www.secure.online.citizens.ffh.gov.mz Open in urlscan Pro
192.185.101.59 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.secure.online.citizens.ffh.gov.mz/
Submission: On October 07 via automatic, source certstream-suspicious (October 7th 2022, 7:52:58 pm UTC) — Scanned from DE

Summary HTTP 29 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 29 HTTP transactions. The main IP is 192.185.101.59, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is www.secure.online.citizens.ffh.gov.mz.
TLS certificate: Issued by R3 on October 7th 2022. Valid for: 3 months.

This is the only time www.secure.online.citizens.ffh.gov.mz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citizens Bank (Banking)

Domain & IP information

	IP Address		AS Autonomous System
29	192.185.101.59 192.185.101.59		46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
29	1

29 192.185.101.59 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 192-185-101-59.unifiedlayer.com

www.secure.online.citizens.ffh.gov.mz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
29	ffh.gov.mz www.secure.online.citizens.ffh.gov.mz	306 KB
29	1

	Domain	Requested by
29	www.secure.online.citizens.ffh.gov.mz	www.secure.online.citizens.ffh.gov.mz
29	1

This site contains no links.

Subject Issuer	Validity	Valid
secure.online.citizens.ffh.gov.mz R3	`2022-10-07` - `2023-01-05`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.secure.online.citizens.ffh.gov.mz/
Frame ID: 2A76E3833E3AA36166C57FF97A494E8E
Requests: 29 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Online Login | Citizens

