ctznunlck.com Open in urlscan Pro
2606:4700::6810:f34e  Malicious Activity! Public Scan

URL: https://ctznunlck.com/
Submission Tags: tweet @ecarlesi #phishing #citizensbank #hostinger Search All
Submission: On January 14 via api from FI — Scanned from FI

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 11 HTTP transactions. The main IP is 2606:4700::6810:f34e, located in United States and belongs to CLOUDFLARENET, US. The main domain is ctznunlck.com.
TLS certificate: Issued by R3 on January 13th 2023. Valid for: 3 months.
This is the only time ctznunlck.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citizens Bank (Banking)

Domain & IP information

IP Address AS Autonomous System
10 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a02:26f0:470... 20940 (AKAMAI-ASN1)
11 3
Apex Domain
Subdomains
Transfer
10 ctznunlck.com
ctznunlck.com
264 KB
1 citizensbank.com
www.citizensbank.com — Cisco Umbrella Rank: 76748
1 KB
11 2
Domain Requested by
10 ctznunlck.com ctznunlck.com
1 www.citizensbank.com ctznunlck.com
11 2

This site contains links to these domains. Also see Links.

Domain
www.citizensbank.com
investor.citizensbank.com
Subject Issuer Validity Valid
ctznunlck.com
R3
2023-01-13 -
2023-04-13
3 months crt.sh
www.citizensbank.com
Entrust Certification Authority - L1M
2022-07-01 -
2023-07-01
a year crt.sh

This page contains 1 frames:

Primary Page: https://ctznunlck.com/
Frame ID: 39C083A498F3E645FA76ACB15455D6FF
Requests: 24 HTTP requests in this frame

Screenshot

Page Title

Online Login | Citizens Bank

Page Statistics

11
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

265 kB
Transfer

569 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
ctznunlck.com/
4 KB
2 KB
Document
General
Full URL
https://ctznunlck.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f34e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
d43a06f9a5428b13aeddafca7f430f3f9efd1f6ca6e0f429e3983407e3120d75

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

cache-control
public, max-age=0
cf-cache-status
MISS
cf-ray
7894db3a2f85fe50-HEL
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sat, 14 Jan 2023 08:03:39 GMT
last-modified
Tue, 01 Jan 1980 00:00:01 GMT
server
cloudflare
vary
Accept-Encoding
x-do-app-origin
6490de4e-b942-4e81-a781-cb27d5e4d3ee
x-do-orig-status
200
x-powered-by
Express
2.679831fc.chunk.css
ctznunlck.com/static/css/
2 KB
848 B
Stylesheet
General
Full URL
https://ctznunlck.com/static/css/2.679831fc.chunk.css
Requested by
Host: ctznunlck.com
URL: https://ctznunlck.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f34e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
99cdf7734b9baec74e3c53bddfda3c002ded5fc082bf6e8851cb6261c8b8c307

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://ctznunlck.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Sat, 14 Jan 2023 08:03:39 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Tue, 01 Jan 1980 00:00:01 GMT
server
cloudflare
x-do-app-origin
6490de4e-b942-4e81-a781-cb27d5e4d3ee
x-do-orig-status
200
x-powered-by
Express
etag
W/"764-49773873e8"
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public, max-age=0
cf-ray
7894db3c6990fe50-HEL
main.0969232f.chunk.css
ctznunlck.com/static/css/
108 KB
28 KB
Stylesheet
General
Full URL
https://ctznunlck.com/static/css/main.0969232f.chunk.css
Requested by
Host: ctznunlck.com
URL: https://ctznunlck.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f34e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
3cacf7ff16858c5e75dd964ee606f6d74df5dd9d95841033868fd4367f550fd5

