secure101b-citizenbaverify.duckdns.org Open in urlscan Pro
161.35.195.41 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://secure101b-citizenbaverify.duckdns.org/
Effective URL:
https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE
Submission: On September 11 via automatic, source certstream-urgent (September 11th 2021, 1:22:36 pm UTC) — Scanned from DE

Summary HTTP 60 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 9 IPs in 5 countries across 16 domains to perform 60 HTTP transactions. The main IP is 161.35.195.41, located in Frankfurt am Main, Germany and belongs to DIGITALOCEAN-ASN, US. The main domain is secure101b-citizenbaverify.duckdns.org.
TLS certificate: Issued by cPanel, Inc. Certification Authority on September 11th 2021. Valid for: 3 months.

This is the only time secure101b-citizenbaverify.duckdns.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citizens Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 10	161.35.195.41 161.35.195.41	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
3	18.197.253.20 18.197.253.20	16509 (AMAZON-02) (AMAZON-02)
23	184.24.5.179 184.24.5.179	16625 (AKAMAI-AS) (AKAMAI-AS)
1 3	63.32.159.255 63.32.159.255	16509 (AMAZON-02) (AMAZON-02)
2	178.249.97.23 178.249.97.23	11054 (LIVEPERSON) (LIVEPERSON)
2	15.236.176.210 15.236.176.210	16509 (AMAZON-02) (AMAZON-02)
1 1	54.194.191.134 54.194.191.134	16509 (AMAZON-02) (AMAZON-02)
1	54.171.219.200 54.171.219.200	16509 (AMAZON-02) (AMAZON-02)
1	52.222.214.67 52.222.214.67	16509 (AMAZON-02) (AMAZON-02)
60	9

10 161.35.195.41 (Frankfurt am Main, Germany) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

secure101b-citizenbaverify.duckdns.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.197.253.20 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com

nexus.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 184.24.5.179 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-24-5-179.deploy.static.akamaitechnologies.com

www3.citizensbankonline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www4.citizensbankonline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 63.32.159.255 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-159-255.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.249.97.23 (United Kingdom)

ASN11054 (LIVEPERSON, US)

lptag.liveperson.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.236.176.210 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

smetrics.citizensbank.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.194.191.134 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-191-134.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.171.219.200 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-219-200.eu-west-1.compute.amazonaws.com

citizensbank.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.214.67 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-214-67.fra56.r.cloudfront.net

cdn.appdynamics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
23	citizensbankonline.com www3.citizensbankonline.com www4.citizensbankonline.com	263 KB
10	duckdns.org 1 redirects secure101b-citizenbaverify.duckdns.org	27 KB
4	demdex.net 1 redirects dpm.demdex.net citizensbank.demdex.net	7 KB
3	ensighten.com nexus.ensighten.com	92 KB
2	citizensbank.com smetrics.citizensbank.com	4 KB
2	liveperson.net lptag.liveperson.net	106 KB
1	appdynamics.com cdn.appdynamics.com	37 KB
1	everesttech.net 1 redirects cm.everesttech.net sync-tm.everesttech.net Failed	517 B
0	rkdms.com Failed mid.rkdms.com Failed
0	crwdcntrl.net Failed sync.crwdcntrl.net Failed
0	eyeota.net Failed ps.eyeota.net Failed
0	rfihub.com Failed p.rfihub.com Failed
0	doubleclick.net Failed cm.g.doubleclick.net Failed
0	addthis.com Failed x.dlx.addthis.com Failed
0	rlcdn.com Failed idsync.rlcdn.com Failed
0	lpsnmedia.net Failed accdn.lpsnmedia.net Failed
60	16

	Domain	Requested by
22	www3.citizensbankonline.com	secure101b-citizenbaverify.duckdns.org www3.citizensbankonline.com
10	secure101b-citizenbaverify.duckdns.org	1 redirects secure101b-citizenbaverify.duckdns.org
3	dpm.demdex.net	1 redirects secure101b-citizenbaverify.duckdns.org
3	nexus.ensighten.com	secure101b-citizenbaverify.duckdns.org nexus.ensighten.com
2	smetrics.citizensbank.com	nexus.ensighten.com secure101b-citizenbaverify.duckdns.org
2	lptag.liveperson.net	secure101b-citizenbaverify.duckdns.org cdn.appdynamics.com
1	cdn.appdynamics.com	nexus.ensighten.com
1	citizensbank.demdex.net	nexus.ensighten.com
1	cm.everesttech.net	1 redirects
1	www4.citizensbankonline.com	secure101b-citizenbaverify.duckdns.org
0	mid.rkdms.com Failed	secure101b-citizenbaverify.duckdns.org
0	sync-tm.everesttech.net Failed	secure101b-citizenbaverify.duckdns.org
0	sync.crwdcntrl.net Failed	secure101b-citizenbaverify.duckdns.org
0	ps.eyeota.net Failed	secure101b-citizenbaverify.duckdns.org
0	p.rfihub.com Failed	secure101b-citizenbaverify.duckdns.org
0	cm.g.doubleclick.net Failed	secure101b-citizenbaverify.duckdns.org
0	x.dlx.addthis.com Failed	secure101b-citizenbaverify.duckdns.org
0	idsync.rlcdn.com Failed	secure101b-citizenbaverify.duckdns.org
0	accdn.lpsnmedia.net Failed	cdn.appdynamics.com
60	19

This site contains links to these domains. Also see Links.

Domain
www.citizensbank.com

Subject Issuer	Validity	Valid
secure101b-citizenbaverify.duckdns.org cPanel, Inc. Certification Authority	`2021-09-11` - `2021-12-10`	3 months	crt.sh
nexus.ensighten.com DigiCert SHA2 Secure Server CA	`2020-09-09` - `2021-10-11`	a year	crt.sh
citizensbankonline.com Entrust Certification Authority - L1M	`2021-05-18` - `2022-05-18`	a year	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2020-12-02` - `2022-01-02`	a year	crt.sh
*.liveperson.net Sectigo RSA Organization Validation Secure Server CA	`2020-05-30` - `2022-05-30`	2 years	crt.sh
smetrics.citizensbank.com DigiCert TLS RSA SHA256 2020 CA1	`2021-06-22` - `2022-07-23`	a year	crt.sh
*.appdynamics.com DigiCert TLS RSA SHA256 2020 CA1	`2021-06-21` - `2022-07-22`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE
Frame ID: BD3A4AA7E02C07BFDA780FC47D5B2501
Requests: 44 HTTP requests in this frame

Frame: https://citizensbank.demdex.net/dest5.html?d_nsid=0
Frame ID: CE6324CF5F6C9C9B21E1FFD3384D2A82
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Online Login | Citizens

Page URL History Show full URLs

https://secure101b-citizenbaverify.duckdns.org/ HTTP 302
https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

