urlscan.io logo urlscan.io
SecurityTrails logo

b0asec-u.top Open in urlscan Pro
2606:4700:3036::6815:4c60  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://itcr.com.br/wp-content/themes/twentytwenty/redir/?m=redacted_email/
Effective URL: https://b0asec-u.top/6SSD59YBCZ7CYAV87SYCSSJJNC/card
Submission Tags: 7730403
Submission: On September 05 via api from CH — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 6 domains to perform 16 HTTP transactions. The main IP is 2606:4700:3036::6815:4c60, located in United States and belongs to CLOUDFLARENET, US. The main domain is b0asec-u.top.
TLS certificate: Issued by GTS CA 1P5 on August 20th 2022. Valid for: 3 months.
This is the only time b0asec-u.top was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citibank (Banking)

Domain & IP information

IP Address AS Autonomous System
1 1 108.179.253.198 46606 (UNIFIEDLA...)
12 2606:4700:303... 13335 (CLOUDFLAR...)
1 2001:4de0:ac1... 20446 (STACKPATH...)
1 76.76.21.123 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 13.225.78.123 16509 (AMAZON-02)
16 5
1    108.179.253.198 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: br598-ip04.hostgator.com.br
itcr.com.br
12    2606:4700:3036::6815:4c60 (United States)

ASN13335 (CLOUDFLARENET, US)
b0asec-u.top
1    2001:4de0:ac18::1:a:1b (Netherlands)

ASN20446 (STACKPATH-CDN, US)
code.jquery.com
1    76.76.21.123 (United States)

ASN16509 (AMAZON-02, US)
geoip-lite.vercel.app
1    2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    13.225.78.123 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-123.fra2.r.cloudfront.net
static-assets.dev.fs.liveperson.com
Apex Domain
Subdomains		 Transfer
12 b0asec-u.top
b0asec-u.top
413 KB
1 liveperson.com
static-assets.dev.fs.liveperson.com — Cisco Umbrella Rank: 31291
2 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 355
11 KB
1 vercel.app
geoip-lite.vercel.app
537 B
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 976
30 KB
1 itcr.com.br
itcr.com.br
89 B
16 6
Domain Requested by
12 b0asec-u.top code.jquery.com
b0asec-u.top
1 static-assets.dev.fs.liveperson.com b0asec-u.top
1 cdnjs.cloudflare.com b0asec-u.top
1 geoip-lite.vercel.app code.jquery.com
1 code.jquery.com b0asec-u.top
1 itcr.com.br 1 redirects
16 6
Subject Issuer Validity Valid
*.b0asec-u.top
GTS CA 1P5		 2022-08-20 -
2022-11-18		 3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2022-08-03 -
2023-07-14		 a year crt.sh
*.vercel.app
R3		 2022-07-12 -
2022-10-10		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-08-03 -
2023-08-02		 a year crt.sh
dev.fs.liveperson.com
Amazon		 2022-06-26 -
2023-07-25		 a year crt.sh

This page contains 1 frames:

Primary Page: https://b0asec-u.top/6SSD59YBCZ7CYAV87SYCSSJJNC/card
Frame ID: 44F29CA1AC22744B1AD38B02B7D34DE7
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Online

Page URL History Show full URLs

  1. https://itcr.com.br/wp-content/themes/twentytwenty/redir/?m=redacted_email/ HTTP 302
    https://b0asec-u.top/ Page URL
  2. https://b0asec-u.top/6SSD59YBCZ7CYAV87SYCSSJJNC/card Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

16
Requests

100 %
HTTPS

50 %
IPv6

6
Domains

6
Subdomains

5
IPs

2
Countries

457 kB
Transfer

2858 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://itcr.com.br/wp-content/themes/twentytwenty/redir/?m=redacted_email/ HTTP 302
    https://b0asec-u.top/ Page URL
  2. https://b0asec-u.top/6SSD59YBCZ7CYAV87SYCSSJJNC/card Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://itcr.com.br/wp-content/themes/twentytwenty/redir/?m=redacted_email/ HTTP 302
  • https://b0asec-u.top/

