auth01citizens.serveuser.com Open in urlscan Pro
15.204.172.231 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.citizens.yeril.com/
Effective URL:
https://auth01citizens.serveuser.com/login?id=khsbgefkjehfgkusfjebsveyf374iwuehjdsnvhe4iur&get=hjsdvfyiuweksjdbfkgehurdsjsefgyikudjzb...
Submission: On April 20 via automatic, source certstream-suspicious (April 20th 2023, 2:13:32 pm UTC) — Scanned from DE

Summary HTTP 31 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 1 IPs in 2 countries across 2 domains to perform 31 HTTP transactions. The main IP is 15.204.172.231, located in Reston, United States and belongs to OVH, FR. The main domain is auth01citizens.serveuser.com.
TLS certificate: Issued by R3 on April 20th 2023. Valid for: 3 months.

This is the only time auth01citizens.serveuser.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citizens Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	179.48.251.209 179.48.251.209	52423 (Data Mine...) (Data Miners S.A. Racknation.cr )
1 32	15.204.172.231 15.204.172.231	16276 (OVH) (OVH)
31	1

1 179.48.251.209 (San José, Costa Rica) 1 redirects

ASN52423 (Data Miners S.A. Racknation.cr , CR)
PTR: ns9.admintekcr.net

www.citizens.yeril.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 15.204.172.231 (Reston, United States) 1 redirects

ASN16276 (OVH, FR)
PTR: vps-068ff01a.vps.ovh.us

auth01citizens.serveuser.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
32	serveuser.com 1 redirects auth01citizens.serveuser.com	104 KB
1	yeril.com 1 redirects www.citizens.yeril.com	266 B
31	2

	Domain	Requested by
32	auth01citizens.serveuser.com	1 redirects auth01citizens.serveuser.com
1	www.citizens.yeril.com	1 redirects
31	2

This site contains links to these domains. Also see Links.

Domain
www.citizensbank.com
www4.citizensbankonline.com

Subject Issuer	Validity	Valid
auth01citizens.serveuser.com R3	`2023-04-20` - `2023-07-19`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://auth01citizens.serveuser.com/login?id=khsbgefkjehfgkusfjebsveyf374iwuehjdsnvhe4iur&get=hjsdvfyiuweksjdbfkgehurdsjsefgyikudjzbcdfiugheroldsj
Frame ID: D88C266186C2ED4DCB7011514F3B82A9
Requests: 31 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Online Login | Citizens Bank

Page URL History Show full URLs

https://www.citizens.yeril.com/ HTTP 301
https://auth01citizens.serveuser.com/?wlc=wlc HTTP 302
https://auth01citizens.serveuser.com/login?id=khsbgefkjehfgkusfjebsveyf374iwuehjdsnvhe4iur&get=hjsdvfyiuweksjdbfk... Page URL

Page Statistics

31
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

104 kB
Transfer

328 kB
Size

1
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://www.citizensbank.com/learning/coronavirus/overview.aspx?WT.ac=CB_OLB_OLBAd_Coronavirus_CRC_COVID-19ResourceCenter_A484
Title: COVID-19 Resource Center

Search URL Search Domain Scan URL

URL: https://www.citizensbank.com/customer-service/FAQs/economic-impact-payments.aspx?WT.ac=CB_OLB_OLBAd_Coronavirus_EIP_EconomicImpactPayments_A485
Title: Economic Impact Payments

Search URL Search Domain Scan URL

URL: https://www4.citizensbankonline.com/efs/ui/tli/index.html
Title: Trouble logging in?

Search URL Search Domain Scan URL

URL: https://www4.citizensbankonline.com/efs/servlet/efs/login-faqs.jsp
Title: View All Help Topics

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.citizens.yeril.com/ HTTP 301
https://auth01citizens.serveuser.com/?wlc=wlc HTTP 302
https://auth01citizens.serveuser.com/login?id=khsbgefkjehfgkusfjebsveyf374iwuehjdsnvhe4iur&get=hjsdvfyiuweksjdbfkgehurdsjsefgyikudjzbcdfiugheroldsj Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

31 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request login Show response
auth01citizens.serveuser.com/
Redirect Chain

https://www.citizens.yeril.com/
https://auth01citizens.serveuser.com/?wlc=wlc
https://auth01citizens.serveuser.com/login?id=khsbgefkjehfgkusfjebsveyf374iwuehjdsnvhe4iur&get=hjsdvfyiuweksjdbfkgehurdsjsefgyikudjzbcdfiugheroldsj

68 KB
21 KB

497ms
497ms

Document
text/html

15.204.172.231
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://auth01citizens.serveuser.com/login?id=khsbgefkjehfgkusfjebsveyf374iwuehjdsnvhe4iur&get=hjsdvfyiuweksjdbfkgehurdsjsefgyikudjzbcdfiugheroldsj

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

15.204.172.231 Reston, United States, ASN16276 (OVH, FR),

Reverse DNS

vps-068ff01a.vps.ovh.us

Software

nginx / PHP/8.0.28 PleskLin

Resource Hash

7488e0e9872cce20b829b157762027f51ecc96a57cb49199567ab7e5c3a70122

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-length: 21321
content-type: text/html; charset=UTF-8
date: Thu, 20 Apr 2023 14:13:27 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
host: www.fbi.gov
origin: https://www.fbi.gov
pragma: no-cache
referer: https://www.fbi.gov
remote_addr: 104.16.77.187
server: nginx
strict-transport-security: max-age=15768000; includeSubDomains
vary: Accept-Encoding
x-content-type: nosniff
x-forwarded-host: www.fbi.gov
x-forwarded-proto: https
x-powered-by: PHP/8.0.28 PleskLin
x-xss-protection: 1; mode=block
x_forwarded_for: 104.16.77.187