LivePerson (Live Chat) Expand

Overall confidence: 100%
Detected patterns

^https?://lptag\.liveperson\.net/tag/tag\.js

AppDynamics (Analytics) Expand

Overall confidence: 100%
Detected patterns

adrum

Ensighten (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

//nexus\.ensighten\.com/

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

60
Requests

72 %
HTTPS

0 %
IPv6

16
Domains

19
Subdomains

9
IPs

5
Countries

536 kB
Transfer

1306 kB
Size

8
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.citizensbank.com/learning/cyber-security-center.aspx
Title: Learn More

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/
Title: Cancel

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://secure101b-citizenbaverify.duckdns.org/ HTTP 302
https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 17

https://dpm.demdex.net/id?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1631366542033 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1631366542033

Request Chain 22

https://cm.everesttech.net/cm/dd?d_uuid=24999850327147343800946480813398064616 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YTytmAAAAFr2bgQA

60 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request login.php Show response
secure101b-citizenbaverify.duckdns.org/
Redirect Chain

https://secure101b-citizenbaverify.duckdns.org/
https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE

27 KB
27 KB

39ms
39ms

Document
text/html

161.35.195.41
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 161.35.195.41 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash: 452a1c09f0bc8ca785949d932d2135cb5ad9324eb8fdfd793663b1d096717ef6

Request headers

Host: secure101b-citizenbaverify.duckdns.org
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Cookie: PHPSESSID=19877d356dfa3f0165a9696d456d03e5
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Date: Sat, 11 Sep 2021 13:22:16 GMT
Server: Apache
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

Redirect headers

Date: Sat, 11 Sep 2021 13:22:16 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=19877d356dfa3f0165a9696d456d03e5; path=/
Location: login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

GET
H2 200 Bootstrap.js Show response
nexus.ensighten.com/citizensbank/olbprod/ 86 KB
28 KB 5039ms
12ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js
Requested by: Host: secure101b-citizenbaverify.duckdns.org
URL: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 55d479e85168beaf51a55334a7705df70f093581280094737e635823385e376d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure101b-citizenbaverify.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 11 Sep 2021 13:22:22 GMT
content-encoding: gzip
last-modified: Tue, 07 Sep 2021 15:32:48 GMT
server: nginx
etag: W/"61378620-15729"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=300

GET
H/1.1 404
Not Found pm_fp.js
secure101b-citizenbaverify.duckdns.org/efs/efs/jsp-ns/ 0
0 8ms
7ms Script
text/html 161.35.195.41
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://secure101b-citizenbaverify.duckdns.org/efs/efs/jsp-ns/pm_fp.js
Requested by: Host: secure101b-citizenbaverify.duckdns.org
URL: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 161.35.195.41 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: secure101b-citizenbaverify.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE
Cookie: PHPSESSID=19877d356dfa3f0165a9696d456d03e5
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 11 Sep 2021 13:22:16 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 jquery-ui-1.10.3.custom.min.css
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ 19 KB
4 KB 10361ms
226ms Stylesheet
text/css 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/jquery-ui-1.10.3.custom.min.css

Requested by

Host: secure101b-citizenbaverify.duckdns.org
URL: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

7aaf6df215bb7018439342fe6bcd1058de3e7dfa2c7b4e1176c842b1a8e529ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure101b-citizenbaverify.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 11 Sep 2021 13:22:27 GMT
content-encoding: gzip
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 3780
x-olb-req-received: t=1631342519223532
last-modified: Sat, 11 Sep 2021 01:56:34 GMT
x-frame-options: SAMEORIGIN
etag: "4a56-5cbae8aa31ea6"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: text/css
access-control-allow-origin: *
expires: Sun, 12 Sep 2021 06:42:05 GMT
cache-control: max-age=62378
accept-ranges: bytes
lb-action: None
x-olb-req-duration: D=828

GET
H2 200 normalize.css
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ 10 KB
3 KB 10365ms
230ms Stylesheet
text/css 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/normalize.css

Requested by

Host: secure101b-citizenbaverify.duckdns.org
URL: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

91afb84bded857517d6a7e43932e3d4a43eaf42d1e4d0b77a8bc9c07973e21d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure101b-citizenbaverify.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 11 Sep 2021 13:22:27 GMT
content-encoding: gzip
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 2766
x-olb-req-received: t=1631342519298248
last-modified: Sat, 11 Sep 2021 02:07:17 GMT
x-frame-options: SAMEORIGIN
etag: "26c2-5cbaeb0fc3da7"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: text/css
access-control-allow-origin: *
expires: Sun, 12 Sep 2021 06:41:27 GMT
cache-control: max-age=62340
accept-ranges: bytes
lb-action: None
x-olb-req-duration: D=630

GET
H2 200 main.css
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ 61 KB
12 KB 10368ms
234ms Stylesheet
text/css 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Requested by

Host: secure101b-citizenbaverify.duckdns.org
URL: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

66a13cad6c244da4061da65fd2fbf027bf1bb49e21c42f5e7c943a9379f1e7c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure101b-citizenbaverify.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 11 Sep 2021 13:22:27 GMT
content-encoding: gzip
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 12357
x-olb-req-received: t=1631342519243737
last-modified: Sat, 11 Sep 2021 01:56:34 GMT
x-frame-options: SAMEORIGIN
etag: "f405-5cbae8aa2b146"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: text/css
access-control-allow-origin: *
expires: Sun, 12 Sep 2021 06:42:26 GMT
cache-control: max-age=62399
accept-ranges: bytes
lb-action: None
x-olb-req-duration: D=2670

GET
H2 200 flows.css
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ 8 KB
3 KB 10372ms
237ms Stylesheet
text/css 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css

Requested by

Host: secure101b-citizenbaverify.duckdns.org
URL: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

99373341554ceaade5ea6c81725f1cd4d05e906621a15797d99d01343ae551f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure101b-citizenbaverify.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 11 Sep 2021 13:22:27 GMT
content-encoding: gzip
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 2391
x-olb-req-received: t=1631342519447368
last-modified: Sat, 11 Sep 2021 01:42:14 GMT
x-frame-options: SAMEORIGIN
etag: "21ce-5cbae576a5a73"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: text/css
access-control-allow-origin: *
expires: Sun, 12 Sep 2021 06:43:12 GMT
cache-control: max-age=62445
accept-ranges: bytes
lb-action: None
x-olb-req-duration: D=648

GET
H2 200 ad-containers.css
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ 8 KB
2 KB 10378ms
244ms Stylesheet
text/css 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ad-containers.css

Requested by

Host: secure101b-citizenbaverify.duckdns.org
URL: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

c8a977fd23fc151d7944387ad07220eb673de84b4343d6304efe5a8e1c061b02

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure101b-citizenbaverify.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 11 Sep 2021 13:22:27 GMT
content-encoding: gzip
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 1521
x-olb-req-received: t=1631342519248649
last-modified: Sat, 11 Sep 2021 01:56:34 GMT
x-frame-options: SAMEORIGIN
etag: "1f31-5cbae8aa2b146"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: text/css
access-control-allow-origin: *
expires: Sun, 12 Sep 2021 06:42:34 GMT
cache-control: max-age=62407
accept-ranges: bytes
lb-action: None
x-olb-req-duration: D=459

