urlscan.io logo urlscan.io
SecurityTrails logo

bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com Open in urlscan Pro
162.241.87.22  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/
Effective URL: https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/10h.php
Submission: On June 21 via automatic, source openphish — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 23 HTTP transactions. The main IP is 162.241.87.22, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com.
TLS certificate: Issued by R3 on June 3rd 2022. Valid for: 3 months.
This is the only time bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citibank (Banking)

Domain & IP information

IP Address AS Autonomous System
1 20 162.241.87.22 46606 (UNIFIEDLA...)
2 2a04:4e42:400... 54113 (FASTLY)
2 2a00:1450:400... 15169 (GOOGLE)
23 3
Apex Domain
Subdomains		 Transfer
20 cprapid.com
bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com
438 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 67
ajax.googleapis.com — Cisco Umbrella Rank: 329
32 KB
2 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 444
50 KB
23 3
Domain Requested by
20 bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com 1 redirects bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com
2 cdn.jsdelivr.net bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com
1 ajax.googleapis.com bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com
1 fonts.googleapis.com bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com
23 4

This site contains no links.

Subject Issuer Validity Valid
citi-managecustostomerservice.com
R3		 2022-06-03 -
2022-09-01		 3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2022 Q1		 2022-03-21 -
2023-04-22		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2022-05-30 -
2022-08-22		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/10h.php
Frame ID: 9301D12697762A3DC48DD38BA14A68D8
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign on to Your Citi Account

Page URL History Show full URLs

  1. https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/ HTTP 302
    https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/10h.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
  • //cdn\.jsdelivr\.net/

Page Statistics

23
Requests

17 %
HTTPS

67 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

519 kB
Transfer

788 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/ HTTP 302
    https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/10h.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 10h.php
bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/
Redirect Chain
  • https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/
  • https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/10h.php
16 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/10h.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.241.87.22 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.superhouseeducation.com
Software
Apache /
Resource Hash
8fb78703878f5ab173973292e3d0ff22ea209e9101bf1f46bf6af1cc111f297c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Date
Tue, 21 Jun 2022 13:04:21 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=99
Pragma
no-cache
Server
Apache
Transfer-Encoding
chunked

Redirect headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Date
Tue, 21 Jun 2022 13:04:21 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=100
Location
./10h.php
Pragma
no-cache
Server
Apache
Transfer-Encoding
chunked
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.2.0-beta1/dist/css/ 		189 KB
27 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@5.2.0-beta1/dist/css/bootstrap.min.css
Requested by
Host: bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com
URL: https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/10h.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
fb1763b59f9f5764294b5af9fa5250835ae608282fe6f2f2213a5952aacf1fbf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/
Origin
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
2973422
x-jsd-version
5.2.0-beta1
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
27328
etag
W/"2f3f9-YnOsGiPXmhIvAi9qh8W3XCz6/Do"
x-served-by
cache-fra19152-FRA, cache-mxp6948-MXP
x-jsd-version-type
version
date
Tue, 21 Jun 2022 13:04:23 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
style.css
bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/css/ 		5 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/css/style.css
Requested by
Host: bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com
URL: https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/10h.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.241.87.22 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.superhouseeducation.com
Software
Apache /
Resource Hash
63ed908a17ad58988e9ff4a92cec9439d9113862557838f8f68541d97a2c4074

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/10h.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date
Tue, 21 Jun 2022 13:04:22 GMT
Last-Modified
Wed, 01 Jun 2022 20:38:30 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
5519
icon
fonts.googleapis.com/ 		569 B
868 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/icon?family=Material+Icons
Requested by
Host: bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com
URL: https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/10h.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
fabb409cb851ec0674d4e4c618e5aafeb7f9698a1dfb6c59bc1687490acbb007
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 21 Jun 2022 13:04:23 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Tue, 21 Jun 2022 13:04:23 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 21 Jun 2022 13:04:23 GMT
lt.png
bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/img/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/img/lt.png
Requested by
Host: bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com
URL: https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/10h.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.241.87.22 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.superhouseeducation.com
Software
Apache /
Resource Hash
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/10h.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date
Tue, 21 Jun 2022 13:04:22 GMT
Last-Modified
Wed, 01 Jun 2022 00:12:04 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
1799
loc.svg
bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/img/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/img/loc.svg
Requested by
Host: bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com
URL: https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/10h.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.241.87.22 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.superhouseeducation.com
Software
Apache /
Resource Hash
6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/10h.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date
Tue, 21 Jun 2022 13:04:22 GMT
Last-Modified
Wed, 01 Jun 2022 00:13:10 GMT
Server
Apache
Content-Type
image/svg+xml
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
1752
world.svg
bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/img/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/img/world.svg
Requested by
Host: bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com
URL: https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/10h.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.241.87.22 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.superhouseeducation.com
Software
Apache /
Resource Hash
a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/10h.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date
Tue, 21 Jun 2022 13:04:22 GMT
Last-Modified
Wed, 01 Jun 2022 00:13:18 GMT
Server
Apache
Content-Type
image/svg+xml
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
3523
citiqr.PNG
bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/img/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/img/citiqr.PNG
Requested by
Host: bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com
URL: https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/10h.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.241.87.22 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.superhouseeducation.com
Software
Apache /
Resource Hash
12b48b07e600f88b3b8c6bbc29d739ca833d050023648c502d65941530025e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/10h.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date
Tue, 21 Jun 2022 13:04:22 GMT
Last-Modified
Wed, 23 Mar 2022 06:44:36 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
1101
checkno.png
bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/img/ 		460 B
701 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/img/checkno.png
Requested by
Host: bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com
URL: https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/10h.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.241.87.22 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.superhouseeducation.com
Software
Apache /
Resource Hash
aac1a7d29d34b82a0db97b2623938386e77c64091143f3cc64d593d51c7ea8ce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/10h.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date
Tue, 21 Jun 2022 13:04:22 GMT
Last-Modified
Wed, 01 Jun 2022 02:00:00 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
460
checkyes.png
bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/img/ 		479 B
720 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/img/checkyes.png
Requested by
Host: bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com
URL: https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/10h.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.241.87.22 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.superhouseeducation.com
Software
Apache /
Resource Hash
45f3c0afc3be4e6b87f7b8e250bb191fe3765cc0e0676df3732393c09d66ed82

