www.civil.line.pm Open in urlscan Pro
147.189.141.150  Malicious Activity! Public Scan

7 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request pik.html Show response www.civil.line.pm/cizen/	12 KB 4 KB	583ms 33ms	Document text/html	147.189.141.150 VELOXSERV
General Check archive.org Show headers Download Go to Full URL https://www.civil.line.pm/cizen/pik.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 147.189.141.150 Wolverhampton, United Kingdom, ASN3170 (VELOXSERV, GB), Reverse DNS wim6djwftw.salinascarinsurance.com Software nginx / Resource Hash e6f13dd6911b260616a11bfc11f15650c9d94f845c7f94ebf0d2819943a0bc88 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers Cache-Control max-age=315360000 Connection keep-alive Content-Encoding gzip Content-Type text/html Date Mon, 31 Oct 2022 19:02:40 GMT ETag W/"635fe4a8-3186" Expires Thu, 31 Dec 2037 23:55:55 GMT Keep-Alive timeout=60 Last-Modified Mon, 31 Oct 2022 15:07:20 GMT Server nginx Transfer-Encoding chunked Vary Accept-Encoding
GET H2	200	pm_fp.js Show response www3.citizensbankonline.com/efs/efs/jsp-ns/	23 KB 6 KB	231ms 76ms	Script application/x-javascript	2a02:26f0:3500:882::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www3.citizensbankonline.com/efs/efs/jsp-ns/pm_fp.js Requested by Host: www.civil.line.pm URL: https://www.civil.line.pm/cizen/pik.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:882::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Akamai Resource Optimizer / Resource Hash c6fbe2de716de3100ada73ac3cd1f0c52d3bcd0957ae1623c2abd1c94e91e21e Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language en-GB,en;q=0.9 Referer https://www.civil.line.pm/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers expires Tue, 01 Nov 2022 14:28:18 GMT date Mon, 31 Oct 2022 19:02:40 GMT content-encoding br strict-transport-security max-age=15768000 server-timing cdn-cache; desc=HIT, edge; dur=1 content-length 5739 x-olb-req-received t=1667099554429545 last-modified Sun, 30 Oct 2022 03:13:44 GMT server Akamai Resource Optimizer etag "5cbf-5e885b034be9a" vary Accept-Encoding x-frame-options SAMEORIGIN content-type application/x-javascript access-control-allow-origin * cache-control max-age=69938 accept-ranges bytes lb-action None, None x-olb-req-duration D=1065
GET H2	200	jquery-ui-1.10.1.custom.min.css www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-ui/css/custom-theme/	22 KB 4 KB	225ms 71ms	Stylesheet text/css	2a02:26f0:3500:882::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-ui/css/custom-theme/jquery-ui-1.10.1.custom.min.css Requested by Host: www.civil.line.pm URL: https://www.civil.line.pm/cizen/pik.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:882::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Akamai Resource Optimizer / Resource Hash f59cebc4c1888584b772204419501ba1c1d81e38fad05495e9991f468486fd55 Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language en-GB,en;q=0.9 Referer https://www.civil.line.pm/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers expires Tue, 01 Nov 2022 14:28:18 GMT date Mon, 31 Oct 2022 19:02:40 GMT content-encoding br strict-transport-security max-age=15768000 server-timing cdn-cache; desc=HIT, edge; dur=1 content-length 3624 x-olb-req-received t=1667099347240688 last-modified Sun, 30 Oct 2022 03:26:36 GMT server Akamai Resource Optimizer etag "5872-5e885b035072f" vary Accept-Encoding x-frame-options SAMEORIGIN content-type text/css access-control-allow-origin * cache-control max-age=69938 accept-ranges bytes lb-action None, None x-olb-req-duration D=785
GET H2	200	jquery.min.js Show response www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-ui/js/	90 KB 29 KB	259ms 105ms	Script application/x-javascript	2a02:26f0:3500:882::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-ui/js/jquery.min.js Requested by Host: www.civil.line.pm URL: https://www.civil.line.pm/cizen/pik.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:882::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Akamai Resource Optimizer / Resource Hash c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4 Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language en-GB,en;q=0.9 Referer https://www.civil.line.pm/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers expires Mon, 31 Oct 2022 19:17:40 GMT date Mon, 31 Oct 2022 19:02:40 GMT content-encoding br strict-transport-security max-age=15768000 server-timing cdn-cache; desc=HIT, edge; dur=22 content-length 29348 x-olb-req-received t=1667099347239698 last-modified Sun, 30 Oct 2022 04:37:55 GMT server Akamai Resource Optimizer etag "169d5-5e885b035072f" vary Accept-Encoding x-frame-options SAMEORIGIN content-type application/x-javascript access-control-allow-origin * cache-control max-age=900 accept-ranges bytes lb-action None, None x-olb-req-duration D=4811