GET
H2 200 modernizr-2.6.2.min.js Show response
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/ 15 KB
6 KB 10378ms
244ms Script
application/x-javascript 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/modernizr-2.6.2.min.js

Requested by

Host: secure101b-citizenbaverify.duckdns.org
URL: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

cf25ec18f223f4c51ce1128a42e644cdc2244d88f89d1a51440d9dbe51f4efe8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure101b-citizenbaverify.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 11 Sep 2021 13:22:27 GMT
content-encoding: gzip
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 6246
x-olb-req-received: t=1631342519289904
last-modified: Sat, 11 Sep 2021 02:07:17 GMT
x-frame-options: SAMEORIGIN
etag: "3c36-5cbaeb0fc9f4e"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: application/x-javascript
access-control-allow-origin: *
expires: Sun, 12 Sep 2021 06:41:18 GMT
cache-control: max-age=62331
accept-ranges: bytes
lb-action: None
x-olb-req-duration: D=944

GET
H2 200 plugins.js Show response
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/ 199 KB
45 KB 10384ms
250ms Script
application/x-javascript 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/plugins.js

Requested by

Host: secure101b-citizenbaverify.duckdns.org
URL: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

b769305d18e59ddd6f13c3fb6db4f90a15770b3717aaddbadb6e543918178bc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure101b-citizenbaverify.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 11 Sep 2021 13:22:27 GMT
content-encoding: gzip
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 46041
x-olb-req-received: t=1631342519271035
last-modified: Sat, 11 Sep 2021 02:07:17 GMT
x-frame-options: SAMEORIGIN
etag: "31d24-5cbaeb0fc9396"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: application/x-javascript
access-control-allow-origin: *
expires: Sun, 12 Sep 2021 06:42:22 GMT
cache-control: max-age=62395
accept-ranges: bytes
lb-action: None
x-olb-req-duration: D=10418

GET
H2 200 main.js Show response
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/ 19 KB
5 KB 10381ms
247ms Script
application/x-javascript 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/main.js

Requested by

Host: secure101b-citizenbaverify.duckdns.org
URL: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

57a2dc0af7db36023b2b6c53e01dbd8e716d96174486ad20d68b2549589c5441

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure101b-citizenbaverify.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 11 Sep 2021 13:22:27 GMT
content-encoding: gzip
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 4818
x-olb-req-received: t=1631342527594605
last-modified: Sat, 11 Sep 2021 01:42:14 GMT
x-frame-options: SAMEORIGIN
etag: "4c03-5cbae576bae45"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: application/x-javascript
access-control-allow-origin: *
expires: Sun, 12 Sep 2021 06:42:47 GMT
cache-control: max-age=62420
accept-ranges: bytes
lb-action: None
x-olb-req-duration: D=1056

GET
H2 200 placeholders.min.js Show response
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/ 4 KB
2 KB 10390ms
256ms Script
application/x-javascript 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/placeholders.min.js

Requested by

Host: secure101b-citizenbaverify.duckdns.org
URL: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

babf6fd29c079790cc4d522f66f21af7c099e981080ddf11b5344b12b904e8a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure101b-citizenbaverify.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 11 Sep 2021 13:22:27 GMT
content-encoding: gzip
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 1633
x-olb-req-received: t=1631342526917683
last-modified: Sat, 11 Sep 2021 02:07:17 GMT
x-frame-options: SAMEORIGIN
etag: "10aa-5cbaeb0fca336"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: application/x-javascript
access-control-allow-origin: *
expires: Sun, 12 Sep 2021 06:42:56 GMT
cache-control: max-age=62429
accept-ranges: bytes
lb-action: None
x-olb-req-duration: D=484

GET
H2 404 7c3ed55c
www4.citizensbankonline.com/akam/11/ 0
0 5078ms
9ms Script
text/html 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www4.citizensbankonline.com/akam/11/7c3ed55c

Requested by

Host: secure101b-citizenbaverify.duckdns.org
URL: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure101b-citizenbaverify.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 11 Sep 2021 13:22:32 GMT
strict-transport-security: max-age=15768000
content-type: text/html
expires: Sat, 11 Sep 2021 13:22:32 GMT
cache-control: max-age=0
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 9
lb-action: None

GET
H2 404 tealeaf.js
www3.citizensbankonline.com/efs/efs/js/ 0
0 10491ms
358ms Script
text/html 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www3.citizensbankonline.com/efs/efs/js/tealeaf.js
Requested by: Host: secure101b-citizenbaverify.duckdns.org
URL: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-24-5-179.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure101b-citizenbaverify.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

access-control-allow-origin: *

GET
H2 200 CTZ_Green-01.png
www3.citizensbankonline.com/efs/hhf/img/ 5 KB
5 KB 12ms
11ms Image
image/png 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/hhf/img/CTZ_Green-01.png

Requested by

Host: secure101b-citizenbaverify.duckdns.org
URL: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

bf99a3203217c802888087df8a2c84b92e087829e7e24d38581a57cee763923b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure101b-citizenbaverify.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 11 Sep 2021 13:22:27 GMT
x-olb-req-received: t=1631342519279142
last-modified: Sat, 28 Aug 2021 02:20:10 GMT
etag: "149d-5ca953d42d094"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=580811
x-olb-req-duration: D=138
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 5277
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sat, 18 Sep 2021 06:42:38 GMT

GET
H/1.1 404
Not Found citizensHeaderFooter-citizensns42588.js
secure101b-citizenbaverify.duckdns.org/efs/hhf/js/ 0
0 20ms
7ms Script
text/html 161.35.195.41
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://secure101b-citizenbaverify.duckdns.org/efs/hhf/js/citizensHeaderFooter-citizensns42588.js
Requested by: Host: secure101b-citizenbaverify.duckdns.org
URL: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 161.35.195.41 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: secure101b-citizenbaverify.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE
Cookie: PHPSESSID=19877d356dfa3f0165a9696d456d03e5; AMCVS_4C3B0C3755C3822E7F000101%40AdobeOrg=1; AMCV_4C3B0C3755C3822E7F000101%40AdobeOrg=1099438348%7CMCIDTS%7C18882%7CMCMID%7C25035889292081698030949591780169122703%7CMCAAMLH-1631971347%7C6%7CMCAAMB-1631971347%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1631373747s%7CNONE%7CvVersion%7C2.1.0
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 11 Sep 2021 13:22:27 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found 930e113327rn2365aa3b7b98b0447e8d
secure101b-citizenbaverify.duckdns.org/content/ 0
0 17ms
6ms Script
text/html 161.35.195.41
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://secure101b-citizenbaverify.duckdns.org/content/930e113327rn2365aa3b7b98b0447e8d
Requested by: Host: secure101b-citizenbaverify.duckdns.org
URL: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 161.35.195.41 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: secure101b-citizenbaverify.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE
Cookie: PHPSESSID=19877d356dfa3f0165a9696d456d03e5; AMCVS_4C3B0C3755C3822E7F000101%40AdobeOrg=1; AMCV_4C3B0C3755C3822E7F000101%40AdobeOrg=1099438348%7CMCIDTS%7C18882%7CMCMID%7C25035889292081698030949591780169122703%7CMCAAMLH-1631971347%7C6%7CMCAAMB-1631971347%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1631373747s%7CNONE%7CvVersion%7C2.1.0
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 11 Sep 2021 13:22:27 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found common.js
secure101b-citizenbaverify.duckdns.org/efs/efs/jsp-ns/scripts/ 0
0 20ms
6ms Script
text/html 161.35.195.41
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://secure101b-citizenbaverify.duckdns.org/efs/efs/jsp-ns/scripts/common.js
Requested by: Host: secure101b-citizenbaverify.duckdns.org
URL: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 161.35.195.41 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: secure101b-citizenbaverify.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE
Cookie: PHPSESSID=19877d356dfa3f0165a9696d456d03e5; AMCVS_4C3B0C3755C3822E7F000101%40AdobeOrg=1; AMCV_4C3B0C3755C3822E7F000101%40AdobeOrg=1099438348%7CMCIDTS%7C18882%7CMCMID%7C25035889292081698030949591780169122703%7CMCAAMLH-1631971347%7C6%7CMCAAMB-1631971347%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1631373747s%7CNONE%7CvVersion%7C2.1.0
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 11 Sep 2021 13:22:27 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1

