www.knoxon.com.vn Open in urlscan Pro
103.90.234.136  Malicious Activity! Public Scan

7 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response www.knoxon.com.vn/	13 KB 3 KB	1961ms 268ms	Document text/html	103.90.234.136 WEBPANDA-AS-VN Co...
General Check archive.org Show headers Download Go to Full URL https://www.knoxon.com.vn/ Protocol H2 Security TLS 1.3, , CHACHA20_POLY1305 Server 103.90.234.136 , Viet Nam, ASN135917 (WEBPANDA-AS-VN Cong ty TNHH Web Panda, VN), Reverse DNS Software LiteSpeed / Resource Hash a8db8d719b68b2525b8c01dae4bd2a70b4d48e0d7970ca218009ef977436b22c Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers accept-ranges bytes alt-svc h3-32=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-encoding br content-length 3285 content-type text/html date Tue, 14 Jun 2022 00:20:23 GMT etag "3287-62a23549-4477b;br" last-modified Thu, 09 Jun 2022 18:00:41 GMT server LiteSpeed vary Accept-Encoding
GET H2	200	pm_fp.js Show response www3.citizensbankonline.com/efs/efs/jsp-ns/	23 KB 6 KB	274ms 71ms	Script application/x-javascript	23.205.230.114 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www3.citizensbankonline.com/efs/efs/jsp-ns/pm_fp.js Requested by Host: www.knoxon.com.vn URL: https://www.knoxon.com.vn/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.205.230.114 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-205-230-114.deploy.static.akamaitechnologies.com Software Akamai Resource Optimizer / Resource Hash c6fbe2de716de3100ada73ac3cd1f0c52d3bcd0957ae1623c2abd1c94e91e21e Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.knoxon.com.vn/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Tue, 14 Jun 2022 00:20:33 GMT content-encoding br server-timing cdn-cache; desc=HIT, edge; dur=1 content-length 5739 x-olb-req-received t=1655100397226290 last-modified Mon, 13 Jun 2022 06:21:45 GMT server Akamai Resource Optimizer x-frame-options SAMEORIGIN etag "5cbf-5e14a80783b84" vary Accept-Encoding strict-transport-security max-age=15768000 content-type application/x-javascript access-control-allow-origin * expires Tue, 14 Jun 2022 06:42:11 GMT cache-control max-age=22898 accept-ranges bytes lb-action None, None x-olb-req-duration D=1041
GET H2	200	jquery-ui-1.10.1.custom.min.css www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-ui/css/custom-theme/	22 KB 4 KB	382ms 179ms	Stylesheet text/css	23.205.230.114 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-ui/css/custom-theme/jquery-ui-1.10.1.custom.min.css Requested by Host: www.knoxon.com.vn URL: https://www.knoxon.com.vn/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.205.230.114 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-205-230-114.deploy.static.akamaitechnologies.com Software Akamai Resource Optimizer / Resource Hash f59cebc4c1888584b772204419501ba1c1d81e38fad05495e9991f468486fd55 Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.knoxon.com.vn/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Tue, 14 Jun 2022 00:20:33 GMT content-encoding br server-timing cdn-cache; desc=HIT, edge; dur=131 content-length 3624 x-olb-req-received t=1655101137070639 last-modified Mon, 13 Jun 2022 06:20:13 GMT server Akamai Resource Optimizer x-frame-options SAMEORIGIN etag "5872-5e14a80784354" vary Accept-Encoding strict-transport-security max-age=15768000 content-type text/css access-control-allow-origin * expires Wed, 15 Jun 2022 00:20:04 GMT cache-control max-age=86371 accept-ranges bytes lb-action None, None x-olb-req-duration D=728
