login03b-citizens.com Open in urlscan Pro
2606:4700::6810:f34e  Malicious Activity! Public Scan

URL: https://login03b-citizens.com/
Submission: On September 13 via automatic, source certstream-suspicious — Scanned from DE

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 11 HTTP transactions. The main IP is 2606:4700::6810:f34e, located in United States and belongs to CLOUDFLARENET, US. The main domain is login03b-citizens.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on September 13th 2022. Valid for: a year.
This is the only time login03b-citizens.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citizens Bank (Banking)

Domain & IP information

IP Address AS Autonomous System
10 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a02:26f0:dc:... 20940 (AKAMAI-ASN1)
11 3
Apex Domain
Subdomains
Transfer
10 login03b-citizens.com
login03b-citizens.com
268 KB
1 citizensbank.com
www.citizensbank.com — Cisco Umbrella Rank: 124891
1 KB
11 2
Domain Requested by
10 login03b-citizens.com login03b-citizens.com
1 www.citizensbank.com login03b-citizens.com
11 2

This site contains links to these domains. Also see Links.

Domain
www.citizensbank.com
investor.citizensbank.com
Subject Issuer Validity Valid
login03b-citizens.com
Cloudflare Inc ECC CA-3
2022-09-13 -
2023-09-12
a year crt.sh
www.citizensbank.com
Entrust Certification Authority - L1M
2022-07-01 -
2023-07-01
a year crt.sh

This page contains 1 frames:

Primary Page: https://login03b-citizens.com/
Frame ID: 70F1A77DF2331C02E584ED090F19E120
Requests: 24 HTTP requests in this frame

Screenshot

Page Title

Online Login | Citizens Bank

Page Statistics

11
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

269 kB
Transfer

584 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
login03b-citizens.com/
4 KB
2 KB
Document
General
Full URL
https://login03b-citizens.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f34e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
1d75ab17c698d8361200f7f56d4bed4d4a0cffad7f861de2cffec3bcabffd9ac

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
public, max-age=0
cf-cache-status
MISS
cf-ray
74a1ddbecb4d2397-ZRH
content-encoding
br
content-type
text/html; charset=UTF-8
date
Tue, 13 Sep 2022 15:20:19 GMT
last-modified
Tue, 01 Jan 1980 00:00:01 GMT
server
cloudflare
vary
Accept-Encoding
x-do-app-origin
72942f3e-017d-4cd3-8017-f8d60a42f48b
x-do-orig-status
200
x-powered-by
Express
2.679831fc.chunk.css
login03b-citizens.com/static/css/
2 KB
848 B
Stylesheet
General
Full URL
https://login03b-citizens.com/static/css/2.679831fc.chunk.css
Requested by
Host: login03b-citizens.com
URL: https://login03b-citizens.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f34e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
99cdf7734b9baec74e3c53bddfda3c002ded5fc082bf6e8851cb6261c8b8c307

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login03b-citizens.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Tue, 13 Sep 2022 15:20:19 GMT
content-encoding
br
etag
W/"764-49773873e8"
cf-cache-status
MISS
last-modified
Tue, 01 Jan 1980 00:00:01 GMT
server
cloudflare
x-do-app-origin
72942f3e-017d-4cd3-8017-f8d60a42f48b
x-do-orig-status
200
x-powered-by
Express
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public, max-age=0
cf-ray
74a1ddbfdd2e2397-ZRH
main.0969232f.chunk.css
login03b-citizens.com/static/css/
108 KB
28 KB
Stylesheet
General
Full URL
https://login03b-citizens.com/static/css/main.0969232f.chunk.css
Requested by
Host: login03b-citizens.com
URL: https://login03b-citizens.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f34e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
3cacf7ff16858c5e75dd964ee606f6d74df5dd9d95841033868fd4367f550fd5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login03b-citizens.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Tue, 13 Sep 2022 15:20:19 GMT
content-encoding
br
etag
W/"1ae05-49773873e8"
cf-cache-status
MISS
last-modified
Tue, 01 Jan 1980 00:00:01 GMT
server
cloudflare
x-do-app-origin
72942f3e-017d-4cd3-8017-f8d60a42f48b
x-do-orig-status
200
x-powered-by
Express
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public, max-age=0
cf-ray
74a1ddbfdd322397-ZRH
2.1a72405e.chunk.js
login03b-citizens.com/static/js/
236 KB
75 KB
Script
General
Full URL
https://login03b-citizens.com/static/js/2.1a72405e.chunk.js
Requested by
Host: login03b-citizens.com
URL: https://login03b-citizens.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f34e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
5fe8101287bd55c53f1c5eaeb4554e47e8b6c78656c8b300ba0246fa2a69eb41

