-4f6b-6866-7f26debe6a1c
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Cache-Control: public, no-transform, max-age=21600
Access-Control-Allow-Credentials: true
ETag: W/"707-17c11923518"
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
Expires: Wed, 06 Oct 2021 19:15:33 GMT

GET
H/1.1 200
OK 050-location@2x.svg
www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 2 KB
2 KB 368ms
156ms Image
image/svg+xml 104.106.211.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/050-location@2x.svg

Requested by

Host: cltlbank-heip.serveirc.com
URL: http://cltlbank-heip.serveirc.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.106.211.171 Lithia Springs, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-106-211-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Sid: 4ed8672a-8835-4537-a872-78c11a2cdf54
Content-Encoding: gzip
ETag: W/"6d8-17c11923518"
Nonce: 6882394619282964
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Connection: keep-alive
Content-Length: 758
X-Xss-Protection: 1; mode=block
Uuid: b04d9094-43b3-4151-a9b3-57f8c2ec22b2
Last-Modified: Thu, 23 Sep 2021 07:32:47 GMT
Server: nginx
Cache-Control: public, no-transform, max-age=21600
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Wed, 06 Oct 2021 13:15:33 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
Content-Type: image/svg+xml
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: be32d759-7bf7-4cc9-5a9e-7f17d1f09b2e
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Scope: VISITOR
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
X-Content-Type-Options: nosniff
Dclocation: GT1DMS
Expires: Wed, 06 Oct 2021 19:15:33 GMT

GET
H/1.1 200
OK icon_globe_med-grey@2x.svg
www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 3 KB
3 KB 328ms
121ms Image
image/svg+xml 104.106.211.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/icon_globe_med-grey@2x.svg

Requested by

Host: cltlbank-heip.serveirc.com
URL: http://cltlbank-heip.serveirc.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.106.211.171 Lithia Springs, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-106-211-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Sid: 087c53e2-03fa-4403-a0ba-ec031ccbe38c
Content-Encoding: gzip
ETag: W/"dc3-17c11923518"
Nonce: 4207714867755442
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Connection: keep-alive
Content-Length: 1419
X-Xss-Protection: 1; mode=block
Uuid: 088d4bfd-f886-40bc-b715-796c1a346c87
Last-Modified: Thu, 23 Sep 2021 07:32:47 GMT
Server: nginx
Cache-Control: public, no-transform, max-age=21600
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Wed, 06 Oct 2021 13:15:33 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
Content-Type: image/svg+xml
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: dbaa15dd-b304-4d3f-6f71-2560461ba42e
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Scope: VISITOR
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
X-Content-Type-Options: nosniff
Dclocation: GT1DMS
Expires: Wed, 06 Oct 2021 19:15:33 GMT

GET
H/1.1 200
OK 320_Citi-PLT@3x.png
www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 11 KB
13 KB 119ms
119ms Image
image/png 104.106.211.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/320_Citi-PLT@3x.png

Requested by

Host: cltlbank-heip.serveirc.com
URL: http://cltlbank-heip.serveirc.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.106.211.171 Lithia Springs, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-106-211-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 11562
X-Xss-Protection: 1; mode=block
Last-Modified: Thu, 23 Sep 2021 07:32:47 GMT
Server: nginx
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Wed, 06 Oct 2021 13:15:33 GMT
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Content-Type: image/png
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: 84aadfef-dbcc-4660-684a-307db2e7ae55
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Cache-Control: public, no-transform, max-age=21600
Access-Control-Allow-Credentials: true
ETag: W/"2d2a-17c11923518"
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
Expires: Wed, 06 Oct 2021 19:15:33 GMT

GET
H/1.1 200
OK 1440_Citi-PLT@3x.png
www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 27 KB
29 KB 424ms
127ms Image
image/png 104.106.211.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/1440_Citi-PLT@3x.png

Requested by

Host: cltlbank-heip.serveirc.com
URL: http://cltlbank-heip.serveirc.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.106.211.171 Lithia Springs, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-106-211-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 28149
X-Xss-Protection: 1; mode=block
Last-Modified: Thu, 23 Sep 2021 07:32:47 GMT
Server: nginx
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Wed, 06 Oct 2021 13:15:33 GMT
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Content-Type: image/png
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: 4d4c7096-ee47-43c1-45c5-283284dfec4a
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Cache-Control: public, no-transform, max-age=21600
Access-Control-Allow-Credentials: true
ETag: W/"6df5-17c11923518"
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
Expires: Wed, 06 Oct 2021 19:15:33 GMT

GET
H/1.1 200
OK fp.js Show response
www.citi.com/cbol-pre-login-static-assets/assets/js/ 19 KB
6 KB 121ms
120ms Script
application/javascript 104.106.211.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.citi.com/cbol-pre-login-static-assets/assets/js/fp.js

Requested by

Host: cltlbank-heip.serveirc.com
URL: http://cltlbank-heip.serveirc.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.106.211.171 Lithia Springs, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-106-211-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

dd65a674c821f6a0e0ec4b181532b00c0cc5d5bde623ea98affcb9f383139b57

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 4844
X-Xss-Protection: 1; mode=block
Last-Modified: Thu, 23 Sep 2021 07:32:46 GMT
Server: nginx
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Wed, 06 Oct 2021 13:15:33 GMT
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Content-Type: application/javascript;charset=UTF-8
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: b35ebba8-dd8c-4324-5d2d-697c111a4b10
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Cache-Control: public, no-transform, max-age=21600
Access-Control-Allow-Credentials: true
ETag: W/"4de4-17c11923130"
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
Expires: Wed, 06 Oct 2021 19:15:33 GMT

GET runtime-es2015.fa01c7c4a7c1f381fac9.js
www.citi.com/cbol-pre-login-static-assets/ 0
0

GET polyfills-es2015.c9c85aed81ea11816a2b.js
www.citi.com/cbol-pre-login-static-assets/ 0
0

GET
H/1.1 200
OK scripts.ccc73c512668b4e837d7.js Show response
www.citi.com/cbol-pre-login-static-assets/ 49 KB
14 KB 155ms
155ms Script
application/javascript 104.106.211.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.citi.com/cbol-pre-login-static-assets/scripts.ccc73c512668b4e837d7.js

Requested by

Host: cltlbank-heip.serveirc.com
URL: http://cltlbank-heip.serveirc.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.106.211.171 Lithia Springs, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-106-211-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

51c6043803bec020097c7f9559f9f87f1b427daf7590f68f2ce2b3a4feaf661a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 13454
X-Xss-Protection: 1; mode=block
Last-Modified: Thu, 23 Sep 2021 04:46:13 GMT
Server: nginx
X-Akamai-CITISITE: SWDC
X-Frame-Options: DENY
Date: Wed, 06 Oct 2021 13:15:33 GMT
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Content-Type: application/javascript;charset=UTF-8
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: 6808147b-0e3f-4234-76a2-520c07d4999b
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Cache-Control: public, no-transform, max-age=21600
Access-Control-Allow-Credentials: true
ETag: W/"c4c8-17c10f9b608"
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
Expires: Wed, 06 Oct 2021 19:15:33 GMT

GET main-es2015.3c13728c58c9290436a4.js
www.citi.com/cbol-pre-login-static-assets/ 0
0

GET
H2 200 jquery-3.5.1.min.js Show response
code.jquery.com/ 87 KB
30 KB 45ms
24ms Script
application/javascript 69.16.175.42
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.5.1.min.js
Requested by: Host: cltlbank-heip.serveirc.com
URL: http://cltlbank-heip.serveirc.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.42 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS: hwcdn.net
Software: nginx /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

Referer: http://cltlbank-heip.serveirc.com/
Origin: http://cltlbank-heip.serveirc.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 06 Oct 2021 13:15:32 GMT
content-encoding: gzip
last-modified: Mon, 04 May 2020 23:02:39 GMT
server: nginx
etag: W/"5eb09f0f-15d84"
vary: Accept-Encoding
x-hw: 1633526132.dop231.fr8.t,1633526132.cds237.fr8.hn,1633526132.cds142.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30879

GET
H/1.1 200
OK xmsdk.js Show response
www.citi.com/cbol-pre-login-static-assets/assets/partner-login/qr/js/ 1 MB
305 KB 133ms
132ms Script
application/javascript 104.106.211.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.citi.com/cbol-pre-login-static-assets/assets/partner-login/qr/js/xmsdk.js

Requested by

Host: cltlbank-heip.serveirc.com
URL: http://cltlbank-heip.serveirc.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.106.211.171 Lithia Springs, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-106-211-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

1c69468ad43d43f8c701bcd193de8688ba49a17128a730c065c7a06d08106daf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 310855
X-Xss-Protection: 1; mode=block
Last-Modified: Thu, 23 Sep 2021 07:32:46 GMT
Server: nginx
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Wed, 06 Oct 2021 13:15:32 GMT
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Content-Type: application/javascript;charset=UTF-8
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: 6e33cd59-03d4-40b0-79a8-948ac339f91e
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Cache-Control: public, no-transform, max-age=21600
Access-Control-Allow-Credentials: true
ETag: W/"145237-17c11923130"
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
Expires: Wed, 06 Oct 2021 19:15:32 GMT

