ar-as.archifolio.be Open in urlscan Pro
2a00:1c98:1000:1094:0:1:ec2e:b1f3  Malicious Activity! Public Scan

URL: https://ar-as.archifolio.be/citzen/citizn/verify.html
Submission: On April 25 via api from IE — Scanned from DE

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 8 HTTP transactions. The main IP is 2a00:1c98:1000:1094:0:1:ec2e:b1f3, located in Belgium and belongs to COMBELL-AS, BE. The main domain is ar-as.archifolio.be.
TLS certificate: Issued by R3 on April 22nd 2022. Valid for: 3 months.
This is the only time ar-as.archifolio.be was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citizens Bank (Banking)

Live information

Domain & IP information

IP Address AS Autonomous System
1 2a00:1c98:100... 34762 (COMBELL-AS)
7 104.90.136.64 16625 (AKAMAI-AS)
8 2
Apex Domain
Subdomains
Transfer
7 citizensbankonline.com
www3.citizensbankonline.com — Cisco Umbrella Rank: 126261
12 KB
1 archifolio.be
ar-as.archifolio.be
4 KB
8 2
Domain Requested by
7 www3.citizensbankonline.com ar-as.archifolio.be
1 ar-as.archifolio.be
8 2

This site contains links to these domains. Also see Links.

Domain
www.citizensbank.com
Subject Issuer Validity Valid
ar-as.archifolio.be
R3
2022-04-22 -
2022-07-21
3 months crt.sh
citizensbankonline.com
Entrust Certification Authority - L1M
2022-04-13 -
2023-04-13
a year crt.sh

This page contains 1 frames:

Primary Page: https://ar-as.archifolio.be/citzen/citizn/verify.html
Frame ID: 76280CE194D48EB1E63E013DE89103EA
Requests: 8 HTTP requests in this frame