Redirect headers

cache-control: no-store, no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 20 Apr 2023 14:13:26 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
host: www.fbi.gov
location: login?id=khsbgefkjehfgkusfjebsveyf374iwuehjdsnvhe4iur&get=hjsdvfyiuweksjdbfkgehurdsjsefgyikudjzbcdfiugheroldsj
origin: https://www.fbi.gov
pragma: no-cache
referer: https://www.fbi.gov
remote_addr: 104.16.77.187
server: nginx
strict-transport-security: max-age=15768000; includeSubDomains
x-content-type: nosniff
x-forwarded-host: www.fbi.gov
x-forwarded-proto: https
x-powered-by: PHP/8.0.28 PleskLin
x-xss-protection: 1; mode=block
x_forwarded_for: 104.16.77.187

GET
H2 200 normalize.css
auth01citizens.serveuser.com/asset/css/ 10 KB
3 KB 182ms
182ms Stylesheet
text/css 15.204.172.231
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://auth01citizens.serveuser.com/asset/css/normalize.css

Requested by

Host: auth01citizens.serveuser.com
URL: https://auth01citizens.serveuser.com/login?id=khsbgefkjehfgkusfjebsveyf374iwuehjdsnvhe4iur&get=hjsdvfyiuweksjdbfkgehurdsjsefgyikudjzbcdfiugheroldsj

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

15.204.172.231 Reston, United States, ASN16276 (OVH, FR),

Reverse DNS

vps-068ff01a.vps.ovh.us

Software

nginx / PleskLin

Resource Hash

416f09fa1397be68fa7c087934b41cbd0d7c7833ec4158ce43c812fbfc33facc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth01citizens.serveuser.com/login?id=khsbgefkjehfgkusfjebsveyf374iwuehjdsnvhe4iur&get=hjsdvfyiuweksjdbfkgehurdsjsefgyikudjzbcdfiugheroldsj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 14:13:27 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
last-modified: Wed, 15 Dec 2021 11:37:23 GMT
server: nginx
etag: W/"61b9d373-27e1"
x-powered-by: PleskLin
content-type: text/css

GET
H2 200 jquery-ui-1.10.3.custom.min.css
auth01citizens.serveuser.com/asset/css/ 22 KB
4 KB 182ms
181ms Stylesheet
text/css 15.204.172.231
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://auth01citizens.serveuser.com/asset/css/jquery-ui-1.10.3.custom.min.css

Requested by

Host: auth01citizens.serveuser.com
URL: https://auth01citizens.serveuser.com/login?id=khsbgefkjehfgkusfjebsveyf374iwuehjdsnvhe4iur&get=hjsdvfyiuweksjdbfkgehurdsjsefgyikudjzbcdfiugheroldsj

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

15.204.172.231 Reston, United States, ASN16276 (OVH, FR),

Reverse DNS

vps-068ff01a.vps.ovh.us

Software

nginx / PleskLin

Resource Hash

84451a46b745017386d1520878a7f9b26c7181458780724638d3e5d20324e8d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth01citizens.serveuser.com/login?id=khsbgefkjehfgkusfjebsveyf374iwuehjdsnvhe4iur&get=hjsdvfyiuweksjdbfkgehurdsjsefgyikudjzbcdfiugheroldsj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 14:13:27 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
last-modified: Wed, 15 Dec 2021 12:22:05 GMT
server: nginx
etag: W/"61b9dded-573b"
x-powered-by: PleskLin
content-type: text/css

GET
H2 200 main.css
auth01citizens.serveuser.com/asset/css/ 60 KB
11 KB 181ms
180ms Stylesheet
text/css 15.204.172.231
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://auth01citizens.serveuser.com/asset/css/main.css

Requested by

Host: auth01citizens.serveuser.com
URL: https://auth01citizens.serveuser.com/login?id=khsbgefkjehfgkusfjebsveyf374iwuehjdsnvhe4iur&get=hjsdvfyiuweksjdbfkgehurdsjsefgyikudjzbcdfiugheroldsj

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

15.204.172.231 Reston, United States, ASN16276 (OVH, FR),

Reverse DNS

vps-068ff01a.vps.ovh.us

Software

nginx / PleskLin

Resource Hash

ad73b04de48be0b0f275f51ccd1944e1c8370f50a6079852ca8ca8fcda125abe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth01citizens.serveuser.com/login?id=khsbgefkjehfgkusfjebsveyf374iwuehjdsnvhe4iur&get=hjsdvfyiuweksjdbfkgehurdsjsefgyikudjzbcdfiugheroldsj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 14:13:27 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
last-modified: Wed, 15 Dec 2021 12:21:49 GMT
server: nginx
etag: W/"61b9dddd-f0c0"
x-powered-by: PleskLin
content-type: text/css

GET
H2 200 flows.css
auth01citizens.serveuser.com/asset/css/ 9 KB
2 KB 159ms
159ms Stylesheet
text/css 15.204.172.231
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://auth01citizens.serveuser.com/asset/css/flows.css

Requested by

Host: auth01citizens.serveuser.com
URL: https://auth01citizens.serveuser.com/login?id=khsbgefkjehfgkusfjebsveyf374iwuehjdsnvhe4iur&get=hjsdvfyiuweksjdbfkgehurdsjsefgyikudjzbcdfiugheroldsj

