cit-alertlv.com - urlscan.io

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 7 HTTP transactions. The main IP is 176.121.14.121, located in Ukraine and belongs to FLOWSPEC-AS, UA. The main domain is cit-alertlv.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on January 21st 2022. Valid for: 3 months.

This is the only time cit-alertlv.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banka Citadele (Banking)

Domain & IP information

	IP Address		AS Autonomous System
1 8	176.121.14.121 176.121.14.121		210138 (FLOWSPEC-AS) (FLOWSPEC-AS)
7	1

8 176.121.14.121 (Ukraine) 1 redirects

ASN210138 (FLOWSPEC-AS, UA)

cit-alertlv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	cit-alertlv.com 1 redirects cit-alertlv.com	320 KB
7	1

	Domain	Requested by
8	cit-alertlv.com	1 redirects cit-alertlv.com
7	1

This site contains no links.

Subject Issuer	Validity	Valid
cit-alertlv.com cPanel, Inc. Certification Authority	`2022-01-21` - `2022-04-21`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://cit-alertlv.com/login.php
Frame ID: 93B0FFD5D747409F6A95760794382FB3
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Citadele Online Banking

Page URL History Show full URLs

http://cit-alertlv.com/login.php HTTP 301
https://cit-alertlv.com/login.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

320 kB
Transfer

318 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://cit-alertlv.com/login.php HTTP 301
https://cit-alertlv.com/login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request login.php Show response cit-alertlv.com/ Redirect Chain http://cit-alertlv.com/login.php https://cit-alertlv.com/login.php	6 KB 7 KB	185ms 109ms	Document text/html	176.121.14.121 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Full URL https://cit-alertlv.com/login.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 176.121.14.121 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software Apache / Resource Hash `9d37ccb58a2599a48044cd76bb5a7424987764cbec9cf2e454531711bbc3d75e` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers Date Thu, 27 Jan 2022 06:25:13 GMT Server Apache Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate Pragma no-cache Keep-Alive timeout=5, max=100 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Redirect headers Date Thu, 27 Jan 2022 06:25:13 GMT Server Apache Location https://cit-alertlv.com/login.php Content-Length 241 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	ibbf-verrel-99_4_0.css cit-alertlv.com/css/	150 KB 151 KB	34ms 34ms	Stylesheet text/css	176.121.14.121 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Full URL https://cit-alertlv.com/css/ibbf-verrel-99_4_0.css Requested by Host: cit-alertlv.com URL: https://cit-alertlv.com/login.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 176.121.14.121 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software Apache / Resource Hash `0d35350c1d1ad57885a10239f3f1a8aad4807cf645100c1a49bb0da69246b6bd` Request headers Accept-Language de-DE,de;q=0.9 Referer https://cit-alertlv.com/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Thu, 27 Jan 2022 06:25:13 GMT Last-Modified Wed, 12 Jan 2022 09:00:34 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 153872
GET H/1.1	200 OK	en-verrel-99_4_0.svg cit-alertlv.com/images/	8 KB 8 KB	109ms 41ms	Image image/svg+xml	176.121.14.121 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Show image Full URL https://cit-alertlv.com/images/en-verrel-99_4_0.svg Requested by Host: cit-alertlv.com URL: https://cit-alertlv.com/login.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 176.121.14.121 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software Apache / Resource Hash `c3800d465b99e1003b3187adb99d122e9901974a958cdbc78c221e33272dc123` Request headers Accept-Language de-DE,de;q=0.9 Referer https://cit-alertlv.com/login.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Thu, 27 Jan 2022 06:25:13 GMT Last-Modified Wed, 12 Jan 2022 06:04:20 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 7996