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://ctznunlck.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Sat, 14 Jan 2023 08:03:40 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Tue, 01 Jan 1980 00:00:01 GMT
server
cloudflare
x-do-app-origin
6490de4e-b942-4e81-a781-cb27d5e4d3ee
x-do-orig-status
200
x-powered-by
Express
etag
W/"1ae05-49773873e8"
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public, max-age=0
cf-ray
7894db3c6992fe50-HEL
2.197b63ff.chunk.js
ctznunlck.com/static/js/
224 KB
71 KB
Script
General
Full URL
https://ctznunlck.com/static/js/2.197b63ff.chunk.js
Requested by
Host: ctznunlck.com
URL: https://ctznunlck.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f34e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
425be2a320e5a741663347c04d1ae05068fdd271be949899cdfdcf92e189d6d6

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://ctznunlck.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Sat, 14 Jan 2023 08:03:40 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Tue, 01 Jan 1980 00:00:01 GMT
server
cloudflare
x-do-app-origin
6490de4e-b942-4e81-a781-cb27d5e4d3ee
x-do-orig-status
200
x-powered-by
Express
etag
W/"37fd9-49773873e8"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=0
cf-ray
7894db3c6993fe50-HEL
main.ac3f711c.chunk.js
ctznunlck.com/static/js/
74 KB
24 KB
Script
General
Full URL
https://ctznunlck.com/static/js/main.ac3f711c.chunk.js
Requested by
Host: ctznunlck.com
URL: https://ctznunlck.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f34e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
455c35078b4bba1f2830a38c6556ddf500070fc65a3d2ab79eb1dbf260fc81b5

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://ctznunlck.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Sat, 14 Jan 2023 08:03:40 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Tue, 01 Jan 1980 00:00:01 GMT
server
cloudflare
x-do-app-origin
6490de4e-b942-4e81-a781-cb27d5e4d3ee
x-do-orig-status
200
x-powered-by
Express
etag
W/"126e7-49773873e8"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=0
cf-ray
7894db3c6995fe50-HEL
truncated
/
4 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c401ce328e0383e71cd811709055aa8671cee50e355c6588bd567c1320b4e4ab

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/png
feedback.png
www.citizensbank.com/assets/CB_media/images/
824 B
1 KB
Image
General
Full URL
https://www.citizensbank.com/assets/CB_media/images/feedback.png
Requested by
Host: ctznunlck.com
URL: https://ctznunlck.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:4700:189::1f37 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
openresty/1.21.4.1 /
Resource Hash
713f1268435943170faadadc547d8c68bb00822783e5e0c2d1129972a784f949
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://ctznunlck.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Sat, 14 Jan 2023 08:03:40 GMT
strict-transport-security
max-age=15768000
last-modified
Wed, 22 Jan 2020 18:38:44 GMT
server
openresty/1.21.4.1
etag
"5e2896b4-338"
content-type
image/png
cache-control
max-age=600
server-timing
cdn-cache; desc=HIT, edge; dur=14
accept-ranges
bytes
x-robots-tag
none
content-length
824
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
319d82f567037eafefea25abbc64ea902db9255c5e7231fe9ddd462e4f5b9149

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/
395 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
eb175662762ef5f2c9011cc1c4f9d09361c50a366fad8a544bda1c439b99d3a0

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9b4ffac9ea755d2aaff724fa471d90fd63ae5648e18f60a67db0a5c3bffd84e5

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fe3ddc37707c93f338a1f6359dfa03019e096df14454808aaccbb7538aa3c67b

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9af5181113e5d0eacfc3d9c0b3ad627dc3ad50708755fbe45ab18e0cad4f3b36

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
56c43c6f5c8209acd47f355810bca2f9b0fc86c4bbdf1361d60fb2d2e2e66f8c

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dddb031e5144ce20d909dbf4829d637738efa477bf5ab4eab67b1990ef0efb2d

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/
292 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c8d87d770112e188f7b1482e9a416ffc441a9a6e08e2fc38a886fa2986efdb46

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
364 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dfc042f7ff75f3c2f916bcfbff48c82834bab07b698a2c564906ca073f8286b2