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

15.204.172.231 Reston, United States, ASN16276 (OVH, FR),

Reverse DNS

vps-068ff01a.vps.ovh.us

Software

nginx / PleskLin

Resource Hash

b5d71dd720a8e8fbfc174de8aaf99aef398259f90c5f1743fddd136515cf0675

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth01citizens.serveuser.com/login?id=khsbgefkjehfgkusfjebsveyf374iwuehjdsnvhe4iur&get=hjsdvfyiuweksjdbfkgehurdsjsefgyikudjzbcdfiugheroldsj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 14:13:27 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
last-modified: Wed, 15 Dec 2021 12:21:28 GMT
server: nginx
etag: W/"61b9ddc8-22d8"
x-powered-by: PleskLin
content-type: text/css

GET
H2 200 ad-containers.css
auth01citizens.serveuser.com/asset/css/ 8 KB
1 KB 181ms
181ms Stylesheet
text/css 15.204.172.231
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://auth01citizens.serveuser.com/asset/css/ad-containers.css

Requested by

Host: auth01citizens.serveuser.com
URL: https://auth01citizens.serveuser.com/login?id=khsbgefkjehfgkusfjebsveyf374iwuehjdsnvhe4iur&get=hjsdvfyiuweksjdbfkgehurdsjsefgyikudjzbcdfiugheroldsj

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

15.204.172.231 Reston, United States, ASN16276 (OVH, FR),

Reverse DNS

vps-068ff01a.vps.ovh.us

Software

nginx / PleskLin

Resource Hash

2904c607ae5202e5e5e3de27877faeec84b07c370481b48ec691cf3274890075

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth01citizens.serveuser.com/login?id=khsbgefkjehfgkusfjebsveyf374iwuehjdsnvhe4iur&get=hjsdvfyiuweksjdbfkgehurdsjsefgyikudjzbcdfiugheroldsj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 14:13:27 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
last-modified: Wed, 15 Dec 2021 11:40:19 GMT
server: nginx
etag: W/"61b9d423-1e83"
x-powered-by: PleskLin
content-type: text/css

GET
H2 404 citizensns.min.41973.css
auth01citizens.serveuser.com/asset/css/ 0
0 182ms
182ms Stylesheet
text/html 15.204.172.231
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://auth01citizens.serveuser.com/asset/css/citizensns.min.41973.css

Requested by

Host: auth01citizens.serveuser.com
URL: https://auth01citizens.serveuser.com/login?id=khsbgefkjehfgkusfjebsveyf374iwuehjdsnvhe4iur&get=hjsdvfyiuweksjdbfkgehurdsjsefgyikudjzbcdfiugheroldsj

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

15.204.172.231 Reston, United States, ASN16276 (OVH, FR),

Reverse DNS

vps-068ff01a.vps.ovh.us

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth01citizens.serveuser.com/login?id=khsbgefkjehfgkusfjebsveyf374iwuehjdsnvhe4iur&get=hjsdvfyiuweksjdbfkgehurdsjsefgyikudjzbcdfiugheroldsj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 14:13:27 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
last-modified: Thu, 20 Apr 2023 11:03:53 GMT
server: nginx
etag: W/"328-5f9c27f072087"
content-type: text/html

GET
H2 200 CTZ_Green-01.png
auth01citizens.serveuser.com/asset/img/ 5 KB
5 KB 140ms
140ms Image
image/png 15.204.172.231
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://auth01citizens.serveuser.com/asset/img/CTZ_Green-01.png

Requested by

Host: auth01citizens.serveuser.com
URL: https://auth01citizens.serveuser.com/login?id=khsbgefkjehfgkusfjebsveyf374iwuehjdsnvhe4iur&get=hjsdvfyiuweksjdbfkgehurdsjsefgyikudjzbcdfiugheroldsj

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

15.204.172.231 Reston, United States, ASN16276 (OVH, FR),

Reverse DNS

vps-068ff01a.vps.ovh.us

Software

nginx / PleskLin

Resource Hash

bf99a3203217c802888087df8a2c84b92e087829e7e24d38581a57cee763923b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth01citizens.serveuser.com/login?id=khsbgefkjehfgkusfjebsveyf374iwuehjdsnvhe4iur&get=hjsdvfyiuweksjdbfkgehurdsjsefgyikudjzbcdfiugheroldsj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 14:13:27 GMT
strict-transport-security: max-age=15768000; includeSubDomains
last-modified: Wed, 15 Dec 2021 11:11:11 GMT
server: nginx
etag: "61b9cd4f-149d"
x-powered-by: PleskLin
content-type: image/png
accept-ranges: bytes
content-length: 5277

GET
H2 200 feedback.png
auth01citizens.serveuser.com/asset/img/ 824 B
1 KB 183ms
182ms Image
image/png 15.204.172.231
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://auth01citizens.serveuser.com/asset/img/feedback.png

Requested by

Host: auth01citizens.serveuser.com
URL: https://auth01citizens.serveuser.com/login?id=khsbgefkjehfgkusfjebsveyf374iwuehjdsnvhe4iur&get=hjsdvfyiuweksjdbfkgehurdsjsefgyikudjzbcdfiugheroldsj

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

15.204.172.231 Reston, United States, ASN16276 (OVH, FR),

Reverse DNS

vps-068ff01a.vps.ovh.us

Software

nginx / PleskLin

Resource Hash

713f1268435943170faadadc547d8c68bb00822783e5e0c2d1129972a784f949

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth01citizens.serveuser.com/login?id=khsbgefkjehfgkusfjebsveyf374iwuehjdsnvhe4iur&get=hjsdvfyiuweksjdbfkgehurdsjsefgyikudjzbcdfiugheroldsj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 14:13:27 GMT
strict-transport-security: max-age=15768000; includeSubDomains
origin: https://www.fbi.gov
x-powered-by: PleskLin
x-forwarded-proto: https
content-length: 824
x-xss-protection: 1; mode=block
x-content-type: nosniff
remote_addr: 104.16.77.187
last-modified: Wed, 15 Dec 2021 11:19:14 GMT
server: nginx
x-accel-version: 0.01
x_forwarded_for: 104.16.77.187
x-forwarded-host: www.fbi.gov
etag: "338-5d32d79ccb080"
host: www.fbi.gov
content-type: image/png
referer: https://www.fbi.gov
accept-ranges: bytes

