utnon.cf
Open in
urlscan Pro
162.240.233.69
Malicious Activity!
Public Scan
Submission Tags: tweet @atomspam #phishing #citizens #bank #financial #infosec #cybersecurity #atomspam Search All
Submission: On April 07 via api from FI — Scanned from FI
Summary
This is the only time utnon.cf was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Citizens Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
26 | 162.240.233.69 162.240.233.69 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
26 | 1 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 162-240-233-69.unifiedlayer.com
utnon.cf |
Domain | Requested by | |
---|---|---|
26 | utnon.cf |
utnon.cf
|
26 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://utnon.cf/47f9a0d9e/c851?7308274b80c4b847eeb5cc471ab9c47d=600366f73d5cfaf8f23a114d218cef67
Frame ID: 47A3731791064735FDC5DF06A8EE7940
Requests: 26 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
c851
utnon.cf/47f9a0d9e/ |
24 KB 24 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.9.1.min.js
utnon.cf/47f9a0d9e/js/ |
90 KB 91 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
plugin.js
utnon.cf/47f9a0d9e/js/ |
204 KB 204 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.js
utnon.cf/47f9a0d9e/js/ |
12 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-ui-1.10.3.custom.min.css
utnon.cf/47f9a0d9e/styless/ |
19 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
normalize.css
utnon.cf/47f9a0d9e/styless/ |
10 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.css
utnon.cf/47f9a0d9e/styless/ |
61 KB 61 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
flows.css
utnon.cf/47f9a0d9e/styless/ |
8 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ad-containers.css
utnon.cf/47f9a0d9e/styless/ |
8 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
citizensns.min.42588.css
utnon.cf/47f9a0d9e/styless/ |
6 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
CTZ_Green-01.png
utnon.cf/47f9a0d9e/styless/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
feedback.png
utnon.cf/47f9a0d9e/styless/ |
824 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
equal-housing.gif
utnon.cf/47f9a0d9e/styless/ |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
footer-follow-facebook.png
utnon.cf/47f9a0d9e/styless/ |
395 B 636 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
footer-follow-twitter.png
utnon.cf/47f9a0d9e/styless/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
footer-follow-linkedin.png
utnon.cf/47f9a0d9e/styless/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-secure.png
utnon.cf/47f9a0d9e/styless/efs/efs/grafx/ |
292 B 533 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
flows-tooltip.png
utnon.cf/47f9a0d9e/styless/efs/efs/grafx/ |
364 B 605 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
arrow-button-white.png
utnon.cf/47f9a0d9e/styless/efs/efs/grafx/ |
1017 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
arrow-down-blue.png
utnon.cf/47f9a0d9e/styless/efs/efs/grafx/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
arrow-right-orange.png
utnon.cf/47f9a0d9e/styless/efs/efs/grafx/ |
165 B 406 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
citizen_roman.woff
utnon.cf/47f9a0d9e/styless/font/ |
31 KB 31 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
citiolb_icons.woff
utnon.cf/47f9a0d9e/styless/font/ |
18 KB 18 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
citizen_extrabold.woff
utnon.cf/47f9a0d9e/styless/font/ |
27 KB 27 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
citizen_book.woff
utnon.cf/47f9a0d9e/styless/font/ |
31 KB 31 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
citizen_bold.woff
utnon.cf/47f9a0d9e/styless/font/ |
29 KB 29 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Citizens Bank (Banking)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless function| $ function| jQuery object| CITIZENSOLB1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
utnon.cf/ | Name: PHPSESSID Value: 96fbb170106ade0bcfded4b707a7568e |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
utnon.cf
162.240.233.69
051bc7c07680cc9d7cabf53271a835ff420fce73726f971555df422db08f6f0f
0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759
2352d5519859c90f1259960f8a9307a7b07a95a1d8bb8f606d21e87ccf4b9bb3
2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277
2f6890d706e585ea7f2fd51c88165eea82370d7fb7eff2184d0f2863512870c2
319d82f567037eafefea25abbc64ea902db9255c5e7231fe9ddd462e4f5b9149
4d825cc1794390e4680415375dad3b5ca876d00703f5201fa65ec417ea01dabc
56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c
5bb2d438470a02799577010a14310fa8ac3ed7ea77ca15435aaaa154e407b3e6
713f1268435943170faadadc547d8c68bb00822783e5e0c2d1129972a784f949
7933ff01db5be57ca6677daaad6bf5009d38d294ab5aa5d998de3ba47e89ca0e
7aaf6df215bb7018439342fe6bcd1058de3e7dfa2c7b4e1176c842b1a8e529ac
80a21256af0f906e9289c08c8b0d7ad99cfa05e1817729775eea640ce9219457
91afb84bded857517d6a7e43932e3d4a43eaf42d1e4d0b77a8bc9c07973e21d2
9749a485710e170958788032045f2cefb8760a4ab61adc189caadd628f8bc585
9b4ffac9ea755d2aaff724fa471d90fd63ae5648e18f60a67db0a5c3bffd84e5
b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115
bbb90a8f240e6dbbda1d3da534f8848f256e623ed470d045e1d86a465e424d69
c401ce328e0383e71cd811709055aa8671cee50e355c6588bd567c1320b4e4ab
c8a977fd23fc151d7944387ad07220eb673de84b4343d6304efe5a8e1c061b02
c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42
c8d87d770112e188f7b1482e9a416ffc441a9a6e08e2fc38a886fa2986efdb46
dfc042f7ff75f3c2f916bcfbff48c82834bab07b698a2c564906ca073f8286b2
eb175662762ef5f2c9011cc1c4f9d09361c50a366fad8a544bda1c439b99d3a0
fe3ddc37707c93f338a1f6359dfa03019e096df14454808aaccbb7538aa3c67b
ff327ec2a6dbd3fc76ceecf59e472d5d2f43c94dce851ced740abe5f75bb832e