visitscitizens.us Open in urlscan Pro
2606:4700::6810:f44e  Malicious Activity! Public Scan

URL: https://visitscitizens.us/
Submission: On March 08 via automatic, source openphish — Scanned from US

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 11 HTTP transactions. The main IP is 2606:4700::6810:f44e, located in United States and belongs to CLOUDFLARENET, US. The main domain is visitscitizens.us.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on March 7th 2023. Valid for: a year.
This is the only time visitscitizens.us was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citizens Bank (Banking)

Domain & IP information

IP Address AS Autonomous System
10 2606:4700::68... 13335 (CLOUDFLAR...)
1 2600:1400:d:5... 20940 (AKAMAI-ASN1)
11 3
Apex Domain
Subdomains
Transfer
10 visitscitizens.us
visitscitizens.us
268 KB
1 citizensbank.com
www.citizensbank.com — Cisco Umbrella Rank: 56617
1 KB
11 2
Domain Requested by
10 visitscitizens.us visitscitizens.us
1 www.citizensbank.com visitscitizens.us
11 2

This site contains links to these domains. Also see Links.

Domain
www.citizensbank.com
investor.citizensbank.com
Subject Issuer Validity Valid
visitscitizens.us
Cloudflare Inc ECC CA-3
2023-03-07 -
2024-03-05
a year crt.sh
www.citizensbank.com
Entrust Certification Authority - L1M
2022-07-01 -
2023-07-01
a year crt.sh

This page contains 1 frames:

Primary Page: https://visitscitizens.us/
Frame ID: 206B245A1A5CCDBA3E83433753949B27
Requests: 24 HTTP requests in this frame

Screenshot

Page Title

Online Login | Citizens Bank

Page Statistics

11
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

269 kB
Transfer

584 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
visitscitizens.us/
4 KB
2 KB
Document
General
Full URL
https://visitscitizens.us/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f44e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
1d75ab17c698d8361200f7f56d4bed4d4a0cffad7f861de2cffec3bcabffd9ac

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

cache-control
public, max-age=0
cf-cache-status
MISS
cf-ray
7a47a5d36d00d153-BUF
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 08 Mar 2023 02:28:57 GMT
last-modified
Tue, 01 Jan 1980 00:00:01 GMT
server
cloudflare
vary
Accept-Encoding
x-do-app-origin
90770119-fec1-4753-beab-237309104a0a
x-do-orig-status
200
x-powered-by
Express
2.679831fc.chunk.css
visitscitizens.us/static/css/
2 KB
848 B
Stylesheet
General
Full URL
https://visitscitizens.us/static/css/2.679831fc.chunk.css
Requested by
Host: visitscitizens.us
URL: https://visitscitizens.us/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f44e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
99cdf7734b9baec74e3c53bddfda3c002ded5fc082bf6e8851cb6261c8b8c307

Request headers

accept-language
en-US,en;q=0.9
Referer
https://visitscitizens.us/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Wed, 08 Mar 2023 02:28:57 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Tue, 01 Jan 1980 00:00:01 GMT
server
cloudflare
x-do-app-origin
90770119-fec1-4753-beab-237309104a0a
x-do-orig-status
200
x-powered-by
Express
etag
W/"764-49773873e8"
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public, max-age=0
cf-ray
7a47a5d44d34d153-BUF
main.0969232f.chunk.css
visitscitizens.us/static/css/
108 KB
28 KB
Stylesheet
General
Full URL
https://visitscitizens.us/static/css/main.0969232f.chunk.css
Requested by
Host: visitscitizens.us
URL: https://visitscitizens.us/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f44e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
3cacf7ff16858c5e75dd964ee606f6d74df5dd9d95841033868fd4367f550fd5