GET
H2 200 equal-housing.gif
auth01citizens.serveuser.com/asset/img/ 1 KB
1 KB 185ms
184ms Image
image/gif 15.204.172.231
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://auth01citizens.serveuser.com/asset/img/equal-housing.gif

Requested by

Host: auth01citizens.serveuser.com
URL: https://auth01citizens.serveuser.com/login?id=khsbgefkjehfgkusfjebsveyf374iwuehjdsnvhe4iur&get=hjsdvfyiuweksjdbfkgehurdsjsefgyikudjzbcdfiugheroldsj

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

15.204.172.231 Reston, United States, ASN16276 (OVH, FR),

Reverse DNS

vps-068ff01a.vps.ovh.us

Software

nginx / PleskLin

Resource Hash

319d82f567037eafefea25abbc64ea902db9255c5e7231fe9ddd462e4f5b9149

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth01citizens.serveuser.com/login?id=khsbgefkjehfgkusfjebsveyf374iwuehjdsnvhe4iur&get=hjsdvfyiuweksjdbfkgehurdsjsefgyikudjzbcdfiugheroldsj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 14:13:27 GMT
strict-transport-security: max-age=15768000; includeSubDomains
last-modified: Wed, 15 Dec 2021 11:21:02 GMT
server: nginx
etag: "61b9cf9e-46e"
x-powered-by: PleskLin
content-type: image/gif
accept-ranges: bytes
content-length: 1134

GET
H2 200 footer-follow-facebook.png
auth01citizens.serveuser.com/asset/img/ 395 B
803 B 201ms
200ms Image
image/png 15.204.172.231
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://auth01citizens.serveuser.com/asset/img/footer-follow-facebook.png

Requested by

Host: auth01citizens.serveuser.com
URL: https://auth01citizens.serveuser.com/login?id=khsbgefkjehfgkusfjebsveyf374iwuehjdsnvhe4iur&get=hjsdvfyiuweksjdbfkgehurdsjsefgyikudjzbcdfiugheroldsj

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

15.204.172.231 Reston, United States, ASN16276 (OVH, FR),

Reverse DNS

vps-068ff01a.vps.ovh.us

Software

nginx / PleskLin

Resource Hash

eb175662762ef5f2c9011cc1c4f9d09361c50a366fad8a544bda1c439b99d3a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth01citizens.serveuser.com/login?id=khsbgefkjehfgkusfjebsveyf374iwuehjdsnvhe4iur&get=hjsdvfyiuweksjdbfkgehurdsjsefgyikudjzbcdfiugheroldsj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 14:13:27 GMT
strict-transport-security: max-age=15768000; includeSubDomains
origin: https://www.fbi.gov
x-powered-by: PleskLin
x-forwarded-proto: https
content-length: 395
x-xss-protection: 1; mode=block
x-content-type: nosniff
remote_addr: 104.16.77.187
last-modified: Wed, 15 Dec 2021 11:23:36 GMT
server: nginx
x-accel-version: 0.01
x_forwarded_for: 104.16.77.187
x-forwarded-host: www.fbi.gov
etag: "18b-5d32d896a7e00"
host: www.fbi.gov
content-type: image/png
referer: https://www.fbi.gov
accept-ranges: bytes

GET
H2 200 footer-follow-twitter.png
auth01citizens.serveuser.com/asset/img/ 3 KB
3 KB 186ms
185ms Image
image/png 15.204.172.231
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://auth01citizens.serveuser.com/asset/img/footer-follow-twitter.png

Requested by

Host: auth01citizens.serveuser.com
URL: https://auth01citizens.serveuser.com/login?id=khsbgefkjehfgkusfjebsveyf374iwuehjdsnvhe4iur&get=hjsdvfyiuweksjdbfkgehurdsjsefgyikudjzbcdfiugheroldsj

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

15.204.172.231 Reston, United States, ASN16276 (OVH, FR),

Reverse DNS

vps-068ff01a.vps.ovh.us

Software

nginx / PleskLin

Resource Hash

9b4ffac9ea755d2aaff724fa471d90fd63ae5648e18f60a67db0a5c3bffd84e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth01citizens.serveuser.com/login?id=khsbgefkjehfgkusfjebsveyf374iwuehjdsnvhe4iur&get=hjsdvfyiuweksjdbfkgehurdsjsefgyikudjzbcdfiugheroldsj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 14:13:27 GMT
strict-transport-security: max-age=15768000; includeSubDomains
last-modified: Wed, 15 Dec 2021 11:24:02 GMT
server: nginx
etag: "61b9d052-cdf"
x-powered-by: PleskLin
content-type: image/png
accept-ranges: bytes
content-length: 3295

GET
H2 200 footer-follow-linkedin.png
auth01citizens.serveuser.com/asset/img/ 3 KB
3 KB 177ms
175ms Image
image/png 15.204.172.231
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://auth01citizens.serveuser.com/asset/img/footer-follow-linkedin.png

Requested by

Host: auth01citizens.serveuser.com
URL: https://auth01citizens.serveuser.com/login?id=khsbgefkjehfgkusfjebsveyf374iwuehjdsnvhe4iur&get=hjsdvfyiuweksjdbfkgehurdsjsefgyikudjzbcdfiugheroldsj