GET H/1.1	200 OK	OpenSans-Regular.otf cit-alertlv.com/css/	38 KB 38 KB	35ms 35ms	Font font/otf	176.121.14.121 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Full URL https://cit-alertlv.com/css/OpenSans-Regular.otf Requested by Host: cit-alertlv.com URL: https://cit-alertlv.com/css/ibbf-verrel-99_4_0.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 176.121.14.121 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software Apache / Resource Hash `f7a392ec9263fb7c4723cd2b3dd727ecb7abb08080d737fb51d5e2ba59a49e3d` Request headers Referer https://cit-alertlv.com/css/ibbf-verrel-99_4_0.css Origin https://cit-alertlv.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Thu, 27 Jan 2022 06:25:13 GMT Last-Modified Wed, 12 Jan 2022 08:47:48 GMT Server Apache Content-Type font/otf Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 38592
GET H/1.1	200 OK	Material-Design-Iconic-Font.woff2 cit-alertlv.com/css/	37 KB 38 KB	37ms 36ms	Font font/woff2	176.121.14.121 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Full URL https://cit-alertlv.com/css/Material-Design-Iconic-Font.woff2 Requested by Host: cit-alertlv.com URL: https://cit-alertlv.com/css/ibbf-verrel-99_4_0.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 176.121.14.121 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software Apache / Resource Hash `e8eea96e29a7c0a72612ab85ca3229979666467a28349642c2176e7189a1a39c` Request headers Referer https://cit-alertlv.com/css/ibbf-verrel-99_4_0.css Origin https://cit-alertlv.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Thu, 27 Jan 2022 06:25:13 GMT Last-Modified Wed, 12 Jan 2022 08:53:54 GMT Server Apache Content-Type font/woff2 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 38384
GET H/1.1	200 OK	OpenSans-Semibold.otf cit-alertlv.com/css/	39 KB 39 KB	70ms 34ms	Font font/otf	176.121.14.121 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Full URL https://cit-alertlv.com/css/OpenSans-Semibold.otf Requested by Host: cit-alertlv.com URL: https://cit-alertlv.com/css/ibbf-verrel-99_4_0.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 176.121.14.121 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software Apache / Resource Hash `c3ccd8bd926647c99b4bb5436ed01b330f633d1464b50d189e4a5367751d6055` Request headers Referer https://cit-alertlv.com/css/ibbf-verrel-99_4_0.css Origin https://cit-alertlv.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Thu, 27 Jan 2022 06:25:13 GMT Last-Modified Wed, 12 Jan 2022 08:50:24 GMT Server Apache Content-Type font/otf Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 39932
GET H/1.1	200 OK	OpenSans-Bold.otf cit-alertlv.com/css/	39 KB 40 KB	105ms 37ms	Font font/otf	176.121.14.121 FLOWSPEC-AS
General Check archive.org Show headers Download Go to Full URL https://cit-alertlv.com/css/OpenSans-Bold.otf Requested by Host: cit-alertlv.com URL: https://cit-alertlv.com/css/ibbf-verrel-99_4_0.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 176.121.14.121 , Ukraine, ASN210138 (FLOWSPEC-AS, UA), Reverse DNS Software Apache / Resource Hash `d51609cb4e7b43c4383b62590a77afde105e6320a448d0473fb647531bd62582` Request headers Referer https://cit-alertlv.com/css/ibbf-verrel-99_4_0.css Origin https://cit-alertlv.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers Date Thu, 27 Jan 2022 06:25:13 GMT Last-Modified Wed, 12 Jan 2022 08:51:14 GMT Server Apache Content-Type font/otf Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 40396

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banka Citadele (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			cit-alertlv.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: a6360ef9654c75cb660cf54498a8320f

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cit-alertlv.com
176.121.14.121
0d35350c1d1ad57885a10239f3f1a8aad4807cf645100c1a49bb0da69246b6bd
9d37ccb58a2599a48044cd76bb5a7424987764cbec9cf2e454531711bbc3d75e
c3800d465b99e1003b3187adb99d122e9901974a958cdbc78c221e33272dc123
c3ccd8bd926647c99b4bb5436ed01b330f633d1464b50d189e4a5367751d6055
d51609cb4e7b43c4383b62590a77afde105e6320a448d0473fb647531bd62582
e8eea96e29a7c0a72612ab85ca3229979666467a28349642c2176e7189a1a39c
f7a392ec9263fb7c4723cd2b3dd727ecb7abb08080d737fb51d5e2ba59a49e3d

cit-alertlv.com Open in urlscan Pro 176.121.14.121 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

7 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

320 kBTransfer

318 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

1 Cookies

Indicators

cit-alertlv.com Open in urlscan Pro
176.121.14.121 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

320 kB
Transfer

318 kB
Size

1
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!