Request headers

accept-language
en-US,en;q=0.9
Referer
https://visitscitizens.us/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Wed, 08 Mar 2023 02:28:58 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Tue, 01 Jan 1980 00:00:01 GMT
server
cloudflare
x-do-app-origin
90770119-fec1-4753-beab-237309104a0a
x-do-orig-status
200
x-powered-by
Express
etag
W/"1ae05-49773873e8"
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public, max-age=0
cf-ray
7a47a5d45d35d153-BUF
2.1a72405e.chunk.js
visitscitizens.us/static/js/
236 KB
75 KB
Script
General
Full URL
https://visitscitizens.us/static/js/2.1a72405e.chunk.js
Requested by
Host: visitscitizens.us
URL: https://visitscitizens.us/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f44e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
5fe8101287bd55c53f1c5eaeb4554e47e8b6c78656c8b300ba0246fa2a69eb41

Request headers

accept-language
en-US,en;q=0.9
Referer
https://visitscitizens.us/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Wed, 08 Mar 2023 02:28:58 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Tue, 01 Jan 1980 00:00:01 GMT
server
cloudflare
x-do-app-origin
90770119-fec1-4753-beab-237309104a0a
x-do-orig-status
200
x-powered-by
Express
etag
W/"3b09a-49773873e8"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=0
cf-ray
7a47a5d45d36d153-BUF
main.6c41065c.chunk.js
visitscitizens.us/static/js/
76 KB
25 KB
Script
General
Full URL
https://visitscitizens.us/static/js/main.6c41065c.chunk.js
Requested by
Host: visitscitizens.us
URL: https://visitscitizens.us/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f44e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
fb1dfb40da04785fd2f86812a18b06d8864fc53300307df9a69ff0fffb732ad0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://visitscitizens.us/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Wed, 08 Mar 2023 02:28:58 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Tue, 01 Jan 1980 00:00:01 GMT
server
cloudflare
x-do-app-origin
90770119-fec1-4753-beab-237309104a0a
x-do-orig-status
200
x-powered-by
Express
etag
W/"13179-49773873e8"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=0
cf-ray
7a47a5d45d37d153-BUF
truncated
/
4 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c401ce328e0383e71cd811709055aa8671cee50e355c6588bd567c1320b4e4ab

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type
image/png
feedback.png
www.citizensbank.com/assets/CB_media/images/
824 B
1 KB
Image
General
Full URL
https://www.citizensbank.com/assets/CB_media/images/feedback.png
Requested by
Host: visitscitizens.us
URL: https://visitscitizens.us/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:5ab::1f37 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
openresty/1.21.4.1 /
Resource Hash
713f1268435943170faadadc547d8c68bb00822783e5e0c2d1129972a784f949
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://visitscitizens.us/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Wed, 08 Mar 2023 02:28:58 GMT
strict-transport-security
max-age=15768000
last-modified
Wed, 22 Jan 2020 18:38:44 GMT
server
openresty/1.21.4.1
etag
"5e2896b4-338"
content-type
image/png
cache-control
max-age=600
server-timing
cdn-cache; desc=HIT, edge; dur=14, ak_p; desc="466178_388099620_48901276_1348_124802_26_0";dur=1
accept-ranges
bytes
x-robots-tag
none
content-length
824
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
319d82f567037eafefea25abbc64ea902db9255c5e7231fe9ddd462e4f5b9149

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/
395 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
eb175662762ef5f2c9011cc1c4f9d09361c50a366fad8a544bda1c439b99d3a0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9b4ffac9ea755d2aaff724fa471d90fd63ae5648e18f60a67db0a5c3bffd84e5

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fe3ddc37707c93f338a1f6359dfa03019e096df14454808aaccbb7538aa3c67b

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9af5181113e5d0eacfc3d9c0b3ad627dc3ad50708755fbe45ab18e0cad4f3b36

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
56c43c6f5c8209acd47f355810bca2f9b0fc86c4bbdf1361d60fb2d2e2e66f8c

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dddb031e5144ce20d909dbf4829d637738efa477bf5ab4eab67b1990ef0efb2d

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/
292 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c8d87d770112e188f7b1482e9a416ffc441a9a6e08e2fc38a886fa2986efdb46