200
OK

rd Show response
dpm.demdex.net/id/
Redirect Chain

https://dpm.demdex.net/id?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1631366542033
https://dpm.demdex.net/id/rd?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1631366542033

4 KB
2 KB

39ms
39ms

XHR
application/json

63.32.159.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id/rd?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1631366542033

Requested by

Host: secure101b-citizenbaverify.duckdns.org
URL: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

63.32.159.255 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-32-159-255.eu-west-1.compute.amazonaws.com

Software

Resource Hash

5f83db42f9768c8b5ce1efcab70eaab11babc05341c29f38f29dfbb27b4e3d87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure101b-citizenbaverify.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v016-0cb3b8942.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: U1KkEUaMQqg=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://secure101b-citizenbaverify.duckdns.org
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 1312
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-1-v016-018bef6e4.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: https://secure101b-citizenbaverify.duckdns.org
X-TID: 05FfDA5lR0k=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/id/rd?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=4C3B0C3755C3822E7F000101%40AdobeOrg&d_nsid=0&ts=1631366542033
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1 404
Not Found pm_fp.js
secure101b-citizenbaverify.duckdns.org/efs/efs/jsp-ns/ 0
0 20ms
7ms Script
text/html 161.35.195.41
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://secure101b-citizenbaverify.duckdns.org/efs/efs/jsp-ns/pm_fp.js
Requested by: Host: secure101b-citizenbaverify.duckdns.org
URL: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 161.35.195.41 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: secure101b-citizenbaverify.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE
Cookie: PHPSESSID=19877d356dfa3f0165a9696d456d03e5; AMCV_4C3B0C3755C3822E7F000101%40AdobeOrg=1099438348%7CMCIDTS%7C18882%7CvVersion%7C2.1.0
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 11 Sep 2021 13:22:22 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 serverComponent.php Show response
nexus.ensighten.com/citizensbank/olbprod/ 281 B
423 B 9ms
8ms Script
text/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citizensbank/olbprod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citizensbank/olbprod/code/&publishedOn=Tue%20Sep%2007%2015:32:48%20GMT%202021&ClientID=397&PageID=https%3A%2F%2Fsecure101b-citizenbaverify.duckdns.org%2Flogin.php%3Fonline_id%3Dfbd2f46874ba7ede9cefb6416%26country%3DGermany%26iso%3DDE
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: f7d355e7c6ba9d0da6ba35b4e05e6e4642b2d78ca0e944d9a5746a37d3ac7080

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure101b-citizenbaverify.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 11 Sep 2021 13:22:27 GMT
cache-control: no-cache, no-store
server: nginx
content-type: text/javascript
content-length: 281
expires: Sat, 11 Sep 2021 13:22:26 GMT

GET
H2 200 tag.js Show response
lptag.liveperson.net/tag/ 21 KB
8 KB 5093ms
21ms Script
application/javascript 178.249.97.23
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lptag.liveperson.net/tag/tag.js?site=89632304
Requested by: Host: secure101b-citizenbaverify.duckdns.org
URL: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.249.97.23 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: ws /
Resource Hash: 145d14bb73e5b03cc73062c2a78c392125b891c62b1cc9d542e5adba762f04e7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure101b-citizenbaverify.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 11 Sep 2021 13:22:32 GMT
content-encoding: gzip
last-modified: Thu, 03 Sep 2020 08:27:49 GMT
server: ws
etag: "5f50a905-1d8f"
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: public, max-age=630
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
content-length: 7567

GET
H2 200 id Show response
smetrics.citizensbank.com/ 48 B
527 B 5084ms
17ms XHR
application/x-javascript 15.236.176.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://smetrics.citizensbank.com/id?d_visid_ver=2.1.0&d_fieldgroup=A&mcorgid=4C3B0C3755C3822E7F000101%40AdobeOrg&mid=25035889292081698030949591780169122703&ts=1631366547199

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

54d5c45913f0d5ba232e526f1cff39bbac87c7ab1ef085c5999b3404765970c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://secure101b-citizenbaverify.duckdns.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Sat, 11 Sep 2021 13:22:32 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-cdcd75487-xrjpj
vary: Origin
x-c: main-1507.I8824ac.M0-513
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://secure101b-citizenbaverify.duckdns.org
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript;charset=utf-8
content-length: 48
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=YTytmAAAAFr2bgQA
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=24999850327147343800946480813398064616
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YTytmAAAAFr2bgQA

42 B
945 B

31ms
31ms

Image
image/gif

63.32.159.255
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=YTytmAAAAFr2bgQA

Requested by

Host: secure101b-citizenbaverify.duckdns.org
URL: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

63.32.159.255 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-32-159-255.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure101b-citizenbaverify.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v016-043803aa7.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: NH9NJW8vT4w=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=YTytmAAAAFr2bgQA
Date: Sat, 11 Sep 2021 13:22:32 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H2 200 citizen_roman.woff
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/ 31 KB
32 KB 25ms
11ms Font
application/octet-stream 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_roman.woff

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Origin: https://secure101b-citizenbaverify.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 11 Sep 2021 13:22:27 GMT
x-olb-req-received: t=1631342517228244
last-modified: Sat, 11 Sep 2021 02:07:17 GMT
etag: "7ce0-5cbaeb0fc030f"
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
cache-control: max-age=580735
x-olb-req-duration: D=227
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 31968
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sat, 18 Sep 2021 06:41:22 GMT

GET
H2 200 jquery-1.9.1.min.js Show response
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/ 90 KB
32 KB 11ms
11ms Script
application/x-javascript 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js