GET
H2 200 generic1633469271800.js Show response
resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/ 526 KB
88 KB 40ms
8ms Script
application/javascript 151.101.130.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1633469271800.js
Requested by: Host: cltlbank-heip.serveirc.com
URL: http://cltlbank-heip.serveirc.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e7bd93ed53c190d531b7a41d860960914e7c005fd992ed4ca2a5370ca885dd9f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-version-id: 0SC9EjJms6Aq_P9S9iuEAFh0xZYwM3Vo
content-encoding: gzip
etag: "23a8811f7e034cd28245f8d4f1d15f47"
age: 56858
via: 1.1 varnish
x-cache: HIT
content-length: 89148
x-amz-id-2: efOvG0eKfV30JKU9jnOVuYrOpGK3qVIFIZfWLRiE1tgRW6yYT4OeGuwtSYFNf9Cvpwlk8Pahzyg=
x-served-by: cache-fra19145-FRA
last-modified: Tue, 05 Oct 2021 21:27:53 GMT
server: AmazonS3
x-timer: S1633526133.845336,VS0,VE0
date: Wed, 06 Oct 2021 13:15:32 GMT
vary: Accept-Encoding
x-amz-request-id: 3JTQ6FACVSFSWBWJ
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: application/javascript
x-cache-hits: 406

GET
H2 204 0
bat.bing.com/action/ 0
314 B 91ms
44ms Image
text/plain 204.79.197.200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=16003743&Ver=2&mid=c62aa9a8-0b0e-4781-9f45-4af5ee1cbb35&sid=3b45f7f0265811eca6c30b58e7693dbb&vid=3b4646e0265811eca53f4715ff196d48&vids=0&pi=0&lg=en-US&sw=1536&sh=864&sc=24&tl=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&p=https%3A%2F%2Fwww.citi.com%2Flogin&r=&lt=3847&evt=pageLoad&msclkid=N&sv=1&rn=971284
Requested by: Host: cltlbank-heip.serveirc.com
URL: http://cltlbank-heip.serveirc.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 204.79.197.200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS: a-0001.a-msedge.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Wed, 06 Oct 2021 13:15:32 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: B94323CFB55E4F7A9F57D0E2E432D009 Ref B: PRG01EDGE0717 Ref C: 2021-10-06T13:15:32Z
x-cache: CONFIG_NOCACHE
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 0
bat.bing.com/action/ 0
204 B 93ms
45ms Image
text/plain 204.79.197.200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=16003743&Ver=2&mid=c62aa9a8-0b0e-4781-9f45-4af5ee1cbb35&sid=3b45f7f0265811eca6c30b58e7693dbb&vid=3b4646e0265811eca53f4715ff196d48&vids=0&ea=Application&evt=custom&msclkid=N&rn=726976
Requested by: Host: cltlbank-heip.serveirc.com
URL: http://cltlbank-heip.serveirc.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 204.79.197.200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS: a-0001.a-msedge.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Wed, 06 Oct 2021 13:15:32 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 589505AA68CC4CB59F1EDD711F7DE9FE Ref B: PRG01EDGE0717 Ref C: 2021-10-06T13:15:32Z
x-cache: CONFIG_NOCACHE
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 0
bat.bing.com/action/ 0
203 B 64ms
45ms Image
text/plain 204.79.197.200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=16001692&Ver=2&mid=a36a36b5-bb8a-454c-b4b0-ba83d0d9ee39&sid=3b45f7f0265811eca6c30b58e7693dbb&vid=3b4646e0265811eca53f4715ff196d48&vids=0&pi=0&lg=en-US&sw=1536&sh=864&sc=24&tl=Sign%20On%20to%20Your%20Citi%20Account%20-%20Citibank&p=https%3A%2F%2Fwww.citi.com%2Flogin&r=&lt=3847&evt=pageLoad&msclkid=N&sv=1&rn=8833
Requested by: Host: cltlbank-heip.serveirc.com
URL: http://cltlbank-heip.serveirc.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 204.79.197.200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS: a-0001.a-msedge.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Wed, 06 Oct 2021 13:15:32 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 27386F720A5142628EF83A461B38D98F Ref B: PRG01EDGE0717 Ref C: 2021-10-06T13:15:32Z
x-cache: CONFIG_NOCACHE
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 0
bat.bing.com/action/ 0
203 B 66ms
47ms Image
text/plain 204.79.197.200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=16001692&Ver=2&mid=a36a36b5-bb8a-454c-b4b0-ba83d0d9ee39&sid=3b45f7f0265811eca6c30b58e7693dbb&vid=3b4646e0265811eca53f4715ff196d48&vids=0&ea=Application&evt=custom&msclkid=N&rn=321726
Requested by: Host: cltlbank-heip.serveirc.com
URL: http://cltlbank-heip.serveirc.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 204.79.197.200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS: a-0001.a-msedge.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Wed, 06 Oct 2021 13:15:32 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 5108ABD76C0E4CA287C2E055EAFD8A7A Ref B: PRG01EDGE0717 Ref C: 2021-10-06T13:15:32Z
x-cache: CONFIG_NOCACHE
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 1592741950571_CTA_Feedback(final).png
resources.digital-cloud-citi.medallia.com/wdcusciti/50/resources/image/ 2 KB
2 KB 11ms
11ms Image
image/png 151.101.130.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/resources/image/1592741950571_CTA_Feedback(final).png
Requested by: Host: cltlbank-heip.serveirc.com
URL: http://cltlbank-heip.serveirc.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 25f4eeb23f67fe1d74534ed37230ecd54ab4f57524276970dcbeaaf3b0fc64f9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-version-id: Yu5KFpG13jOL6lsHUOzbaMYLsyQXTr7u
content-encoding: gzip
etag: "e6ed675f115fb1568bb1aabc00aa3f30"
age: 198926
via: 1.1 varnish
x-cache: HIT
content-length: 2219
x-amz-id-2: 2t21jl+QQRIMVBHxdnS/qbyGsXrh4RrX7ZXG08q4gPvJYqHQxy38p+kRhdmY9Auf0TUpneydBkw=
x-served-by: cache-fra19145-FRA
last-modified: Sun, 21 Jun 2020 12:19:35 GMT
server: AmazonS3
x-timer: S1633526133.892849,VS0,VE0
date: Wed, 06 Oct 2021 13:15:32 GMT
vary: Accept-Encoding
x-amz-request-id: DP6121JMJN0WW787
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
content-type: image/png
x-cache-hits: 19

GET
H/1.1 200
OK qrsignon.js Show response
www.citi.com/cbol-pre-login-static-assets/assets/partner-login/qr/js/ 7 KB
4 KB 118ms
116ms Script
application/javascript 104.106.211.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.citi.com/cbol-pre-login-static-assets/assets/partner-login/qr/js/qrsignon.js

Requested by

Host: cltlbank-heip.serveirc.com
URL: http://cltlbank-heip.serveirc.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.106.211.171 Lithia Springs, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-106-211-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

b651474f6b5c69993138f87773b2f31cede57887b7802ae2d11b7a379a1f8f0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 2265
X-Xss-Protection: 1; mode=block
Last-Modified: Thu, 23 Sep 2021 07:32:46 GMT
Server: nginx
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Wed, 06 Oct 2021 13:15:32 GMT
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Content-Type: application/javascript;charset=UTF-8
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: 050cec39-3eed-4bd6-5d25-f08615da5677
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Cache-Control: public, no-transform, max-age=21600
Access-Control-Allow-Credentials: true
ETag: W/"1ae3-17c11923130"
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
Expires: Wed, 06 Oct 2021 19:15:32 GMT

GET
H2 200 config.js Show response
online.citi.com/CBOL/taggingTransformation/ 0
569 B 314ms
136ms Script
application/x-javascript 23.44.210.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/taggingTransformation/config.js

Requested by

Host: cltlbank-heip.serveirc.com
URL: http://cltlbank-heip.serveirc.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.44.210.190 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-44-210-190.deploy.static.akamaitechnologies.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 13 Nov 2018 18:30:44 GMT
x-akamai-citisite: GTDC
date: Wed, 06 Oct 2021 13:15:33 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
expires: Wed, 06 Oct 2021 19:15:33 GMT
cache-control: max-age=21600
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 20
content-type: application/x-javascript
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 LSO_4959.jpg
online.citi.com/nga-lite-signon/ 171 KB
172 KB 343ms
137ms Image
image/jpeg 23.44.210.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/nga-lite-signon/LSO_4959.jpg

Requested by

Host: cltlbank-heip.serveirc.com
URL: http://cltlbank-heip.serveirc.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.44.210.190 Edison, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-44-210-190.deploy.static.akamaitechnologies.com

Software

Resource Hash

48e89b7e40e096b89d864a5c8ee340ce44ca60fe9675310ef2f3f40a53a7d593

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 06 Oct 2021 13:15:33 GMT
last-modified: Mon, 11 Jan 2021 11:55:43 GMT
x-akamai-citisite: GTDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 174933
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H/1.1 200
OK Citi-Branding-Sprite.png
www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 5 KB
6 KB 294ms
126ms Image
image/png 104.106.211.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/Citi-Branding-Sprite.png

Requested by

Host: cltlbank-heip.serveirc.com
URL: http://cltlbank-heip.serveirc.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.106.211.171 Lithia Springs, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-106-211-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

3fca3de24621f0f10186594054444d608016297c2e853e548710b3521e42a609

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 4952
X-Xss-Protection: 1; mode=block
Last-Modified: Thu, 23 Sep 2021 07:32:47 GMT
Server: nginx
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Wed, 06 Oct 2021 13:15:33 GMT
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Content-Type: image/png
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: 88c1bdae-a600-453a-40ae-2edf68581aee
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Cache-Control: public, no-transform, max-age=21600
Access-Control-Allow-Credentials: true
ETag: W/"1358-17c11923518"
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
Expires: Wed, 06 Oct 2021 19:15:33 GMT