GET H2	200	jquery.hoverIntent.js Show response www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/	1 KB 799 B	247ms 93ms	Script application/x-javascript	2a02:26f0:3500:882::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery.hoverIntent.js Requested by Host: www.civil.line.pm URL: https://www.civil.line.pm/cizen/pik.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:882::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Akamai Resource Optimizer / Resource Hash 5f5174ecbf3d9d3a7154c20eba9fc818d9a208e4100a0f43a1f948a4331a92cc Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language en-GB,en;q=0.9 Referer https://www.civil.line.pm/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers expires Tue, 01 Nov 2022 14:28:18 GMT date Mon, 31 Oct 2022 19:02:40 GMT content-encoding br strict-transport-security max-age=15768000 server-timing cdn-cache; desc=HIT, edge; dur=1 content-length 423 x-olb-req-received t=1667099347237972 last-modified Sun, 30 Oct 2022 03:11:43 GMT server Akamai Resource Optimizer etag "499-5e885b03504e5" vary Accept-Encoding x-frame-options SAMEORIGIN content-type application/x-javascript access-control-allow-origin * cache-control max-age=69938 accept-ranges bytes lb-action None, None x-olb-req-duration D=256
GET H2	200	jquery-ui-1.10.1.custom.min.js Show response www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-ui/js/	111 KB 27 KB	248ms 94ms	Script application/x-javascript	2a02:26f0:3500:882::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-ui/js/jquery-ui-1.10.1.custom.min.js Requested by Host: www.civil.line.pm URL: https://www.civil.line.pm/cizen/pik.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:882::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Akamai Resource Optimizer / Resource Hash 9b0f09ae5fc8e00a9b17d7600e32dc11b1074248a3ae9e32f8a340eae91200af Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language en-GB,en;q=0.9 Referer https://www.civil.line.pm/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers expires Tue, 01 Nov 2022 14:28:18 GMT date Mon, 31 Oct 2022 19:02:40 GMT content-encoding br strict-transport-security max-age=15768000 server-timing cdn-cache; desc=HIT, edge; dur=1 content-length 27690 x-olb-req-received t=1667099361390331 last-modified Sun, 30 Oct 2022 04:23:50 GMT server Akamai Resource Optimizer etag "1bdee-5e885b03504e5" vary Accept-Encoding x-frame-options SAMEORIGIN content-type application/x-javascript access-control-allow-origin * cache-control max-age=69938 accept-ranges bytes lb-action None, None x-olb-req-duration D=4906
GET H2	200	capslock.jquery.js Show response www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/caps_lock/	3 KB 1 KB	250ms 97ms	Script application/x-javascript	2a02:26f0:3500:882::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/caps_lock/capslock.jquery.js Requested by Host: www.civil.line.pm URL: https://www.civil.line.pm/cizen/pik.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:882::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Akamai Resource Optimizer / Resource Hash 1730f7d7aa6c474051605e0e7609cccd15ea3a39de9803973568e6c08effbdf1 Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language en-GB,en;q=0.9 Referer https://www.civil.line.pm/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers expires Tue, 01 Nov 2022 14:28:18 GMT date Mon, 31 Oct 2022 19:02:40 GMT content-encoding br strict-transport-security max-age=15768000 server-timing cdn-cache; desc=HIT, edge; dur=1 content-length 976 x-olb-req-received t=1667099347258195 last-modified Sun, 30 Oct 2022 03:25:19 GMT server Akamai Resource Optimizer etag "c44-5e885b034be9a" vary Accept-Encoding x-frame-options SAMEORIGIN content-type application/x-javascript access-control-allow-origin * cache-control max-age=69938 accept-ranges bytes lb-action None, None x-olb-req-duration D=389