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
1017 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ff327ec2a6dbd3fc76ceecf59e472d5d2f43c94dce851ced740abe5f75bb832e

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
165 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bbb90a8f240e6dbbda1d3da534f8848f256e623ed470d045e1d86a465e424d69

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/png
citiolb_icons.dca00503.woff
ctznunlck.com/static/media/
18 KB
18 KB
Font
General
Full URL
https://ctznunlck.com/static/media/citiolb_icons.dca00503.woff
Requested by
Host: ctznunlck.com
URL: https://ctznunlck.com/static/css/main.0969232f.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f34e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115

Request headers

Referer
https://ctznunlck.com/static/css/main.0969232f.chunk.css
Origin
https://ctznunlck.com
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Sat, 14 Jan 2023 08:03:40 GMT
cf-cache-status
MISS
last-modified
Tue, 01 Jan 1980 00:00:01 GMT
server
cloudflare
x-do-app-origin
6490de4e-b942-4e81-a781-cb27d5e4d3ee
x-do-orig-status
200
x-powered-by
Express
etag
W/"485c-49773873e8"
vary
Accept-Encoding
content-type
font/woff
cache-control
public, max-age=0
accept-ranges
bytes
cf-ray
7894db416f7cfe50-HEL
content-length
18524
citizen_roman.f0380244.woff
ctznunlck.com/static/media/
31 KB
31 KB
Font
General
Full URL
https://ctznunlck.com/static/media/citizen_roman.f0380244.woff
Requested by
Host: ctznunlck.com
URL: https://ctznunlck.com/static/css/main.0969232f.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f34e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42

Request headers

Referer
https://ctznunlck.com/static/css/main.0969232f.chunk.css
Origin
https://ctznunlck.com
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Sat, 14 Jan 2023 08:03:40 GMT
cf-cache-status
MISS
last-modified
Tue, 01 Jan 1980 00:00:01 GMT
server
cloudflare
x-do-app-origin
6490de4e-b942-4e81-a781-cb27d5e4d3ee
x-do-orig-status
200
x-powered-by
Express
etag
W/"7ce0-49773873e8"
vary
Accept-Encoding
content-type
font/woff
cache-control
public, max-age=0
accept-ranges
bytes
cf-ray
7894db416f7efe50-HEL
content-length
31968
citizen_book.1cc18080.woff
ctznunlck.com/static/media/
31 KB
31 KB
Font
General
Full URL
https://ctznunlck.com/static/media/citizen_book.1cc18080.woff
Requested by
Host: ctznunlck.com
URL: https://ctznunlck.com/static/css/main.0969232f.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f34e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277

Request headers

Referer
https://ctznunlck.com/static/css/main.0969232f.chunk.css
Origin
https://ctznunlck.com
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Sat, 14 Jan 2023 08:03:40 GMT
cf-cache-status
MISS
last-modified
Tue, 01 Jan 1980 00:00:01 GMT
server
cloudflare
x-do-app-origin
6490de4e-b942-4e81-a781-cb27d5e4d3ee
x-do-orig-status
200
x-powered-by
Express
etag
W/"7c78-49773873e8"
vary
Accept-Encoding
content-type
font/woff
cache-control
public, max-age=0
accept-ranges
bytes
cf-ray
7894db416f80fe50-HEL
content-length
31864
citizen_bold.f37bdbd4.woff
ctznunlck.com/static/media/
29 KB
29 KB
Font
General
Full URL
https://ctznunlck.com/static/media/citizen_bold.f37bdbd4.woff
Requested by
Host: ctznunlck.com
URL: https://ctznunlck.com/static/css/main.0969232f.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f34e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
5bb2d438470a02799577010a14310fa8ac3ed7ea77ca15435aaaa154e407b3e6