GET
H/1.1 200
OK Appstore-Googleplay-JDPower-Sprite.png
www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 44 KB
45 KB 192ms
122ms Image
image/png 104.106.211.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/Appstore-Googleplay-JDPower-Sprite.png

Requested by

Host: cltlbank-heip.serveirc.com
URL: http://cltlbank-heip.serveirc.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.106.211.171 Lithia Springs, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-106-211-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

b8e446605f92c29a178dd6494688103ac268004592afe06643df46f4bff68577

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 44996
X-Xss-Protection: 1; mode=block
Last-Modified: Thu, 23 Sep 2021 07:32:47 GMT
Server: nginx
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Wed, 06 Oct 2021 13:15:32 GMT
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Content-Type: image/png
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: 7a7f4251-97c3-4121-7ae3-7baa3e7502f3
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Cache-Control: public, no-transform, max-age=21600
Access-Control-Allow-Credentials: true
ETag: W/"afc4-17c11923518"
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
Expires: Wed, 06 Oct 2021 19:15:32 GMT

GET
H/1.1 200
OK social-media_facebook@3x.png
www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 445 B
2 KB 493ms
197ms Image
image/png 104.106.211.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/social-media_facebook@3x.png

Requested by

Host: cltlbank-heip.serveirc.com
URL: http://cltlbank-heip.serveirc.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.106.211.171 Lithia Springs, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-106-211-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 445
X-Xss-Protection: 1; mode=block
Last-Modified: Thu, 23 Sep 2021 07:32:47 GMT
Server: nginx
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Wed, 06 Oct 2021 13:15:33 GMT
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Content-Type: image/png
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: ccee1f2e-411a-4d69-5b64-c99814ede214
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Cache-Control: public, no-transform, max-age=21600
Access-Control-Allow-Credentials: true
ETag: W/"1bd-17c11923518"
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
Expires: Wed, 06 Oct 2021 19:15:33 GMT

GET
H/1.1 200
OK social-media_twitter@3x.png
www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 1 KB
2 KB 384ms
165ms Image
image/png 104.106.211.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/social-media_twitter@3x.png

Requested by

Host: cltlbank-heip.serveirc.com
URL: http://cltlbank-heip.serveirc.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.106.211.171 Lithia Springs, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-106-211-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 1277
X-Xss-Protection: 1; mode=block
Last-Modified: Thu, 23 Sep 2021 07:32:47 GMT
Server: nginx
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Wed, 06 Oct 2021 13:15:33 GMT
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Content-Type: image/png
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: e4a3a6bc-095c-46b7-6b28-82399e9e3ab8
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Cache-Control: public, no-transform, max-age=21600
Access-Control-Allow-Credentials: true
ETag: W/"4fd-17c11923518"
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
Expires: Wed, 06 Oct 2021 19:15:33 GMT

GET
H/1.1 200
OK social-media_youtube@3x.png
www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 1 KB
2 KB 367ms
149ms Image
image/png 104.106.211.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/social-media_youtube@3x.png

Requested by

Host: cltlbank-heip.serveirc.com
URL: http://cltlbank-heip.serveirc.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.106.211.171 Lithia Springs, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-106-211-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 1175
X-Xss-Protection: 1; mode=block
Last-Modified: Thu, 23 Sep 2021 07:32:47 GMT
Server: nginx
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Wed, 06 Oct 2021 13:15:33 GMT
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Content-Type: image/png
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: ab888d8e-ebc3-4a7c-57ae-4148ba49f3bd
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Cache-Control: public, no-transform, max-age=21600
Access-Control-Allow-Credentials: true
ETag: W/"497-17c11923518"
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
Expires: Wed, 06 Oct 2021 19:15:33 GMT

GET Interstate-Light.woff
www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0

GET Interstate-Bold.woff
www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0

GET
BLOB 200
OK cddccec8-3c46-420a-90ef-73245416d10d
http://cltlbank-heip.serveirc.com/ 161 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:http://cltlbank-heip.serveirc.com/cddccec8-3c46-420a-90ef-73245416d10d
Requested by: Host: cltlbank-heip.serveirc.com
URL: http://cltlbank-heip.serveirc.com/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c8bc330a07fc8ba4ead1f924570b2eeb220dfb170e86ea6594f7a2daef2efc16

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Length: 165178

GET
H2

451

425466.html Show response
sr.rlcdn.com/ Frame F531
Redirect Chain

http://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709

0
66 B

131ms
112ms

Document
text/plain

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Requested by: Host: cltlbank-heip.serveirc.com
URL: http://cltlbank-heip.serveirc.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: sr.rlcdn.com
:scheme: https
:path: /425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Wed, 06 Oct 2021 13:15:32 GMT
content-length: 0
via: 1.1 google
alt-svc: clear

Redirect headers

Cache-Control: private
Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer
Location: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Content-Length: 285
Date: Wed, 06 Oct 2021 13:15:32 GMT

GET Interstate-Light.ttf
www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0

GET Interstate-Bold.ttf
www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0

GET
H2 200 pixel Show response
bid.g.doubleclick.net/xbbe/ Frame 6281 0
580 B 60ms
18ms Document
text/html 142.250.110.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/pixel?d=KAE

Requested by

Host: cltlbank-heip.serveirc.com
URL: http://cltlbank-heip.serveirc.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.110.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wf-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: bid.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=KAE
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://cltlbank-heip.serveirc.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 06 Oct 2021 13:15:33 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 06-Oct-2021 13:30:33 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 06 Oct 2021 13:15:33 GMT
cache-control: private

GET
H2 200 pixel Show response
bid.g.doubleclick.net/xbbe/ Frame A5D3 0
149 B 59ms
18ms Document
text/html 142.250.110.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/pixel?d=KAE

Requested by

Host: cltlbank-heip.serveirc.com
URL: http://cltlbank-heip.serveirc.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.110.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wf-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: bid.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=KAE
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://cltlbank-heip.serveirc.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 06 Oct 2021 13:15:33 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 06-Oct-2021 13:30:33 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 06 Oct 2021 13:15:33 GMT
cache-control: private

GET
H2 200 pixel Show response
bid.g.doubleclick.net/xbbe/ Frame 4DDB 0
140 B 57ms
19ms Document
text/html 142.250.110.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/pixel?d=KAE

Requested by

Host: cltlbank-heip.serveirc.com
URL: http://cltlbank-heip.serveirc.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.110.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wf-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: bid.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=KAE
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://cltlbank-heip.serveirc.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 06 Oct 2021 13:15:33 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 06-Oct-2021 13:30:33 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 06 Oct 2021 13:15:33 GMT
cache-control: private

GET
H2 200 pixel Show response
bid.g.doubleclick.net/xbbe/ Frame C0DC 0
140 B 58ms
19ms Document
text/html 142.250.110.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/pixel?d=KAE

Requested by

Host: cltlbank-heip.serveirc.com
URL: http://cltlbank-heip.serveirc.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.110.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wf-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: bid.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=KAE
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://cltlbank-heip.serveirc.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 06 Oct 2021 13:15:33 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 06-Oct-2021 13:30:33 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 06 Oct 2021 13:15:33 GMT
cache-control: private

GET
H2 200 pixel Show response
bid.g.doubleclick.net/xbbe/ Frame 6B86 0
149 B 56ms
18ms Document
text/html 142.250.110.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/pixel?d=KAE

Requested by

Host: cltlbank-heip.serveirc.com
URL: http://cltlbank-heip.serveirc.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.110.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wf-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: bid.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=KAE
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://cltlbank-heip.serveirc.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 06 Oct 2021 13:15:33 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 06-Oct-2021 13:30:33 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 06 Oct 2021 13:15:33 GMT
cache-control: private

GET
H2 200 pixel Show response
bid.g.doubleclick.net/xbbe/ Frame 28CD 0
140 B 55ms
19ms Document
text/html 142.250.110.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/pixel?d=KAE

Requested by

Host: cltlbank-heip.serveirc.com
URL: http://cltlbank-heip.serveirc.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.110.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wf-in-f154.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: bid.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=KAE
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://cltlbank-heip.serveirc.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 06 Oct 2021 13:15:33 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 06-Oct-2021 13:30:33 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 06 Oct 2021 13:15:33 GMT
cache-control: private

GET
H/1.1 200
OK cool-2.1.15.min.js Show response
nebula-cdn.kampyle.com/resources/onsite/js/ 14 KB
6 KB 30ms
6ms Script
application/javascript 151.101.129.175
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://nebula-cdn.kampyle.com/resources/onsite/js/cool-2.1.15.min.js
Requested by: Host: resources.digital-cloud-citi.medallia.com
URL: https://resources.digital-cloud-citi.medallia.com/wdcusciti/50/onsite/generic1633469271800.js
Protocol: HTTP/1.1
Server: 151.101.129.175 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-version-id: 9HCXbKZTbCJZkS8s9IuB.pE0JEvI0TGW
Content-Encoding: gzip
ETag: "80dd5e3be5152c5c72d552c6a26ef6ff"
Age: 275885
Via: 1.1 varnish
X-Cache: HIT
Connection: keep-alive
Content-Length: 5197
x-amz-id-2: fSSP0zm25jvUhOStVBmAPcDsb/OwUl7VoGCjZiZKsc6uVIkLEYl9a3Kpgw1zWQt22b2G5wXtEGM=
X-Served-By: cache-fra19180-FRA
Last-Modified: Sun, 24 Jan 2021 11:03:10 GMT
Server: AmazonS3
X-Timer: S1633526133.287610,VS0,VE0
Date: Wed, 06 Oct 2021 13:15:33 GMT
Vary: Accept-Encoding
x-amz-request-id: 3JBEKPYDC333GNQG
Access-Control-Allow-Origin: *
Cache-Control: max-age=31622400
Accept-Ranges: bytes
Content-Type: application/javascript
X-Cache-Hits: 68524