GET H2	200	styles-2013.css www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/	16 KB 3 KB	218ms 65ms	Stylesheet text/css	2a02:26f0:3500:882::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css Requested by Host: www.civil.line.pm URL: https://www.civil.line.pm/cizen/pik.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:882::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Akamai Resource Optimizer / Resource Hash 19bc7e5458ebf92f38e4135878f166318630777c059b386613f2871c4d15fda2 Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language en-GB,en;q=0.9 Referer https://www.civil.line.pm/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers expires Tue, 01 Nov 2022 14:28:18 GMT date Mon, 31 Oct 2022 19:02:40 GMT content-encoding br strict-transport-security max-age=15768000 server-timing cdn-cache; desc=HIT, edge; dur=1 content-length 3128 x-olb-req-received t=1667099347278648 last-modified Sun, 30 Oct 2022 03:11:47 GMT server Akamai Resource Optimizer etag "40cc-5e885b034fd15" vary Accept-Encoding x-frame-options SAMEORIGIN content-type text/css access-control-allow-origin * cache-control max-age=69938 accept-ranges bytes lb-action None, None x-olb-req-duration D=652
GET H2	200	hinticon.png www3.citizensbankonline.com/efs/efs/grafx/	1 KB 1 KB	51ms 50ms	Image image/png	2a02:26f0:3500:882::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://www3.citizensbankonline.com/efs/efs/grafx/hinticon.png Requested by Host: www.civil.line.pm URL: https://www.civil.line.pm/cizen/pik.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:882::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash f94fc49d5ff852c411e3da487bd4f63aed16a07642fd0b1231887e8ac3d9b05f Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language en-GB,en;q=0.9 Referer https://www.civil.line.pm/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers x-olb-req-duration D=162 date Mon, 31 Oct 2022 19:02:40 GMT x-olb-req-received t=1667118089674062 strict-transport-security max-age=15768000 last-modified Sat, 20 Aug 2022 01:34:05 GMT etag "4c3-5e6a235cbd60f" x-frame-options SAMEORIGIN content-type image/png access-control-allow-origin * cache-control max-age=479874 server-timing cdn-cache; desc=HIT, edge; dur=1 accept-ranges bytes content-length 1219 lb-action None expires Sun, 06 Nov 2022 08:20:34 GMT
GET H2	200	ehl.gif www3.citizensbankonline.com/efs/efs/grafx/	88 B 399 B	82ms 82ms	Image image/gif	2a02:26f0:3500:882::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://www3.citizensbankonline.com/efs/efs/grafx/ehl.gif Requested by Host: www.civil.line.pm URL: https://www.civil.line.pm/cizen/pik.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:882::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash f38ccfb82832d5d520a762b30713c43d178f8e9b6e0f9f51970611f06636d6aa Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language en-GB,en;q=0.9 Referer https://www.civil.line.pm/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers x-olb-req-duration D=151 date Mon, 31 Oct 2022 19:02:40 GMT x-olb-req-received t=1667099361658559 strict-transport-security max-age=15768000 last-modified Sat, 20 Aug 2022 01:34:05 GMT etag "58-5e6a235cba347" x-frame-options SAMEORIGIN content-type image/gif access-control-allow-origin * cache-control max-age=461285 server-timing cdn-cache; desc=HIT, edge; dur=1 accept-ranges bytes content-length 88 lb-action None expires Sun, 06 Nov 2022 03:10:45 GMT
GET H2	200	common.js Show response www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/	5 KB 2 KB	58ms 57ms	Script application/x-javascript	2a02:26f0:3500:882::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/common.js Requested by Host: www.civil.line.pm URL: https://www.civil.line.pm/cizen/pik.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:882::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Akamai Resource Optimizer / Resource Hash e8c5013c999bee8dd455c1ac01133c69dd9aa06b34a7397bdff291c5ecbdc84d Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language en-GB,en;q=0.9 Referer https://www.civil.line.pm/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers expires Tue, 01 Nov 2022 14:28:18 GMT date Mon, 31 Oct 2022 19:02:40 GMT content-encoding br strict-transport-security max-age=15768000 server-timing cdn-cache; desc=HIT, edge; dur=6 content-length 1356 x-olb-req-received t=1667099347790920 last-modified Sun, 30 Oct 2022 03:11:40 GMT server Akamai Resource Optimizer etag "12f5-5e885b034fd15" vary Accept-Encoding x-frame-options SAMEORIGIN content-type application/x-javascript access-control-allow-origin * cache-control max-age=69938 accept-ranges bytes lb-action None, None x-olb-req-duration D=355