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

29
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

306 kB
Transfer

592 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

29 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response www.secure.online.citizens.ffh.gov.mz/	28 KB 10 KB	744ms 370ms	Document text/html	192.185.101.59 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://www.secure.online.citizens.ffh.gov.mz/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.101.59 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 192-185-101-59.unifiedlayer.com Software Apache / Resource Hash `5f878146ffe19ba459cde21fb8a10ea767c38bc7ed72f83ee4986f7a790cbeab` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers cache-control no-store, no-cache, must-revalidate content-encoding gzip content-length 10024 content-type text/html; charset=UTF-8 date Fri, 07 Oct 2022 19:52:52 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server Apache vary Accept-Encoding
GET H2	200	jquery-ui-1.10.3.custom.min.css www.secure.online.citizens.ffh.gov.mz/assets/	19 KB 4 KB	197ms 196ms	Stylesheet text/css	192.185.101.59 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://www.secure.online.citizens.ffh.gov.mz/assets/jquery-ui-1.10.3.custom.min.css Requested by Host: www.secure.online.citizens.ffh.gov.mz URL: https://www.secure.online.citizens.ffh.gov.mz/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.101.59 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 192-185-101-59.unifiedlayer.com Software Apache / Resource Hash `7aaf6df215bb7018439342fe6bcd1058de3e7dfa2c7b4e1176c842b1a8e529ac` Request headers accept-language de-DE,de;q=0.9 Referer https://www.secure.online.citizens.ffh.gov.mz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 19:52:53 GMT content-encoding gzip last-modified Fri, 11 Jun 2021 00:41:38 GMT server Apache vary Accept-Encoding content-type text/css accept-ranges bytes content-length 4169
GET H2	200	normalize.css www.secure.online.citizens.ffh.gov.mz/assets/	10 KB 3 KB	191ms 190ms	Stylesheet text/css	192.185.101.59 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://www.secure.online.citizens.ffh.gov.mz/assets/normalize.css Requested by Host: www.secure.online.citizens.ffh.gov.mz URL: https://www.secure.online.citizens.ffh.gov.mz/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.101.59 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 192-185-101-59.unifiedlayer.com Software Apache / Resource Hash `91afb84bded857517d6a7e43932e3d4a43eaf42d1e4d0b77a8bc9c07973e21d2` Request headers accept-language de-DE,de;q=0.9 Referer https://www.secure.online.citizens.ffh.gov.mz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 19:52:53 GMT content-encoding gzip last-modified Fri, 11 Jun 2021 00:44:18 GMT server Apache vary Accept-Encoding content-type text/css accept-ranges bytes content-length 3390
GET H2	200	main.css www.secure.online.citizens.ffh.gov.mz/assets/	59 KB 18 KB	370ms 369ms	Stylesheet text/css	192.185.101.59 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://www.secure.online.citizens.ffh.gov.mz/assets/main.css Requested by Host: www.secure.online.citizens.ffh.gov.mz URL: https://www.secure.online.citizens.ffh.gov.mz/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.101.59 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 192-185-101-59.unifiedlayer.com Software Apache / Resource Hash `6f47d0d7aff10fe1b8c97ec4c463e7caddc8279c2097d02c452899b9b472b854` Request headers accept-language de-DE,de;q=0.9 Referer https://www.secure.online.citizens.ffh.gov.mz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 19:52:53 GMT content-encoding gzip last-modified Fri, 11 Jun 2021 01:59:36 GMT server Apache accept-ranges bytes vary Accept-Encoding content-type text/css
GET H2	200	flows.css www.secure.online.citizens.ffh.gov.mz/assets/	8 KB 3 KB	191ms 190ms	Stylesheet text/css	192.185.101.59 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://www.secure.online.citizens.ffh.gov.mz/assets/flows.css Requested by Host: www.secure.online.citizens.ffh.gov.mz URL: https://www.secure.online.citizens.ffh.gov.mz/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.101.59 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 192-185-101-59.unifiedlayer.com Software Apache / Resource Hash `01139d196d665159bfeeb3248f21318260a03a81651f16c322ae98c73f0e24fd` Request headers accept-language de-DE,de;q=0.9 Referer https://www.secure.online.citizens.ffh.gov.mz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 19:52:53 GMT content-encoding gzip last-modified Fri, 11 Jun 2021 00:45:36 GMT server Apache vary Accept-Encoding content-type text/css accept-ranges bytes content-length 2936