GET
H/1.1 200
OK __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
486 B 102ms
96ms Image
image/gif 35.241.45.82
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzkzLjAuNDU3Ny42MyBTYWZhcmkvNTM3LjM2Iiwic2Vzc2lvbl9wbGF0Zm9ybSI6ICJMaW51eCB4ODZfNjQiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjEuMTUiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTYzMzUyNjEzMzM2NSIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDAsInVzZXJfaWQiOiAiMTdjNTViZWIyNzM3ZmUtMDA5MDgxYzdiNzhmOGMtYTdkMTkzZC0xZDRjMDAtMTdjNTViZWIyNzRiYWQiLCJlbnZpcm9tZW50IjogImRpZ2l0YWwtY2xvdWQtdXMtY2l0aSIsImFjY291bnRJZCI6IDQ5LCJ1cmwiOiAiaHR0cDovL2NsdGxiYW5rLWhlaXAuc2VydmVpcmMuY29tLyIsIndlYnNpdGVJZCI6IDUwLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7IkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICJiYzcwLWIzYTctNWVlNi1kNjVlLTViNjQtYWZmNC05NTBhLWE4ZDUiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTYzMzUyNjEzMzI2NSIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiAyODksImthbXB5bGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjQxLjAiLCJoaXN0b3J5X2xlbmd0aCI6IDIsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE2MzM1MjYxMzMyNjgsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlLCJmZWVkYmFja19jb3JyZWxhdGlvbl91dWlkIjogbnVsbH0KXX0=
Requested by: Host: cltlbank-heip.serveirc.com
URL: http://cltlbank-heip.serveirc.com/
Protocol: HTTP/1.1
Server: 35.241.45.82 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

X-ME: prod-instance-gatewayservice-blue-6bgs
Date: Wed, 06 Oct 2021 13:15:33 GMT
Via: 1.1 google
Server: Jetty(9.2.11.v20150529)
Access-Control-Max-Age: 1800
Access-Control-Allow-Methods: GET, POST, PUT, DELETE
Content-Type: image/gif; charset=UTF-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Origin, Content-Type, Accept
Content-Length: 0
X-Application-Context: application:9090

GET cr.png
contents3.00110.citi.com/api/v1/ 0
0

GET Interstate-Bold.woff
www.citi.com/cbol-pre-login-static-assets/cds-assets/fonts/interstate/ 0
0

GET Interstate-Light.woff
www.citi.com/cbol-pre-login-static-assets/cds-assets/fonts/interstate/ 0
0

GET Interstate-Bold.ttf
www.citi.com/cbol-pre-login-static-assets/cds-assets/fonts/interstate/ 0
0

GET Interstate-Light.ttf
www.citi.com/cbol-pre-login-static-assets/cds-assets/fonts/interstate/ 0
0

GET
H/1.1 200
OK check.js;CIS3SID=0C8949489CA3EE8FA07E832BF67683F2 Show response
content22.online.citi.com/fp/ Frame 6D35 394 KB
70 KB 22ms
22ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/check.js;CIS3SID=0C8949489CA3EE8FA07E832BF67683F2?org_id=89oebq5k&session_id=7df14171f1e513ba6718c7e8cad3f42a088b3e317dc438b1984c180fb53875dd&nonce=5b34b35a169f0058&pageid=1&jb=363924266a736d753f4c696e757a246a716d3d446b6c7570246a7360773d416872676567246a71623f436a726d6567253a383931

Requested by

Host: content22.online.citi.com
URL: https://content22.online.citi.com/fp/tags.js?org_id=89oebq5k&allow_reprofile=1&session_id=7df14171f1e513ba6718c7e8cad3f42a088b3e317dc438b1984c180fb53875dd

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

2d211b9f0fb0b9b3d7d4c8dd94cc15506a6a9dc345619e0907cb4b3f4268e527

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Oct 2021 13:15:34 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Transfer-Encoding: chunked
tmx-nonce: 5b34b35a169f0058
Connection: Keep-Alive, Keep-Alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=2, max=99
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK clear.png
content22.online.citi.com/fp/ Frame 6D35 81 B
474 B 14ms
14ms Image
image/png 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=7df14171f1e513ba6718c7e8cad3f42a088b3e317dc438b1984c180fb53875dd&nonce=5b34b35a169f0058&pageid=1&ck=0&m=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Oct 2021 13:15:34 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=99
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK clear.png
content22.online.citi.com/fp/ Frame 6D35 81 B
474 B 28ms
14ms Image
image/png 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=7df14171f1e513ba6718c7e8cad3f42a088b3e317dc438b1984c180fb53875dd&nonce=5b34b35a169f0058&pageid=1&ck=0&m=2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Oct 2021 13:15:34 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=98
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK check.js;CIS3SID=3C4BE841345B2E06D2586308AFE76EC4 Show response
content22.online.citi.com/fp/ Frame 2155 394 KB
70 KB 45ms
23ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/check.js;CIS3SID=3C4BE841345B2E06D2586308AFE76EC4?org_id=89oebq5k&session_id=0b37b5849ae654d879f3cf3988456a75201a7546d608ee7e551f4ecdf773f47e&nonce=2b9f4b37dcd6d4bb&pageid=1&jb=343b242468736775354c696c7578266271673f4e6b6c77702e627362773d4168706f6d65246a73603d41687a6f6d672532303931

Requested by

Host: content22.online.citi.com
URL: https://content22.online.citi.com/fp/tags.js?org_id=89oebq5k&allow_reprofile=1&session_id=0b37b5849ae654d879f3cf3988456a75201a7546d608ee7e551f4ecdf773f47e

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

6e403b602b24216db2274cc114b4ed39f4500b3ed251dd704509340b67f33be8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Oct 2021 13:15:34 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript;charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Transfer-Encoding: chunked
tmx-nonce: 2b9f4b37dcd6d4bb
Connection: Keep-Alive, Keep-Alive
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=2, max=100
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK clear.png
content22.online.citi.com/fp/ Frame 2155 81 B
474 B 35ms
13ms Image
image/png 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=0b37b5849ae654d879f3cf3988456a75201a7546d608ee7e551f4ecdf773f47e&nonce=2b9f4b37dcd6d4bb&pageid=1&ck=0&m=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Oct 2021 13:15:34 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=97
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK clear.png
content22.online.citi.com/fp/ Frame 2155 81 B
475 B 35ms
12ms Image
image/png 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=0b37b5849ae654d879f3cf3988456a75201a7546d608ee7e551f4ecdf773f47e&nonce=2b9f4b37dcd6d4bb&pageid=1&ck=0&m=2

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Oct 2021 13:15:34 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK clear.png Show response
content22.online.citi.com/fp/ Frame 6D35 81 B
541 B 37ms
12ms XHR
image/png 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/clear.png

Requested by

Host: content22.online.citi.com
URL: https://content22.online.citi.com/fp/check.js;CIS3SID=0C8949489CA3EE8FA07E832BF67683F2?org_id=89oebq5k&session_id=7df14171f1e513ba6718c7e8cad3f42a088b3e317dc438b1984c180fb53875dd&nonce=5b34b35a169f0058&pageid=1&jb=363924266a736d753f4c696e757a246a716d3d446b6c7570246a7360773d416872676567246a71623f436a726d6567253a383931

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*, 89oebq5k/5b34b35a169f00587df14171f1e513ba6718c7e8cad3f42a088b3e317dc438b1984c180fb53875dd
Referer: http://cltlbank-heip.serveirc.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 06 Oct 2021 13:15:34 GMT
Last-Modified: Wed, 06 Oct 2021 13:15:34 GMT
Server: Apache
Etag: ea6fd02653c84f5d88d915eaa63acb3a
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Access-Control-Allow-Origin: http://cltlbank-heip.serveirc.com
Cache-Control: private, must-revalidate, max-age=0
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Content-Length: 81
Expires: Mon, 05 Oct 2026 13:15:34 GMT

GET
H/1.1 200
OK ls_fp.html;CIS3SID=0C8949489CA3EE8FA07E832BF67683F2 Show response
content22.online.citi.com/fp/ Frame A23A 83 KB
12 KB 16ms
15ms Document
text/html 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/ls_fp.html;CIS3SID=0C8949489CA3EE8FA07E832BF67683F2?org_id=89oebq5k&session_id=7df14171f1e513ba6718c7e8cad3f42a088b3e317dc438b1984c180fb53875dd&nonce=5b34b35a169f0058&pageid=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

797745da0019685d2bf6224dde27c4e6be1ea2403efaa2c044ed164abd7fc51c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: content22.online.citi.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: http://cltlbank-heip.serveirc.com/
Accept-Encoding: gzip, deflate, br
Cookie: thx_guid=182e023c50824029af19bf1ec57d2102
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/

Response headers

Date: Wed, 06 Oct 2021 13:15:34 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=99
Transfer-Encoding: chunked