GET H2	200	citizens-logo-sm.png www3.citizensbankonline.com/efs/efs/grafx/	3 KB 3 KB	81ms 80ms	Image image/png	2a02:26f0:3500:882::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://www3.citizensbankonline.com/efs/efs/grafx/citizens-logo-sm.png Requested by Host: www3.citizensbankonline.com URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:882::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 61ab87df5a701ac0749d98660ebbdca021127991d12c2f79cdd723f8a96ecd5a Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language en-GB,en;q=0.9 Referer https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers x-olb-req-duration D=169 date Mon, 31 Oct 2022 19:02:40 GMT x-olb-req-received t=1667099467441369 strict-transport-security max-age=15768000 last-modified Sat, 20 Aug 2022 01:34:05 GMT etag "ae9-5e6a235cad827" x-frame-options SAMEORIGIN content-type image/png access-control-allow-origin * cache-control max-age=461363 server-timing cdn-cache; desc=HIT, edge; dur=1 accept-ranges bytes content-length 2793 lb-action None expires Sun, 06 Nov 2022 03:12:03 GMT
GET H2	200	splitter.png www3.citizensbankonline.com/efs/efs/grafx/	2 KB 2 KB	81ms 81ms	Image image/png	2a02:26f0:3500:882::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://www3.citizensbankonline.com/efs/efs/grafx/splitter.png Requested by Host: www3.citizensbankonline.com URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:882::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 089d475a97a845f1fa56d66ce227f9a70170aa893249052a7089c307c614daf1 Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language en-GB,en;q=0.9 Referer https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers x-olb-req-duration D=146 date Mon, 31 Oct 2022 19:02:40 GMT x-olb-req-received t=1667099467310137 strict-transport-security max-age=15768000 last-modified Sat, 20 Aug 2022 01:34:05 GMT etag "6f1-5e6a235cc1877" x-frame-options SAMEORIGIN content-type image/png access-control-allow-origin * cache-control max-age=461281 server-timing cdn-cache; desc=HIT, edge; dur=1 accept-ranges bytes content-length 1777 lb-action None expires Sun, 06 Nov 2022 03:10:41 GMT
GET H2	200	lock-grn.png www3.citizensbankonline.com/efs/efs/grafx/	1 KB 2 KB	96ms 95ms	Image image/png	2a02:26f0:3500:882::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://www3.citizensbankonline.com/efs/efs/grafx/lock-grn.png Requested by Host: www3.citizensbankonline.com URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:882::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 7574983a9af6d447856f9965e1d156c0027cead27de40ea7af026da3574fc566 Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language en-GB,en;q=0.9 Referer https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers x-olb-req-duration D=140 date Mon, 31 Oct 2022 19:02:40 GMT x-olb-req-received t=1667118077859451 strict-transport-security max-age=15768000 last-modified Sat, 20 Aug 2022 01:34:05 GMT etag "51b-5e6a235cc1241" x-frame-options SAMEORIGIN content-type image/png access-control-allow-origin * cache-control max-age=480024 server-timing cdn-cache; desc=HIT, edge; dur=1 accept-ranges bytes content-length 1307 lb-action None expires Sun, 06 Nov 2022 08:23:04 GMT
GET H2	200	arrow-collapse.png www3.citizensbankonline.com/efs/efs/grafx/	1 KB 1 KB	96ms 96ms	Image image/png	2a02:26f0:3500:882::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://www3.citizensbankonline.com/efs/efs/grafx/arrow-collapse.png Requested by Host: www3.citizensbankonline.com URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:882::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 34a0f68c279cbb29c79717498dbe63d577a1f94ae9c57aa886a5af279c56b9be Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language en-GB,en;q=0.9 Referer https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers x-olb-req-duration D=120 date Mon, 31 Oct 2022 19:02:40 GMT x-olb-req-received t=1667118077859569 strict-transport-security max-age=15768000 last-modified Sat, 20 Aug 2022 01:34:05 GMT etag "40c-5e6a235ca4d20" x-frame-options SAMEORIGIN content-type image/png access-control-allow-origin * cache-control max-age=479992 server-timing cdn-cache; desc=HIT, edge; dur=1 accept-ranges bytes content-length 1036 lb-action None expires Sun, 06 Nov 2022 08:22:32 GMT