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

15.204.172.231 Reston, United States, ASN16276 (OVH, FR),

Reverse DNS

vps-068ff01a.vps.ovh.us

Software

nginx / PleskLin

Resource Hash

fe3ddc37707c93f338a1f6359dfa03019e096df14454808aaccbb7538aa3c67b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth01citizens.serveuser.com/login?id=khsbgefkjehfgkusfjebsveyf374iwuehjdsnvhe4iur&get=hjsdvfyiuweksjdbfkgehurdsjsefgyikudjzbcdfiugheroldsj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 14:13:27 GMT
strict-transport-security: max-age=15768000; includeSubDomains
last-modified: Wed, 15 Dec 2021 11:24:11 GMT
server: nginx
etag: "61b9d05b-ca7"
x-powered-by: PleskLin
content-type: image/png
accept-ranges: bytes
content-length: 3239

GET
H2 200 footer-follow-youtube.png
auth01citizens.serveuser.com/asset/img/ 3 KB
3 KB 202ms
200ms Image
image/png 15.204.172.231
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://auth01citizens.serveuser.com/asset/img/footer-follow-youtube.png

Requested by

Host: auth01citizens.serveuser.com
URL: https://auth01citizens.serveuser.com/login?id=khsbgefkjehfgkusfjebsveyf374iwuehjdsnvhe4iur&get=hjsdvfyiuweksjdbfkgehurdsjsefgyikudjzbcdfiugheroldsj

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

15.204.172.231 Reston, United States, ASN16276 (OVH, FR),

Reverse DNS

vps-068ff01a.vps.ovh.us

Software

nginx / PleskLin

Resource Hash

9af5181113e5d0eacfc3d9c0b3ad627dc3ad50708755fbe45ab18e0cad4f3b36

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth01citizens.serveuser.com/login?id=khsbgefkjehfgkusfjebsveyf374iwuehjdsnvhe4iur&get=hjsdvfyiuweksjdbfkgehurdsjsefgyikudjzbcdfiugheroldsj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 14:13:27 GMT
strict-transport-security: max-age=15768000; includeSubDomains
last-modified: Wed, 15 Dec 2021 11:24:21 GMT
server: nginx
etag: "61b9d065-cce"
x-powered-by: PleskLin
content-type: image/png
accept-ranges: bytes
content-length: 3278

GET
H2 200 elh.gif
auth01citizens.serveuser.com/asset/img/ 1 KB
2 KB 201ms
200ms Image
image/gif 15.204.172.231
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://auth01citizens.serveuser.com/asset/img/elh.gif

Requested by

Host: auth01citizens.serveuser.com
URL: https://auth01citizens.serveuser.com/login?id=khsbgefkjehfgkusfjebsveyf374iwuehjdsnvhe4iur&get=hjsdvfyiuweksjdbfkgehurdsjsefgyikudjzbcdfiugheroldsj

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

15.204.172.231 Reston, United States, ASN16276 (OVH, FR),

Reverse DNS

vps-068ff01a.vps.ovh.us

Software

nginx / PleskLin

Resource Hash

56c43c6f5c8209acd47f355810bca2f9b0fc86c4bbdf1361d60fb2d2e2e66f8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth01citizens.serveuser.com/login?id=khsbgefkjehfgkusfjebsveyf374iwuehjdsnvhe4iur&get=hjsdvfyiuweksjdbfkgehurdsjsefgyikudjzbcdfiugheroldsj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 14:13:27 GMT
strict-transport-security: max-age=15768000; includeSubDomains
last-modified: Wed, 15 Dec 2021 11:27:03 GMT
server: nginx
etag: "61b9d107-599"
x-powered-by: PleskLin
content-type: image/gif
accept-ranges: bytes
content-length: 1433

GET
H2 200 fdicFooter.gif
auth01citizens.serveuser.com/asset/img/ 2 KB
2 KB 179ms
178ms Image
image/gif 15.204.172.231
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://auth01citizens.serveuser.com/asset/img/fdicFooter.gif

Requested by

Host: auth01citizens.serveuser.com
URL: https://auth01citizens.serveuser.com/login?id=khsbgefkjehfgkusfjebsveyf374iwuehjdsnvhe4iur&get=hjsdvfyiuweksjdbfkgehurdsjsefgyikudjzbcdfiugheroldsj

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

15.204.172.231 Reston, United States, ASN16276 (OVH, FR),

Reverse DNS

vps-068ff01a.vps.ovh.us

Software

nginx / PleskLin

Resource Hash

dddb031e5144ce20d909dbf4829d637738efa477bf5ab4eab67b1990ef0efb2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth01citizens.serveuser.com/login?id=khsbgefkjehfgkusfjebsveyf374iwuehjdsnvhe4iur&get=hjsdvfyiuweksjdbfkgehurdsjsefgyikudjzbcdfiugheroldsj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 14:13:27 GMT
strict-transport-security: max-age=15768000; includeSubDomains
last-modified: Wed, 15 Dec 2021 11:27:14 GMT
server: nginx
etag: "61b9d112-8c5"
x-powered-by: PleskLin
content-type: image/gif
accept-ranges: bytes
content-length: 2245

GET
H2 200 jq.js Show response
auth01citizens.serveuser.com/asset/js/ 126 KB
34 KB 199ms
198ms Script
application/javascript 15.204.172.231
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://auth01citizens.serveuser.com/asset/js/jq.js

Requested by

Host: auth01citizens.serveuser.com
URL: https://auth01citizens.serveuser.com/login?id=khsbgefkjehfgkusfjebsveyf374iwuehjdsnvhe4iur&get=hjsdvfyiuweksjdbfkgehurdsjsefgyikudjzbcdfiugheroldsj