GET
H/1.1 204
No Content clear.png Show response
content22.online.citi.com/fp/ Frame 6D35 0
387 B 13ms
12ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Oct 2021 13:15:34 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=98
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK sid_fp.html;CIS3SID=0C8949489CA3EE8FA07E832BF67683F2 Show response
h.online-metrix.net/fp/ Frame B910 96 KB
15 KB 49ms
15ms Document
text/html 91.235.132.130
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/fp/sid_fp.html;CIS3SID=0C8949489CA3EE8FA07E832BF67683F2?org_id=89oebq5k&session_id=7df14171f1e513ba6718c7e8cad3f42a088b3e317dc438b1984c180fb53875dd&nonce=5b34b35a169f0058&pageid=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.132.130 , United States, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

b003096425d7fd5d3e604e429f302097525fadcd5efa87e3e086ae595e4f48f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: h.online-metrix.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: http://cltlbank-heip.serveirc.com/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/

Response headers

Date: Wed, 06 Oct 2021 13:15:34 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=100
Transfer-Encoding: chunked

GET
H/1.1 204
No Content clear.png Show response
content22.online.citi.com/fp/ Frame 6D35 0
387 B 12ms
12ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=7df14171f1e513ba6718c7e8cad3f42a088b3e317dc438b1984c180fb53875dd&nonce=5b34b35a169f0058&pageid=1&jd=373724266a666c3d3130266a666a3f6331333738316335696162313463323364383130333733663230643238303f6326626e746c3d383a3b323a3138

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Oct 2021 13:15:35 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=98
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET page_embed_script.js
ghbmnnjooekpmoecnnnilnnbdlolhkhi/ Frame 6D35 0
0

GET
H/1.1 200
OK top_fp.html;CIS3SID=0C8949489CA3EE8FA07E832BF67683F2 Show response
content22.online.citi.com/fp/ Frame 6539 82 KB
12 KB 15ms
15ms Document
text/html 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/top_fp.html;CIS3SID=0C8949489CA3EE8FA07E832BF67683F2?org_id=89oebq5k&session_id=7df14171f1e513ba6718c7e8cad3f42a088b3e317dc438b1984c180fb53875dd&nonce=5b34b35a169f0058&pageid=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

1cf149ec28da13aad3dd72cd0cf1fba0053c6686772b6183255256aaccbed549

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: content22.online.citi.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: http://cltlbank-heip.serveirc.com/
Accept-Encoding: gzip, deflate, br
Cookie: thx_guid=182e023c50824029af19bf1ec57d2102
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/

Response headers

Date: Wed, 06 Oct 2021 13:15:35 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=97
Transfer-Encoding: chunked

GET
H/1.1 204
204 clear.png Show response
content22.online.citi.com/fp/ Frame 6D35 0
218 B 14ms
14ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=7df14171f1e513ba6718c7e8cad3f42a088b3e317dc438b1984c180fb53875dd&nonce=5b34b35a169f0058&pageid=1&ja=33373a342626613d32267a3d3024643d333430387a333238322661643f31343030703930323024737a793f307a382464787a3d332c393632322c333a32302c313430322c313232302e313630302e333232322c3934323024333230322e302e3026657c3f63383a3263626164613f35646c6e6464396d613a3631333c353036623b613561266d6c3d36267363643f3034246e68356a7674782733412730462732466b64766e62636e692d6a656b782c736d7a7667697a632c616f6f2d30462664703d6a747470273343253246253044636e766c6a636c6b256a6569722c736772766d6170612e616f6f25304624786e3d3b2e706a3d3f3864303863693462636660653331336235333a376165306631626660326c362468603f34613030373261613b69316632366664356734633f33313938643b396b62353a26687b6d3d4c696c757a266a73603d4168726f6d672732323b332e68716f7d3f4c696c7778246a736a7d3f4168706f6f65246e6a6b3f342e7c7a663d4d74612732445d6c6b6e6f756e246d61746a723f343030336633633060656b3230653e6163353432303a32616c393737343231646436353a303334396c36676169323666633b3c636662643532313133313b366326703d706e77676b6c5f6e6e6373605c66616e716523706c7d6f6b6c5f75696c646d7771576f656c61615d7064617b67725c6e636c736523706e7567696c5f63646f62655d6363706d6269765c66696e736523726c7767696657737769616b76696f655c6e636c7b6d21726c7d676b6c5f71606d636b776376675e66616e736721706c75656b6e5d7065696e726c697b65725c64616e736529786e77676b6e5d766e635d786e61716d725c66696c71672172647767696e5d646776616c74725c66616c736723706e7767616c5d737e655f766b677767725e6e696e716523706e7565696c5768617e695e646164736724657a3b3f34366367313638326667636438643663613339323b663b323763383064336164626337663e6e373126656c5d633f77676a656c5f6d62454c2d3232332e322d3030284f72656c474c2530304753253230302c302730304b6a706f656b756d2b556560474c2d3a32454c514c27323245512d3030392630273238284d72656c4f4e2532304753273230474e534e2532304551273232332e382730304b6a726f6f6b756f29576d6a496b745565604b6b74273a32576d6a474e4146474e475f6b667174616e6165665f617270617b73253342273030475a5457606e6566665f6d6b6c6d6378253b4a2730304758565f616f6e67705f6a7d6664657a5f6a636c6457646c6f6176253142253232455a545f666c6d63745d606c6d6c66253b402532324758565f746d70767772675f64696e74677a5d616661736d747a6f726b63273b402532305545404b49545d455a545f74657a767570675f6e6b6e746d705f616c6b736d747267786b612531422732324f475b5d65646d6d676e7c5f6b6c6467705d75696e762531422532324f47535f66626d5d72676c646d705d6d61726d61722733402532384747515f7174636e6661706c5d646d7a6974617c69746773273b402532304d45515f74657a747772655f666e6d617627334a2730304747535f7667787675726d57646e6f63745d6c6b6e676970253b4a2530304745515d746770767572655d68636c665f646c6d61742533402732324d455b5d766570767572675d68636c66576e6e6d61765f6e696c65637a27334a2d32324f4d535d7465707c67785f61707263795f6f606a67637425334027323255454a454e5f6b6d6c6f705d627766666d7a5d646c6d6176253142273a32574d4a474e5f6b6f6f7272677b7165645f76657a747572675f67746325334027323255454a454e5f6b6d6d70706773716564577c677a747772675f6774613927334a2d3232574d42454e5f61676f707265717367645f746778767572655f7131746127334a2730305f47424b4b565f5545424f445d616f6f7070657173676c5d746d707477726d5f713174612d3142253232574742474c5d64676275675f70676e6667726d705d6966646f253140253030574d4a454e5f66656075655f716063646d7a7327334a25303257474a454c5f64677076685f74677876757265253140253032574d4049495c5d574540454c5d6465787c6a5d74677876757065273b40253a385747424f4c5d6672637f5d62756664657073253340253030574542454e5f6e6d736d5d616f66766578762733402532385f47404b4b545d57474245445d6c677b655d63676e766778762d3142253232574742474c5d6d776c74695f6670617533362e656e5f603f34303530653037613f69603130616530636063303831306a6d6361363f303b64633a6967363133632675676c763f496c74656c253032496c612e2e75656c7a3f496e76676c273230417a6b712530304d70676e45442732384d6e65696665246163663533&jb=333531266c713f4d6d7a696c6c63273244372e382730302055696e666d7771253238465627323231322e3225314a2732385f696c363c2531402530387a3634292732324170706e655565624b697627324437333f2c31362d303028494a544f4c253a4b2730306e6969652732324f6763636729273238436a706f6f6d27324639312e322e343535372c36332532325161646372612730463d31372e3134

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 06 Oct 2021 13:15:35 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=99
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript;charset=UTF-8

GET
H/1.1 200
OK clear.png
89oebq5kqqx7z42riyrsy6cpslwy4pp75dxampwm5b34b35a169f0058am1.e.aa.online-metrix.net/fp/ Frame 6D35 81 B
438 B 51ms
12ms Image
image/png 91.235.134.131
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://89oebq5kqqx7z42riyrsy6cpslwy4pp75dxampwm5b34b35a169f0058am1.e.aa.online-metrix.net/fp/clear.png?org_id=89oebq5k&session_id=7df14171f1e513ba6718c7e8cad3f42a088b3e317dc438b1984c180fb53875dd&nonce=5b34b35a169f0058&pageid=1&di=yes

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.134.131 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Oct 2021 13:15:35 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: close
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK clear.png Show response
content22.online.citi.com/fp/ Frame 2155 81 B
540 B 13ms
13ms XHR
image/png 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/clear.png

Requested by

Host: content22.online.citi.com
URL: https://content22.online.citi.com/fp/check.js;CIS3SID=3C4BE841345B2E06D2586308AFE76EC4?org_id=89oebq5k&session_id=0b37b5849ae654d879f3cf3988456a75201a7546d608ee7e551f4ecdf773f47e&nonce=2b9f4b37dcd6d4bb&pageid=1&jb=343b242468736775354c696c7578266271673f4e6b6c77702e627362773d4168706f6d65246a73603d41687a6f6d672532303931

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: */*, 89oebq5k/2b9f4b37dcd6d4bb0b37b5849ae654d879f3cf3988456a75201a7546d608ee7e551f4ecdf773f47e
Referer: http://cltlbank-heip.serveirc.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 06 Oct 2021 13:15:35 GMT
Last-Modified: Wed, 06 Oct 2021 13:15:35 GMT
Server: Apache
Etag: 7bd42926ae624759bfe9565bea9afa34
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Access-Control-Allow-Origin: http://cltlbank-heip.serveirc.com
Cache-Control: private, must-revalidate, max-age=0
Connection: Keep-Alive
Keep-Alive: timeout=2, max=99
Content-Length: 81
Expires: Mon, 05 Oct 2026 13:15:35 GMT