GET H2	200	ad-containers.css www.secure.online.citizens.ffh.gov.mz/assets/	8 KB 2 KB	195ms 195ms	Stylesheet text/css	192.185.101.59 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://www.secure.online.citizens.ffh.gov.mz/assets/ad-containers.css Requested by Host: www.secure.online.citizens.ffh.gov.mz URL: https://www.secure.online.citizens.ffh.gov.mz/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.101.59 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 192-185-101-59.unifiedlayer.com Software Apache / Resource Hash `c8a977fd23fc151d7944387ad07220eb673de84b4343d6304efe5a8e1c061b02` Request headers accept-language de-DE,de;q=0.9 Referer https://www.secure.online.citizens.ffh.gov.mz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 19:52:53 GMT content-encoding gzip last-modified Fri, 11 Jun 2021 00:42:24 GMT server Apache vary Accept-Encoding content-type text/css accept-ranges bytes content-length 1870
GET H2	200	jquery-1.9.1.min.js Show response www.secure.online.citizens.ffh.gov.mz/assets/	90 KB 40 KB	370ms 369ms	Script application/javascript	192.185.101.59 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://www.secure.online.citizens.ffh.gov.mz/assets/jquery-1.9.1.min.js Requested by Host: www.secure.online.citizens.ffh.gov.mz URL: https://www.secure.online.citizens.ffh.gov.mz/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.101.59 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 192-185-101-59.unifiedlayer.com Software Apache / Resource Hash `aa084d3968ab19898ebbed807ebc134b622fab78a888e7b36ae8386841636801` Request headers accept-language de-DE,de;q=0.9 Referer https://www.secure.online.citizens.ffh.gov.mz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 19:52:53 GMT content-encoding gzip last-modified Fri, 11 Jun 2021 00:42:02 GMT server Apache accept-ranges bytes vary Accept-Encoding content-type application/javascript
GET H2	200	plugins.js Show response www.secure.online.citizens.ffh.gov.mz/assets/	199 KB 61 KB	374ms 374ms	Script application/javascript	192.185.101.59 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://www.secure.online.citizens.ffh.gov.mz/assets/plugins.js Requested by Host: www.secure.online.citizens.ffh.gov.mz URL: https://www.secure.online.citizens.ffh.gov.mz/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.101.59 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 192-185-101-59.unifiedlayer.com Software Apache / Resource Hash `b769305d18e59ddd6f13c3fb6db4f90a15770b3717aaddbadb6e543918178bc8` Request headers accept-language de-DE,de;q=0.9 Referer https://www.secure.online.citizens.ffh.gov.mz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 19:52:53 GMT content-encoding gzip last-modified Fri, 11 Jun 2021 00:42:30 GMT server Apache accept-ranges bytes vary Accept-Encoding content-type application/javascript
GET H2	200	citizensns.min.44438.css www.secure.online.citizens.ffh.gov.mz/assets/	6 KB 2 KB	191ms 191ms	Stylesheet text/css	192.185.101.59 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://www.secure.online.citizens.ffh.gov.mz/assets/citizensns.min.44438.css Requested by Host: www.secure.online.citizens.ffh.gov.mz URL: https://www.secure.online.citizens.ffh.gov.mz/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.101.59 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 192-185-101-59.unifiedlayer.com Software Apache / Resource Hash `2a017abd964f1cfbd7ce94ea16ab63289a3f83301c08b6a92fe5204f747c45e2` Request headers accept-language de-DE,de;q=0.9 Referer https://www.secure.online.citizens.ffh.gov.mz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 19:52:53 GMT content-encoding gzip last-modified Fri, 11 Jun 2021 00:27:52 GMT server Apache vary Accept-Encoding content-type text/css accept-ranges bytes content-length 2272
GET H2	200	CTZ_Green-01.png www.secure.online.citizens.ffh.gov.mz/assets/	4 KB 4 KB	178ms 177ms	Image image/png	192.185.101.59 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://www.secure.online.citizens.ffh.gov.mz/assets/CTZ_Green-01.png Requested by Host: www.secure.online.citizens.ffh.gov.mz URL: https://www.secure.online.citizens.ffh.gov.mz/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.101.59 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 192-185-101-59.unifiedlayer.com Software Apache / Resource Hash `c401ce328e0383e71cd811709055aa8671cee50e355c6588bd567c1320b4e4ab` Request headers accept-language de-DE,de;q=0.9 Referer https://www.secure.online.citizens.ffh.gov.mz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 19:52:53 GMT last-modified Fri, 11 Jun 2021 00:27:18 GMT server Apache accept-ranges bytes content-length 4206 content-type image/png
