www.uysti.work.gd Open in urlscan Pro
5.252.235.219  Malicious Activity! Public Scan

7 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request pik.html Show response www.uysti.work.gd/cizen/	12 KB 4 KB	535ms 32ms	Document text/html	5.252.235.219 VELOXSERV
General Check archive.org Show headers Download Go to Full URL https://www.uysti.work.gd/cizen/pik.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 5.252.235.219 Wolverhampton, United Kingdom, ASN3170 (VELOXSERV, GB), Reverse DNS Software nginx / Resource Hash e6f13dd6911b260616a11bfc11f15650c9d94f845c7f94ebf0d2819943a0bc88 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control max-age=315360000 Connection keep-alive Content-Encoding gzip Content-Type text/html Date Fri, 18 Nov 2022 18:18:29 GMT ETag W/"63722b9e-3186" Expires Thu, 31 Dec 2037 23:55:55 GMT Keep-Alive timeout=60 Last-Modified Mon, 14 Nov 2022 11:50:54 GMT Server nginx Transfer-Encoding chunked Vary Accept-Encoding
GET H2	200	pm_fp.js Show response www3.citizensbankonline.com/efs/efs/jsp-ns/	23 KB 6 KB	1232ms 467ms	Script application/x-javascript	2a02:26f0:4700:19c::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www3.citizensbankonline.com/efs/efs/jsp-ns/pm_fp.js Requested by Host: www.uysti.work.gd URL: https://www.uysti.work.gd/cizen/pik.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:4700:19c::17c7 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Akamai Resource Optimizer / Resource Hash c6fbe2de716de3100ada73ac3cd1f0c52d3bcd0957ae1623c2abd1c94e91e21e Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.uysti.work.gd/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers expires Sat, 19 Nov 2022 02:09:11 GMT date Fri, 18 Nov 2022 18:18:31 GMT content-encoding br strict-transport-security max-age=15768000 server-timing cdn-cache; desc=HIT, edge; dur=40 content-length 5739 x-olb-req-received t=1667964825987423 last-modified Sat, 12 Nov 2022 04:51:25 GMT server Akamai Resource Optimizer etag "5cbf-5e885b034be9a" vary Accept-Encoding x-frame-options SAMEORIGIN content-type application/x-javascript access-control-allow-origin * cache-control max-age=28240 accept-ranges bytes lb-action None, None x-olb-req-duration D=1029
GET H2	200	jquery-ui-1.10.1.custom.min.css www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-ui/css/custom-theme/	22 KB 4 KB	1573ms 808ms	Stylesheet text/css	2a02:26f0:4700:19c::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-ui/css/custom-theme/jquery-ui-1.10.1.custom.min.css Requested by Host: www.uysti.work.gd URL: https://www.uysti.work.gd/cizen/pik.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:4700:19c::17c7 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Akamai Resource Optimizer / Resource Hash f59cebc4c1888584b772204419501ba1c1d81e38fad05495e9991f468486fd55 Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.uysti.work.gd/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers expires Sat, 19 Nov 2022 18:18:17 GMT date Fri, 18 Nov 2022 18:18:31 GMT content-encoding br strict-transport-security max-age=15768000 server-timing cdn-cache; desc=HIT, edge; dur=400 content-length 3624 x-olb-req-received t=1667966457479905 last-modified Wed, 09 Nov 2022 04:00:58 GMT server Akamai Resource Optimizer etag "5872-5e885b034c66a" vary Accept-Encoding x-frame-options SAMEORIGIN content-type text/css access-control-allow-origin * cache-control max-age=86386 accept-ranges bytes lb-action None, None x-olb-req-duration D=788
GET H2	200	jquery.min.js Show response www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-ui/js/	90 KB 29 KB	1606ms 841ms	Script application/x-javascript	2a02:26f0:4700:19c::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-ui/js/jquery.min.js Requested by Host: www.uysti.work.gd URL: https://www.uysti.work.gd/cizen/pik.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:4700:19c::17c7 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Akamai Resource Optimizer / Resource Hash c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4 Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.uysti.work.gd/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers expires Sat, 19 Nov 2022 17:28:07 GMT date Fri, 18 Nov 2022 18:18:31 GMT content-encoding br strict-transport-security max-age=15768000 server-timing cdn-cache; desc=HIT, edge; dur=395 content-length 29348 x-olb-req-received t=1668664417063621 last-modified Thu, 17 Nov 2022 06:43:36 GMT server Akamai Resource Optimizer etag "169d5-5e885b03504e5" vary Accept-Encoding x-frame-options SAMEORIGIN content-type application/x-javascript access-control-allow-origin * cache-control max-age=83376 accept-ranges bytes lb-action None, None x-olb-req-duration D=6438