GET
H/1.1 200
OK ls_fp.html;CIS3SID=3C4BE841345B2E06D2586308AFE76EC4 Show response
content22.online.citi.com/fp/ Frame 2DA9 83 KB
13 KB 16ms
15ms Document
text/html 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/ls_fp.html;CIS3SID=3C4BE841345B2E06D2586308AFE76EC4?org_id=89oebq5k&session_id=0b37b5849ae654d879f3cf3988456a75201a7546d608ee7e551f4ecdf773f47e&nonce=2b9f4b37dcd6d4bb&pageid=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

1698997459571be781f6e8e102a6d4da5494b556b573050f10457d273986da19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: content22.online.citi.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: http://cltlbank-heip.serveirc.com/
Accept-Encoding: gzip, deflate, br
Cookie: thx_guid=182e023c50824029af19bf1ec57d2102
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/

Response headers

Date: Wed, 06 Oct 2021 13:15:35 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=96
Transfer-Encoding: chunked

GET
H/1.1 204
No Content clear.png Show response
content22.online.citi.com/fp/ Frame 2155 0
387 B 12ms
12ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Oct 2021 13:15:35 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=98
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK sid_fp.html;CIS3SID=3C4BE841345B2E06D2586308AFE76EC4 Show response
h.online-metrix.net/fp/ Frame 2E84 96 KB
15 KB 15ms
15ms Document
text/html 91.235.132.130
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/fp/sid_fp.html;CIS3SID=3C4BE841345B2E06D2586308AFE76EC4?org_id=89oebq5k&session_id=0b37b5849ae654d879f3cf3988456a75201a7546d608ee7e551f4ecdf773f47e&nonce=2b9f4b37dcd6d4bb&pageid=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.132.130 , United States, ASN30286 (THM, US),

Reverse DNS

h.online-metrix.net

Software

Apache /

Resource Hash

217d607f6df2be40601eb99ec0e99d686fb904028200918cee5abd743208c10b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: h.online-metrix.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: http://cltlbank-heip.serveirc.com/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/

Response headers

Date: Wed, 06 Oct 2021 13:15:35 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=99
Transfer-Encoding: chunked

GET
H/1.1 204
No Content clear.png Show response
content22.online.citi.com/fp/ Frame 2155 0
387 B 12ms
12ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=0b37b5849ae654d879f3cf3988456a75201a7546d608ee7e551f4ecdf773f47e&nonce=2b9f4b37dcd6d4bb&pageid=1&jd=353424246866663d3b30266866683d6b31393532316337696b6a3136633233643a3938313733643032663030323763266a66746c3d303835383132

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Oct 2021 13:15:35 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=97
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET page_embed_script.js
ghbmnnjooekpmoecnnnilnnbdlolhkhi/ Frame 2155 0
0

GET
H/1.1 200
OK top_fp.html;CIS3SID=3C4BE841345B2E06D2586308AFE76EC4 Show response
content22.online.citi.com/fp/ Frame FF14 82 KB
12 KB 15ms
14ms Document
text/html 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/top_fp.html;CIS3SID=3C4BE841345B2E06D2586308AFE76EC4?org_id=89oebq5k&session_id=0b37b5849ae654d879f3cf3988456a75201a7546d608ee7e551f4ecdf773f47e&nonce=2b9f4b37dcd6d4bb&pageid=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

ebca398bc1e091c96e53de2ba8ed83fd31c26ca43e8f331f8746a9a5323360ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: content22.online.citi.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: http://cltlbank-heip.serveirc.com/
Accept-Encoding: gzip, deflate, br
Cookie: thx_guid=182e023c50824029af19bf1ec57d2102
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/

Response headers

Date: Wed, 06 Oct 2021 13:15:35 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=97
Transfer-Encoding: chunked

GET
H/1.1 204
204 clear.png Show response
content22.online.citi.com/fp/ Frame 2155 0
218 B 17ms
14ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=0b37b5849ae654d879f3cf3988456a75201a7546d608ee7e551f4ecdf773f47e&nonce=2b9f4b37dcd6d4bb&pageid=1&ja=31353a3624266b3d38267a3f30266635333e32327a333038382e61663f3134303278313232302671787b3d387830246470723d332c313430322e333032302e313632322e3332383024313632302c313a32382e3334323224393a30302e302e30246d743d633838306160636c633735646466646439656338363333363530346239633563246d663d3c267361643d323c24646a3f6a7676782d3b41253046273244636c746e62616c6b2f686d69702c73657276676972612e616d6f2730462464723f6a7676702d33492532442532466b6e7c6e60636c6925606d69702c73677274656972612e636d6d27324e26706e3d3326706a3d373a66303a6363346261666267333331623f33303761673064336a666a306636246a60353f39613a623066676431316136333b3436393c65303a343961616361316631362468716d3d4e696e777a2468736a3d4b68726d6d65253a3231312468716d7d3544696e7778246a7162753d4168726d6d67266668633f3426747a663d457663273044576c6b6c6f776c246f63746072353430323364316b306a67613230673e6b6b353632303a3263643135373430336666343d38383334316436676161303466613b366366606437303133313131366926703f706c756f6b665d646e637160566e616c716523706e7567696c5f776b6e666f7f735f6f656469615d706c637967705c64636c716521726e776569665f69646f60655f616b70676063765c6469647b6521726c77676b6e5f7177696369746b6d6d5e66636c736521726c7565696c5d716a6d6369776174675c646164736d21706e756769665d7a67636e726e69716d725e64616e736721706c7767696c5f746c6b5f706e617965725c66616e736723726e77676b6e5f666774636c7e725666616e736521786e7d656b6c5d717e6f577669677767725c66616c716521726c7767616e5f686176615e64616c716524677a313f3434636533363a30666d636e3864346363313132316431323761383a6c336364626337643666353126676e5f613d7f6562656c576562454c253030332c322730302a4f70676c454e253a304d53253030322e38273a32416a706d65617d6d29556560474e253230454c534e2530304d53253030312e302732302a4f72676c454e2530304551273032474453442532324553253a32392c322730324b607a6f6d6b756f295565624b6b7457676249697c253232576562474e414e454c475d6b6c7174636e6367665d63727a6171732531422532384750565d606e67666c576d696c6d6378273342253030455a545d63676c6f705f6275666465725d68636e645d646c6d61742731402732384550545f646c6f617c5d6a6e676c66273b4a2d32304758565f766578747772655d666b6c7c65725d616e69736d74726d706b61273140253030574740494b54574550545f766578747d706d5d646b6e766d7a57616e6b736d74706f7069612533402530304745535d656c656d676e745d696c66677a5d756b6e742731402732384f4d535f64626f5f7a67666667705d6f61786561702733402530304f45515f7376616c646972645d646572697461746b7667712731402530304f47515d766570747d72655d666c6f69762d3140273032474d5b5f746778767570655f666e6f61765f6e69666561702533422530304f47535d76677a767570655f6a636e645f6e6c676174273342253a324747515d7667707c7d72655d68636c645f666c6d61745d6c6b6e6d61722733422532324f45515f7467707667785d617270637b5d6f6a6a6d6374273342253a325f4740454e5d6b67646f725d6277666465725f646c6f637427334a253232574542474e5f636d6d727067717165665f74677a7677726d5f6d7463273342253a325f4740454e5d6b6765707267737165665f74657a747570655d657c6331273342253232574540474e5d616d6f707065737167665d746d787c7572675f73337c612d31402730325f4d4a4b49565f554540474c5f616f6d727267737b65645d746578747772655d73317661273142273230554740454c57646d6275655f726566666d7067705d6b666e67253340253030554542474e5f64676277675773686364657273273342273232554740454c5d646572766a5d746d787c7572672533422d3038554740494b5c575f4542454c5d64677074685d74657a7477726d253340253230574742474e5f667063755d6277666667707127334a253a30574742474c576e6771675d616d667c6d78742733402530305745404b49565f55454a474c5d6c6f73655d636f6c74677a76273142273230554740454c576d7d6c746b5f64726975393424656e5d60353c30373065303763376162313063673261626b32303130626563613637323964613a6367363333612475656e7635496674656e253230416c6b2c2475656e7a35416e74676c273232497269712532324f726566474c273230456e65696e67266161663f33&jb=313731246e71354d677a696e6c61253a443d2c32273032205f616e646d77712530304e5427323033302c302d334227323057696c36342733402730327a36362925303243727064655f6562496974253a443d31352c31342d3a38284b4a544f4c2732432530306c6b6b67253a304767636b6f292732304168706d6f6727324439332c322c36353f3726363327323053696469706b2730443d3b3f2e3334

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 06 Oct 2021 13:15:35 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=96
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript;charset=UTF-8

GET
H/1.1 200
OK clear.png
89oebq5k3oq2sxzj2zyuj3a5gpalkba73xkzm5kd2b9f4b37dcd6d4bbam1.e.aa.online-metrix.net/fp/ Frame 2155 81 B
438 B 54ms
12ms Image
image/png 91.235.134.131
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://89oebq5k3oq2sxzj2zyuj3a5gpalkba73xkzm5kd2b9f4b37dcd6d4bbam1.e.aa.online-metrix.net/fp/clear.png?org_id=89oebq5k&session_id=0b37b5849ae654d879f3cf3988456a75201a7546d608ee7e551f4ecdf773f47e&nonce=2b9f4b37dcd6d4bb&pageid=1&di=yes