GET H2	200	equal-housing.gif www.secure.online.citizens.ffh.gov.mz/assets/	1 KB 1 KB	178ms 177ms	Image image/gif	192.185.101.59 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://www.secure.online.citizens.ffh.gov.mz/assets/equal-housing.gif Requested by Host: www.secure.online.citizens.ffh.gov.mz URL: https://www.secure.online.citizens.ffh.gov.mz/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.101.59 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 192-185-101-59.unifiedlayer.com Software Apache / Resource Hash `319d82f567037eafefea25abbc64ea902db9255c5e7231fe9ddd462e4f5b9149` Request headers accept-language de-DE,de;q=0.9 Referer https://www.secure.online.citizens.ffh.gov.mz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 19:52:53 GMT last-modified Fri, 11 Jun 2021 00:32:42 GMT server Apache accept-ranges bytes content-length 1134 content-type image/gif
GET H2	200	footer-follow-facebook.png www.secure.online.citizens.ffh.gov.mz/assets/	395 B 448 B	180ms 179ms	Image image/png	192.185.101.59 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://www.secure.online.citizens.ffh.gov.mz/assets/footer-follow-facebook.png Requested by Host: www.secure.online.citizens.ffh.gov.mz URL: https://www.secure.online.citizens.ffh.gov.mz/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.101.59 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 192-185-101-59.unifiedlayer.com Software Apache / Resource Hash `eb175662762ef5f2c9011cc1c4f9d09361c50a366fad8a544bda1c439b99d3a0` Request headers accept-language de-DE,de;q=0.9 Referer https://www.secure.online.citizens.ffh.gov.mz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 19:52:53 GMT last-modified Fri, 11 Jun 2021 00:30:16 GMT server Apache accept-ranges bytes content-length 395 content-type image/png
GET H2	200	footer-follow-twitter.png www.secure.online.citizens.ffh.gov.mz/assets/	3 KB 3 KB	179ms 178ms	Image image/png	192.185.101.59 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://www.secure.online.citizens.ffh.gov.mz/assets/footer-follow-twitter.png Requested by Host: www.secure.online.citizens.ffh.gov.mz URL: https://www.secure.online.citizens.ffh.gov.mz/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.101.59 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 192-185-101-59.unifiedlayer.com Software Apache / Resource Hash `9b4ffac9ea755d2aaff724fa471d90fd63ae5648e18f60a67db0a5c3bffd84e5` Request headers accept-language de-DE,de;q=0.9 Referer https://www.secure.online.citizens.ffh.gov.mz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 19:52:53 GMT last-modified Fri, 11 Jun 2021 00:30:12 GMT server Apache accept-ranges bytes content-length 3295 content-type image/png
GET H2	200	footer-follow-linkedin.png www.secure.online.citizens.ffh.gov.mz/assets/	3 KB 3 KB	179ms 178ms	Image image/png	192.185.101.59 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://www.secure.online.citizens.ffh.gov.mz/assets/footer-follow-linkedin.png Requested by Host: www.secure.online.citizens.ffh.gov.mz URL: https://www.secure.online.citizens.ffh.gov.mz/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.101.59 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 192-185-101-59.unifiedlayer.com Software Apache / Resource Hash `fe3ddc37707c93f338a1f6359dfa03019e096df14454808aaccbb7538aa3c67b` Request headers accept-language de-DE,de;q=0.9 Referer https://www.secure.online.citizens.ffh.gov.mz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 19:52:53 GMT last-modified Fri, 11 Jun 2021 00:30:08 GMT server Apache accept-ranges bytes content-length 3239 content-type image/png
GET H2	200	footer-follow-youtube.png www.secure.online.citizens.ffh.gov.mz/assets/	3 KB 3 KB	180ms 180ms	Image image/png	192.185.101.59 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://www.secure.online.citizens.ffh.gov.mz/assets/footer-follow-youtube.png Requested by Host: www.secure.online.citizens.ffh.gov.mz URL: https://www.secure.online.citizens.ffh.gov.mz/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.101.59 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 192-185-101-59.unifiedlayer.com Software Apache / Resource Hash `9af5181113e5d0eacfc3d9c0b3ad627dc3ad50708755fbe45ab18e0cad4f3b36` Request headers accept-language de-DE,de;q=0.9 Referer https://www.secure.online.citizens.ffh.gov.mz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 19:52:53 GMT last-modified Fri, 11 Jun 2021 00:30:04 GMT server Apache accept-ranges bytes content-length 3278 content-type image/png