Requested by

Host: secure101b-citizenbaverify.duckdns.org
URL: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

aa084d3968ab19898ebbed807ebc134b622fab78a888e7b36ae8386841636801

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://secure101b-citizenbaverify.duckdns.org/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Sat, 11 Sep 2021 13:22:27 GMT
content-encoding: gzip
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 32776
x-olb-req-received: t=1631342527717404
last-modified: Sat, 11 Sep 2021 01:56:34 GMT
x-frame-options: SAMEORIGIN
etag: "169d6-5cbae8aa3787e"
vary: Accept-Encoding
strict-transport-security: max-age=15768000
content-type: application/x-javascript
access-control-allow-origin: *
expires: Sun, 12 Sep 2021 06:42:47 GMT
cache-control: max-age=62420
accept-ranges: bytes
lb-action: None
x-olb-req-duration: D=6870

GET
H/1.1 200
OK dest5.html Show response
citizensbank.demdex.net/ Frame CE63 7 KB
3 KB 5393ms
34ms Document
text/html 54.171.219.200
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://citizensbank.demdex.net/dest5.html?d_nsid=0

Requested by

Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.171.219.200 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-171-219-200.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Host: citizensbank.demdex.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://secure101b-citizenbaverify.duckdns.org/
Accept-Encoding: gzip, deflate, br
Cookie: demdex=24999850327147343800946480813398064616
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://secure101b-citizenbaverify.duckdns.org/

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Sat, 11 Sep 2021 13:22:32 GMT
DCS: dcs-prod-irl1-1-v016-05abeeea0.edge-irl1.demdex.com UNKNOWN
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Wed, 8 Sep 2021 14:55:58 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: 9N3fro5iRpA=
Content-Length: 2791
Connection: keep-alive

GET
H2 200 ab23b564354fb5711bac9e1bcff2c5e5.js Show response
nexus.ensighten.com/citizensbank/olbprod/code/ 203 KB
63 KB 16ms
16ms Script
application/javascript 18.197.253.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/citizensbank/olbprod/code/ab23b564354fb5711bac9e1bcff2c5e5.js?conditionId0=421909
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 18.197.253.20 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: d0dd4d3bca3af984b342c8d2f00110446f026a301801fde2f65442e696617751

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure101b-citizenbaverify.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 11 Sep 2021 13:22:27 GMT
content-encoding: gzip
last-modified: Tue, 07 Sep 2021 15:32:48 GMT
server: nginx
etag: W/"61378620-32d75"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000

GET
H2 200 adrum-latest.js Show response
cdn.appdynamics.com/adrum/ 102 KB
37 KB 5039ms
12ms Script
application/javascript 52.222.214.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.appdynamics.com/adrum/adrum-latest.js?
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citizensbank/olbprod/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-67.fra56.r.cloudfront.net
Software: nginx/1.16.1 /
Resource Hash: f7b4c01edef29deff0c9c54e6dd504b25bec2ed87bf88074d6a739f98d335acd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure101b-citizenbaverify.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Fri, 13 Aug 2021 21:28:33 GMT
content-encoding: gzip
age: 2476439
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Wed, 17 Feb 2021 19:41:36 GMT
server: nginx/1.16.1
etag: W/"602d7170-199b9"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
via: 1.1 e026b2802d48048e9935caadbecf124f.cloudfront.net (CloudFront)
cache-control: public, max-age=2678400, s-max-age=14400
x-amz-cf-pop: FRA56-P3
timing-allow-origin: *
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: DhM4GHgMVUis9hT-JIjtjtJEotSK5jSuvwdPK1ss9cj4gSSdQg8WBA==

GET
H2 200 icon-secure.png
www3.citizensbankonline.com/efs/efs/grafx/ 292 B
604 B 11ms
11ms Image
image/png 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/efs/grafx/icon-secure.png

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

c8d87d770112e188f7b1482e9a416ffc441a9a6e08e2fc38a886fa2986efdb46

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 11 Sep 2021 13:22:27 GMT
x-olb-req-received: t=1631342730338626
last-modified: Sat, 11 Sep 2021 01:43:10 GMT
etag: "124-5cbae5abb965b"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=581060
x-olb-req-duration: D=138
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 292
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sat, 18 Sep 2021 06:46:47 GMT

GET
H2 200 flows-tooltip.png
www3.citizensbankonline.com/efs/efs/grafx/ 364 B
677 B 16ms
15ms Image
image/png 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/efs/grafx/flows-tooltip.png

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

dfc042f7ff75f3c2f916bcfbff48c82834bab07b698a2c564906ca073f8286b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 11 Sep 2021 13:22:27 GMT
x-olb-req-received: t=1631342517339150
last-modified: Sat, 11 Sep 2021 02:08:24 GMT
etag: "16c-5cbaeb4f2e213"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=580808
x-olb-req-duration: D=175
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 364
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sat, 18 Sep 2021 06:42:35 GMT

GET
H2 200 arrow-button-white.png
www3.citizensbankonline.com/efs/efs/grafx/ 1017 B
1 KB 20ms
20ms Image
image/png 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/efs/grafx/arrow-button-white.png

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

ff327ec2a6dbd3fc76ceecf59e472d5d2f43c94dce851ced740abe5f75bb832e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/flows.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 11 Sep 2021 13:22:27 GMT
x-olb-req-received: t=1631342730388162
last-modified: Sat, 11 Sep 2021 02:08:23 GMT
etag: "3f9-5cbaeb4e8f329"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=580962
x-olb-req-duration: D=164
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 1017
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sat, 18 Sep 2021 06:45:09 GMT

GET
H2 200 arrow-down-blue.png
www3.citizensbankonline.com/efs/efs/grafx/ 1 KB
1 KB 24ms
24ms Image
image/png 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/efs/grafx/arrow-down-blue.png

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 11 Sep 2021 13:22:27 GMT
x-olb-req-received: t=1631344583955545
last-modified: Sat, 11 Sep 2021 01:43:10 GMT
etag: "41e-5cbae5abaa817"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=582799
x-olb-req-duration: D=151
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 1054
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sat, 18 Sep 2021 07:15:46 GMT

GET
H2 200 arrow-right-orange.png
www3.citizensbankonline.com/efs/efs/grafx/ 165 B
479 B 28ms
28ms Image
image/png 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/efs/grafx/arrow-right-orange.png

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

bbb90a8f240e6dbbda1d3da534f8848f256e623ed470d045e1d86a465e424d69

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 11 Sep 2021 13:22:27 GMT
x-olb-req-received: t=1631344583858465
last-modified: Sat, 11 Sep 2021 01:57:36 GMT
etag: "a5-5cbae8e58a753"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=582773
x-olb-req-duration: D=148
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 165
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sat, 18 Sep 2021 07:15:20 GMT

GET
H2 200 citiolb_icons.woff
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/ 18 KB
18 KB 11ms
10ms Font
application/octet-stream 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citiolb_icons.woff

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Origin: https://secure101b-citizenbaverify.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 11 Sep 2021 13:22:27 GMT
x-olb-req-received: t=1631342731042602
last-modified: Sat, 11 Sep 2021 02:07:17 GMT
etag: "485c-5cbaeb0fbdbff"
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
cache-control: max-age=581056
x-olb-req-duration: D=252
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 18524
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sat, 18 Sep 2021 06:46:43 GMT