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.134.131 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Oct 2021 13:15:35 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate
Connection: close
Content-Length: 81
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
No Content clear.png Show response
content22.online.citi.com/fp/ Frame A23A 0
387 B 13ms
12ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: content22.online.citi.com
URL: https://content22.online.citi.com/fp/ls_fp.html;CIS3SID=0C8949489CA3EE8FA07E832BF67683F2?org_id=89oebq5k&session_id=7df14171f1e513ba6718c7e8cad3f42a088b3e317dc438b1984c180fb53875dd&nonce=5b34b35a169f0058&pageid=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://content22.online.citi.com/fp/ls_fp.html;CIS3SID=0C8949489CA3EE8FA07E832BF67683F2?org_id=89oebq5k&session_id=7df14171f1e513ba6718c7e8cad3f42a088b3e317dc438b1984c180fb53875dd&nonce=5b34b35a169f0058&pageid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Oct 2021 13:15:35 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=96
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
No Content clear.png Show response
content22.online.citi.com/fp/ Frame 2DA9 0
387 B 14ms
13ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: content22.online.citi.com
URL: https://content22.online.citi.com/fp/ls_fp.html;CIS3SID=3C4BE841345B2E06D2586308AFE76EC4?org_id=89oebq5k&session_id=0b37b5849ae654d879f3cf3988456a75201a7546d608ee7e551f4ecdf773f47e&nonce=2b9f4b37dcd6d4bb&pageid=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://content22.online.citi.com/fp/ls_fp.html;CIS3SID=3C4BE841345B2E06D2586308AFE76EC4?org_id=89oebq5k&session_id=0b37b5849ae654d879f3cf3988456a75201a7546d608ee7e551f4ecdf773f47e&nonce=2b9f4b37dcd6d4bb&pageid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Oct 2021 13:15:35 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=95
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
No Content clear.png Show response
content22.online.citi.com/fp/ Frame 6D35 0
387 B 12ms
12ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=7df14171f1e513ba6718c7e8cad3f42a088b3e317dc438b1984c180fb53875dd&nonce=5b34b35a169f0058&pageid=1&jac=1&je=33313a2626706f3d7b65732662637673763f7b2a6e67766d6e223a332c30322c227b7c637675712238226168637a6569666f227f266975666a3d616d6462616536373a363737643030666262643b35333433373e3b30646a6639633436353262663d3e363336343967626766333d3b35696a3736356932333337

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Oct 2021 13:15:35 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=94
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
No Content clear.png Show response
content22.online.citi.com/fp/ Frame 2155 0
387 B 12ms
12ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/clear.png?org_id=89oebq5k&session_id=0b37b5849ae654d879f3cf3988456a75201a7546d608ee7e551f4ecdf773f47e&nonce=2b9f4b37dcd6d4bb&pageid=1&jac=1&je=31333a242470653d716573246261747b763579206e67746d642a3a312c30322c20737461767573203a206360617265696e67227f266177646a3f61676462636534353a3435376e303a6662606439373b343935343b30666a6c31633636353262643536343336363b6560656e31353b3561623736356130313335

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 06 Oct 2021 13:15:35 GMT
X-Content-Type-Options: nosniff
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=2, max=93
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 204
204 clear3.png;CIS3SID=0C8949489CA3EE8FA07E832BF67683F2 Show response
content22.online.citi.com/fp/ Frame 6D35 0
219 B 14ms
14ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/clear3.png;CIS3SID=0C8949489CA3EE8FA07E832BF67683F2?org_id=89oebq5k&session_id=7df14171f1e513ba6718c7e8cad3f42a088b3e317dc438b1984c180fb53875dd&nonce=5b34b35a169f0058&pageid=1&jac=1&je=3a3424267067673d27374225323074657027323a27314139273243273032776e646d6e6b6c656630324f52544b474c302d3a3227334925374066636471652532412530324f5056494d4e2532322730433627354c273544

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 06 Oct 2021 13:15:39 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=100
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript;charset=UTF-8

GET
H/1.1 204
204 clear3.png;CIS3SID=3C4BE841345B2E06D2586308AFE76EC4 Show response
content22.online.citi.com/fp/ Frame 2155 0
218 B 13ms
13ms Script
text/javascript 91.235.133.67
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://content22.online.citi.com/fp/clear3.png;CIS3SID=3C4BE841345B2E06D2586308AFE76EC4?org_id=89oebq5k&session_id=0b37b5849ae654d879f3cf3988456a75201a7546d608ee7e551f4ecdf773f47e&nonce=2b9f4b37dcd6d4bb&pageid=1&jac=1&je=3836242472676d3d2d3742273232766d702d3030273143392d3a43253032776e666566696c656432304d505c494f4c3025323227334127354064636e71652732432730304d505c49474e25303225324b362d3746273546

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.235.133.67 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://cltlbank-heip.serveirc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Wed, 06 Oct 2021 13:15:39 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=2, max=99
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript;charset=UTF-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.citi.com
URL: https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff

Domain: www.citi.com
URL: https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff

Domain: www.citi.com
URL: https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Regular.woff

Domain: www.citi.com
URL: https://www.citi.com/cbol-pre-login-static-assets/runtime-es2015.fa01c7c4a7c1f381fac9.js

Domain: www.citi.com
URL: https://www.citi.com/cbol-pre-login-static-assets/polyfills-es2015.c9c85aed81ea11816a2b.js

Domain: www.citi.com
URL: https://www.citi.com/cbol-pre-login-static-assets/main-es2015.3c13728c58c9290436a4.js

Domain: www.citi.com
URL: https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff

Domain: www.citi.com
URL: https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff

Domain: www.citi.com
URL: https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf

Domain: www.citi.com
URL: https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf

Domain: contents3.00110.citi.com
URL: https://contents3.00110.citi.com/api/v1/cr.png?cid=cedric&snum=1633526133348-sjn0000164-fd99a093-89f9-4c22-82c6-de311d360e40&muid=1633526132805-826E0E2B-8B3F-40D7-8664-1AC3DA7C11A7

Domain: www.citi.com
URL: https://www.citi.com/cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Bold.woff

Domain: www.citi.com
URL: https://www.citi.com/cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Light.woff

Domain: www.citi.com
URL: https://www.citi.com/cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Bold.ttf

Domain: www.citi.com
URL: https://www.citi.com/cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Light.ttf

Domain: ghbmnnjooekpmoecnnnilnnbdlolhkhi
URL: chrome-extension://ghbmnnjooekpmoecnnnilnnbdlolhkhi/page_embed_script.js

Domain: ghbmnnjooekpmoecnnnilnnbdlolhkhi
URL: chrome-extension://ghbmnnjooekpmoecnnnilnnbdlolhkhi/page_embed_script.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citibank (Banking)

101 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.cltlbank-heip.serveirc.com/	1969-12-31 23:59:59	Name: cdContextId Value: 1
.cltlbank-heip.serveirc.com/	1970-01-20 06:31:02	Name: bmuid Value: 1633526132805-826E0E2B-8B3F-40D7-8664-1AC3DA7C11A7
content22.online.citi.com/	1970-01-21 16:57:26	Name: thx_guid Value: 182e023c50824029af19bf1ec57d2102
.bing.com/	1970-01-20 07:07:02	Name: MUID Value: 277C36C3BF576EB815A4260BBE126FB9
cltlbank-heip.serveirc.com/	1970-01-20 06:31:02	Name: mdLogger Value: false
cltlbank-heip.serveirc.com/	1970-01-20 06:31:02	Name: kampyle_userid Value: bc70-b3a7-5ee6-d65e-5b64-aff4-950a-a8d5
cltlbank-heip.serveirc.com/	1970-01-20 06:31:02	Name: kampyleUserSession Value: 1633526133265
cltlbank-heip.serveirc.com/	1970-01-20 06:31:02	Name: kampyleUserSessionsCount Value: 1
cltlbank-heip.serveirc.com/	1970-01-20 06:31:02	Name: kampyleSessionPageCounter Value: 1
.doubleclick.net/	1970-01-19 21:45:27	Name: test_cookie Value: CheckForPermission
.cltlbank-heip.serveirc.com/	1970-01-20 06:31:02	Name: cdSNum Value: 1633526133348-sjn0000164-fd99a093-89f9-4c22-82c6-de311d360e40