Screenshot

Page Title

Citizens Bank Online - Identity Verification

Page Statistics

8
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

16 kB
Transfer

45 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request verify.html
ar-as.archifolio.be/citzen/citizn/
18 KB
4 KB
Document
General
Full URL
https://ar-as.archifolio.be/citzen/citizn/verify.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:1c98:1000:1094:0:1:ec2e:b1f3 , Belgium, ASN34762 (COMBELL-AS, BE),
Reverse DNS
Software
nginx / WP Rocket/3.4.2.2
Resource Hash
40e0eb135bd751800ff520ca2e265c9e4b0fdbaea8260d0ce059e27c05622d39
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=0, public
content-encoding
gzip
content-length
3606
content-type
text/html; charset=UTF-8
date
Mon, 25 Apr 2022 14:25:18 GMT
expires
Mon, 25 Apr 2022 14:25:18 GMT
server
nginx
vary
Accept-Encoding
x-content-type-options
nosniff
x-powered-by
WP Rocket/3.4.2.2
x-xss-protection
1; mode=block
pm_fp.js
www3.citizensbankonline.com/efs/efs/jsp-ns/
23 KB
6 KB
Script
General
Full URL
https://www3.citizensbankonline.com/efs/efs/jsp-ns/pm_fp.js
Requested by
Host: ar-as.archifolio.be
URL: https://ar-as.archifolio.be/citzen/citizn/verify.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.90.136.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-136-64.deploy.static.akamaitechnologies.com
Software
Akamai Resource Optimizer /
Resource Hash
c6fbe2de716de3100ada73ac3cd1f0c52d3bcd0957ae1623c2abd1c94e91e21e
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ar-as.archifolio.be/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Mon, 25 Apr 2022 14:25:19 GMT
content-encoding
br
server-timing
cdn-cache; desc=HIT, edge; dur=9
content-length
5739
x-olb-req-received
t=1650709538017405
last-modified
Sat, 23 Apr 2022 10:27:31 GMT
server
Akamai Resource Optimizer
x-frame-options
SAMEORIGIN
etag
"5cbf-5dbf2933205c2"
vary
Accept-Encoding
strict-transport-security
max-age=15768000
content-type
application/x-javascript
access-control-allow-origin
*
expires
Tue, 26 Apr 2022 06:44:00 GMT
cache-control
max-age=58721
accept-ranges
bytes
lb-action
None, None
x-olb-req-duration
D=1188
citlogo.gif
www3.citizensbankonline.com/efs/efs/grafx/
2 KB
2 KB
Image
General
Full URL
https://www3.citizensbankonline.com/efs/efs/grafx/citlogo.gif
Requested by
Host: ar-as.archifolio.be
URL: https://ar-as.archifolio.be/citzen/citizn/verify.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.90.136.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-136-64.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
a88676de1836609194ae8a17b09966f99b505b11f69cc801c1f6c442f187d05d
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ar-as.archifolio.be/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Mon, 25 Apr 2022 14:25:19 GMT
x-olb-req-received
t=1650709542730371
last-modified
Sat, 29 Jan 2022 03:00:50 GMT
etag
"719-5d6afc240d077"
x-frame-options
SAMEORIGIN
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=417786
x-olb-req-duration
D=105
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
1817
strict-transport-security
max-age=15768000
accept-ranges
bytes
lb-action
None
expires
Sat, 30 Apr 2022 10:28:25 GMT
spacer.gif
www3.citizensbankonline.com/efs/efs/grafx/
42 B
353 B
Image
General
Full URL
https://www3.citizensbankonline.com/efs/efs/grafx/spacer.gif
Requested by
Host: ar-as.archifolio.be
URL: https://ar-as.archifolio.be/citzen/citizn/verify.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.90.136.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-136-64.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ar-as.archifolio.be/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Mon, 25 Apr 2022 14:25:19 GMT
x-olb-req-received
t=1650709540315958
last-modified
Sat, 29 Jan 2022 03:00:50 GMT
etag
"2a-5d6afc2413dd5"
x-frame-options
SAMEORIGIN
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=417572
x-olb-req-duration
D=94
server-timing
cdn-cache; desc=HIT, edge; dur=9
content-length
42
strict-transport-security
max-age=15768000
accept-ranges
bytes
lb-action
None
expires
Sat, 30 Apr 2022 10:24:51 GMT
home.gif
www3.citizensbankonline.com/efs/efs/grafx/
1 KB
1 KB
Image
General
Full URL
https://www3.citizensbankonline.com/efs/efs/grafx/home.gif
Requested by
Host: ar-as.archifolio.be
URL: https://ar-as.archifolio.be/citzen/citizn/verify.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.90.136.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-136-64.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
d570f71cca1ef1b531281269207bb3808c31737c62f2b3b8169825fd0fe9f591
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ar-as.archifolio.be/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Mon, 25 Apr 2022 14:25:19 GMT
x-olb-req-received
t=1650709542682506
last-modified
Sat, 29 Jan 2022 03:00:50 GMT
etag
"48e-5d6afc2410b0e"
x-frame-options
SAMEORIGIN
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=417681
x-olb-req-duration
D=94
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
1166
strict-transport-security
max-age=15768000
accept-ranges
bytes
lb-action
None
expires
Sat, 30 Apr 2022 10:26:40 GMT
btn_continue.gif
www3.citizensbankonline.com/efs/efs/grafx/
468 B
807 B
Image
General
Full URL
https://www3.citizensbankonline.com/efs/efs/grafx/btn_continue.gif
Requested by
Host: ar-as.archifolio.be
URL: https://ar-as.archifolio.be/citzen/citizn/verify.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.90.136.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-136-64.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
d2c454e5be26b1dab56fc01f7e723e531d883b9d9f0c2f46f9efc63d644b7beb
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ar-as.archifolio.be/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Mon, 25 Apr 2022 14:25:19 GMT
x-olb-req-received
t=1650896719399857
last-modified
Sat, 29 Jan 2022 03:00:50 GMT
etag
"1d4-5d6afc2400d2a"
x-frame-options
SAMEORIGIN
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=604800
x-olb-req-duration
D=96
server-timing
cdn-cache; desc=MISS, edge; dur=132, origin; dur=23
content-length
468
strict-transport-security
max-age=15768000
accept-ranges
bytes
lb-action
None
expires
Mon, 02 May 2022 14:25:19 GMT
ehl.gif
www3.citizensbankonline.com/efs/efs/grafx/
88 B
400 B
Image
General
Full URL
https://www3.citizensbankonline.com/efs/efs/grafx/ehl.gif
Requested by
Host: ar-as.archifolio.be
URL: https://ar-as.archifolio.be/citzen/citizn/verify.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.90.136.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-136-64.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
f38ccfb82832d5d520a762b30713c43d178f8e9b6e0f9f51970611f06636d6aa
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ar-as.archifolio.be/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Mon, 25 Apr 2022 14:25:19 GMT
x-olb-req-received
t=1650709542820848
last-modified
Sat, 29 Jan 2022 03:00:50 GMT
etag
"58-5d6afc240d847"
x-frame-options
SAMEORIGIN
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=417536
x-olb-req-duration
D=98
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
88
strict-transport-security
max-age=15768000
accept-ranges
bytes
lb-action
None
expires
Sat, 30 Apr 2022 10:24:15 GMT
logo_bg.jpg
www3.citizensbankonline.com/efs/efs/grafx/
667 B
982 B
Image
General
Full URL
https://www3.citizensbankonline.com/efs/efs/grafx/logo_bg.jpg
Requested by
Host: ar-as.archifolio.be
URL: https://ar-as.archifolio.be/citzen/citizn/verify.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.90.136.64 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-136-64.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
5cd35c8ac4630375a6b89e2d770c6023bca82d772a6454e65135ec1713970ebd
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ar-as.archifolio.be/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36

Response headers

date
Mon, 25 Apr 2022 14:25:19 GMT
x-olb-req-received
t=1650710360545199
last-modified
Sat, 29 Jan 2022 03:02:19 GMT
etag
"29b-5d6afc79a6979"
x-frame-options
SAMEORIGIN
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=418325
x-olb-req-duration
D=107
server-timing
cdn-cache; desc=HIT, edge; dur=309
content-length
667
strict-transport-security
max-age=15768000
accept-ranges
bytes
lb-action
None
expires
Sat, 30 Apr 2022 10:37:24 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citizens Bank (Banking)

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails string| SEP string| PAIR function| activeXDetect function| stripIllegalChars function| stripFullPath object| BrowserDetect function| FingerPrint function| Hashtable function| IE_FingerPrint function| Mozilla_FingerPrint function| Opera_FingerPrint function| add_deviceprint function| urlEncode function| encode_deviceprint function| decode_deviceprint function| post_deviceprint

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block