16 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
b0asec-u.top/
Redirect Chain
  • https://itcr.com.br/wp-content/themes/twentytwenty/redir/?m=redacted_email/
  • https://b0asec-u.top/
789 B
984 B 		Document
General
Check archive.org
Download Go to
Full URL
https://b0asec-u.top/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::6815:4c60 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
85b4aea1044a40925a13617ab43a21434f2b7afae1fcc3ce08e5183bd6f8659c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
745eb6500b0f92ba-FRA
content-encoding
br
content-type
text/html; charset=utf-8
date
Mon, 05 Sep 2022 11:44:17 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fdQa8G2U%2BIKv9952rzeQKC0Ga%2Fbl43uq%2B%2FBsuZD5XCESdaPXHNYWuWOIs%2BxDHWnQWNgzq6Chm3SjaCrWZVTxkCmcKep3valPWQ8s21pFTPcmNbD3jMiTK1wwAvpdqKCrifRD3UKlb2kIT%2FE%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-powered-by
Express

Redirect headers

content-length
0
content-type
text/html; charset=UTF-8
date
Mon, 05 Sep 2022 11:44:17 GMT
location
https://b0asec-u.top/
server
Apache
jquery-3.6.0.min.js
code.jquery.com/ 		87 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.6.0.min.js
Requested by
Host: b0asec-u.top
URL: https://b0asec-u.top/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:1b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
nginx /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Referer
https://b0asec-u.top/
Origin
https://b0asec-u.top
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 11:44:18 GMT
content-encoding
gzip
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
etag
W/"28feccc0-15d9d"
vary
Accept-Encoding
x-hw
1662378258.dop140.am5.t,1662378258.cds318.am5.hn,1662378258.cds210.am5.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
30875
/
geoip-lite.vercel.app/ 		191 B
537 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geoip-lite.vercel.app/
Requested by
Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.6.0.min.js
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
76.76.21.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Vercel /
Resource Hash
274d77302d8313d24e1a0ae0d590eca81ec9bda1ce4457d8d607c464007e9004
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Accept
*/*
Referer
https://b0asec-u.top/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 11:44:18 GMT
server
Vercel
age
0
x-vercel-id
fra1::sfo1::wv6gq-1662378258138-cbd7d95cae02
x-vercel-cache
MISS
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-methods
GET, PUT, POST, DELETE, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=0, must-revalidate
access-control-allow-headers
Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With
content-length
191
6SSD59YBCZ7CYAV87SYCSSJJNC.html
b0asec-u.top/ 		76 B
534 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://b0asec-u.top/6SSD59YBCZ7CYAV87SYCSSJJNC.html?ip=185.213.155.166&loc=DE&city=Frankfurt%20am%20Main&reg=HE
Requested by
Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.6.0.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::6815:4c60 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash

Request headers

Accept
*/*
Referer
https://b0asec-u.top/
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 11:44:18 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bxt%2Fvhv3bgayjd1br01%2FPZ59H5bCIwHJDg9XPTR9VIlfhNeX2KZ1zE5dZYQpXzOjPXHugTGrRcX%2BZdz88%2FI%2F%2Fp5ewvKsuGS%2BhhqI7edzAr6zS2F1DkLDyPP2mpVgRT3WTrGoQEDLEMC3qCE%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=utf-8
cf-ray
745eb653390292ba-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Primary Request card
b0asec-u.top/6SSD59YBCZ7CYAV87SYCSSJJNC/ 		424 KB
53 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://b0asec-u.top/6SSD59YBCZ7CYAV87SYCSSJJNC/card
Requested by
Host: b0asec-u.top
URL: https://b0asec-u.top/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:4c60 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
cb4c421a2590008a38d3d340dc72c52adc78a8ff5799ea4745e3a6551eeb38ad

Request headers

Referer
https://b0asec-u.top/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
745eb6539e4490f4-FRA
content-encoding
br
content-type
text/html; charset=utf-8
date
Mon, 05 Sep 2022 11:44:18 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bSfy5LJCTqyO%2FH97BjrxlraNV6mgCVSoZX0%2BQFqqS1eOvow%2Bq4FsrCsNp79Qk8mcRMKZjL99GzAAtjulRgnHp4AHOPInuhnvEYkjWSdXldBzel9%2FAfv%2BNEatV6eFtntwA6uWHyV14ubZkH8%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-powered-by
Express
styles.e7e160580a3e695ea723.css
b0asec-u.top/ 		2 MB
175 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://b0asec-u.top/styles.e7e160580a3e695ea723.css
Requested by
Host: b0asec-u.top
URL: https://b0asec-u.top/6SSD59YBCZ7CYAV87SYCSSJJNC/card
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:4c60 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
b0864e63002f34981c4363b1842b1b1f14cb672e02f1e3f55b134f00de3a5b92