37 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: http://cltlbank-heip.serveirc.com/ Message: Access to font at 'https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff' from origin 'http://cltlbank-heip.serveirc.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://citimobile.citibankonline.com' that is not equal to the supplied origin.
network	error	URL: https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://cltlbank-heip.serveirc.com/ Message: Access to font at 'https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Regular.woff' from origin 'http://cltlbank-heip.serveirc.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://citimobile.citibankonline.com' that is not equal to the supplied origin.
network	error	URL: https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Regular.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://cltlbank-heip.serveirc.com/ Message: Access to font at 'https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff' from origin 'http://cltlbank-heip.serveirc.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://citimobile.citibankonline.com' that is not equal to the supplied origin.
network	error	URL: https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709 Message: Failed to load resource: the server responded with a status of 451 ()
javascript	error	URL: http://cltlbank-heip.serveirc.com/ Message: Access to font at 'https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff' from origin 'http://cltlbank-heip.serveirc.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://citimobile.citibankonline.com' that is not equal to the supplied origin.
network	error	URL: https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://cltlbank-heip.serveirc.com/ Message: Access to font at 'https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff' from origin 'http://cltlbank-heip.serveirc.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://citimobile.citibankonline.com' that is not equal to the supplied origin.
network	error	URL: https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://cltlbank-heip.serveirc.com/ Message: Access to script at 'https://www.citi.com/cbol-pre-login-static-assets/runtime-es2015.fa01c7c4a7c1f381fac9.js' from origin 'http://cltlbank-heip.serveirc.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://citimobile.citibankonline.com' that is not equal to the supplied origin.
network	error	URL: https://www.citi.com/cbol-pre-login-static-assets/runtime-es2015.fa01c7c4a7c1f381fac9.js Message: Failed to load resource: net::ERR_FAILED
deprecation	warning	URL: https://www.citi.com/cbol-pre-login-static-assets/assets/partner-login/qr/js/xmsdk.js(Line 18) Message: RTP data channels are no longer supported. The "RtpDataChannels" constraint is currently ignored, and may cause an error at a later date.
javascript	error	URL: http://cltlbank-heip.serveirc.com/ Message: Access to script at 'https://www.citi.com/cbol-pre-login-static-assets/polyfills-es2015.c9c85aed81ea11816a2b.js' from origin 'http://cltlbank-heip.serveirc.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://citimobile.citibankonline.com' that is not equal to the supplied origin.
network	error	URL: https://www.citi.com/cbol-pre-login-static-assets/polyfills-es2015.c9c85aed81ea11816a2b.js Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://cltlbank-heip.serveirc.com/ Message: Access to script at 'https://www.citi.com/cbol-pre-login-static-assets/main-es2015.3c13728c58c9290436a4.js' from origin 'http://cltlbank-heip.serveirc.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://citimobile.citibankonline.com' that is not equal to the supplied origin.
network	error	URL: https://www.citi.com/cbol-pre-login-static-assets/main-es2015.3c13728c58c9290436a4.js Message: Failed to load resource: net::ERR_FAILED
deprecation	warning	URL: https://www.citi.com/cbol-pre-login-static-assets/cbol-core-assets/cedric/cedric.js(Line 7) Message: Plan B SDP semantics, which is used when constructing an RTCPeerConnection with {sdpSemantics:"plan-b"}, is a legacy version of the Session Description Protocol that has severe compatibility issues on modern browsers. The standardized SDP format, "unified-plan", has been used by default since M72 (January, 2019). Dropping support for Plan B is targeted for M93. See https://www.chromestatus.com/feature/5823036655665152 for more details, including the possibility of registering for a Deprecation Trial in order to extend the Plan B deprecation deadline for a limited amount of time.
javascript	error	URL: http://cltlbank-heip.serveirc.com/ Message: Access to font at 'https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf' from origin 'http://cltlbank-heip.serveirc.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://citimobile.citibankonline.com' that is not equal to the supplied origin.
network	error	URL: https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://cltlbank-heip.serveirc.com/ Message: Access to font at 'https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf' from origin 'http://cltlbank-heip.serveirc.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://citimobile.citibankonline.com' that is not equal to the supplied origin.
network	error	URL: https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://cltlbank-heip.serveirc.com/ Message: Access to XMLHttpRequest at 'https://contents3.00110.citi.com/api/v1/cr.png?cid=cedric&snum=1633526133348-sjn0000164-fd99a093-89f9-4c22-82c6-de311d360e40&muid=1633526132805-826E0E2B-8B3F-40D7-8664-1AC3DA7C11A7' from origin 'http://cltlbank-heip.serveirc.com' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
network	error	URL: https://contents3.00110.citi.com/api/v1/cr.png?cid=cedric&snum=1633526133348-sjn0000164-fd99a093-89f9-4c22-82c6-de311d360e40&muid=1633526132805-826E0E2B-8B3F-40D7-8664-1AC3DA7C11A7 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://cltlbank-heip.serveirc.com/ Message: Access to font at 'https://www.citi.com/cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Bold.woff' from origin 'http://cltlbank-heip.serveirc.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://citimobile.citibankonline.com' that is not equal to the supplied origin.
network	error	URL: https://www.citi.com/cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Bold.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://cltlbank-heip.serveirc.com/ Message: Access to font at 'https://www.citi.com/cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Light.woff' from origin 'http://cltlbank-heip.serveirc.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://citimobile.citibankonline.com' that is not equal to the supplied origin.
network	error	URL: https://www.citi.com/cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Light.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://cltlbank-heip.serveirc.com/ Message: Access to font at 'https://www.citi.com/cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Bold.ttf' from origin 'http://cltlbank-heip.serveirc.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://citimobile.citibankonline.com' that is not equal to the supplied origin.
network	error	URL: https://www.citi.com/cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Bold.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://cltlbank-heip.serveirc.com/ Message: Access to font at 'https://www.citi.com/cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Light.ttf' from origin 'http://cltlbank-heip.serveirc.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://citimobile.citibankonline.com' that is not equal to the supplied origin.
network	error	URL: https://www.citi.com/cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Light.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://cltlbank-heip.serveirc.com/ Message: Access to XMLHttpRequest at 'chrome-extension://ghbmnnjooekpmoecnnnilnnbdlolhkhi/page_embed_script.js' from origin 'http://cltlbank-heip.serveirc.com' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-untrusted, https.
network	error	URL: chrome-extension://ghbmnnjooekpmoecnnnilnnbdlolhkhi/page_embed_script.js Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://cltlbank-heip.serveirc.com/ Message: Access to XMLHttpRequest at 'chrome-extension://ghbmnnjooekpmoecnnnilnnbdlolhkhi/page_embed_script.js' from origin 'http://cltlbank-heip.serveirc.com' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-untrusted, https.
network	error	URL: chrome-extension://ghbmnnjooekpmoecnnnilnnbdlolhkhi/page_embed_script.js Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

89oebq5k3oq2sxzj2zyuj3a5gpalkba73xkzm5kd2b9f4b37dcd6d4bbam1.e.aa.online-metrix.net
89oebq5kqqx7z42riyrsy6cpslwy4pp75dxampwm5b34b35a169f0058am1.e.aa.online-metrix.net
bat.bing.com
bid.g.doubleclick.net
cltlbank-heip.serveirc.com
code.jquery.com
content22.online.citi.com
contents3.00110.citi.com
ghbmnnjooekpmoecnnnilnnbdlolhkhi
h.online-metrix.net
nebula-cdn.kampyle.com
online.citi.com
resources.digital-cloud-citi.medallia.com
sr.rlcdn.com
udc-neb.kampyle.com
www.citi.com
contents3.00110.citi.com
ghbmnnjooekpmoecnnnilnnbdlolhkhi
www.citi.com
104.106.211.171
142.250.110.154
151.101.129.175
151.101.130.133
162.243.171.38
204.79.197.200
23.44.210.190
35.190.60.146
35.241.45.82
69.16.175.42
91.235.132.130
91.235.133.67
91.235.134.131
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed
1698997459571be781f6e8e102a6d4da5494b556b573050f10457d273986da19
1c69468ad43d43f8c701bcd193de8688ba49a17128a730c065c7a06d08106daf
1cf149ec28da13aad3dd72cd0cf1fba0053c6686772b6183255256aaccbed549
2163fe2faf4f293e04c6015ac36804bd7caf707b52c021a59d67f4ec37d76a69
217d607f6df2be40601eb99ec0e99d686fb904028200918cee5abd743208c10b
25f4eeb23f67fe1d74534ed37230ecd54ab4f57524276970dcbeaaf3b0fc64f9
2d211b9f0fb0b9b3d7d4c8dd94cc15506a6a9dc345619e0907cb4b3f4268e527
3428fb639ef0bc00bc0582c2b6b42d04b1f364782fdefdae3e91a9d73c8726b8
3e72de5de67d6d80b65a114af684eaf880c53c250155a663cb17d677ff064bc1
3fca3de24621f0f10186594054444d608016297c2e853e548710b3521e42a609
48451bef935eba4b7a149a7b6dc16cc7183e75cb2887d571a3382ae3f155686a
48e89b7e40e096b89d864a5c8ee340ce44ca60fe9675310ef2f3f40a53a7d593
51c6043803bec020097c7f9559f9f87f1b427daf7590f68f2ce2b3a4feaf661a
5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837
59fbd4183d998d134725a77b18536f20e42f55e69be5d5b08fee043c1f07b381
6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452
6e403b602b24216db2274cc114b4ed39f4500b3ed251dd704509340b67f33be8
797745da0019685d2bf6224dde27c4e6be1ea2403efaa2c044ed164abd7fc51c
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
a11ffa46316a590d3ac199c8303c3f18eda2bf0ce2a4f9e773847cce36b1d8ec
a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f
b003096425d7fd5d3e604e429f302097525fadcd5efa87e3e086ae595e4f48f1
b651474f6b5c69993138f87773b2f31cede57887b7802ae2d11b7a379a1f8f0e
b8e446605f92c29a178dd6494688103ac268004592afe06643df46f4bff68577
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8
c8bc330a07fc8ba4ead1f924570b2eeb220dfb170e86ea6594f7a2daef2efc16
dd65a674c821f6a0e0ec4b181532b00c0cc5d5bde623ea98affcb9f383139b57
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7bd93ed53c190d531b7a41d860960914e7c005fd992ed4ca2a5370ca885dd9f
ebca398bc1e091c96e53de2ba8ed83fd31c26ca43e8f331f8746a9a5323360ec
f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

cltlbank-heip.serveirc.com Open in urlscan Pro 162.243.171.38 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

83 Requests

75 %HTTPS

0 %IPv6

10 Domains

16 Subdomains

14 IPs

1 Countries

1581 kBTransfer

6069 kBSize

11 Cookies

33 Outgoing links

Redirected requests

83 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

cltlbank-heip.serveirc.com Open in urlscan Pro
162.243.171.38 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

83
Requests

75 %
HTTPS

0 %
IPv6

10
Domains

16
Subdomains

14
IPs

1
Countries

1581 kB
Transfer

6069 kB
Size

11
Cookies

83 HTTP transactions
0 data transactions