GET H2	200	jquery.hoverIntent.js Show response www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/	1 KB 800 B	1639ms 875ms	Script application/x-javascript	2a02:26f0:4700:19c::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery.hoverIntent.js Requested by Host: www.uysti.work.gd URL: https://www.uysti.work.gd/cizen/pik.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:4700:19c::17c7 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Akamai Resource Optimizer / Resource Hash 5f5174ecbf3d9d3a7154c20eba9fc818d9a208e4100a0f43a1f948a4331a92cc Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.uysti.work.gd/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers expires Sat, 19 Nov 2022 18:18:17 GMT date Fri, 18 Nov 2022 18:18:31 GMT content-encoding br strict-transport-security max-age=15768000 server-timing cdn-cache; desc=HIT, edge; dur=416 content-length 423 x-olb-req-received t=1667996930003240 last-modified Thu, 17 Nov 2022 17:34:31 GMT server Akamai Resource Optimizer etag "499-5e885b034c66a" vary Accept-Encoding x-frame-options SAMEORIGIN content-type application/x-javascript access-control-allow-origin * cache-control max-age=86386 accept-ranges bytes lb-action None, None x-olb-req-duration D=264
GET H2	200	jquery-ui-1.10.1.custom.min.js Show response www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-ui/js/	111 KB 27 KB	1638ms 874ms	Script application/x-javascript	2a02:26f0:4700:19c::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-ui/js/jquery-ui-1.10.1.custom.min.js Requested by Host: www.uysti.work.gd URL: https://www.uysti.work.gd/cizen/pik.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:4700:19c::17c7 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Akamai Resource Optimizer / Resource Hash 9b0f09ae5fc8e00a9b17d7600e32dc11b1074248a3ae9e32f8a340eae91200af Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.uysti.work.gd/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers expires Sat, 19 Nov 2022 12:46:27 GMT date Fri, 18 Nov 2022 18:18:31 GMT content-encoding br strict-transport-security max-age=15768000 server-timing cdn-cache; desc=HIT, edge; dur=407 content-length 27690 x-olb-req-received t=1667996115931326 last-modified Wed, 09 Nov 2022 17:46:05 GMT server Akamai Resource Optimizer etag "1bdee-5e885b03504e5" vary Accept-Encoding x-frame-options SAMEORIGIN content-type application/x-javascript access-control-allow-origin * cache-control max-age=66476 accept-ranges bytes lb-action None, None x-olb-req-duration D=7696
GET H2	200	capslock.jquery.js Show response www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/caps_lock/	3 KB 1 KB	1654ms 890ms	Script application/x-javascript	2a02:26f0:4700:19c::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/caps_lock/capslock.jquery.js Requested by Host: www.uysti.work.gd URL: https://www.uysti.work.gd/cizen/pik.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:4700:19c::17c7 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Akamai Resource Optimizer / Resource Hash 1730f7d7aa6c474051605e0e7609cccd15ea3a39de9803973568e6c08effbdf1 Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.uysti.work.gd/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers expires Sat, 19 Nov 2022 16:36:27 GMT date Fri, 18 Nov 2022 18:18:31 GMT content-encoding br strict-transport-security max-age=15768000 server-timing cdn-cache; desc=HIT, edge; dur=452 content-length 976 x-olb-req-received t=1667995421712118 last-modified Wed, 09 Nov 2022 13:44:41 GMT server Akamai Resource Optimizer etag "c44-5e885b034be9a" vary Accept-Encoding x-frame-options SAMEORIGIN content-type application/x-javascript access-control-allow-origin * cache-control max-age=80276 accept-ranges bytes lb-action None, None x-olb-req-duration D=380