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://b0asec-u.top/6SSD59YBCZ7CYAV87SYCSSJJNC/card
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 11:44:18 GMT
content-encoding
br
etag
W/"1ffb3b-181ea241068"
cf-cache-status
MISS
last-modified
Sun, 10 Jul 2022 22:04:01 GMT
server
cloudflare
x-powered-by
Express
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FUY9Te7Zf8cM7oan1OcRv%2FtUJ%2BKus73Es0f9TAN8ckLDpVew50EgOWiPlwzhTZclCuIafKnUGuQQUu16K%2FMPBfshsto1xN51sUFiP2BLm%2F3pSZIf8ge8NOTlBPAJ67bhCICIUroIM2NNm64%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=UTF-8
cache-control
public, max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
745eb6546f7c90f4-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/ 		58 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/all.min.css
Requested by
Host: b0asec-u.top
URL: https://b0asec-u.top/6SSD59YBCZ7CYAV87SYCSSJJNC/card
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://b0asec-u.top/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 11:44:18 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
10674377
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
10391
timing-allow-origin
*
last-modified
Wed, 15 Jul 2020 18:15:47 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5f0f47d3-e637"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F4%2FocDwS1LEsnVxXDtA%2BbQu6alakpBBVYZeIsmpnI60Rt%2BfssgWJFKpstmmvMFuiB2klnU8F7QQULohz3A%2BkvTkJ06N%2BapR4WW%2FvTP%2BpAiRzkxmXO93MVWMYhzYKE6nX5730QmUF6Y5abAsgdBkt2gk1"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
745eb654bbe69b71-FRA
expires
Sat, 26 Aug 2023 11:44:18 GMT
style.css
static-assets.dev.fs.liveperson.com/citi/projects/start_a_convo/ 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static-assets.dev.fs.liveperson.com/citi/projects/start_a_convo/style.css
Requested by
Host: b0asec-u.top
URL: https://b0asec-u.top/6SSD59YBCZ7CYAV87SYCSSJJNC/card
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-123.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8f5ef7272818fb6ed438a5239d6824eae8bc2992e46f41c8b15d1ded1ed6ed62

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://b0asec-u.top/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-amz-version-id
K0xpJgjnSpJIAKuWA5FqOjqv.SNyNmsb
Content-Encoding
gzip
ETag
W/"15327b47e9535d411a12f73e2a096b77"
Age
266
x-amz-server-side-encryption
AES256
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Connection
keep-alive
Last-Modified
Thu, 01 Sep 2022 21:27:49 GMT
Server
AmazonS3
Date
Mon, 05 Sep 2022 11:44:18 GMT
Vary
Accept-Encoding
Content-Type
text/css
Via
1.1 7158aa4ac648947d564b98d9769b5b2a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA2-C2
X-Amz-Cf-Id
4CZ2z1BuJyks8zAP6W3hPyAb17lU0eN69Ip6U6q6Jj1yiFVncfe7oA==
citilogoredesign.png
b0asec-u.top/CBOL/IA/Angular/assets/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b0asec-u.top/CBOL/IA/Angular/assets/citilogoredesign.png
Requested by
Host: b0asec-u.top
URL: https://b0asec-u.top/6SSD59YBCZ7CYAV87SYCSSJJNC/card
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:4c60 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://b0asec-u.top/6SSD59YBCZ7CYAV87SYCSSJJNC/card
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 11:44:18 GMT
etag
W/"707-181e9f9d7d0"
cf-cache-status
MISS
last-modified
Sun, 10 Jul 2022 21:17:54 GMT
server
cloudflare
x-powered-by
Express
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zb509jq9yE4kr0vZ4hAnxGQoAVK%2F0XkW0bp6WVhMNMz4KUgPU3lQ5vTjQJmCwQPnFbzNrB8PgfSuO0LjauXgQmwcPxSAXHM7ws9mkJ0h6ARRjjC%2BhzfQNF9Wb1Gdv63y6FoDlRcdA7fWr2o%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
745eb6548faf90f4-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1799
jquery.min.js
b0asec-u.top/ 		85 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://b0asec-u.top/jquery.min.js
Requested by
Host: b0asec-u.top
URL: https://b0asec-u.top/6SSD59YBCZ7CYAV87SYCSSJJNC/card
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:4c60 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
4fe68fa216176e6d1f4580e924bafecc9f519984ecc06b1a840a08b0d88c95de

