citizenclothingshop.com
Open in
urlscan Pro
2606:4700:3032::ac43:923f
Malicious Activity!
Public Scan
Submission: On September 17 via automatic, source phishtank — Scanned from DE
Summary
TLS certificate: Issued by E1 on August 11th 2023. Valid for: 3 months.
This is the only time citizenclothingshop.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DKB (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
12 | 2606:4700:303... 2606:4700:3032::ac43:923f | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2606:4700::68... 2606:4700::6810:5514 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a04:4e42:600... 2a04:4e42:600::649 | 54113 (FASTLY) (FASTLY) | |
1 | 2606:4700::68... 2606:4700::6812:bcf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 162.19.58.159 162.19.58.159 | 16276 (OVH) (OVH) | |
19 | 5 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
citizenclothingshop.com
citizenclothingshop.com |
38 KB |
3 |
ibb.co
i.ibb.co — Cisco Umbrella Rank: 11592 |
2 MB |
2 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 364 |
41 KB |
1 |
bootstrapcdn.com
stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 3038 |
16 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 918 |
30 KB |
19 | 5 |
Domain | Requested by | |
---|---|---|
12 | citizenclothingshop.com |
citizenclothingshop.com
|
3 | i.ibb.co |
citizenclothingshop.com
|
2 | cdn.jsdelivr.net |
citizenclothingshop.com
|
1 | stackpath.bootstrapcdn.com |
citizenclothingshop.com
|
1 | code.jquery.com |
citizenclothingshop.com
|
19 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
citizenclothingshop.com E1 |
2023-08-11 - 2023-11-09 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-05-02 - 2024-05-01 |
a year | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
ibb.co R3 |
2023-08-10 - 2023-11-08 |
3 months | crt.sh |
This page contains 4 frames:
Primary Page:
https://citizenclothingshop.com/DKB/Loginfirst.php
Frame ID: 5F795BDB1355AA6637C20C4B31D73B83
Requests: 13 HTTP requests in this frame
Frame:
https://citizenclothingshop.com/DKB/Je%20me%20connecte_files/saved_resource(1).html
Frame ID: 084DB8CA4DBD14E40777EED044E87F98
Requests: 2 HTTP requests in this frame
Frame:
https://citizenclothingshop.com/DKB/Je%20me%20connecte_files/saved_resource(2).html
Frame ID: 91998013C8573E626243329EB79E739F
Requests: 2 HTTP requests in this frame
Frame:
https://citizenclothingshop.com/DKB/Je%20me%20connecte_files/c7de60f8e486341024c609f38e44b314e04aab37.html
Frame ID: 65C6A5F104613A78B391C9295EC7E505
Requests: 2 HTTP requests in this frame
Screenshot
Page Title
DKB - Deutsche Kreditbank AG - Internet BankingDKB LogoDetected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Bootstrap (Web Frameworks) Expand
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr (CDN) Expand
Detected patterns
- <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
Loginfirst.php
citizenclothingshop.com/DKB/ |
34 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dkb-global.css
citizenclothingshop.com/DKB/DKB%20-%20Deutsche%20Kreditbank%20AG%20-%20Internet%20Banking_files/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.3.1/dist/css/ |
227 KB 33 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.5.1.min.js
code.jquery.com/ |
87 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popper.min.js
cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/ |
21 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.5.0/js/ |
59 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
arcotfpcollect.js.t%C3%A9l%C3%A9chargement
citizenclothingshop.com/DKB/Je%20me%20connecte_files/ |
5 KB 1 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collectddna.js.t%C3%A9l%C3%A9chargement
citizenclothingshop.com/DKB/Je%20me%20connecte_files/ |
5 KB 1 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
proxyid.js.t%C3%A9l%C3%A9chargement
citizenclothingshop.com/DKB/Je%20me%20connecte_files/ |
5 KB 1 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
28459.js.t%C3%A9l%C3%A9chargement
citizenclothingshop.com/DKB/Je%20me%20connecte_files/ |
5 KB 1 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0
citizenclothingshop.com/DKB/Je%20me%20connecte_files/ |
5 KB 5 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
dkb-global-print.css
citizenclothingshop.com/DKB/DKB%20-%20Deutsche%20Kreditbank%20AG%20-%20Internet%20Banking_files/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
imgbac.jpg
citizenclothingshop.com/DKB/ |
14 KB 15 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
saved_resource(1).html
citizenclothingshop.com/DKB/Je%20me%20connecte_files/ Frame 084D |
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
saved_resource(2).html
citizenclothingshop.com/DKB/Je%20me%20connecte_files/ Frame 9199 |
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
c7de60f8e486341024c609f38e44b314e04aab37.html
citizenclothingshop.com/DKB/Je%20me%20connecte_files/ Frame 65C6 |
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Cyb3r-Drag0nz-Team.png
i.ibb.co/DC6YMjP/ Frame 65C6 |
564 KB 565 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Cyb3r-Drag0nz-Team.png
i.ibb.co/DC6YMjP/ Frame 9199 |
564 KB 565 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Cyb3r-Drag0nz-Team.png
i.ibb.co/DC6YMjP/ Frame 084D |
564 KB 565 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DKB (Banking)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| documentPictureInPicture function| $ function| jQuery function| Popper object| bootstrap1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
citizenclothingshop.com/ | Name: PHPSESSID Value: vl21ffo25ioa93dpq97g552mfn |
24 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
citizenclothingshop.com
code.jquery.com
i.ibb.co
stackpath.bootstrapcdn.com
162.19.58.159
2606:4700:3032::ac43:923f
2606:4700::6810:5514
2606:4700::6812:bcf
2a04:4e42:600::649
20ab0a8eea9f05cbfb70d53c6c6b78c8c0bd62ed591d63bca4fdc067a6644905
38544024da1a0fc2f706be6582557b5722d17f48ad9a8073594a0cf928e2e3ff
967c6424260e1dd3228f98e5dfe8bb7934976306819c64506cc63f7af2eccdbc
a8acf454559e66f5d858a9fc8d0ecc1ec8d612a7af422bdeca50f5d4e1521cd3
c776195ad46333c6c9a9fe3c74502ffea9a02faf122388ea3567922cc65a3060
d1e6a4b015f53bd91f71d85f16b3ea0c346224a8c23de1064cf82e04c946279b
d939d21f27010c09b6c2966681d8b4cfcd64ca418f240922518f967fded16ef6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d