GET
H2 200 citizen_bold.woff
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/ 29 KB
29 KB 16ms
16ms Font
application/octet-stream 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_bold.woff

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

5bb2d438470a02799577010a14310fa8ac3ed7ea77ca15435aaaa154e407b3e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Origin: https://secure101b-citizenbaverify.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 11 Sep 2021 13:22:27 GMT
x-olb-req-received: t=1631342730391812
last-modified: Sat, 11 Sep 2021 02:07:17 GMT
etag: "7278-5cbaeb0fc2e07"
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
cache-control: max-age=581036
x-olb-req-duration: D=213
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 29304
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sat, 18 Sep 2021 06:46:23 GMT

GET
H2 200 citizen_extrabold.woff
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/ 27 KB
28 KB 20ms
20ms Font
application/octet-stream 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_extrabold.woff

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Origin: https://secure101b-citizenbaverify.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 11 Sep 2021 13:22:27 GMT
x-olb-req-received: t=1631342517392718
last-modified: Sat, 11 Sep 2021 01:56:34 GMT
etag: "6ccc-5cbae8aa2fb7e"
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
cache-control: max-age=580792
x-olb-req-duration: D=223
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 27852
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sat, 18 Sep 2021 06:42:19 GMT

GET
H2 200 citizen_book.woff
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/ 31 KB
31 KB 13ms
13ms Font
application/octet-stream 184.24.5.179
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_book.woff

Requested by

Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.24.5.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-5-179.deploy.static.akamaitechnologies.com

Software

Resource Hash

2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/main.css
Origin: https://secure101b-citizenbaverify.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 11 Sep 2021 13:22:27 GMT
x-olb-req-received: t=1631342730396924
last-modified: Sat, 11 Sep 2021 01:56:34 GMT
etag: "7c78-5cbae8aa3034e"
x-frame-options: SAMEORIGIN
access-control-allow-origin: *
cache-control: max-age=580967
x-olb-req-duration: D=206
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 31864
strict-transport-security: max-age=15768000
accept-ranges: bytes
lb-action: None
expires: Sat, 18 Sep 2021 06:45:14 GMT

GET
H/1.1 404
Not Found citizensHeaderFooter-citizensns42588.js
secure101b-citizenbaverify.duckdns.org/efs/hhf/js/ 0
0 7ms
7ms Script
text/html 161.35.195.41
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://secure101b-citizenbaverify.duckdns.org/efs/hhf/js/citizensHeaderFooter-citizensns42588.js
Requested by: Host: secure101b-citizenbaverify.duckdns.org
URL: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 161.35.195.41 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: secure101b-citizenbaverify.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE
Cookie: PHPSESSID=19877d356dfa3f0165a9696d456d03e5; AMCVS_4C3B0C3755C3822E7F000101%40AdobeOrg=1; AMCV_4C3B0C3755C3822E7F000101%40AdobeOrg=1099438348%7CMCIDTS%7C18882%7CMCMID%7C25035889292081698030949591780169122703%7CMCAAMLH-1631971347%7C6%7CMCAAMB-1631971347%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1631373747s%7CNONE%7CvVersion%7C2.1.0
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 11 Sep 2021 13:22:27 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found 930e113327rn2365aa3b7b98b0447e8d
secure101b-citizenbaverify.duckdns.org/content/ 0
0 7ms
7ms Script
text/html 161.35.195.41
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://secure101b-citizenbaverify.duckdns.org/content/930e113327rn2365aa3b7b98b0447e8d
Requested by: Host: secure101b-citizenbaverify.duckdns.org
URL: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 161.35.195.41 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: secure101b-citizenbaverify.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE
Cookie: PHPSESSID=19877d356dfa3f0165a9696d456d03e5; AMCVS_4C3B0C3755C3822E7F000101%40AdobeOrg=1; AMCV_4C3B0C3755C3822E7F000101%40AdobeOrg=1099438348%7CMCIDTS%7C18882%7CMCMID%7C25035889292081698030949591780169122703%7CMCAAMLH-1631971347%7C6%7CMCAAMB-1631971347%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1631373747s%7CNONE%7CvVersion%7C2.1.0
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 11 Sep 2021 13:22:27 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found common.js
secure101b-citizenbaverify.duckdns.org/efs/efs/jsp-ns/scripts/ 0
0 7ms
6ms Script
text/html 161.35.195.41
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://secure101b-citizenbaverify.duckdns.org/efs/efs/jsp-ns/scripts/common.js
Requested by: Host: secure101b-citizenbaverify.duckdns.org
URL: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 161.35.195.41 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: secure101b-citizenbaverify.duckdns.org
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE
Cookie: PHPSESSID=19877d356dfa3f0165a9696d456d03e5; AMCVS_4C3B0C3755C3822E7F000101%40AdobeOrg=1; AMCV_4C3B0C3755C3822E7F000101%40AdobeOrg=1099438348%7CMCIDTS%7C18882%7CMCMID%7C25035889292081698030949591780169122703%7CMCAAMLH-1631971347%7C6%7CMCAAMB-1631971347%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1631373747s%7CNONE%7CvVersion%7C2.1.0
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date: Sat, 11 Sep 2021 13:22:27 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=97
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 s26092183621706 Show response
smetrics.citizensbank.com/b/ss/citizensbankdotcomprod/10/JS-2.5.0/ 3 KB
4 KB 55ms
55ms Script
application/x-javascript 15.236.176.210
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://smetrics.citizensbank.com/b/ss/citizensbankdotcomprod/10/JS-2.5.0/s26092183621706?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=11%2F8%2F2021%2013%3A22%3A32%206%200&d.&nsid=0&jsonv=1&.d&mid=25035889292081698030949591780169122703&aamlh=6&ce=UTF-8&ns=citizensbank&pageName=https%3A%2F%2Fsecure101b-citizenbaverify.duckdns.org%2Flogin.php&g=https%3A%2F%2Fsecure101b-citizenbaverify.duckdns.org%2Flogin.php%3Fonline_id%3Dfbd2f46874ba7ede9cefb6416%26country%3DGermany%26iso%3DDE&cc=USD&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&c5=D%3Dv8&c7=https%3A%2F%2Fsecure101b-citizenbaverify.duckdns.org%2Flogin.php&v7=New&v8=9%3A22%20AM%7CSaturday&c9=D%3Dv7&v9=CTZ&c10=D%3Dv10&v10=https%3A%2F%2Fsecure101b-citizenbaverify.duckdns.org%2Flogin.php&c11=D%3Dv11&v11=https%3A%2F%2Fsecure101b-citizenbaverify.duckdns.org%2Flogin.php%3Fonline_id%3Dfbd2f46874ba7ede9cefb6416%26country%3DGermany%26iso%3DDE&c12=D%3Dv12&v12=%2Flogin.php&c13=D%3Dv13&v13=secure101b-citizenbaverify.duckdns.org&c14=D%3Dv18&v14=https%3A%2F%2Fsecure101b-citizenbaverify.duckdns.org%2Flogin.php&c15=https%3A%2F%2Fsecure101b-citizenbaverify.duckdns.org%2Flogin.php&v18=.COM&v19=https%3A%2F%2Fsecure101b-citizenbaverify.duckdns.org%2Flogin.php&v26=%3A&v32=25035889292081698030949591780169122703&c75=VisitorAPI%20Present&v82=Legacy%20Site&s=1600x1200&c=24&j=1.6&v=N&k=N&bw=1600&bh=1200&mcorgid=4C3B0C3755C3822E7F000101%40AdobeOrg&AQE=1