GET H2	200	styles-2013.css www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/	16 KB 3 KB	1659ms 896ms	Stylesheet text/css	2a02:26f0:4700:19c::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css Requested by Host: www.uysti.work.gd URL: https://www.uysti.work.gd/cizen/pik.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:4700:19c::17c7 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Akamai Resource Optimizer / Resource Hash 19bc7e5458ebf92f38e4135878f166318630777c059b386613f2871c4d15fda2 Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.uysti.work.gd/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers expires Sat, 19 Nov 2022 13:30:01 GMT date Fri, 18 Nov 2022 18:18:31 GMT content-encoding br strict-transport-security max-age=15768000 server-timing cdn-cache; desc=HIT, edge; dur=477 content-length 3128 x-olb-req-received t=1667965133407721 last-modified Wed, 09 Nov 2022 08:27:22 GMT server Akamai Resource Optimizer etag "40cc-5e885b034fd15" vary Accept-Encoding x-frame-options SAMEORIGIN content-type text/css access-control-allow-origin * cache-control max-age=69090 accept-ranges bytes lb-action None, None x-olb-req-duration D=1540
GET H2	200	hinticon.png www3.citizensbankonline.com/efs/efs/grafx/	1 KB 1 KB	885ms 884ms	Image image/png	2a02:26f0:4700:19c::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://www3.citizensbankonline.com/efs/efs/grafx/hinticon.png Requested by Host: www.uysti.work.gd URL: https://www.uysti.work.gd/cizen/pik.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:4700:19c::17c7 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash f94fc49d5ff852c411e3da487bd4f63aed16a07642fd0b1231887e8ac3d9b05f Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.uysti.work.gd/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers x-olb-req-duration D=122 date Fri, 18 Nov 2022 18:18:32 GMT x-olb-req-received t=1667993329606200 strict-transport-security max-age=15768000 last-modified Sat, 20 Aug 2022 01:34:05 GMT etag "4c3-5e6a235cbd60f" x-frame-options SAMEORIGIN content-type image/png access-control-allow-origin * cache-control max-age=368847 server-timing cdn-cache; desc=HIT, edge; dur=801 accept-ranges bytes content-length 1219 lb-action None expires Wed, 23 Nov 2022 00:45:59 GMT
GET H2	200	ehl.gif www3.citizensbankonline.com/efs/efs/grafx/	88 B 399 B	172ms 172ms	Image image/gif	2a02:26f0:4700:19c::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://www3.citizensbankonline.com/efs/efs/grafx/ehl.gif Requested by Host: www.uysti.work.gd URL: https://www.uysti.work.gd/cizen/pik.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:4700:19c::17c7 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash f38ccfb82832d5d520a762b30713c43d178f8e9b6e0f9f51970611f06636d6aa Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.uysti.work.gd/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers x-olb-req-duration D=132 date Fri, 18 Nov 2022 18:18:31 GMT x-olb-req-received t=1667965187881359 strict-transport-security max-age=15768000 last-modified Sat, 20 Aug 2022 01:34:05 GMT etag "58-5e6a235cbcfbf" x-frame-options SAMEORIGIN content-type image/gif access-control-allow-origin * cache-control max-age=326053 server-timing cdn-cache; desc=HIT, edge; dur=66 accept-ranges bytes content-length 88 lb-action None expires Tue, 22 Nov 2022 12:52:44 GMT
GET H2	200	common.js Show response www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/	5 KB 2 KB	139ms 139ms	Script application/x-javascript	2a02:26f0:4700:19c::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/common.js Requested by Host: www.uysti.work.gd URL: https://www.uysti.work.gd/cizen/pik.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:4700:19c::17c7 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Akamai Resource Optimizer / Resource Hash e8c5013c999bee8dd455c1ac01133c69dd9aa06b34a7397bdff291c5ecbdc84d Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.uysti.work.gd/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers expires Sat, 19 Nov 2022 02:09:12 GMT date Fri, 18 Nov 2022 18:18:31 GMT content-encoding br strict-transport-security max-age=15768000 server-timing cdn-cache; desc=HIT, edge; dur=3 content-length 1356 x-olb-req-received t=1667964853570500 last-modified Wed, 09 Nov 2022 03:44:42 GMT server Akamai Resource Optimizer etag "12f5-5e885b034be9a" vary Accept-Encoding x-frame-options SAMEORIGIN content-type application/x-javascript access-control-allow-origin * cache-control max-age=28241 accept-ranges bytes lb-action None, None x-olb-req-duration D=407