GET H2	200	elh.gif www.secure.online.citizens.ffh.gov.mz/assets/	1 KB 1 KB	179ms 179ms	Image image/gif	192.185.101.59 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://www.secure.online.citizens.ffh.gov.mz/assets/elh.gif Requested by Host: www.secure.online.citizens.ffh.gov.mz URL: https://www.secure.online.citizens.ffh.gov.mz/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.101.59 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 192-185-101-59.unifiedlayer.com Software Apache / Resource Hash `56c43c6f5c8209acd47f355810bca2f9b0fc86c4bbdf1361d60fb2d2e2e66f8c` Request headers accept-language de-DE,de;q=0.9 Referer https://www.secure.online.citizens.ffh.gov.mz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 19:52:53 GMT last-modified Fri, 11 Jun 2021 00:29:14 GMT server Apache accept-ranges bytes content-length 1433 content-type image/gif
GET H2	200	fdicFooter.gif www.secure.online.citizens.ffh.gov.mz/assets/	2 KB 2 KB	177ms 176ms	Image image/gif	192.185.101.59 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://www.secure.online.citizens.ffh.gov.mz/assets/fdicFooter.gif Requested by Host: www.secure.online.citizens.ffh.gov.mz URL: https://www.secure.online.citizens.ffh.gov.mz/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.101.59 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 192-185-101-59.unifiedlayer.com Software Apache / Resource Hash `dddb031e5144ce20d909dbf4829d637738efa477bf5ab4eab67b1990ef0efb2d` Request headers accept-language de-DE,de;q=0.9 Referer https://www.secure.online.citizens.ffh.gov.mz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 19:52:53 GMT last-modified Fri, 11 Jun 2021 00:29:20 GMT server Apache accept-ranges bytes content-length 2245 content-type image/gif
GET H2	200	sec-3-5.css www.secure.online.citizens.ffh.gov.mz/assets/	2 KB 706 B	177ms 177ms	Stylesheet text/css	192.185.101.59 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://www.secure.online.citizens.ffh.gov.mz/assets/sec-3-5.css Requested by Host: www.secure.online.citizens.ffh.gov.mz URL: https://www.secure.online.citizens.ffh.gov.mz/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.101.59 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 192-185-101-59.unifiedlayer.com Software Apache / Resource Hash `e98c61d19f0e628139216fc2f3103faedad7910a4653db598c120b8fa7537ac8` Request headers accept-language de-DE,de;q=0.9 Referer https://www.secure.online.citizens.ffh.gov.mz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 19:52:53 GMT content-encoding gzip last-modified Fri, 11 Jun 2021 00:27:08 GMT server Apache vary Accept-Encoding content-type text/css accept-ranges bytes content-length 651
GET H2	200	common.js Show response www.secure.online.citizens.ffh.gov.mz/assets/	5 KB 2 KB	177ms 177ms	Script application/javascript	192.185.101.59 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://www.secure.online.citizens.ffh.gov.mz/assets/common.js Requested by Host: www.secure.online.citizens.ffh.gov.mz URL: https://www.secure.online.citizens.ffh.gov.mz/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.101.59 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 192-185-101-59.unifiedlayer.com Software Apache / Resource Hash `88146e8caa732ee54c82fcb58a0c95d5a0bcd44df238a3ebe91a6cb0ed764c7b` Request headers accept-language de-DE,de;q=0.9 Referer https://www.secure.online.citizens.ffh.gov.mz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 19:52:53 GMT content-encoding gzip last-modified Fri, 11 Jun 2021 00:27:04 GMT server Apache vary Accept-Encoding content-type application/javascript accept-ranges bytes content-length 1702