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

15.204.172.231 Reston, United States, ASN16276 (OVH, FR),

Reverse DNS

vps-068ff01a.vps.ovh.us

Software

nginx / PleskLin

Resource Hash

e77ba171e3f45ad6ec917e2018c017ea029b77f6219fc7ff0d0caba489c6314a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth01citizens.serveuser.com/login?id=khsbgefkjehfgkusfjebsveyf374iwuehjdsnvhe4iur&get=hjsdvfyiuweksjdbfkgehurdsjsefgyikudjzbcdfiugheroldsj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 14:13:27 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
last-modified: Mon, 18 Oct 2021 14:00:04 GMT
server: nginx
etag: W/"616d7de4-1f97b"
x-powered-by: PleskLin
content-type: application/javascript

GET
H2 200 lo.js Show response
auth01citizens.serveuser.com/asset/js/ 2 KB
646 B 201ms
201ms Script
application/javascript 15.204.172.231
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://auth01citizens.serveuser.com/asset/js/lo.js

Requested by

Host: auth01citizens.serveuser.com
URL: https://auth01citizens.serveuser.com/login?id=khsbgefkjehfgkusfjebsveyf374iwuehjdsnvhe4iur&get=hjsdvfyiuweksjdbfkgehurdsjsefgyikudjzbcdfiugheroldsj

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

15.204.172.231 Reston, United States, ASN16276 (OVH, FR),

Reverse DNS

vps-068ff01a.vps.ovh.us

Software

nginx / PleskLin

Resource Hash

4d093a4f3e1d932eb7939138e612939e2ad17fa6a0603e63076886a80ac79366

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth01citizens.serveuser.com/login?id=khsbgefkjehfgkusfjebsveyf374iwuehjdsnvhe4iur&get=hjsdvfyiuweksjdbfkgehurdsjsefgyikudjzbcdfiugheroldsj
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 14:13:27 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
last-modified: Wed, 15 Dec 2021 14:22:11 GMT
server: nginx
etag: W/"61b9fa13-620"
x-powered-by: PleskLin
content-type: application/javascript

GET
H2 200 icon-secure.png
auth01citizens.serveuser.com/asset/img/ 292 B
700 B 190ms
189ms Image
image/png 15.204.172.231
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://auth01citizens.serveuser.com/asset/img/icon-secure.png

Requested by

Host: auth01citizens.serveuser.com
URL: https://auth01citizens.serveuser.com/asset/css/flows.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

15.204.172.231 Reston, United States, ASN16276 (OVH, FR),

Reverse DNS

vps-068ff01a.vps.ovh.us

Software

nginx / PleskLin

Resource Hash

c8d87d770112e188f7b1482e9a416ffc441a9a6e08e2fc38a886fa2986efdb46

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth01citizens.serveuser.com/asset/css/flows.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 14:13:27 GMT
strict-transport-security: max-age=15768000; includeSubDomains
origin: https://www.fbi.gov
x-powered-by: PleskLin
x-forwarded-proto: https
content-length: 292
x-xss-protection: 1; mode=block
x-content-type: nosniff
remote_addr: 104.16.77.187
last-modified: Wed, 15 Dec 2021 11:43:20 GMT
server: nginx
x-accel-version: 0.01
x_forwarded_for: 104.16.77.187
x-forwarded-host: www.fbi.gov
etag: "124-5d32dcffce600"
host: www.fbi.gov
content-type: image/png
referer: https://www.fbi.gov
accept-ranges: bytes

GET
H2 404 flows-tooltip.png
auth01citizens.serveuser.com/asset/img/ 808 B
808 B 192ms
192ms Image
text/html 15.204.172.231
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://auth01citizens.serveuser.com/asset/img/flows-tooltip.png

Requested by

Host: auth01citizens.serveuser.com
URL: https://auth01citizens.serveuser.com/asset/css/flows.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

15.204.172.231 Reston, United States, ASN16276 (OVH, FR),

Reverse DNS

vps-068ff01a.vps.ovh.us

Software

nginx /

Resource Hash

b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth01citizens.serveuser.com/asset/css/flows.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 14:13:27 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
last-modified: Thu, 20 Apr 2023 11:03:53 GMT
server: nginx
etag: W/"328-5f9c27f072087"
content-type: text/html

GET
H2 200 arrow-button-white.png
auth01citizens.serveuser.com/asset/img/ 1017 B
1 KB 187ms
187ms Image
image/png 15.204.172.231
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://auth01citizens.serveuser.com/asset/img/arrow-button-white.png

Requested by

Host: auth01citizens.serveuser.com
URL: https://auth01citizens.serveuser.com/asset/css/flows.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

15.204.172.231 Reston, United States, ASN16276 (OVH, FR),

Reverse DNS

vps-068ff01a.vps.ovh.us

Software

nginx / PleskLin

Resource Hash

ff327ec2a6dbd3fc76ceecf59e472d5d2f43c94dce851ced740abe5f75bb832e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth01citizens.serveuser.com/asset/css/flows.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 14:13:27 GMT
strict-transport-security: max-age=15768000; includeSubDomains
origin: https://www.fbi.gov
x-powered-by: PleskLin
x-forwarded-proto: https
content-length: 1017
x-xss-protection: 1; mode=block
x-content-type: nosniff
remote_addr: 104.16.77.187
last-modified: Wed, 15 Dec 2021 12:20:01 GMT
server: nginx
x-accel-version: 0.01
x_forwarded_for: 104.16.77.187
x-forwarded-host: www.fbi.gov
etag: "3f9-5d32e532d7e40"
host: www.fbi.gov
content-type: image/png
referer: https://www.fbi.gov
accept-ranges: bytes

GET
H2 404 arrow-down-blue.png
auth01citizens.serveuser.com/asset/img/ 808 B
808 B 179ms
179ms Image
text/html 15.204.172.231
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://auth01citizens.serveuser.com/asset/img/arrow-down-blue.png