GET H2	200	citizens-logo-sm.png www3.citizensbankonline.com/efs/efs/grafx/	3 KB 3 KB	861ms 861ms	Image image/png	2a02:26f0:4700:19c::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://www3.citizensbankonline.com/efs/efs/grafx/citizens-logo-sm.png Requested by Host: www3.citizensbankonline.com URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:4700:19c::17c7 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 61ab87df5a701ac0749d98660ebbdca021127991d12c2f79cdd723f8a96ecd5a Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers x-olb-req-duration D=130 date Fri, 18 Nov 2022 18:18:32 GMT x-olb-req-received t=1667993329610503 strict-transport-security max-age=15768000 last-modified Sat, 20 Aug 2022 01:34:05 GMT etag "ae9-5e6a235caf130" x-frame-options SAMEORIGIN content-type image/png access-control-allow-origin * cache-control max-age=373631 server-timing cdn-cache; desc=HIT, edge; dur=757 accept-ranges bytes content-length 2793 lb-action None expires Wed, 23 Nov 2022 02:05:43 GMT
GET H2	200	splitter.png www3.citizensbankonline.com/efs/efs/grafx/	2 KB 2 KB	475ms 474ms	Image image/png	2a02:26f0:4700:19c::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://www3.citizensbankonline.com/efs/efs/grafx/splitter.png Requested by Host: www3.citizensbankonline.com URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:4700:19c::17c7 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 089d475a97a845f1fa56d66ce227f9a70170aa893249052a7089c307c614daf1 Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers x-olb-req-duration D=104 date Fri, 18 Nov 2022 18:18:32 GMT x-olb-req-received t=1667993329621116 strict-transport-security max-age=15768000 last-modified Sat, 20 Aug 2022 01:34:05 GMT etag "6f1-5e6a235cc50a7" x-frame-options SAMEORIGIN content-type image/png access-control-allow-origin * cache-control max-age=409984 server-timing cdn-cache; desc=HIT, edge; dur=369 accept-ranges bytes content-length 1777 lb-action None expires Wed, 23 Nov 2022 12:11:36 GMT
GET H2	200	lock-grn.png www3.citizensbankonline.com/efs/efs/grafx/	1 KB 2 KB	263ms 262ms	Image image/png	2a02:26f0:4700:19c::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://www3.citizensbankonline.com/efs/efs/grafx/lock-grn.png Requested by Host: www3.citizensbankonline.com URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:4700:19c::17c7 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 7574983a9af6d447856f9965e1d156c0027cead27de40ea7af026da3574fc566 Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers x-olb-req-duration D=105 date Fri, 18 Nov 2022 18:18:31 GMT x-olb-req-received t=1667993329606975 strict-transport-security max-age=15768000 last-modified Sat, 20 Aug 2022 01:34:05 GMT etag "51b-5e6a235cc1241" x-frame-options SAMEORIGIN content-type image/png access-control-allow-origin * cache-control max-age=435231 server-timing cdn-cache; desc=HIT, edge; dur=140 accept-ranges bytes content-length 1307 lb-action None expires Wed, 23 Nov 2022 19:12:22 GMT
GET H2	200	arrow-collapse.png www3.citizensbankonline.com/efs/efs/grafx/	1 KB 1 KB	721ms 721ms	Image image/png	2a02:26f0:4700:19c::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://www3.citizensbankonline.com/efs/efs/grafx/arrow-collapse.png Requested by Host: www3.citizensbankonline.com URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:4700:19c::17c7 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 34a0f68c279cbb29c79717498dbe63d577a1f94ae9c57aa886a5af279c56b9be Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers x-olb-req-duration D=122 date Fri, 18 Nov 2022 18:18:32 GMT x-olb-req-received t=1667993329607050 strict-transport-security max-age=15768000 last-modified Sat, 20 Aug 2022 01:34:05 GMT etag "40c-5e6a235ca4f6f" x-frame-options SAMEORIGIN content-type image/png access-control-allow-origin * cache-control max-age=368937 server-timing cdn-cache; desc=HIT, edge; dur=585 accept-ranges bytes content-length 1036 lb-action None expires Wed, 23 Nov 2022 00:47:29 GMT