GET H2	200	icon-secure.png www.secure.online.citizens.ffh.gov.mz/assets/	292 B 344 B	334ms 334ms	Image image/png	192.185.101.59 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://www.secure.online.citizens.ffh.gov.mz/assets/icon-secure.png Requested by Host: www.secure.online.citizens.ffh.gov.mz URL: https://www.secure.online.citizens.ffh.gov.mz/assets/flows.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.101.59 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 192-185-101-59.unifiedlayer.com Software Apache / Resource Hash `c8d87d770112e188f7b1482e9a416ffc441a9a6e08e2fc38a886fa2986efdb46` Request headers accept-language de-DE,de;q=0.9 Referer https://www.secure.online.citizens.ffh.gov.mz/assets/flows.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 19:52:53 GMT last-modified Fri, 11 Jun 2021 00:37:20 GMT server Apache accept-ranges bytes content-length 292 content-type image/png
GET H2	200	flows-tooltip.png www.secure.online.citizens.ffh.gov.mz/assets/	364 B 417 B	336ms 335ms	Image image/png	192.185.101.59 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://www.secure.online.citizens.ffh.gov.mz/assets/flows-tooltip.png Requested by Host: www.secure.online.citizens.ffh.gov.mz URL: https://www.secure.online.citizens.ffh.gov.mz/assets/flows.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.101.59 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 192-185-101-59.unifiedlayer.com Software Apache / Resource Hash `dfc042f7ff75f3c2f916bcfbff48c82834bab07b698a2c564906ca073f8286b2` Request headers accept-language de-DE,de;q=0.9 Referer https://www.secure.online.citizens.ffh.gov.mz/assets/flows.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 19:52:53 GMT last-modified Fri, 11 Jun 2021 00:39:32 GMT server Apache accept-ranges bytes content-length 364 content-type image/png
GET H2	200	citizen_roman.woff www.secure.online.citizens.ffh.gov.mz/assets/	31 KB 31 KB	332ms 331ms	Font font/woff	192.185.101.59 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://www.secure.online.citizens.ffh.gov.mz/assets/citizen_roman.woff Requested by Host: www.secure.online.citizens.ffh.gov.mz URL: https://www.secure.online.citizens.ffh.gov.mz/assets/main.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.101.59 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 192-185-101-59.unifiedlayer.com Software Apache / Resource Hash `c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42` Request headers Referer https://www.secure.online.citizens.ffh.gov.mz/assets/main.css Origin https://www.secure.online.citizens.ffh.gov.mz accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 19:52:53 GMT last-modified Fri, 11 Jun 2021 00:53:04 GMT server Apache accept-ranges bytes content-length 31968 content-type font/woff
GET H2	200	citiolb_icons.woff www.secure.online.citizens.ffh.gov.mz/assets/	18 KB 18 KB	331ms 331ms	Font font/woff	192.185.101.59 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://www.secure.online.citizens.ffh.gov.mz/assets/citiolb_icons.woff Requested by Host: www.secure.online.citizens.ffh.gov.mz URL: https://www.secure.online.citizens.ffh.gov.mz/assets/main.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.101.59 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 192-185-101-59.unifiedlayer.com Software Apache / Resource Hash `b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115` Request headers Referer https://www.secure.online.citizens.ffh.gov.mz/assets/main.css Origin https://www.secure.online.citizens.ffh.gov.mz accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 19:52:53 GMT last-modified Fri, 11 Jun 2021 00:50:40 GMT server Apache accept-ranges bytes content-length 18524 content-type font/woff
GET H2	200	citizen_bold.woff www.secure.online.citizens.ffh.gov.mz/assets/	29 KB 29 KB	335ms 334ms	Font font/woff	192.185.101.59 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://www.secure.online.citizens.ffh.gov.mz/assets/citizen_bold.woff Requested by Host: www.secure.online.citizens.ffh.gov.mz URL: https://www.secure.online.citizens.ffh.gov.mz/assets/main.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.101.59 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 192-185-101-59.unifiedlayer.com Software Apache / Resource Hash `5bb2d438470a02799577010a14310fa8ac3ed7ea77ca15435aaaa154e407b3e6` Request headers Referer https://www.secure.online.citizens.ffh.gov.mz/assets/main.css Origin https://www.secure.online.citizens.ffh.gov.mz accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 19:52:53 GMT last-modified Fri, 11 Jun 2021 00:52:04 GMT server Apache accept-ranges bytes content-length 29304 content-type font/woff