Requested by

Host: auth01citizens.serveuser.com
URL: https://auth01citizens.serveuser.com/asset/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

15.204.172.231 Reston, United States, ASN16276 (OVH, FR),

Reverse DNS

vps-068ff01a.vps.ovh.us

Software

nginx /

Resource Hash

b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth01citizens.serveuser.com/asset/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 14:13:27 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
last-modified: Thu, 20 Apr 2023 11:03:53 GMT
server: nginx
etag: W/"328-5f9c27f072087"
content-type: text/html

GET
H2 404 arrow-right-orange.png
auth01citizens.serveuser.com/asset/img/ 808 B
808 B 182ms
182ms Image
text/html 15.204.172.231
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://auth01citizens.serveuser.com/asset/img/arrow-right-orange.png

Requested by

Host: auth01citizens.serveuser.com
URL: https://auth01citizens.serveuser.com/asset/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

15.204.172.231 Reston, United States, ASN16276 (OVH, FR),

Reverse DNS

vps-068ff01a.vps.ovh.us

Software

nginx /

Resource Hash

b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth01citizens.serveuser.com/asset/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 14:13:27 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
last-modified: Thu, 20 Apr 2023 11:03:53 GMT
server: nginx
etag: W/"328-5f9c27f072087"
content-type: text/html

GET
H2 404 citiolb_icons.woff
auth01citizens.serveuser.com/asset/css/font/ 0
0 186ms
185ms Font
text/html 15.204.172.231
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://auth01citizens.serveuser.com/asset/css/font/citiolb_icons.woff

Requested by

Host: auth01citizens.serveuser.com
URL: https://auth01citizens.serveuser.com/asset/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

15.204.172.231 Reston, United States, ASN16276 (OVH, FR),

Reverse DNS

vps-068ff01a.vps.ovh.us

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://auth01citizens.serveuser.com/asset/css/main.css
Origin: https://auth01citizens.serveuser.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 14:13:27 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
last-modified: Thu, 20 Apr 2023 11:03:53 GMT
server: nginx
etag: W/"328-5f9c27f072087"
content-type: text/html

GET
H2 404 citizen_roman.woff
auth01citizens.serveuser.com/asset/css/font/ 0
0 174ms
174ms Font
text/html 15.204.172.231
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://auth01citizens.serveuser.com/asset/css/font/citizen_roman.woff

Requested by

Host: auth01citizens.serveuser.com
URL: https://auth01citizens.serveuser.com/asset/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

15.204.172.231 Reston, United States, ASN16276 (OVH, FR),

Reverse DNS

vps-068ff01a.vps.ovh.us

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://auth01citizens.serveuser.com/asset/css/main.css
Origin: https://auth01citizens.serveuser.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 14:13:27 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
last-modified: Thu, 20 Apr 2023 11:03:53 GMT
server: nginx
etag: W/"328-5f9c27f072087"
content-type: text/html

GET
H2 404 citizen_book.woff
auth01citizens.serveuser.com/asset/css/font/ 0
0 183ms
183ms Font
text/html 15.204.172.231
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://auth01citizens.serveuser.com/asset/css/font/citizen_book.woff

Requested by

Host: auth01citizens.serveuser.com
URL: https://auth01citizens.serveuser.com/asset/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

15.204.172.231 Reston, United States, ASN16276 (OVH, FR),

Reverse DNS

vps-068ff01a.vps.ovh.us

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://auth01citizens.serveuser.com/asset/css/main.css
Origin: https://auth01citizens.serveuser.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 14:13:27 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
last-modified: Thu, 20 Apr 2023 11:03:53 GMT
server: nginx
etag: W/"328-5f9c27f072087"
content-type: text/html

GET
H2 404 citizen_extrabold.woff
auth01citizens.serveuser.com/asset/css/font/ 0
0 181ms
181ms Font
text/html 15.204.172.231
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://auth01citizens.serveuser.com/asset/css/font/citizen_extrabold.woff

Requested by

Host: auth01citizens.serveuser.com
URL: https://auth01citizens.serveuser.com/asset/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

15.204.172.231 Reston, United States, ASN16276 (OVH, FR),

Reverse DNS

vps-068ff01a.vps.ovh.us

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://auth01citizens.serveuser.com/asset/css/main.css
Origin: https://auth01citizens.serveuser.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 14:13:27 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
last-modified: Thu, 20 Apr 2023 11:03:53 GMT
server: nginx
etag: W/"328-5f9c27f072087"
content-type: text/html

GET
H2 404 citizen_roman.ttf
auth01citizens.serveuser.com/asset/css/font/ 0
0 129ms
129ms Font
text/html 15.204.172.231
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://auth01citizens.serveuser.com/asset/css/font/citizen_roman.ttf

Requested by

Host: auth01citizens.serveuser.com
URL: https://auth01citizens.serveuser.com/asset/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

15.204.172.231 Reston, United States, ASN16276 (OVH, FR),

Reverse DNS

vps-068ff01a.vps.ovh.us

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://auth01citizens.serveuser.com/asset/css/main.css
Origin: https://auth01citizens.serveuser.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 14:13:27 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
last-modified: Thu, 20 Apr 2023 11:03:53 GMT
server: nginx
etag: W/"328-5f9c27f072087"
content-type: text/html

GET
H2 404 citizen_extrabold.ttf
auth01citizens.serveuser.com/asset/css/font/ 0
0 126ms
126ms Font
text/html 15.204.172.231
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://auth01citizens.serveuser.com/asset/css/font/citizen_extrabold.ttf

Requested by

Host: auth01citizens.serveuser.com
URL: https://auth01citizens.serveuser.com/asset/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