Request headers

Referer
https://ctznunlck.com/static/css/main.0969232f.chunk.css
Origin
https://ctznunlck.com
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Sat, 14 Jan 2023 08:03:40 GMT
cf-cache-status
MISS
last-modified
Tue, 01 Jan 1980 00:00:01 GMT
server
cloudflare
x-do-app-origin
6490de4e-b942-4e81-a781-cb27d5e4d3ee
x-do-orig-status
200
x-powered-by
Express
etag
W/"7278-49773873e8"
vary
Accept-Encoding
content-type
font/woff
cache-control
public, max-age=0
accept-ranges
bytes
cf-ray
7894db416f82fe50-HEL
content-length
29304
citizen_extrabold.51370ff5.woff
ctznunlck.com/static/media/
27 KB
27 KB
Font
General
Full URL
https://ctznunlck.com/static/media/citizen_extrabold.51370ff5.woff
Requested by
Host: ctznunlck.com
URL: https://ctznunlck.com/static/css/main.0969232f.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f34e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759

Request headers

Referer
https://ctznunlck.com/static/css/main.0969232f.chunk.css
Origin
https://ctznunlck.com
accept-language
fi-FI,fi;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date
Sat, 14 Jan 2023 08:03:40 GMT
cf-cache-status
MISS
last-modified
Tue, 01 Jan 1980 00:00:01 GMT
server
cloudflare
x-do-app-origin
6490de4e-b942-4e81-a781-cb27d5e4d3ee
x-do-orig-status
200
x-powered-by
Express
etag
W/"6ccc-49773873e8"
vary
Accept-Encoding
content-type
font/woff
cache-control
public, max-age=0
accept-ranges
bytes
cf-ray
7894db416f83fe50-HEL
content-length
27852

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citizens Bank (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange object| webpackJsonpclient object| regeneratorRuntime

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ctznunlck.com
www.citizensbank.com
2606:4700::6810:f34e
2a02:26f0:4700:189::1f37
0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759
2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277
319d82f567037eafefea25abbc64ea902db9255c5e7231fe9ddd462e4f5b9149
3cacf7ff16858c5e75dd964ee606f6d74df5dd9d95841033868fd4367f550fd5
425be2a320e5a741663347c04d1ae05068fdd271be949899cdfdcf92e189d6d6
455c35078b4bba1f2830a38c6556ddf500070fc65a3d2ab79eb1dbf260fc81b5
56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c
56c43c6f5c8209acd47f355810bca2f9b0fc86c4bbdf1361d60fb2d2e2e66f8c
5bb2d438470a02799577010a14310fa8ac3ed7ea77ca15435aaaa154e407b3e6
713f1268435943170faadadc547d8c68bb00822783e5e0c2d1129972a784f949
99cdf7734b9baec74e3c53bddfda3c002ded5fc082bf6e8851cb6261c8b8c307
9af5181113e5d0eacfc3d9c0b3ad627dc3ad50708755fbe45ab18e0cad4f3b36
9b4ffac9ea755d2aaff724fa471d90fd63ae5648e18f60a67db0a5c3bffd84e5
b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115
bbb90a8f240e6dbbda1d3da534f8848f256e623ed470d045e1d86a465e424d69
c401ce328e0383e71cd811709055aa8671cee50e355c6588bd567c1320b4e4ab
c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42
c8d87d770112e188f7b1482e9a416ffc441a9a6e08e2fc38a886fa2986efdb46
d43a06f9a5428b13aeddafca7f430f3f9efd1f6ca6e0f429e3983407e3120d75
dddb031e5144ce20d909dbf4829d637738efa477bf5ab4eab67b1990ef0efb2d
dfc042f7ff75f3c2f916bcfbff48c82834bab07b698a2c564906ca073f8286b2
eb175662762ef5f2c9011cc1c4f9d09361c50a366fad8a544bda1c439b99d3a0
fe3ddc37707c93f338a1f6359dfa03019e096df14454808aaccbb7538aa3c67b
ff327ec2a6dbd3fc76ceecf59e472d5d2f43c94dce851ced740abe5f75bb832e