b0asec-u.top Open in urlscan Pro
2606:4700:3030::ac43:c070  Malicious Activity! Public Scan

8 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://b0asec-u.top/ Page URL
2. https://b0asec-u.top/DMG0CM7EF5E2OGSJ60YLFUBTH6/card Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response b0asec-u.top/	789 B 979 B	180ms 66ms	Document text/html	2606:4700:3030::ac43:c070 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://b0asec-u.top/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::ac43:c070 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash dc75ae0936b9e091da013433cecbb8892b3ef1f0de4757fb73fc63c9b267b089 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 745f53203ce8927f-FRA content-encoding br content-type text/html; charset=utf-8 date Mon, 05 Sep 2022 13:31:21 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yurel1FMvlDkXTNLkMEx3JrHux%2BIjRL372%2BJqyjdisvImBnVP0ckrYcq%2FrcnpKA508MNokK%2BZ6QD9uNRF1LVxZpDUPtD0KowdE1d2J6zxwjqsyaltjGPmoz7DYSuyoix9ntxJZ3OCh7I8m8%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-powered-by Express
GET H2	200	jquery-3.6.0.min.js Show response code.jquery.com/	87 KB 30 KB	50ms 17ms	Script application/javascript	2001:4de0:ac18::1:a:2a STACKPATH-CDN
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.6.0.min.js Requested by Host: b0asec-u.top URL: https://b0asec-u.top/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4de0:ac18::1:a:2a , Netherlands, ASN20446 (STACKPATH-CDN, US), Reverse DNS Software nginx / Resource Hash ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Request headers Referer https://b0asec-u.top/ Origin https://b0asec-u.top accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers date Mon, 05 Sep 2022 13:31:21 GMT content-encoding gzip last-modified Fri, 20 Aug 2021 17:47:53 GMT server nginx etag W/"611feac9-15d9d" vary Accept-Encoding x-hw 1662384681.dop237.fr8.t,1662384681.cds001.fr8.hn,1662384681.cds144.fr8.c content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 30875
GET H2	200	/ Show response geoip-lite.vercel.app/	164 B 511 B	257ms 209ms	XHR application/json	76.76.21.164 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://geoip-lite.vercel.app/ Requested by Host: code.jquery.com URL: https://code.jquery.com/jquery-3.6.0.min.js Protocol H2 Security TLS 1.3, , CHACHA20_POLY1305 Server 76.76.21.164 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Vercel / Resource Hash c50cd6ee244a5bfbfc704e6614e2a0b1c06bfbff6751783590feec69e10a6a75 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers Accept */* Referer https://b0asec-u.top/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers date Mon, 05 Sep 2022 13:31:21 GMT server Vercel age 0 x-vercel-id fra1::sfo1::g7wm5-1662384681180-f999e29fb08d x-vercel-cache MISS strict-transport-security max-age=63072000; includeSubDomains; preload access-control-allow-methods GET, PUT, POST, DELETE, OPTIONS content-type application/json; charset=utf-8 access-control-allow-origin * cache-control public, max-age=0, must-revalidate access-control-allow-headers Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With content-length 164
GET H2	200	DMG0CM7EF5E2OGSJ60YLFUBTH6.html b0asec-u.top/	76 B 518 B	44ms 44ms	XHR text/html	2606:4700:3030::ac43:c070 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://b0asec-u.top/DMG0CM7EF5E2OGSJ60YLFUBTH6.html?ip=37.58.57.2&loc=DE&city=&reg= Requested by Host: code.jquery.com URL: https://code.jquery.com/jquery-3.6.0.