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/10h.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date
Tue, 21 Jun 2022 13:04:22 GMT
Last-Modified
Wed, 01 Jun 2022 02:00:40 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
479
eqh.png
bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/img/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/img/eqh.png
Requested by
Host: bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com
URL: https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/10h.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.241.87.22 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.superhouseeducation.com
Software
Apache /
Resource Hash
f23485e8b9c368f28f18a0bb110573df79c00ac3a2ca71d68017db100207639d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/10h.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date
Tue, 21 Jun 2022 13:04:22 GMT
Last-Modified
Wed, 01 Jun 2022 10:37:26 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
1606
gp.png
bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/img/ 		24 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/img/gp.png
Requested by
Host: bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com
URL: https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/10h.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.241.87.22 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.superhouseeducation.com
Software
Apache /
Resource Hash
a079bb0d5590826bcc664715122004dff51e76c79608bc29f586c9388b623b77

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/10h.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date
Tue, 21 Jun 2022 13:04:22 GMT
Last-Modified
Wed, 01 Jun 2022 10:45:16 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
25077
ap.png
bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/img/ 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/img/ap.png
Requested by
Host: bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com
URL: https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/10h.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.241.87.22 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.superhouseeducation.com
Software
Apache /
Resource Hash
87c763c6b05015e55915d0a1e6647e4e5d0b996e78d79e1afe228dd33b68e65b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/10h.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date
Tue, 21 Jun 2022 13:04:22 GMT
Last-Modified
Wed, 01 Jun 2022 10:45:22 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
20047
f.png
bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/img/ 		445 B
686 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/img/f.png
Requested by
Host: bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com
URL: https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/10h.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.241.87.22 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.superhouseeducation.com
Software
Apache /
Resource Hash
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/10h.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date
Tue, 21 Jun 2022 13:04:22 GMT
Last-Modified
Wed, 01 Jun 2022 10:46:04 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
445
t.png
bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/img/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/img/t.png
Requested by
Host: bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com
URL: https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/10h.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.241.87.22 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.superhouseeducation.com
Software
Apache /
Resource Hash
5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/10h.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date
Tue, 21 Jun 2022 13:04:22 GMT
Last-Modified
Wed, 01 Jun 2022 10:46:10 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
1277
y.png
bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/img/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/img/y.png
Requested by
Host: bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com
URL: https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/10h.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.241.87.22 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.superhouseeducation.com
Software
Apache /
Resource Hash
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/10h.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date
Tue, 21 Jun 2022 13:04:22 GMT
Last-Modified
Wed, 01 Jun 2022 10:46:14 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=96
Content-Length
1175
bot.png
bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/img/ 		27 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/img/bot.png
Requested by
Host: bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com
URL: https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/10h.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.241.87.22 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.superhouseeducation.com
Software
Apache /
Resource Hash
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/10h.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date
Tue, 21 Jun 2022 13:04:22 GMT
Last-Modified
Wed, 01 Jun 2022 12:55:36 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=95
Content-Length
28149
bootstrap.bundle.min.js
cdn.jsdelivr.net/npm/bootstrap@5.2.0-beta1/dist/js/ 		78 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@5.2.0-beta1/dist/js/bootstrap.bundle.min.js
Requested by
Host: bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com
URL: https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/10h.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2515e37eee31f5ef3d659b21dcc84dc6ea732b06872da51078b5b526de34c0c1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/
Origin
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
3044618
x-jsd-version
5.2.0-beta1
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
23010
etag
W/"1377e-a0uYWpCr16scLjX/O4dNB8+EEO4"
x-served-by
cache-fra19125-FRA, cache-mxp6948-MXP
x-jsd-version-type
version
date
Tue, 21 Jun 2022 13:04:23 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.6.0/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
Requested by
Host: bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com
URL: https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/10h.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date
Tue, 21 Jun 2022 11:06:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
7082
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31017
x-xss-protection
0
last-modified
Wed, 10 Mar 2021 14:28:09 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 21 Jun 2023 11:06:21 GMT
bg.jpg
bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/img/ 		106 KB
106 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/img/bg.jpg
Requested by
Host: bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com
URL: https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/css/style.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.241.87.22 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.superhouseeducation.com
Software
Apache /
Resource Hash
dbdebfcc2ed9932006edcfc7f8190ca5c9a04ff737e990645712ccc33e5ce070