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://b0asec-u.top/6SSD59YBCZ7CYAV87SYCSSJJNC/card
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 11:44:18 GMT
content-encoding
br
etag
W/"15391-181c4415568"
cf-cache-status
MISS
last-modified
Sun, 03 Jul 2022 13:30:25 GMT
server
cloudflare
x-powered-by
Express
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=djypAT46wMXWr%2BC8epQeMKNheeb8s%2BAmwN0faEFGrjbrBuj1oMt5WIANBqnwNjGm5z%2BUJvZ3%2FKhhAJoNXcX8u5K5EcTSsVlF05rRI9xveh92YJZJRZ%2Fc4E6kjO49eT49iwab4fDqzR7ccJI%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
745eb6549fba90f4-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
jquery.mask.js
b0asec-u.top/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://b0asec-u.top/jquery.mask.js
Requested by
Host: b0asec-u.top
URL: https://b0asec-u.top/6SSD59YBCZ7CYAV87SYCSSJJNC/card
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:4c60 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
e28402acf82dc0bbd4cb1cbd1bca97cbee7d8862d828a31d256a8821eca5b299

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://b0asec-u.top/6SSD59YBCZ7CYAV87SYCSSJJNC/card
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 11:44:18 GMT
content-encoding
br
etag
W/"18bd-181c44174a8"
cf-cache-status
MISS
last-modified
Sun, 03 Jul 2022 13:30:33 GMT
server
cloudflare
x-powered-by
Express
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QrC6hpPARSkM8oiTKNFWZgiNlsQl36Or6BX2L2IeLGISoh6weKmhWapQ0lMQjGXCFP%2FFroWHIYktmy4I45Pbr42eRM8ZAs25pjCYw0SBK1tOjLkQQZa4vav9RdHoV%2BXG8aDCHUJ9cVUFZ2k%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
745eb6549fbf90f4-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
progress-indicator-bg.png
b0asec-u.top/commonui-assets/images/ 		1001 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b0asec-u.top/commonui-assets/images/progress-indicator-bg.png
Requested by
Host: b0asec-u.top
URL: https://b0asec-u.top/styles.e7e160580a3e695ea723.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:4c60 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
8dee09be2e691fe1798334a054fb42083c0509a126dd1f61bc8ca168eff326dc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://b0asec-u.top/styles.e7e160580a3e695ea723.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 11:44:18 GMT
etag
W/"3e9-181ea2bf008"
cf-cache-status
MISS
last-modified
Sun, 10 Jul 2022 22:12:37 GMT
server
cloudflare
x-powered-by
Express
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Eh2CwnCWa3WpD5AhRAOob8GuwX3RXig1chRfiseDqweS2r5I3sr%2F%2BbHav%2FbuiLqdBIiyhWAOilkGO4yF9FY8j123dXH3OwuUPmf%2FN8ZJj8uFhsvqv3stLS6ftVGPU2pAu%2FZ%2F9cQ2e8V3tw%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
745eb65598d990f4-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
1001
Interstate-Light.woff
b0asec-u.top/commonui-assets/fonts/interstate/ 		74 KB
74 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://b0asec-u.top/commonui-assets/fonts/interstate/Interstate-Light.woff
Requested by
Host: b0asec-u.top
URL: https://b0asec-u.top/styles.e7e160580a3e695ea723.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:4c60 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296