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::ac43:c070 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash Request headers Accept */* Referer https://b0asec-u.top/ X-Requested-With XMLHttpRequest accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers date Mon, 05 Sep 2022 13:31:21 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9LOT2pMng1fvrgMtyCqPYugX6xiKAz%2FAAA3WNGTI9HrAJRzsh%2F7slu2Ej2A6%2FdVbBpKC83PnhLh4hIobGyV47V%2B9AVZvzpAxx%2B1u%2ByPbvaWS7ODgkRvy6YfNDDabp8%2BqNjbndMppn8OOde4%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=utf-8 cf-ray 745f532359d6927f-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	Primary Request card Show response b0asec-u.top/DMG0CM7EF5E2OGSJ60YLFUBTH6/	424 KB 52 KB	143ms 143ms	Document text/html	2606:4700:3030::ac43:c070 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://b0asec-u.top/DMG0CM7EF5E2OGSJ60YLFUBTH6/card Requested by Host: b0asec-u.top URL: https://b0asec-u.top/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:c070 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 422e89ff8c5cd38e1d3193c35926bb4d29da3c4c1d7a3dcd6d27eb398542b099 Request headers Referer https://b0asec-u.top/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 745f53239b079b7a-FRA content-encoding br content-type text/html; charset=utf-8 date Mon, 05 Sep 2022 13:31:21 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TqytOFJOMGtAmrpn3ss%2BfWJ7Zjv9lZzg6E1ljvX6TRRGKWfELYgcPCTQwLcr64QU3tNwuWbxWSGTcJ5N6HVoHP0zth3%2FkbOPqmhvJV20FL13GzrKrA1GxJI%2FPmCL3g%2Fz2ApToCL2mFVZc2E%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-powered-by Express
GET H3	200	styles.e7e160580a3e695ea723.css b0asec-u.top/	2 MB 175 KB	85ms 85ms	Stylesheet text/css	2606:4700:3030::ac43:c070 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://b0asec-u.top/styles.e7e160580a3e695ea723.css Requested by Host: b0asec-u.top URL: https://b0asec-u.top/DMG0CM7EF5E2OGSJ60YLFUBTH6/card Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:c070 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash b0864e63002f34981c4363b1842b1b1f14cb672e02f1e3f55b134f00de3a5b92 Request headers accept-language de-DE,de;q=0.9 Referer https://b0asec-u.top/DMG0CM7EF5E2OGSJ60YLFUBTH6/card User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers date Mon, 05 Sep 2022 13:31:21 GMT content-encoding br etag W/"1ffb3b-181ea241068" cf-cache-status EXPIRED last-modified Sun, 10 Jul 2022 22:04:01 GMT server cloudflare x-powered-by Express vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nU%2Ft8wd8eb1jv1XJCJJ0ePqky2CsINshOA%2FztNKYYM3K9JBUlrMnDQmxj6EJL0%2FNoFHYhKYzq%2BzCo4UL6NV%2B%2FdatnNoqrEeKq5NimTYRa4ijRXK16ZbWnWQMx%2Fm7WNDY9xYIP5FdAUe3uYY%3D"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=UTF-8 cache-control public, max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 745f53248c719b7a-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	all.min.css cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/	58 KB 11 KB	35ms 17ms	Stylesheet text/css	2606:4700::6811:180e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/all.min.css Requested by Host: b0asec-u.top URL: https://b0asec-u.top/DMG0CM7EF5E2OGSJ60YLFUBTH6/card Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://b0asec-u.top/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers date Mon, 05 Sep 2022 13:31:21 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 3265061 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 10391 timing-allow-origin * last-modified Wed, 15 Jul 2020 18:15:47 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5f0f47d3-e637" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=15780000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WR0PAe1462zBfFr8eMAMx5u8qIySbwCraKSu7FZNMo1%2B2LwS7cafeQ94XrUO%2Fy%2FEdNBzVIMWetDD7NDHr3WTEu7Zz1YUuMbPKF6Ar7ye9Axs2ppXujfHKdwQq26j%2F8A2b7TQV%2Fa9q5Dte8vrwW3mWAve"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=utf-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=30672000 accept-ranges bytes cf-ray 745f5324cdf15c14-FRA expires Sat, 26 Aug 2023 13:31:21 GMT