GET H2	200	arrow-button-white.png www.secure.online.citizens.ffh.gov.mz/assets/	1017 B 1 KB	320ms 319ms	Image image/png	192.185.101.59 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://www.secure.online.citizens.ffh.gov.mz/assets/arrow-button-white.png Requested by Host: www.secure.online.citizens.ffh.gov.mz URL: https://www.secure.online.citizens.ffh.gov.mz/assets/flows.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.101.59 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 192-185-101-59.unifiedlayer.com Software Apache / Resource Hash `ff327ec2a6dbd3fc76ceecf59e472d5d2f43c94dce851ced740abe5f75bb832e` Request headers accept-language de-DE,de;q=0.9 Referer https://www.secure.online.citizens.ffh.gov.mz/assets/flows.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 19:52:53 GMT last-modified Fri, 11 Jun 2021 00:39:14 GMT server Apache accept-ranges bytes content-length 1017 content-type image/png
GET H2	200	arrow-down-blue.png www.secure.online.citizens.ffh.gov.mz/assets/	1 KB 1 KB	320ms 319ms	Image image/png	192.185.101.59 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://www.secure.online.citizens.ffh.gov.mz/assets/arrow-down-blue.png Requested by Host: www.secure.online.citizens.ffh.gov.mz URL: https://www.secure.online.citizens.ffh.gov.mz/assets/main.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.101.59 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 192-185-101-59.unifiedlayer.com Software Apache / Resource Hash `56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c` Request headers accept-language de-DE,de;q=0.9 Referer https://www.secure.online.citizens.ffh.gov.mz/assets/main.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 19:52:53 GMT last-modified Fri, 11 Jun 2021 01:00:58 GMT server Apache accept-ranges bytes content-length 1054 content-type image/png
GET H2	200	arrow-right-orange.png www.secure.online.citizens.ffh.gov.mz/assets/	165 B 218 B	319ms 318ms	Image image/png	192.185.101.59 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://www.secure.online.citizens.ffh.gov.mz/assets/arrow-right-orange.png Requested by Host: www.secure.online.citizens.ffh.gov.mz URL: https://www.secure.online.citizens.ffh.gov.mz/assets/main.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.101.59 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 192-185-101-59.unifiedlayer.com Software Apache / Resource Hash `bbb90a8f240e6dbbda1d3da534f8848f256e623ed470d045e1d86a465e424d69` Request headers accept-language de-DE,de;q=0.9 Referer https://www.secure.online.citizens.ffh.gov.mz/assets/main.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 19:52:53 GMT last-modified Fri, 11 Jun 2021 00:58:32 GMT server Apache accept-ranges bytes content-length 165 content-type image/png
GET H2	200	citizen_book.woff www.secure.online.citizens.ffh.gov.mz/assets/	31 KB 31 KB	318ms 318ms	Font font/woff	192.185.101.59 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://www.secure.online.citizens.ffh.gov.mz/assets/citizen_book.woff Requested by Host: www.secure.online.citizens.ffh.gov.mz URL: https://www.secure.online.citizens.ffh.gov.mz/assets/main.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.101.59 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 192-185-101-59.unifiedlayer.com Software Apache / Resource Hash `2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277` Request headers Referer https://www.secure.online.citizens.ffh.gov.mz/assets/main.css Origin https://www.secure.online.citizens.ffh.gov.mz accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 19:52:53 GMT last-modified Fri, 11 Jun 2021 00:53:36 GMT server Apache accept-ranges bytes content-length 31864 content-type font/woff
GET H2	200	citizen_extrabold.woff www.secure.online.citizens.ffh.gov.mz/assets/	27 KB 27 KB	321ms 321ms	Font font/woff	192.185.101.59 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://www.secure.online.citizens.ffh.gov.mz/assets/citizen_extrabold.woff Requested by Host: www.secure.online.citizens.ffh.gov.mz URL: https://www.secure.online.citizens.ffh.gov.mz/assets/main.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 192.185.101.59 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 192-185-101-59.unifiedlayer.com Software Apache / Resource Hash `0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759` Request headers Referer https://www.secure.online.citizens.ffh.gov.mz/assets/main.css Origin https://www.secure.online.citizens.ffh.gov.mz accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.91 Safari/537.36 Response headers date Fri, 07 Oct 2022 19:52:53 GMT last-modified Fri, 11 Jun 2021 00:51:32 GMT server Apache accept-ranges bytes content-length 27852 content-type font/woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citizens Bank (Banking)

