ar-as.archifolio.be
Open in
urlscan Pro
2a00:1c98:1000:1094:0:1:ec2e:b1f3
Malicious Activity!
Public Scan
Submission: On April 25 via api from IE — Scanned from DE
Summary
TLS certificate: Issued by R3 on April 22nd 2022. Valid for: 3 months.
This is the only time ar-as.archifolio.be was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Citizens Bank (Banking)Live information
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2a00:1c98:100... 2a00:1c98:1000:1094:0:1:ec2e:b1f3 | 34762 (COMBELL-AS) (COMBELL-AS) | |
7 | 104.90.136.64 104.90.136.64 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
8 | 2 |
ASN16625 (AKAMAI-AS, US)
PTR: a104-90-136-64.deploy.static.akamaitechnologies.com
www3.citizensbankonline.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
citizensbankonline.com
www3.citizensbankonline.com — Cisco Umbrella Rank: 126261 |
12 KB |
1 |
archifolio.be
ar-as.archifolio.be |
4 KB |
8 | 2 |
Domain | Requested by | |
---|---|---|
7 | www3.citizensbankonline.com |
ar-as.archifolio.be
|
1 | ar-as.archifolio.be | |
8 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.citizensbank.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
ar-as.archifolio.be R3 |
2022-04-22 - 2022-07-21 |
3 months | crt.sh |
citizensbankonline.com Entrust Certification Authority - L1M |
2022-04-13 - 2023-04-13 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://ar-as.archifolio.be/citzen/citizn/verify.html
Frame ID: 76280CE194D48EB1E63E013DE89103EA
Requests: 8 HTTP requests in this frame
4 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Privacy & Security
Search URL Search Domain Scan URL
Title: Terms of Use
Search URL Search Domain Scan URL
Title: Citizens Bank Online Guarantee
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
verify.html
ar-as.archifolio.be/citzen/citizn/ |
18 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pm_fp.js
www3.citizensbankonline.com/efs/efs/jsp-ns/ |
23 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
citlogo.gif
www3.citizensbankonline.com/efs/efs/grafx/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
spacer.gif
www3.citizensbankonline.com/efs/efs/grafx/ |
42 B 353 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
home.gif
www3.citizensbankonline.com/efs/efs/grafx/ |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
btn_continue.gif
www3.citizensbankonline.com/efs/efs/grafx/ |
468 B 807 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ehl.gif
www3.citizensbankonline.com/efs/efs/grafx/ |
88 B 400 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_bg.jpg
www3.citizensbankonline.com/efs/efs/grafx/ |
667 B 982 B |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Citizens Bank (Banking)20 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails string| SEP string| PAIR function| activeXDetect function| stripIllegalChars function| stripFullPath object| BrowserDetect function| FingerPrint function| Hashtable function| IE_FingerPrint function| Mozilla_FingerPrint function| Opera_FingerPrint function| add_deviceprint function| urlEncode function| encode_deviceprint function| decode_deviceprint function| post_deviceprint0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ar-as.archifolio.be
www3.citizensbankonline.com
104.90.136.64
2a00:1c98:1000:1094:0:1:ec2e:b1f3
40e0eb135bd751800ff520ca2e265c9e4b0fdbaea8260d0ce059e27c05622d39
5cd35c8ac4630375a6b89e2d770c6023bca82d772a6454e65135ec1713970ebd
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
a88676de1836609194ae8a17b09966f99b505b11f69cc801c1f6c442f187d05d
c6fbe2de716de3100ada73ac3cd1f0c52d3bcd0957ae1623c2abd1c94e91e21e
d2c454e5be26b1dab56fc01f7e723e531d883b9d9f0c2f46f9efc63d644b7beb
d570f71cca1ef1b531281269207bb3808c31737c62f2b3b8169825fd0fe9f591
f38ccfb82832d5d520a762b30713c43d178f8e9b6e0f9f51970611f06636d6aa