GET H/1.1	200 OK	style.css static-assets.dev.fs.liveperson.com/citi/projects/start_a_convo/	4 KB 2 KB	573ms 167ms	Stylesheet text/css	13.33.21.96 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://static-assets.dev.fs.liveperson.com/citi/projects/start_a_convo/style.css Requested by Host: b0asec-u.top URL: https://b0asec-u.top/DMG0CM7EF5E2OGSJ60YLFUBTH6/card Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 13.33.21.96 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-33-21-96.lax53.r.cloudfront.net Software AmazonS3 / Resource Hash 8f5ef7272818fb6ed438a5239d6824eae8bc2992e46f41c8b15d1ded1ed6ed62 Request headers accept-language de-DE,de;q=0.9 Referer https://b0asec-u.top/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers x-amz-version-id K0xpJgjnSpJIAKuWA5FqOjqv.SNyNmsb Content-Encoding gzip ETag W/"15327b47e9535d411a12f73e2a096b77" Age 68 x-amz-server-side-encryption AES256 Transfer-Encoding chunked X-Cache Hit from cloudfront Connection keep-alive Last-Modified Thu, 01 Sep 2022 21:27:49 GMT Server AmazonS3 Date Mon, 05 Sep 2022 13:30:29 GMT Vary Accept-Encoding Content-Type text/css Via 1.1 1a6e1efe30d70fc3718c47f07ff0b6f0.cloudfront.net (CloudFront) X-Amz-Cf-Pop LAX53-P2 X-Amz-Cf-Id kNyK3GI4DpMft4LM6c55R0AC4CnP9iwS0vCsXoebdhEedaGWFzKCdg==
GET H3	200	citilogoredesign.png b0asec-u.top/CBOL/IA/Angular/assets/	2 KB 2 KB	46ms 45ms	Image image/png	2606:4700:3030::ac43:c070 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://b0asec-u.top/CBOL/IA/Angular/assets/citilogoredesign.png Requested by Host: b0asec-u.top URL: https://b0asec-u.top/DMG0CM7EF5E2OGSJ60YLFUBTH6/card Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:c070 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed Request headers accept-language de-DE,de;q=0.9 Referer https://b0asec-u.top/DMG0CM7EF5E2OGSJ60YLFUBTH6/card User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers date Mon, 05 Sep 2022 13:31:21 GMT etag W/"707-181e9f9d7d0" cf-cache-status EXPIRED last-modified Sun, 10 Jul 2022 21:17:54 GMT server cloudflare x-powered-by Express vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DLQt4c6eNEwmZZ%2BS8P%2FEoV637vtvIrr0OK3p7X79k3o8B313mUxmiBA0rf7AYWJmX8wqktD1GIHvtTW2KEerTrsNadvXjpmGCOuWt4NGXJUyJxjuEPeABu4fWyqXXkc2S1FbGGo7pOsUANc%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} accept-ranges bytes cf-ray 745f5324bca59b7a-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 1799
GET H3	200	jquery.min.js Show response b0asec-u.top/	85 KB 31 KB	67ms 67ms	Script application/javascript	2606:4700:3030::ac43:c070 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://b0asec-u.top/jquery.min.js Requested by Host: b0asec-u.top URL: https://b0asec-u.top/DMG0CM7EF5E2OGSJ60YLFUBTH6/card Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:c070 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 4fe68fa216176e6d1f4580e924bafecc9f519984ecc06b1a840a08b0d88c95de Request headers accept-language de-DE,de;q=0.9 Referer https://b0asec-u.top/DMG0CM7EF5E2OGSJ60YLFUBTH6/card User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers date Mon, 05 Sep 2022 13:31:21 GMT content-encoding br etag W/"15391-181c4415568" cf-cache-status EXPIRED last-modified Sun, 03 Jul 2022 13:30:25 GMT server cloudflare x-powered-by Express vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EffrOIHxiEhxU4tNk9zzOjtqhCnBC5OsGdDRVV5LH2VSb3hu2u%2BjoYbDEfFqxjjmpf7YCICReuiXBnDaL8TEHEpgmRtsE%2F9NPnqPgBvhqPT%2BxYFtC47sufQd1bUMuxHhwrUnvxVBlnh4nQ4%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 cache-control public, max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 745f5324ccc09b7a-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	jquery.mask.js Show response b0asec-u.top/	6 KB 3 KB	61ms 61ms	Script application/javascript	2606:4700:3030::ac43:c070 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://b0asec-u.top/jquery.mask.js Requested by Host: b0asec-u.top URL: https://b0asec-u.top/DMG0CM7EF5E2OGSJ60YLFUBTH6/card Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:c070 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash e28402acf82dc0bbd4cb1cbd1bca97cbee7d8862d828a31d256a8821eca5b299 Request headers accept-language de-DE,de;q=0.9 Referer https://b0asec-u.top/DMG0CM7EF5E2OGSJ60YLFUBTH6/card User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers date Mon, 05 Sep 2022 13:31:21 