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/css/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date
Tue, 21 Jun 2022 13:04:22 GMT
Last-Modified
Wed, 01 Jun 2022 00:14:56 GMT
Server
Apache
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
108233
Interstate-Regular.woff
bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/fonts/ 		77 KB
77 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/fonts/Interstate-Regular.woff
Requested by
Host: bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com
URL: https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/css/style.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.241.87.22 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.superhouseeducation.com
Software
Apache /
Resource Hash
045cd226594cb32ddf9d4db8ee45611f4d0788675ae50180b68da975e66fe1fe

Request headers

Referer
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/css/style.css
Origin
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date
Tue, 21 Jun 2022 13:04:22 GMT
Last-Modified
Wed, 01 Jun 2022 00:23:52 GMT
Server
Apache
Content-Type
font/woff
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
78762
Interstate-Light.woff
bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/fonts/ 		74 KB
74 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/fonts/Interstate-Light.woff
Requested by
Host: bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com
URL: https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/css/style.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.241.87.22 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.superhouseeducation.com
Software
Apache /
Resource Hash
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296

Request headers

Referer
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/css/style.css
Origin
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date
Tue, 21 Jun 2022 13:04:22 GMT
Last-Modified
Wed, 01 Jun 2022 00:23:56 GMT
Server
Apache
Content-Type
font/woff
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
75538
Interstate-Bold.woff
bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/fonts/ 		70 KB
70 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/fonts/Interstate-Bold.woff
Requested by
Host: bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com
URL: https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/css/style.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.241.87.22 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
server.superhouseeducation.com
Software
Apache /
Resource Hash
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7

Request headers

Referer
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/p/assets/css/style.css
Origin
https://bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date
Tue, 21 Jun 2022 13:04:22 GMT
Last-Modified
Wed, 01 Jun 2022 00:23:56 GMT
Server
Apache
Content-Type
font/woff
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
71874

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citibank (Banking)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation number| uidEvent object| bootstrap function| $ function| jQuery number| fst

1 Cookies

Domain/Path Name / Value
bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com/ Name: PHPSESSID
Value: a5680d86630a0e2e906e047c1c06a3ed

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
bdomainshouldonlyresolveifwildcard.162-241-87-22.cprapid.com
cdn.jsdelivr.net
fonts.googleapis.com
162.241.87.22
2a00:1450:4001:828::200a
2a04:4e42:400::485
045cd226594cb32ddf9d4db8ee45611f4d0788675ae50180b68da975e66fe1fe
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed
12b48b07e600f88b3b8c6bbc29d739ca833d050023648c502d65941530025e49
2515e37eee31f5ef3d659b21dcc84dc6ea732b06872da51078b5b526de34c0c1
45f3c0afc3be4e6b87f7b8e250bb191fe3765cc0e0676df3732393c09d66ed82
5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837
6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b
63ed908a17ad58988e9ff4a92cec9439d9113862557838f8f68541d97a2c4074
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452
87c763c6b05015e55915d0a1e6647e4e5d0b996e78d79e1afe228dd33b68e65b
8fb78703878f5ab173973292e3d0ff22ea209e9101bf1f46bf6af1cc111f297c
a079bb0d5590826bcc664715122004dff51e76c79608bc29f586c9388b623b77
a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f
aac1a7d29d34b82a0db97b2623938386e77c64091143f3cc64d593d51c7ea8ce
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8
dbdebfcc2ed9932006edcfc7f8190ca5c9a04ff737e990645712ccc33e5ce070
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7
f23485e8b9c368f28f18a0bb110573df79c00ac3a2ca71d68017db100207639d
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296
fabb409cb851ec0674d4e4c618e5aafeb7f9698a1dfb6c59bc1687490acbb007
fb1763b59f9f5764294b5af9fa5250835ae608282fe6f2f2213a5952aacf1fbf
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e