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
364 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dfc042f7ff75f3c2f916bcfbff48c82834bab07b698a2c564906ca073f8286b2

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
1017 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ff327ec2a6dbd3fc76ceecf59e472d5d2f43c94dce851ced740abe5f75bb832e

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
165 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bbb90a8f240e6dbbda1d3da534f8848f256e623ed470d045e1d86a465e424d69

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type
image/png
citiolb_icons.dca00503.woff
visitscitizens.us/static/media/
18 KB
18 KB
Font
General
Full URL
https://visitscitizens.us/static/media/citiolb_icons.dca00503.woff
Requested by
Host: visitscitizens.us
URL: https://visitscitizens.us/static/css/main.0969232f.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f44e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115

Request headers

Referer
https://visitscitizens.us/static/css/main.0969232f.chunk.css
Origin
https://visitscitizens.us
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Wed, 08 Mar 2023 02:28:58 GMT
cf-cache-status
MISS
last-modified
Tue, 01 Jan 1980 00:00:01 GMT
server
cloudflare
x-do-app-origin
90770119-fec1-4753-beab-237309104a0a
x-do-orig-status
200
x-powered-by
Express
etag
W/"485c-49773873e8"
vary
Accept-Encoding
content-type
font/woff
cache-control
public, max-age=0
accept-ranges
bytes
cf-ray
7a47a5d84e23d153-BUF
content-length
18524
citizen_roman.f0380244.woff
visitscitizens.us/static/media/
31 KB
31 KB
Font
General
Full URL
https://visitscitizens.us/static/media/citizen_roman.f0380244.woff
Requested by
Host: visitscitizens.us
URL: https://visitscitizens.us/static/css/main.0969232f.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f44e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42

Request headers

Referer
https://visitscitizens.us/static/css/main.0969232f.chunk.css
Origin
https://visitscitizens.us
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Wed, 08 Mar 2023 02:28:58 GMT
cf-cache-status
MISS
last-modified
Tue, 01 Jan 1980 00:00:01 GMT
server
cloudflare
x-do-app-origin
90770119-fec1-4753-beab-237309104a0a
x-do-orig-status
200
x-powered-by
Express
etag
W/"7ce0-49773873e8"
vary
Accept-Encoding
content-type
font/woff
cache-control
public, max-age=0
accept-ranges
bytes
cf-ray
7a47a5d84e24d153-BUF
content-length
31968
citizen_book.1cc18080.woff
visitscitizens.us/static/media/
31 KB
31 KB
Font
General
Full URL
https://visitscitizens.us/static/media/citizen_book.1cc18080.woff
Requested by
Host: visitscitizens.us
URL: https://visitscitizens.us/static/css/main.0969232f.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f44e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277

Request headers

Referer
https://visitscitizens.us/static/css/main.0969232f.chunk.css
Origin
https://visitscitizens.us
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Wed, 08 Mar 2023 02:28:58 GMT
cf-cache-status
MISS
last-modified
Tue, 01 Jan 1980 00:00:01 GMT
server
cloudflare
x-do-app-origin
90770119-fec1-4753-beab-237309104a0a
x-do-orig-status
200
x-powered-by
Express
etag
W/"7c78-49773873e8"
vary
Accept-Encoding
content-type
font/woff
cache-control
public, max-age=0
accept-ranges
bytes
cf-ray
7a47a5d84e25d153-BUF
content-length
31864
citizen_bold.f37bdbd4.woff
visitscitizens.us/static/media/
29 KB
29 KB
Font
General
Full URL
https://visitscitizens.us/static/media/citizen_bold.f37bdbd4.woff
Requested by
Host: visitscitizens.us
URL: https://visitscitizens.us/static/css/main.0969232f.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f44e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
5bb2d438470a02799577010a14310fa8ac3ed7ea77ca15435aaaa154e407b3e6