GMT content-encoding br etag W/"18bd-181c44174a8" cf-cache-status EXPIRED last-modified Sun, 03 Jul 2022 13:30:33 GMT server cloudflare x-powered-by Express vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GOL5OhpbxO21ARHess6u%2FF8sZyfr%2BVlCOc7c84jgPfn6LCrcj%2FrCSysixBkECXpsY9IejDgRjlD3yywzJ%2Bp3ygjily3dCRHPaQDhHkV0d3EPLeG7sDKv84YRiu78uNAKHVw6xKYmEE7kNCA%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 cache-control public, max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 745f5324ccc49b7a-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	progress-indicator-bg.png b0asec-u.top/commonui-assets/images/	1001 B 1 KB	51ms 51ms	Image image/png	2606:4700:3030::ac43:c070 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://b0asec-u.top/commonui-assets/images/progress-indicator-bg.png Requested by Host: b0asec-u.top URL: https://b0asec-u.top/styles.e7e160580a3e695ea723.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:c070 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 8dee09be2e691fe1798334a054fb42083c0509a126dd1f61bc8ca168eff326dc Request headers accept-language de-DE,de;q=0.9 Referer https://b0asec-u.top/styles.e7e160580a3e695ea723.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers date Mon, 05 Sep 2022 13:31:22 GMT etag W/"3e9-181ea2bf008" cf-cache-status EXPIRED last-modified Sun, 10 Jul 2022 22:12:37 GMT server cloudflare x-powered-by Express vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s97f1eoIC34c40232k1dHVATXqlbxfM9FZe0i%2BC1PwmQQTHdQlGG8HepS6rOeLCZ5IaTGHpB18YnNB1JG2v82VvaGxh6zyFPh1AhK6MbZgrMZIfxVnTcVTGFBzKz9IbqXY4%2FGerQ%2F07JMqI%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} accept-ranges bytes cf-ray 745f53286a639b7a-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 1001
GET H3	200	Interstate-Light.woff b0asec-u.top/commonui-assets/fonts/interstate/	74 KB 74 KB	68ms 67ms	Font font/woff	2606:4700:3030::ac43:c070 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://b0asec-u.top/commonui-assets/fonts/interstate/Interstate-Light.woff Requested by Host: b0asec-u.top URL: https://b0asec-u.top/styles.e7e160580a3e695ea723.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:c070 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296 Request headers Referer https://b0asec-u.top/styles.e7e160580a3e695ea723.css Origin https://b0asec-u.top accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers date Mon, 05 Sep 2022 13:31:22 GMT etag W/"12712-181ea0224d0" cf-cache-status EXPIRED last-modified Sun, 10 Jul 2022 21:26:58 GMT server cloudflare x-powered-by Express vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tbcujHnf8k3YSzNUKIWgPgXa2NaUuwzdGly65T%2Fx4DangbMqi54JPaUDlgaGrUL1nfKVyD8NFFbHWHC20teKAotv8S65GxdiPmy43k9Vj8TsSjg%2BabGxh0pCwvXGTQM6jj81i1%2BJ7DP2yyI%3D"}],"group":"cf-nel","max_age":604800} content-type font/woff cache-control public, max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} accept-ranges bytes cf-ray 745f53286a6f9b7a-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 75538
GET H3	200	Interstate-Bold.woff b0asec-u.top/commonui-assets/fonts/interstate/	70 KB 71 KB	61ms 61ms	Font font/woff	2606:4700:3030::ac43:c070 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://b0asec-u.top/commonui-assets/fonts/interstate/Interstate-Bold.woff Requested by Host: b0asec-u.top URL: https://b0asec-u.top/styles.e7e160580a3e695ea723.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:c070 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7 Request headers Referer https://b0asec-u.top/styles.e7e160580a3e695ea723.css Origin https://b0asec-u.top accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers date Mon, 05 Sep 2022 13:31:22 GMT etag W/"118c2-181ea02d880" cf-cache-status EXPIRED last-modified Sun, 10 Jul 2022 21:27:44 GMT server cloudflare x-powered-by Express vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nms4cIBJj4A1GFT1Vnmh7l0pyblfJxpa4WeDC2uXJ7YNBn7Mba1HLLPr6syXFlwbY48gu36Ew%2BT%2FqlfzoZkMQxEGFueH%2FaW5eRtrqVSuP7%2Fb6NrTLblXfn6aNSCQKj9XT3dRO06CAnd8jAM%3D"}],"group":"cf-nel","max_age":604800} content-type font/woff cache-control public, max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} accept-ranges bytes cf-ray 745f53286a729b7a-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 71874