GET H2	200	jquery.min.js Show response www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-ui/js/	90 KB 29 KB	449ms 246ms	Script application/x-javascript	23.205.230.114 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-ui/js/jquery.min.js Requested by Host: www.knoxon.com.vn URL: https://www.knoxon.com.vn/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.205.230.114 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-205-230-114.deploy.static.akamaitechnologies.com Software Akamai Resource Optimizer / Resource Hash c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4 Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.knoxon.com.vn/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Tue, 14 Jun 2022 00:20:34 GMT content-encoding br server-timing cdn-cache; desc=HIT, edge; dur=162 content-length 29348 x-olb-req-received t=1655110283644630 last-modified Mon, 13 Jun 2022 08:51:24 GMT server Akamai Resource Optimizer x-frame-options SAMEORIGIN etag "169d5-5e14a8518efe8" vary Accept-Encoding strict-transport-security max-age=15768000 content-type application/x-javascript access-control-allow-origin * expires Wed, 15 Jun 2022 00:19:40 GMT cache-control max-age=86346 accept-ranges bytes lb-action None, None x-olb-req-duration D=4750
GET H2	200	jquery.hoverIntent.js Show response www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/	1 KB 800 B	441ms 238ms	Script application/x-javascript	23.205.230.114 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery.hoverIntent.js Requested by Host: www.knoxon.com.vn URL: https://www.knoxon.com.vn/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.205.230.114 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-205-230-114.deploy.static.akamaitechnologies.com Software Akamai Resource Optimizer / Resource Hash 5f5174ecbf3d9d3a7154c20eba9fc818d9a208e4100a0f43a1f948a4331a92cc Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.knoxon.com.vn/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Tue, 14 Jun 2022 00:20:34 GMT content-encoding br server-timing cdn-cache; desc=HIT, edge; dur=142 content-length 423 x-olb-req-received t=1655110580253984 last-modified Mon, 13 Jun 2022 08:56:20 GMT server Akamai Resource Optimizer x-frame-options SAMEORIGIN etag "499-5e14a8518efe8" vary Accept-Encoding strict-transport-security max-age=15768000 content-type application/x-javascript access-control-allow-origin * expires Wed, 15 Jun 2022 00:19:11 GMT cache-control max-age=86317 accept-ranges bytes lb-action None, None x-olb-req-duration D=446
GET H2	200	jquery-ui-1.10.1.custom.min.js Show response www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-ui/js/	111 KB 27 KB	705ms 503ms	Script application/x-javascript	23.205.230.114 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-ui/js/jquery-ui-1.10.1.custom.min.js Requested by Host: www.knoxon.com.vn URL: https://www.knoxon.com.vn/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.205.230.114 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-205-230-114.deploy.static.akamaitechnologies.com Software Akamai Resource Optimizer / Resource Hash 9b0f09ae5fc8e00a9b17d7600e32dc11b1074248a3ae9e32f8a340eae91200af Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.knoxon.com.vn/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Tue, 14 Jun 2022 00:20:34 GMT content-encoding br server-timing cdn-cache; desc=HIT, edge; dur=392 content-length 27690 x-olb-req-received t=1655112281109646 last-modified Mon, 13 Jun 2022 09:24:41 GMT server Akamai Resource Optimizer x-frame-options SAMEORIGIN etag "1bdee-5e14a8518b2ba" vary Accept-Encoding strict-transport-security max-age=15768000 content-type application/x-javascript access-control-allow-origin * expires Wed, 15 Jun 2022 00:20:32 GMT cache-control max-age=86398 accept-ranges bytes lb-action None, None x-olb-req-duration D=5023
GET H2	200	capslock.jquery.js Show response www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/caps_lock/	3 KB 1 KB	456ms 254ms	Script application/x-javascript	23.205.230.114 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/caps_lock/capslock.jquery.js Requested by Host: www.knoxon.com.vn URL: https://www.knoxon.com.vn/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.205.230.114 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-205-230-114.deploy.static.akamaitechnologies.com Software Akamai Resource Optimizer / Resource Hash 1730f7d7aa6c474051605e0e7609cccd15ea3a39de9803973568e6c08effbdf1 Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.knoxon.com.vn/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Tue, 14 Jun 2022 00:20:34 GMT content-encoding br server-timing cdn-cache; desc=HIT, edge; dur=132 content-length 976 x-olb-req-received t=1655100962081471 last-modified Mon, 13 Jun 2022 06:17:31 GMT server Akamai Resource Optimizer x-frame-options SAMEORIGIN etag "c44-5e14a8518e818" vary Accept-Encoding strict-transport-security max-age=15768000 content-type application/x-javascript access-control-allow-origin * expires Wed, 15 Jun 2022 00:19:02 GMT cache-control max-age=86308 accept-ranges bytes lb-action None, None x-olb-req-duration D=352