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login03b-citizens.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Tue, 13 Sep 2022 15:20:19 GMT
content-encoding
br
etag
W/"3b09a-49773873e8"
cf-cache-status
MISS
last-modified
Tue, 01 Jan 1980 00:00:01 GMT
server
cloudflare
x-do-app-origin
72942f3e-017d-4cd3-8017-f8d60a42f48b
x-do-orig-status
200
x-powered-by
Express
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=0
cf-ray
74a1ddbfdd352397-ZRH
main.6c41065c.chunk.js
login03b-citizens.com/static/js/
76 KB
25 KB
Script
General
Full URL
https://login03b-citizens.com/static/js/main.6c41065c.chunk.js
Requested by
Host: login03b-citizens.com
URL: https://login03b-citizens.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f34e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
fb1dfb40da04785fd2f86812a18b06d8864fc53300307df9a69ff0fffb732ad0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login03b-citizens.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Tue, 13 Sep 2022 15:20:19 GMT
content-encoding
br
etag
W/"13179-49773873e8"
cf-cache-status
MISS
last-modified
Tue, 01 Jan 1980 00:00:01 GMT
server
cloudflare
x-do-app-origin
72942f3e-017d-4cd3-8017-f8d60a42f48b
x-do-orig-status
200
x-powered-by
Express
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=0
cf-ray
74a1ddbfdd382397-ZRH
truncated
/
4 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c401ce328e0383e71cd811709055aa8671cee50e355c6588bd567c1320b4e4ab

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/png
feedback.png
www.citizensbank.com/assets/CB_media/images/
824 B
1 KB
Image
General
Full URL
https://www.citizensbank.com/assets/CB_media/images/feedback.png
Requested by
Host: login03b-citizens.com
URL: https://login03b-citizens.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:dc:18f::1f37 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET, ARR/3.0
Resource Hash
713f1268435943170faadadc547d8c68bb00822783e5e0c2d1129972a784f949
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login03b-citizens.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Tue, 13 Sep 2022 15:20:20 GMT
last-modified
Wed, 22 Jan 2020 18:38:44 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET, ARR/3.0
etag
"052b72c53d1d51:0"
strict-transport-security
max-age=15768000
content-type
image/png
cache-control
max-age=600
server-timing
cdn-cache; desc=HIT, edge; dur=1
accept-ranges
bytes
x-robots-tag
none
content-length
824
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
319d82f567037eafefea25abbc64ea902db9255c5e7231fe9ddd462e4f5b9149

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/
395 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
eb175662762ef5f2c9011cc1c4f9d09361c50a366fad8a544bda1c439b99d3a0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9b4ffac9ea755d2aaff724fa471d90fd63ae5648e18f60a67db0a5c3bffd84e5

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fe3ddc37707c93f338a1f6359dfa03019e096df14454808aaccbb7538aa3c67b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9af5181113e5d0eacfc3d9c0b3ad627dc3ad50708755fbe45ab18e0cad4f3b36

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
56c43c6f5c8209acd47f355810bca2f9b0fc86c4bbdf1361d60fb2d2e2e66f8c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dddb031e5144ce20d909dbf4829d637738efa477bf5ab4eab67b1990ef0efb2d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/
292 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c8d87d770112e188f7b1482e9a416ffc441a9a6e08e2fc38a886fa2986efdb46