GET H2	200	citizen_roman.woff www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/	31 KB 32 KB	183ms 85ms	Font application/octet-stream	2a02:26f0:4700:19c::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_roman.woff Requested by Host: www3.citizensbankonline.com URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:4700:19c::17c7 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42 Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers Referer https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css Origin https://www.uysti.work.gd accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers x-olb-req-duration D=193 date Fri, 18 Nov 2022 18:18:31 GMT x-olb-req-received t=1667964827348963 strict-transport-security max-age=15768000 last-modified Tue, 13 Sep 2022 02:22:48 GMT etag "7ce0-5e885b034bab2" x-frame-options SAMEORIGIN access-control-allow-origin * cache-control max-age=318510 server-timing cdn-cache; desc=HIT, edge; dur=4 accept-ranges bytes content-length 31968 lb-action None expires Tue, 22 Nov 2022 10:47:01 GMT
GET H2	200	citizen_bold.woff www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/	29 KB 29 KB	179ms 81ms	Font application/octet-stream	2a02:26f0:4700:19c::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_bold.woff Requested by Host: www3.citizensbankonline.com URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:4700:19c::17c7 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 5bb2d438470a02799577010a14310fa8ac3ed7ea77ca15435aaaa154e407b3e6 Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers Referer https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css Origin https://www.uysti.work.gd accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers x-olb-req-duration D=216 date Fri, 18 Nov 2022 18:18:31 GMT x-olb-req-received t=1667964826137144 strict-transport-security max-age=15768000 last-modified Tue, 13 Sep 2022 02:22:48 GMT etag "7278-5e885b034b2e2" x-frame-options SAMEORIGIN access-control-allow-origin * cache-control max-age=318345 server-timing cdn-cache; desc=HIT, edge; dur=20 accept-ranges bytes content-length 29304 lb-action None expires Tue, 22 Nov 2022 10:44:16 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citizens Bank (Banking)

40 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| SEP string| PAIR function| activeXDetect function| stripIllegalChars function| stripFullPath object| BrowserDetect function| FingerPrint function| Hashtable function| IE_FingerPrint function| Mozilla_FingerPrint function| Opera_FingerPrint function| add_deviceprint function| urlEncode function| encode_deviceprint function| decode_deviceprint function| post_deviceprint function| $ function| jQuery function| DP_jQuery_1668795511534 object| theBody function| isNumeric function| needHelp function| isSpecialChar function| validateIE7 function| setFieldState function| hasErrors function| getValidateMessageListCheckSpaces function| getValidateMessageList function| getBasicFieldErrorMessages function| getBasicFieldSuccessMessages function| isIE7 function| isUnsupported function| setupToolTip function| setupNonStickyToolTip function| initPasswordToolTip function| initPasswordCapsLock function| validatePasswordRules function| validateField function| isEmpty function| validateGoodPasswordRules

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://www.uysti.work.gd/cizen/pik.html(Line 30) Message: X-Frame-Options may only be set via an HTTP header sent along with a document. It may not be set inside <meta>.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.uysti.work.gd
www3.citizensbankonline.com
2a02:26f0:4700:19c::17c7
5.252.235.219
089d475a97a845f1fa56d66ce227f9a70170aa893249052a7089c307c614daf1
1730f7d7aa6c474051605e0e7609cccd15ea3a39de9803973568e6c08effbdf1
19bc7e5458ebf92f38e4135878f166318630777c059b386613f2871c4d15fda2
34a0f68c279cbb29c79717498dbe63d577a1f94ae9c57aa886a5af279c56b9be
5bb2d438470a02799577010a14310fa8ac3ed7ea77ca15435aaaa154e407b3e6
5f5174ecbf3d9d3a7154c20eba9fc818d9a208e4100a0f43a1f948a4331a92cc
61ab87df5a701ac0749d98660ebbdca021127991d12c2f79cdd723f8a96ecd5a
7574983a9af6d447856f9965e1d156c0027cead27de40ea7af026da3574fc566
9b0f09ae5fc8e00a9b17d7600e32dc11b1074248a3ae9e32f8a340eae91200af
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c6fbe2de716de3100ada73ac3cd1f0c52d3bcd0957ae1623c2abd1c94e91e21e
c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42
e6f13dd6911b260616a11bfc11f15650c9d94f845c7f94ebf0d2819943a0bc88
e8c5013c999bee8dd455c1ac01133c69dd9aa06b34a7397bdff291c5ecbdc84d
f38ccfb82832d5d520a762b30713c43d178f8e9b6e0f9f51970611f06636d6aa
f59cebc4c1888584b772204419501ba1c1d81e38fad05495e9991f468486fd55
f94fc49d5ff852c411e3da487bd4f63aed16a07642fd0b1231887e8ac3d9b05f