GET H2	200	styles-2013.css www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/	16 KB 3 KB	415ms 213ms	Stylesheet text/css	23.205.230.114 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css Requested by Host: www.knoxon.com.vn URL: https://www.knoxon.com.vn/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.205.230.114 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-205-230-114.deploy.static.akamaitechnologies.com Software Akamai Resource Optimizer / Resource Hash 19bc7e5458ebf92f38e4135878f166318630777c059b386613f2871c4d15fda2 Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.knoxon.com.vn/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Tue, 14 Jun 2022 00:20:34 GMT content-encoding br server-timing cdn-cache; desc=HIT, edge; dur=151 content-length 3128 x-olb-req-received t=1655109929065738 last-modified Mon, 13 Jun 2022 08:49:52 GMT server Akamai Resource Optimizer x-frame-options SAMEORIGIN etag "40cc-5e14a80783b84" vary Accept-Encoding strict-transport-security max-age=15768000 content-type text/css access-control-allow-origin * expires Wed, 15 Jun 2022 00:16:11 GMT cache-control max-age=86137 accept-ranges bytes lb-action None, None x-olb-req-duration D=747
GET H2	200	hinticon.png www3.citizensbankonline.com/efs/efs/grafx/	1 KB 1 KB	638ms 637ms	Image image/png	23.205.230.114 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www3.citizensbankonline.com/efs/efs/grafx/hinticon.png Requested by Host: www.knoxon.com.vn URL: https://www.knoxon.com.vn/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.205.230.114 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-205-230-114.deploy.static.akamaitechnologies.com Software / Resource Hash f94fc49d5ff852c411e3da487bd4f63aed16a07642fd0b1231887e8ac3d9b05f Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.knoxon.com.vn/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Tue, 14 Jun 2022 00:20:34 GMT x-olb-req-received t=1655110246767708 last-modified Sat, 29 Jan 2022 03:00:50 GMT etag "4c3-5d6afc2410b0e" x-frame-options SAMEORIGIN content-type image/png access-control-allow-origin * cache-control max-age=549047 x-olb-req-duration D=104 server-timing cdn-cache; desc=HIT, edge; dur=591 content-length 1219 strict-transport-security max-age=15768000 accept-ranges bytes lb-action None expires Mon, 20 Jun 2022 08:51:21 GMT
GET H2	200	ehl.gif www3.citizensbankonline.com/efs/efs/grafx/	88 B 401 B	46ms 46ms	Image image/gif	23.205.230.114 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www3.citizensbankonline.com/efs/efs/grafx/ehl.gif Requested by Host: www.knoxon.com.vn URL: https://www.knoxon.com.vn/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.205.230.114 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-205-230-114.deploy.static.akamaitechnologies.com Software / Resource Hash f38ccfb82832d5d520a762b30713c43d178f8e9b6e0f9f51970611f06636d6aa Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.knoxon.com.vn/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Tue, 14 Jun 2022 00:20:34 GMT x-olb-req-received t=1655100615867353 last-modified Sat, 29 Jan 2022 03:02:19 GMT etag "58-5d6afc798bfb1" x-frame-options SAMEORIGIN content-type image/gif access-control-allow-origin * cache-control max-age=539397 x-olb-req-duration D=130 server-timing cdn-cache; desc=HIT, edge; dur=1 content-length 88 strict-transport-security max-age=15768000 accept-ranges bytes lb-action None expires Mon, 20 Jun 2022 06:10:31 GMT