Requested by

Host: secure101b-citizenbaverify.duckdns.org
URL: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.176.210 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-176-210.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

1d4dda78535774b5aac91615e66f9acd86605b7558a20ada3c9b90968b0e7968

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure101b-citizenbaverify.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-aam-tid: 56hvEKGqTqU=
date: Sat, 11 Sep 2021 13:22:32 GMT
x-content-type-options: nosniff
x-c: main-1507.I8824ac.M0-513
p3p: CP="This is not a P3P policy"
vary: *
content-length: 3529
x-xss-protection: 1; mode=block
dcs: dcs-prod-irl1-2-v016-0cb111ffa.edge-irl1.demdex.com UNKNOWN
pragma: no-cache
last-modified: Sun, 12 Sep 2021 13:22:32 GMT
server: jag
xserver: anedge-cdcd75487-s44fn
etag: 3503332994657550336-4619648175235254597
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Fri, 10 Sep 2021 13:22:32 GMT

GET
H2 200 .jsonp Show response
lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/ 275 KB
98 KB 42ms
42ms Script
application/x-javascript 178.249.97.23
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lptag.liveperson.net/lptag/api/account/89632304/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined
Requested by: Host: cdn.appdynamics.com
URL: https://cdn.appdynamics.com/adrum/adrum-latest.js?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.249.97.23 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: ws /
Resource Hash: 3343dedb753bd2e4ed3abfcf8c47b6e670c4e046a36179ee34754f8346cd20b7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://secure101b-citizenbaverify.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 11 Sep 2021 13:22:32 GMT
content-encoding: gzip
server: ws
x-cache-status: MISS
access-control-allow-methods: GET, POST, PATCH
content-type: application/x-javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: public, max-age=630
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

GET /
accdn.lpsnmedia.net/api/account/89632304/configuration/setting/accountproperties/ 0
0

GET zones
accdn.lpsnmedia.net/api/account/89632304/configuration/le-campaigns/ 0
0

GET 365868.gif
idsync.rlcdn.com/ Frame CE63 0
0

GET demdex_sync
x.dlx.addthis.com/e/ Frame CE63 0
0

GET pixel
cm.g.doubleclick.net/ Frame CE63 0
0

GET cm
p.rfihub.com/ Frame CE63 0
0

GET match
ps.eyeota.net/ Frame CE63 0
0

GET tpid=24999850327147343800946480813398064616
sync.crwdcntrl.net/map/c=9828/tp=ADBE/ Frame CE63 0
0

GET 5w3jqr4k
sync-tm.everesttech.net/upi/pid/ Frame CE63 0
0

GET btu4jd3a
sync-tm.everesttech.net/upi/pid/ Frame CE63 0
0

GET ZMAwryCI
sync-tm.everesttech.net/upi/pid/ Frame CE63 0
0

GET UH6TUt9n
sync-tm.everesttech.net/upi/pid/ Frame CE63 0
0

GET ny75r2x0
sync-tm.everesttech.net/upi/pid/ Frame CE63 0
0

GET b9pj45k4
sync-tm.everesttech.net/upi/pid/ Frame CE63 0
0

GET h0r58thg
sync-tm.everesttech.net/upi/pid/ Frame CE63 0
0

GET r7ifn0SL
sync-tm.everesttech.net/upi/pid/ Frame CE63 0
0

GET bct
mid.rkdms.com/ Frame CE63 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: accdn.lpsnmedia.net
URL: https://accdn.lpsnmedia.net/api/account/89632304/configuration/setting/accountproperties/?cb=lpCb64603x28650

Domain: accdn.lpsnmedia.net
URL: https://accdn.lpsnmedia.net/api/account/89632304/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB

Domain: idsync.rlcdn.com
URL: https://idsync.rlcdn.com/365868.gif?partner_uid=24999850327147343800946480813398064616

Domain: x.dlx.addthis.com
URL: https://x.dlx.addthis.com/e/demdex_sync?na_exid=24999850327147343800946480813398064616&ru=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D134096%26dpuuid%3D%3Cna_id%3E%20

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=adobe_dmp&google_cm&gdpr=0&gdpr_consent=&google_hm=MjQ5OTk4NTAzMjcxNDczNDM4MDA5NDY0ODA4MTMzOTgwNjQ2MTY=

Domain: p.rfihub.com
URL: https://p.rfihub.com/cm?in=1&pub=7085

Domain: ps.eyeota.net
URL: https://ps.eyeota.net/match?bid=6j5b2cv&uid=24999850327147343800946480813398064616&r=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D30064%26dpuuid%3D%7BUUID_6j5b2cv%7D

Domain: sync.crwdcntrl.net
URL: https://sync.crwdcntrl.net/map/c=9828/tp=ADBE/tpid=24999850327147343800946480813398064616?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D121998%26dpuuid%3D${profile_id}

Domain: sync-tm.everesttech.net
URL: https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D

Domain: sync-tm.everesttech.net
URL: https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90

Domain: sync-tm.everesttech.net
URL: https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D

Domain: sync-tm.everesttech.net
URL: https://sync-tm.everesttech.net/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D

Domain: sync-tm.everesttech.net
URL: https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D

Domain: sync-tm.everesttech.net
URL: https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D

Domain: sync-tm.everesttech.net
URL: https://sync-tm.everesttech.net/upi/pid/h0r58thg?redir=https%3A%2F%2Fsync.search.spotxchange.com%2Fpartner%3Fadv_id%3D6409%26uid%3D%24%7BUSER_ID%7D%26img%3D1

Domain: sync-tm.everesttech.net
URL: https://sync-tm.everesttech.net/upi/pid/r7ifn0SL?redir=https%3A%2F%2Fwww.facebook.com%2Ffr%2Fb.php%3Fp%3D1531105787105294%26e%3D%24%7BTM_USER_ID%7D%26t%3D2592000%26o%3D0

Domain: mid.rkdms.com
URL: https://mid.rkdms.com/bct?pid=8bc436aa-e0fc-4baa-9c9a-06fbeca87826&puid=24999850327147343800946480813398064616&_ct=img

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citizens Bank (Banking)