Request headers

Referer
https://visitscitizens.us/static/css/main.0969232f.chunk.css
Origin
https://visitscitizens.us
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Wed, 08 Mar 2023 02:28:58 GMT
cf-cache-status
MISS
last-modified
Tue, 01 Jan 1980 00:00:01 GMT
server
cloudflare
x-do-app-origin
90770119-fec1-4753-beab-237309104a0a
x-do-orig-status
200
x-powered-by
Express
etag
W/"7278-49773873e8"
vary
Accept-Encoding
content-type
font/woff
cache-control
public, max-age=0
accept-ranges
bytes
cf-ray
7a47a5d84e26d153-BUF
content-length
29304
citizen_extrabold.51370ff5.woff
visitscitizens.us/static/media/
27 KB
27 KB
Font
General
Full URL
https://visitscitizens.us/static/media/citizen_extrabold.51370ff5.woff
Requested by
Host: visitscitizens.us
URL: https://visitscitizens.us/static/css/main.0969232f.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f44e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759

Request headers

Referer
https://visitscitizens.us/static/css/main.0969232f.chunk.css
Origin
https://visitscitizens.us
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Wed, 08 Mar 2023 02:28:58 GMT
cf-cache-status
MISS
last-modified
Tue, 01 Jan 1980 00:00:01 GMT
server
cloudflare
x-do-app-origin
90770119-fec1-4753-beab-237309104a0a
x-do-orig-status
200
x-powered-by
Express
etag
W/"6ccc-49773873e8"
vary
Accept-Encoding
content-type
font/woff
cache-control
public, max-age=0
accept-ranges
bytes
cf-ray
7a47a5d85e27d153-BUF
content-length
27852

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citizens Bank (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| webpackJsonpclient object| regeneratorRuntime

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

visitscitizens.us
www.citizensbank.com
2600:1400:d:5ab::1f37
2606:4700::6810:f44e
0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759
1d75ab17c698d8361200f7f56d4bed4d4a0cffad7f861de2cffec3bcabffd9ac
2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277
319d82f567037eafefea25abbc64ea902db9255c5e7231fe9ddd462e4f5b9149
3cacf7ff16858c5e75dd964ee606f6d74df5dd9d95841033868fd4367f550fd5
56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c
56c43c6f5c8209acd47f355810bca2f9b0fc86c4bbdf1361d60fb2d2e2e66f8c
5bb2d438470a02799577010a14310fa8ac3ed7ea77ca15435aaaa154e407b3e6
5fe8101287bd55c53f1c5eaeb4554e47e8b6c78656c8b300ba0246fa2a69eb41
713f1268435943170faadadc547d8c68bb00822783e5e0c2d1129972a784f949
99cdf7734b9baec74e3c53bddfda3c002ded5fc082bf6e8851cb6261c8b8c307
9af5181113e5d0eacfc3d9c0b3ad627dc3ad50708755fbe45ab18e0cad4f3b36
9b4ffac9ea755d2aaff724fa471d90fd63ae5648e18f60a67db0a5c3bffd84e5
b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115
bbb90a8f240e6dbbda1d3da534f8848f256e623ed470d045e1d86a465e424d69
c401ce328e0383e71cd811709055aa8671cee50e355c6588bd567c1320b4e4ab
c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42
c8d87d770112e188f7b1482e9a416ffc441a9a6e08e2fc38a886fa2986efdb46
dddb031e5144ce20d909dbf4829d637738efa477bf5ab4eab67b1990ef0efb2d
dfc042f7ff75f3c2f916bcfbff48c82834bab07b698a2c564906ca073f8286b2
eb175662762ef5f2c9011cc1c4f9d09361c50a366fad8a544bda1c439b99d3a0
fb1dfb40da04785fd2f86812a18b06d8864fc53300307df9a69ff0fffb732ad0
fe3ddc37707c93f338a1f6359dfa03019e096df14454808aaccbb7538aa3c67b
ff327ec2a6dbd3fc76ceecf59e472d5d2f43c94dce851ced740abe5f75bb832e