Request headers

Referer
https://b0asec-u.top/styles.e7e160580a3e695ea723.css
Origin
https://b0asec-u.top
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 11:44:18 GMT
etag
W/"12712-181ea0224d0"
cf-cache-status
MISS
last-modified
Sun, 10 Jul 2022 21:26:58 GMT
server
cloudflare
x-powered-by
Express
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VOtMkxTCV5GROdp5fsUnp%2B9hxrs8H%2F1RGAMpn4i85Fz%2FkOY7FGDehD4U6AFQZyaOkEmnsnv30s%2FmRFJWhEdx%2FxXhs%2BnVTiypCXKxB0L%2BVGfp6vT8lxWbzjK%2FfQQhgLkSjL6YbmJb%2Bw3mjDA%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff
cache-control
public, max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
745eb65598e990f4-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
75538
Interstate-Bold.woff
b0asec-u.top/commonui-assets/fonts/interstate/ 		70 KB
71 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://b0asec-u.top/commonui-assets/fonts/interstate/Interstate-Bold.woff
Requested by
Host: b0asec-u.top
URL: https://b0asec-u.top/styles.e7e160580a3e695ea723.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:4c60 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7

Request headers

Referer
https://b0asec-u.top/styles.e7e160580a3e695ea723.css
Origin
https://b0asec-u.top
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 11:44:18 GMT
etag
W/"118c2-181ea02d880"
cf-cache-status
MISS
last-modified
Sun, 10 Jul 2022 21:27:44 GMT
server
cloudflare
x-powered-by
Express
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s8ogoW7r88aoe9ud%2Fspbi0VCnPbNjBIk23Tu92ExvpakFvOoffb2b9SnE9c31ZYYY5Q9E6xz61dXNBmi6Wn96HsH9hOiyuTg8pUjEcTkxFb2O0nWJUgaD6WXyi%2BPD6OTWye2rQaKJwRtSdY%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff
cache-control
public, max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
745eb65598eb90f4-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
71874
client
b0asec-u.top/ 		17 B
519 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://b0asec-u.top/client?_=1662378258830
Requested by
Host: b0asec-u.top
URL: https://b0asec-u.top/jquery.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:4c60 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
06e5f7e2d702e0110271dd33c198e1f312a785bcf41ca4fbed2fa6d67722dc03

Request headers

Accept
*/*
Referer
https://b0asec-u.top/6SSD59YBCZ7CYAV87SYCSSJJNC/card
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 11:44:18 GMT
etag
W/"11-UIVUdQWNarX1D9mk06okyEMbpS8"
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Az68U86bNPi8CNUBvL7TokTuHBcMys4z%2FSl%2FvdNIGoXyAC%2FIwp7oo%2Bcoifs1%2BhMkbGfVrynfvl4IfE8ZzH%2BL4ujelN1MkjJxbZRaqPFxZHtkG8j9KeIji5VkkHqklw8%2FvI5l1Lriojv0qW0%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
cf-ray
745eb655f95190f4-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
17
client
b0asec-u.top/ 		17 B
514 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://b0asec-u.top/client?_=1662378258831
Requested by
Host: b0asec-u.top
URL: https://b0asec-u.top/jquery.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:4c60 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
06e5f7e2d702e0110271dd33c198e1f312a785bcf41ca4fbed2fa6d67722dc03

Request headers

Accept
*/*
Referer
https://b0asec-u.top/6SSD59YBCZ7CYAV87SYCSSJJNC/card
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 11:44:20 GMT
etag
W/"11-UIVUdQWNarX1D9mk06okyEMbpS8"
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jrBul0ahXTfHSVtJ%2FgfbwSUK1dhhPXpCDGFFISbqSzq0cHz8xeM8GwHNmeEX%2F0rYuv2ZnKDSjvKKt8GeX4zlxKI9qWHPH05uufDo%2FcOg2TWQiQjb0YNKWR2BuEdQYwkrd2FhL0n8vnvV1BU%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
cf-ray
745eb662789c90f4-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
17

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citibank (Banking)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery function| remove function| checkCard

3 Cookies

Domain/Path Name / Value
b0asec-u.top/ Name: csrf-token
Value: CNJJSSCYS78VAYC7ZCBY95DSS6
b0asec-u.top/ Name: visitor
Value: 6315e112d13a3068100a3d1e
b0asec-u.top/ Name: chave
Value: 1HQH8OWEVQV5S