73 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
secure101b-citizenbaverify.duckdns.org/	1969-12-31 23:59:59	Name: PHPSESSID Value: 19877d356dfa3f0165a9696d456d03e5
.demdex.net/	1970-01-20 01:28:38	Name: demdex Value: 24999850327147343800946480813398064616
secure101b-citizenbaverify.duckdns.org/	1969-12-31 23:59:59	Name: AMCVS_4C3B0C3755C3822E7F000101%40AdobeOrg Value: 1
.secure101b-citizenbaverify.duckdns.org/	1970-01-19 21:52:38	Name: aam_uuid Value: 24999850327147343800946480813398064616
.everesttech.net/	1970-01-20 05:55:02	Name: everest_g_v2 Value: g_surferid~YTytmAAAAFr2bgQA
.dpm.demdex.net/	1970-01-20 01:28:38	Name: dpm Value: 24999850327147343800946480813398064616
secure101b-citizenbaverify.duckdns.org/	1970-01-20 14:40:38	Name: AMCV_4C3B0C3755C3822E7F000101%40AdobeOrg Value: 1099438348%7CMCIDTS%7C18882%7CMCMID%7C25035889292081698030949591780169122703%7CMCAAMLH-1631971347%7C6%7CMCAAMB-1631971347%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1631373747s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-18889%7CvVersion%7C2.1.0
.demdex.net/	1970-01-20 01:28:38	Name: dextp Value: 60-1-1631366552831\|843-1-1631366552846\|771-1-1631366552861\|1121-1-1631366552876\|30064-1-1631366552891\|121998-1-1631366552906\|144230-1-1631366552922\|144231-1-1631366552937\|144232-1-1631366552952\|144233-1-1631366552967\|144234-1-1631366552982\|144235-1-1631366552997\|144236-1-1631366553012\|144237-1-1631366553028\|129099-1-1631366553043

12 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://secure101b-citizenbaverify.duckdns.org/efs/efs/jsp-ns/pm_fp.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://secure101b-citizenbaverify.duckdns.org/efs/efs/jsp-ns/pm_fp.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
javascript	warning	URL: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE(Line 168) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://secure101b-citizenbaverify.duckdns.org/login.php?online_id=fbd2f46874ba7ede9cefb6416&country=Germany&iso=DE(Line 168) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-1.9.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://secure101b-citizenbaverify.duckdns.org/efs/hhf/js/citizensHeaderFooter-citizensns42588.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://secure101b-citizenbaverify.duckdns.org/content/930e113327rn2365aa3b7b98b0447e8d Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://secure101b-citizenbaverify.duckdns.org/efs/efs/jsp-ns/scripts/common.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://www3.citizensbankonline.com/efs/efs/js/tealeaf.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://secure101b-citizenbaverify.duckdns.org/efs/hhf/js/citizensHeaderFooter-citizensns42588.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://secure101b-citizenbaverify.duckdns.org/content/930e113327rn2365aa3b7b98b0447e8d Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://secure101b-citizenbaverify.duckdns.org/efs/efs/jsp-ns/scripts/common.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://www4.citizensbankonline.com/akam/11/7c3ed55c Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accdn.lpsnmedia.net
cdn.appdynamics.com
citizensbank.demdex.net
cm.everesttech.net
cm.g.doubleclick.net
dpm.demdex.net
idsync.rlcdn.com
lptag.liveperson.net
mid.rkdms.com
nexus.ensighten.com
p.rfihub.com
ps.eyeota.net
secure101b-citizenbaverify.duckdns.org
smetrics.citizensbank.com
sync-tm.everesttech.net
sync.crwdcntrl.net
www3.citizensbankonline.com
www4.citizensbankonline.com
x.dlx.addthis.com
accdn.lpsnmedia.net
cm.g.doubleclick.net
idsync.rlcdn.com
mid.rkdms.com
p.rfihub.com
ps.eyeota.net
sync-tm.everesttech.net
sync.crwdcntrl.net
x.dlx.addthis.com
15.236.176.210
161.35.195.41
178.249.97.23
18.197.253.20
184.24.5.179
52.222.214.67
54.171.219.200
54.194.191.134
63.32.159.255
0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759
145d14bb73e5b03cc73062c2a78c392125b891c62b1cc9d542e5adba762f04e7
1d4dda78535774b5aac91615e66f9acd86605b7558a20ada3c9b90968b0e7968
2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277
3343dedb753bd2e4ed3abfcf8c47b6e670c4e046a36179ee34754f8346cd20b7
452a1c09f0bc8ca785949d932d2135cb5ad9324eb8fdfd793663b1d096717ef6
54d5c45913f0d5ba232e526f1cff39bbac87c7ab1ef085c5999b3404765970c3
55d479e85168beaf51a55334a7705df70f093581280094737e635823385e376d
56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c
57a2dc0af7db36023b2b6c53e01dbd8e716d96174486ad20d68b2549589c5441
5bb2d438470a02799577010a14310fa8ac3ed7ea77ca15435aaaa154e407b3e6
5f83db42f9768c8b5ce1efcab70eaab11babc05341c29f38f29dfbb27b4e3d87
66a13cad6c244da4061da65fd2fbf027bf1bb49e21c42f5e7c943a9379f1e7c4
7aaf6df215bb7018439342fe6bcd1058de3e7dfa2c7b4e1176c842b1a8e529ac
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
91afb84bded857517d6a7e43932e3d4a43eaf42d1e4d0b77a8bc9c07973e21d2
99373341554ceaade5ea6c81725f1cd4d05e906621a15797d99d01343ae551f8
aa084d3968ab19898ebbed807ebc134b622fab78a888e7b36ae8386841636801
b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115
b769305d18e59ddd6f13c3fb6db4f90a15770b3717aaddbadb6e543918178bc8
babf6fd29c079790cc4d522f66f21af7c099e981080ddf11b5344b12b904e8a5
bbb90a8f240e6dbbda1d3da534f8848f256e623ed470d045e1d86a465e424d69
bf99a3203217c802888087df8a2c84b92e087829e7e24d38581a57cee763923b
c8a977fd23fc151d7944387ad07220eb673de84b4343d6304efe5a8e1c061b02
c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42
c8d87d770112e188f7b1482e9a416ffc441a9a6e08e2fc38a886fa2986efdb46
cf25ec18f223f4c51ce1128a42e644cdc2244d88f89d1a51440d9dbe51f4efe8
d0dd4d3bca3af984b342c8d2f00110446f026a301801fde2f65442e696617751
dfc042f7ff75f3c2f916bcfbff48c82834bab07b698a2c564906ca073f8286b2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f7b4c01edef29deff0c9c54e6dd504b25bec2ed87bf88074d6a739f98d335acd
f7d355e7c6ba9d0da6ba35b4e05e6e4642b2d78ca0e944d9a5746a37d3ac7080
ff327ec2a6dbd3fc76ceecf59e472d5d2f43c94dce851ced740abe5f75bb832e

secure101b-citizenbaverify.duckdns.org Open in urlscan Pro 161.35.195.41 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

60 Requests

72 %HTTPS

0 %IPv6

16 Domains

19 Subdomains

9 IPs

5 Countries

536 kBTransfer

1306 kBSize

8 Cookies

2 Outgoing links

Page URL History

Redirected requests

60 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

secure101b-citizenbaverify.duckdns.org Open in urlscan Pro
161.35.195.41 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

60
Requests

72 %
HTTPS

0 %
IPv6

16
Domains

19
Subdomains

9
IPs

5
Countries

536 kB
Transfer

1306 kB
Size

8
Cookies

60 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!