GET H3	200	client Show response b0asec-u.top/	17 B 513 B	37ms 37ms	XHR application/json	2606:4700:3030::ac43:c070 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://b0asec-u.top/client?_=1662384682286 Requested by Host: b0asec-u.top URL: https://b0asec-u.top/jquery.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:c070 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 06e5f7e2d702e0110271dd33c198e1f312a785bcf41ca4fbed2fa6d67722dc03 Request headers Accept */* Referer https://b0asec-u.top/DMG0CM7EF5E2OGSJ60YLFUBTH6/card X-Requested-With XMLHttpRequest accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers date Mon, 05 Sep 2022 13:31:22 GMT etag W/"11-UIVUdQWNarX1D9mk06okyEMbpS8" cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fm3UtcPc6ejv2s%2FzYlejbEVVaG9oVGRN7KxvPy%2BCTRjRu9Wox1woI63UzItvwyLL670K1swtHGC452eucgjkyd0FbWOInWVpW6y85TPKINpzmBe1tlEU7lBCanXg1GdUA749ilOf%2BE5oVO0%3D"}],"group":"cf-nel","max_age":604800} content-type application/json; charset=utf-8 cf-ray 745f53288aa39b7a-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 17
GET H3	200	client Show response b0asec-u.top/	17 B 513 B	34ms 33ms	XHR application/json	2606:4700:3030::ac43:c070 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://b0asec-u.top/client?_=1662384682287 Requested by Host: b0asec-u.top URL: https://b0asec-u.top/jquery.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:c070 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 06e5f7e2d702e0110271dd33c198e1f312a785bcf41ca4fbed2fa6d67722dc03 Request headers Accept */* Referer https://b0asec-u.top/DMG0CM7EF5E2OGSJ60YLFUBTH6/card X-Requested-With XMLHttpRequest accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36 Response headers date Mon, 05 Sep 2022 13:31:24 GMT etag W/"11-UIVUdQWNarX1D9mk06okyEMbpS8" cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ucq1dRnOeMK0joTPUz2jy6pBnoI8jRhYp70IGpEhlnEbDzEZacjLY7DV4QPhas70R1p5bwUh61%2BGIN0cB3ruOqKVQpeCPRkEqomP2E8gV7Q5S%2Bny%2FXXRxNxwZSQCteWRP1WDCUgbnXyuiEU%3D"}],"group":"cf-nel","max_age":604800} content-type application/json; charset=utf-8 cf-ray 745f53350f2b9b7a-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 17

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citibank (Banking)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery function| remove function| checkCard

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			b0asec-u.top/	1970-01-20 06:01:25	Name: csrf-token Value: 6HTBUFLY06JSGO2E5FE7MC0GMD
			b0asec-u.top/	1970-01-20 06:01:25	Name: visitor Value: 6315fa29d13a3068100a4518
			b0asec-u.top/	1970-01-20 06:01:25	Name: chave Value: N9W4VNPIBMVM7

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

b0asec-u.top
cdnjs.cloudflare.com
code.jquery.com
geoip-lite.vercel.app
static-assets.dev.fs.liveperson.com
13.33.21.96
2001:4de0:ac18::1:a:2a
2606:4700:3030::ac43:c070
2606:4700::6811:180e
76.76.21.164
06e5f7e2d702e0110271dd33c198e1f312a785bcf41ca4fbed2fa6d67722dc03
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed
14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7
422e89ff8c5cd38e1d3193c35926bb4d29da3c4c1d7a3dcd6d27eb398542b099
4fe68fa216176e6d1f4580e924bafecc9f519984ecc06b1a840a08b0d88c95de
8dee09be2e691fe1798334a054fb42083c0509a126dd1f61bc8ca168eff326dc
8f5ef7272818fb6ed438a5239d6824eae8bc2992e46f41c8b15d1ded1ed6ed62
b0864e63002f34981c4363b1842b1b1f14cb672e02f1e3f55b134f00de3a5b92
c50cd6ee244a5bfbfc704e6614e2a0b1c06bfbff6751783590feec69e10a6a75
dc75ae0936b9e091da013433cecbb8892b3ef1f0de4757fb73fc63c9b267b089
e28402acf82dc0bbd4cb1cbd1bca97cbee7d8862d828a31d256a8821eca5b299
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e