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
364 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dfc042f7ff75f3c2f916bcfbff48c82834bab07b698a2c564906ca073f8286b2

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
1017 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ff327ec2a6dbd3fc76ceecf59e472d5d2f43c94dce851ced740abe5f75bb832e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
165 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bbb90a8f240e6dbbda1d3da534f8848f256e623ed470d045e1d86a465e424d69

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/png
citizen_roman.f0380244.woff
login03b-citizens.com/static/media/
31 KB
31 KB
Font
General
Full URL
https://login03b-citizens.com/static/media/citizen_roman.f0380244.woff
Requested by
Host: login03b-citizens.com
URL: https://login03b-citizens.com/static/css/main.0969232f.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f34e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42

Request headers

Referer
https://login03b-citizens.com/static/css/main.0969232f.chunk.css
Origin
https://login03b-citizens.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Tue, 13 Sep 2022 15:20:19 GMT
etag
W/"7ce0-49773873e8"
cf-cache-status
MISS
last-modified
Tue, 01 Jan 1980 00:00:01 GMT
server
cloudflare
x-do-app-origin
72942f3e-017d-4cd3-8017-f8d60a42f48b
x-do-orig-status
200
x-powered-by
Express
vary
Accept-Encoding
content-type
font/woff
cache-control
public, max-age=0
accept-ranges
bytes
cf-ray
74a1ddc14fb22397-ZRH
content-length
31968
citizen_extrabold.51370ff5.woff
login03b-citizens.com/static/media/
27 KB
27 KB
Font
General
Full URL
https://login03b-citizens.com/static/media/citizen_extrabold.51370ff5.woff
Requested by
Host: login03b-citizens.com
URL: https://login03b-citizens.com/static/css/main.0969232f.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f34e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759

Request headers

Referer
https://login03b-citizens.com/static/css/main.0969232f.chunk.css
Origin
https://login03b-citizens.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Tue, 13 Sep 2022 15:20:19 GMT
etag
W/"6ccc-49773873e8"
cf-cache-status
MISS
last-modified
Tue, 01 Jan 1980 00:00:01 GMT
server
cloudflare
x-do-app-origin
72942f3e-017d-4cd3-8017-f8d60a42f48b
x-do-orig-status
200
x-powered-by
Express
vary
Accept-Encoding
content-type
font/woff
cache-control
public, max-age=0
accept-ranges
bytes
cf-ray
74a1ddc14fb32397-ZRH
content-length
27852
citiolb_icons.dca00503.woff
login03b-citizens.com/static/media/
18 KB
18 KB
Font
General
Full URL
https://login03b-citizens.com/static/media/citiolb_icons.dca00503.woff
Requested by
Host: login03b-citizens.com
URL: https://login03b-citizens.com/static/css/main.0969232f.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f34e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115

Request headers

Referer
https://login03b-citizens.com/static/css/main.0969232f.chunk.css
Origin
https://login03b-citizens.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Tue, 13 Sep 2022 15:20:19 GMT
etag
W/"485c-49773873e8"
cf-cache-status
MISS
last-modified
Tue, 01 Jan 1980 00:00:01 GMT
server
cloudflare
x-do-app-origin
72942f3e-017d-4cd3-8017-f8d60a42f48b
x-do-orig-status
200
x-powered-by
Express
vary
Accept-Encoding
content-type
font/woff
cache-control
public, max-age=0
accept-ranges
bytes
cf-ray
74a1ddc14fb72397-ZRH
content-length
18524
citizen_book.1cc18080.woff
login03b-citizens.com/static/media/
31 KB
31 KB
Font
General
Full URL
https://login03b-citizens.com/static/media/citizen_book.1cc18080.woff
Requested by
Host: login03b-citizens.com
URL: https://login03b-citizens.com/static/css/main.0969232f.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f34e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277