32 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.secure.online.citizens.ffh.gov.mz/	1969-12-31 23:59:59	Name: PHPSESSID Value: 5d3b1d893fc57c638bf1904a56f83875

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.secure.online.citizens.ffh.gov.mz
192.185.101.59
01139d196d665159bfeeb3248f21318260a03a81651f16c322ae98c73f0e24fd
0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759
2a017abd964f1cfbd7ce94ea16ab63289a3f83301c08b6a92fe5204f747c45e2
2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277
319d82f567037eafefea25abbc64ea902db9255c5e7231fe9ddd462e4f5b9149
56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c
56c43c6f5c8209acd47f355810bca2f9b0fc86c4bbdf1361d60fb2d2e2e66f8c
5bb2d438470a02799577010a14310fa8ac3ed7ea77ca15435aaaa154e407b3e6
5f878146ffe19ba459cde21fb8a10ea767c38bc7ed72f83ee4986f7a790cbeab
6f47d0d7aff10fe1b8c97ec4c463e7caddc8279c2097d02c452899b9b472b854
7aaf6df215bb7018439342fe6bcd1058de3e7dfa2c7b4e1176c842b1a8e529ac
88146e8caa732ee54c82fcb58a0c95d5a0bcd44df238a3ebe91a6cb0ed764c7b
91afb84bded857517d6a7e43932e3d4a43eaf42d1e4d0b77a8bc9c07973e21d2
9af5181113e5d0eacfc3d9c0b3ad627dc3ad50708755fbe45ab18e0cad4f3b36
9b4ffac9ea755d2aaff724fa471d90fd63ae5648e18f60a67db0a5c3bffd84e5
aa084d3968ab19898ebbed807ebc134b622fab78a888e7b36ae8386841636801
b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115
b769305d18e59ddd6f13c3fb6db4f90a15770b3717aaddbadb6e543918178bc8
bbb90a8f240e6dbbda1d3da534f8848f256e623ed470d045e1d86a465e424d69
c401ce328e0383e71cd811709055aa8671cee50e355c6588bd567c1320b4e4ab
c8a977fd23fc151d7944387ad07220eb673de84b4343d6304efe5a8e1c061b02
c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42
c8d87d770112e188f7b1482e9a416ffc441a9a6e08e2fc38a886fa2986efdb46
dddb031e5144ce20d909dbf4829d637738efa477bf5ab4eab67b1990ef0efb2d
dfc042f7ff75f3c2f916bcfbff48c82834bab07b698a2c564906ca073f8286b2
e98c61d19f0e628139216fc2f3103faedad7910a4653db598c120b8fa7537ac8
eb175662762ef5f2c9011cc1c4f9d09361c50a366fad8a544bda1c439b99d3a0
fe3ddc37707c93f338a1f6359dfa03019e096df14454808aaccbb7538aa3c67b
ff327ec2a6dbd3fc76ceecf59e472d5d2f43c94dce851ced740abe5f75bb832e

www.secure.online.citizens.ffh.gov.mz Open in urlscan Pro 192.185.101.59 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

29 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

306 kBTransfer

592 kBSize

1 Cookies

0 Outgoing links

Redirected requests

29 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

www.secure.online.citizens.ffh.gov.mz Open in urlscan Pro
192.185.101.59 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

29
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

306 kB
Transfer

592 kB
Size

1
Cookies

29 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!