GET H2	200	citizen_roman.woff www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/	31 KB 32 KB	202ms 82ms	Font application/octet-stream	2a02:26f0:3500:882::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_roman.woff Requested by Host: www3.citizensbankonline.com URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:882::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42 Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers Referer https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css Origin https://www.civil.line.pm accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers x-olb-req-duration D=181 date Mon, 31 Oct 2022 19:02:40 GMT x-olb-req-received t=1667099347457977 strict-transport-security max-age=15768000 last-modified Tue, 13 Sep 2022 02:22:48 GMT etag "7ce0-5e885b034f92d" x-frame-options SAMEORIGIN access-control-allow-origin * cache-control max-age=461142 server-timing cdn-cache; desc=HIT, edge; dur=1 accept-ranges bytes content-length 31968 lb-action None expires Sun, 06 Nov 2022 03:08:22 GMT
GET H2	200	citizen_bold.woff www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/	29 KB 29 KB	173ms 53ms	Font application/octet-stream	2a02:26f0:3500:882::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_bold.woff Requested by Host: www3.citizensbankonline.com URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:882::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 5bb2d438470a02799577010a14310fa8ac3ed7ea77ca15435aaaa154e407b3e6 Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers Referer https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css Origin https://www.civil.line.pm accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers x-olb-req-duration D=145 date Mon, 31 Oct 2022 19:02:40 GMT x-olb-req-received t=1667099346801757 strict-transport-security max-age=15768000 last-modified Tue, 13 Sep 2022 02:22:48 GMT etag "7278-5e885b034f15d" x-frame-options SAMEORIGIN access-control-allow-origin * cache-control max-age=461129 server-timing cdn-cache; desc=HIT, edge; dur=6 accept-ranges bytes content-length 29304 lb-action None expires Sun, 06 Nov 2022 03:08:09 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citizens Bank (Banking)

49 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation string| SEP string| PAIR function| activeXDetect function| stripIllegalChars function| stripFullPath object| BrowserDetect function| FingerPrint function| Hashtable function| IE_FingerPrint function| Mozilla_FingerPrint function| Opera_FingerPrint function| add_deviceprint function| urlEncode function| encode_deviceprint function| decode_deviceprint function| post_deviceprint function| $ function| jQuery function| DP_jQuery_1667242960712 object| theBody function| isNumeric function| needHelp function| isSpecialChar function| validateIE7 function| setFieldState function| hasErrors function| getValidateMessageListCheckSpaces function| getValidateMessageList function| getBasicFieldErrorMessages function| getBasicFieldSuccessMessages function| isIE7 function| isUnsupported function| setupToolTip function| setupNonStickyToolTip function| initPasswordToolTip function| initPasswordCapsLock function| validatePasswordRules function| validateField function| isEmpty function| validateGoodPasswordRules

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://www.civil.line.pm/cizen/pik.html(Line 30) Message: X-Frame-Options may only be set via an HTTP header sent along with a document. It may not be set inside <meta>.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.civil.line.pm
www3.citizensbankonline.com
147.189.141.150
2a02:26f0:3500:882::17c7
089d475a97a845f1fa56d66ce227f9a70170aa893249052a7089c307c614daf1
1730f7d7aa6c474051605e0e7609cccd15ea3a39de9803973568e6c08effbdf1
19bc7e5458ebf92f38e4135878f166318630777c059b386613f2871c4d15fda2
34a0f68c279cbb29c79717498dbe63d577a1f94ae9c57aa886a5af279c56b9be
5bb2d438470a02799577010a14310fa8ac3ed7ea77ca15435aaaa154e407b3e6
5f5174ecbf3d9d3a7154c20eba9fc818d9a208e4100a0f43a1f948a4331a92cc
61ab87df5a701ac0749d98660ebbdca021127991d12c2f79cdd723f8a96ecd5a
7574983a9af6d447856f9965e1d156c0027cead27de40ea7af026da3574fc566
9b0f09ae5fc8e00a9b17d7600e32dc11b1074248a3ae9e32f8a340eae91200af
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c6fbe2de716de3100ada73ac3cd1f0c52d3bcd0957ae1623c2abd1c94e91e21e
c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42
e6f13dd6911b260616a11bfc11f15650c9d94f845c7f94ebf0d2819943a0bc88
e8c5013c999bee8dd455c1ac01133c69dd9aa06b34a7397bdff291c5ecbdc84d
f38ccfb82832d5d520a762b30713c43d178f8e9b6e0f9f51970611f06636d6aa
f59cebc4c1888584b772204419501ba1c1d81e38fad05495e9991f468486fd55
f94fc49d5ff852c411e3da487bd4f63aed16a07642fd0b1231887e8ac3d9b05f