Request headers

Referer
https://login03b-citizens.com/static/css/main.0969232f.chunk.css
Origin
https://login03b-citizens.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Tue, 13 Sep 2022 15:20:19 GMT
etag
W/"7c78-49773873e8"
cf-cache-status
MISS
last-modified
Tue, 01 Jan 1980 00:00:01 GMT
server
cloudflare
x-do-app-origin
72942f3e-017d-4cd3-8017-f8d60a42f48b
x-do-orig-status
200
x-powered-by
Express
vary
Accept-Encoding
content-type
font/woff
cache-control
public, max-age=0
accept-ranges
bytes
cf-ray
74a1ddc14fb82397-ZRH
content-length
31864
citizen_bold.f37bdbd4.woff
login03b-citizens.com/static/media/
29 KB
29 KB
Font
General
Full URL
https://login03b-citizens.com/static/media/citizen_bold.f37bdbd4.woff
Requested by
Host: login03b-citizens.com
URL: https://login03b-citizens.com/static/css/main.0969232f.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f34e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
5bb2d438470a02799577010a14310fa8ac3ed7ea77ca15435aaaa154e407b3e6

Request headers

Referer
https://login03b-citizens.com/static/css/main.0969232f.chunk.css
Origin
https://login03b-citizens.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Tue, 13 Sep 2022 15:20:19 GMT
etag
W/"7278-49773873e8"
cf-cache-status
MISS
last-modified
Tue, 01 Jan 1980 00:00:01 GMT
server
cloudflare
x-do-app-origin
72942f3e-017d-4cd3-8017-f8d60a42f48b
x-do-orig-status
200
x-powered-by
Express
vary
Accept-Encoding
content-type
font/woff
cache-control
public, max-age=0
accept-ranges
bytes
cf-ray
74a1ddc14fba2397-ZRH
content-length
29304

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citizens Bank (Banking)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| webpackJsonpclient object| regeneratorRuntime

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

login03b-citizens.com
www.citizensbank.com
2606:4700::6810:f34e
2a02:26f0:dc:18f::1f37
0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759
1d75ab17c698d8361200f7f56d4bed4d4a0cffad7f861de2cffec3bcabffd9ac
2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277
319d82f567037eafefea25abbc64ea902db9255c5e7231fe9ddd462e4f5b9149
3cacf7ff16858c5e75dd964ee606f6d74df5dd9d95841033868fd4367f550fd5
56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c
56c43c6f5c8209acd47f355810bca2f9b0fc86c4bbdf1361d60fb2d2e2e66f8c
5bb2d438470a02799577010a14310fa8ac3ed7ea77ca15435aaaa154e407b3e6
5fe8101287bd55c53f1c5eaeb4554e47e8b6c78656c8b300ba0246fa2a69eb41
713f1268435943170faadadc547d8c68bb00822783e5e0c2d1129972a784f949
99cdf7734b9baec74e3c53bddfda3c002ded5fc082bf6e8851cb6261c8b8c307
9af5181113e5d0eacfc3d9c0b3ad627dc3ad50708755fbe45ab18e0cad4f3b36
9b4ffac9ea755d2aaff724fa471d90fd63ae5648e18f60a67db0a5c3bffd84e5
b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115
bbb90a8f240e6dbbda1d3da534f8848f256e623ed470d045e1d86a465e424d69
c401ce328e0383e71cd811709055aa8671cee50e355c6588bd567c1320b4e4ab
c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42
c8d87d770112e188f7b1482e9a416ffc441a9a6e08e2fc38a886fa2986efdb46
dddb031e5144ce20d909dbf4829d637738efa477bf5ab4eab67b1990ef0efb2d
dfc042f7ff75f3c2f916bcfbff48c82834bab07b698a2c564906ca073f8286b2
eb175662762ef5f2c9011cc1c4f9d09361c50a366fad8a544bda1c439b99d3a0
fb1dfb40da04785fd2f86812a18b06d8864fc53300307df9a69ff0fffb732ad0
fe3ddc37707c93f338a1f6359dfa03019e096df14454808aaccbb7538aa3c67b
ff327ec2a6dbd3fc76ceecf59e472d5d2f43c94dce851ced740abe5f75bb832e