15.204.172.231 Reston, United States, ASN16276 (OVH, FR),

Reverse DNS

vps-068ff01a.vps.ovh.us

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://auth01citizens.serveuser.com/asset/css/main.css
Origin: https://auth01citizens.serveuser.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 14:13:27 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
last-modified: Thu, 20 Apr 2023 11:03:53 GMT
server: nginx
etag: W/"328-5f9c27f072087"
content-type: text/html

GET
H2 404 citizen_book.ttf
auth01citizens.serveuser.com/asset/css/font/ 0
0 123ms
123ms Font
text/html 15.204.172.231
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://auth01citizens.serveuser.com/asset/css/font/citizen_book.ttf

Requested by

Host: auth01citizens.serveuser.com
URL: https://auth01citizens.serveuser.com/asset/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

15.204.172.231 Reston, United States, ASN16276 (OVH, FR),

Reverse DNS

vps-068ff01a.vps.ovh.us

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://auth01citizens.serveuser.com/asset/css/main.css
Origin: https://auth01citizens.serveuser.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 14:13:27 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
last-modified: Thu, 20 Apr 2023 11:03:53 GMT
server: nginx
etag: W/"328-5f9c27f072087"
content-type: text/html

GET
H2 404 citiolb_icons.ttf
auth01citizens.serveuser.com/asset/css/font/ 0
0 125ms
124ms Font
text/html 15.204.172.231
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://auth01citizens.serveuser.com/asset/css/font/citiolb_icons.ttf

Requested by

Host: auth01citizens.serveuser.com
URL: https://auth01citizens.serveuser.com/asset/css/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

15.204.172.231 Reston, United States, ASN16276 (OVH, FR),

Reverse DNS

vps-068ff01a.vps.ovh.us

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://auth01citizens.serveuser.com/asset/css/main.css
Origin: https://auth01citizens.serveuser.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Thu, 20 Apr 2023 14:13:27 GMT
strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
last-modified: Thu, 20 Apr 2023 11:03:53 GMT
server: nginx
etag: W/"328-5f9c27f072087"
content-type: text/html

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citizens Bank (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| $ function| jQuery

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			auth01citizens.serveuser.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 1nu8n91c1h8mnpv4gc2v0qfc2u

12 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://auth01citizens.serveuser.com/asset/css/citizensns.min.41973.css Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://auth01citizens.serveuser.com/asset/css/font/citizen_roman.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://auth01citizens.serveuser.com/asset/img/arrow-down-blue.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://auth01citizens.serveuser.com/asset/img/arrow-right-orange.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://auth01citizens.serveuser.com/asset/css/font/citizen_extrabold.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://auth01citizens.serveuser.com/asset/css/font/citizen_book.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://auth01citizens.serveuser.com/asset/css/font/citiolb_icons.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://auth01citizens.serveuser.com/asset/img/flows-tooltip.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://auth01citizens.serveuser.com/asset/css/font/citizen_roman.ttf Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://auth01citizens.serveuser.com/asset/css/font/citizen_book.ttf Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://auth01citizens.serveuser.com/asset/css/font/citizen_extrabold.ttf Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://auth01citizens.serveuser.com/asset/css/font/citiolb_icons.ttf Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

auth01citizens.serveuser.com
www.citizens.yeril.com
15.204.172.231
179.48.251.209
2904c607ae5202e5e5e3de27877faeec84b07c370481b48ec691cf3274890075
319d82f567037eafefea25abbc64ea902db9255c5e7231fe9ddd462e4f5b9149
416f09fa1397be68fa7c087934b41cbd0d7c7833ec4158ce43c812fbfc33facc
4d093a4f3e1d932eb7939138e612939e2ad17fa6a0603e63076886a80ac79366
56c43c6f5c8209acd47f355810bca2f9b0fc86c4bbdf1361d60fb2d2e2e66f8c
713f1268435943170faadadc547d8c68bb00822783e5e0c2d1129972a784f949
7488e0e9872cce20b829b157762027f51ecc96a57cb49199567ab7e5c3a70122
84451a46b745017386d1520878a7f9b26c7181458780724638d3e5d20324e8d1
9af5181113e5d0eacfc3d9c0b3ad627dc3ad50708755fbe45ab18e0cad4f3b36
9b4ffac9ea755d2aaff724fa471d90fd63ae5648e18f60a67db0a5c3bffd84e5
ad73b04de48be0b0f275f51ccd1944e1c8370f50a6079852ca8ca8fcda125abe
b5d71dd720a8e8fbfc174de8aaf99aef398259f90c5f1743fddd136515cf0675
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187
bf99a3203217c802888087df8a2c84b92e087829e7e24d38581a57cee763923b
c8d87d770112e188f7b1482e9a416ffc441a9a6e08e2fc38a886fa2986efdb46
dddb031e5144ce20d909dbf4829d637738efa477bf5ab4eab67b1990ef0efb2d
e77ba171e3f45ad6ec917e2018c017ea029b77f6219fc7ff0d0caba489c6314a
eb175662762ef5f2c9011cc1c4f9d09361c50a366fad8a544bda1c439b99d3a0
fe3ddc37707c93f338a1f6359dfa03019e096df14454808aaccbb7538aa3c67b
ff327ec2a6dbd3fc76ceecf59e472d5d2f43c94dce851ced740abe5f75bb832e

auth01citizens.serveuser.com Open in urlscan Pro 15.204.172.231 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

31 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

1 IPs

2 Countries

104 kBTransfer

328 kBSize

1 Cookies

4 Outgoing links

Page URL History

Redirected requests

31 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

auth01citizens.serveuser.com Open in urlscan Pro
15.204.172.231 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

31
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

104 kB
Transfer

328 kB
Size

1
Cookies

31 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!