GET H2	200	common.js Show response www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/	5 KB 2 KB	47ms 46ms	Script application/x-javascript	23.205.230.114 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/common.js Requested by Host: www.knoxon.com.vn URL: https://www.knoxon.com.vn/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.205.230.114 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-205-230-114.deploy.static.akamaitechnologies.com Software Akamai Resource Optimizer / Resource Hash e8c5013c999bee8dd455c1ac01133c69dd9aa06b34a7397bdff291c5ecbdc84d Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.knoxon.com.vn/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Tue, 14 Jun 2022 00:20:34 GMT content-encoding br server-timing cdn-cache; desc=HIT, edge; dur=1 content-length 1356 x-olb-req-received t=1655100398344233 last-modified Mon, 13 Jun 2022 06:12:00 GMT server Akamai Resource Optimizer x-frame-options SAMEORIGIN etag "12f5-5e14a80783b84" vary Accept-Encoding strict-transport-security max-age=15768000 content-type application/x-javascript access-control-allow-origin * expires Tue, 14 Jun 2022 06:42:10 GMT cache-control max-age=22896 accept-ranges bytes lb-action None, None x-olb-req-duration D=364
GET H2	200	citizens-logo-sm.png www3.citizensbankonline.com/efs/efs/grafx/	3 KB 3 KB	1206ms 1205ms	Image image/png	23.205.230.114 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www3.citizensbankonline.com/efs/efs/grafx/citizens-logo-sm.png Requested by Host: www3.citizensbankonline.com URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.205.230.114 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-205-230-114.deploy.static.akamaitechnologies.com Software / Resource Hash 61ab87df5a701ac0749d98660ebbdca021127991d12c2f79cdd723f8a96ecd5a Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Tue, 14 Jun 2022 00:20:35 GMT x-olb-req-received t=1655110246739722 last-modified Sat, 29 Jan 2022 03:01:29 GMT etag "ae9-5d6afc499f8b8" x-frame-options SAMEORIGIN content-type image/png access-control-allow-origin * cache-control max-age=549057 x-olb-req-duration D=150 server-timing cdn-cache; desc=HIT, edge; dur=1160 content-length 2793 strict-transport-security max-age=15768000 accept-ranges bytes lb-action None expires Mon, 20 Jun 2022 08:51:32 GMT
GET H2	200	splitter.png www3.citizensbankonline.com/efs/efs/grafx/	2 KB 2 KB	380ms 379ms	Image image/png	23.205.230.114 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www3.citizensbankonline.com/efs/efs/grafx/splitter.png Requested by Host: www3.citizensbankonline.com URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.205.230.114 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-205-230-114.deploy.static.akamaitechnologies.com Software / Resource Hash 089d475a97a845f1fa56d66ce227f9a70170aa893249052a7089c307c614daf1 Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Tue, 14 Jun 2022 00:20:34 GMT x-olb-req-received t=1655110246732853 last-modified Sat, 29 Jan 2022 03:02:20 GMT etag "6f1-5d6afc79b4820" x-frame-options SAMEORIGIN content-type image/png access-control-allow-origin * cache-control max-age=549124 x-olb-req-duration D=154 server-timing cdn-cache; desc=HIT, edge; dur=327 content-length 1777 strict-transport-security max-age=15768000 accept-ranges bytes lb-action None expires Mon, 20 Jun 2022 08:52:38 GMT
GET H2	200	lock-grn.png www3.citizensbankonline.com/efs/efs/grafx/	1 KB 2 KB	1670ms 1670ms	Image image/png	23.205.230.114 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www3.citizensbankonline.com/efs/efs/grafx/lock-grn.png Requested by Host: www3.citizensbankonline.com URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.205.230.114 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-205-230-114.deploy.static.akamaitechnologies.com Software / Resource Hash 7574983a9af6d447856f9965e1d156c0027cead27de40ea7af026da3574fc566 Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Tue, 14 Jun 2022 00:20:36 GMT x-olb-req-received t=1655110246739169 last-modified Sat, 29 Jan 2022 03:00:50 GMT etag "51b-5d6afc24116c6" x-frame-options SAMEORIGIN content-type image/png access-control-allow-origin * cache-control max-age=548864 x-olb-req-duration D=128 server-timing cdn-cache; desc=HIT, edge; dur=1609 content-length 1307 strict-transport-security max-age=15768000 accept-ranges bytes lb-action None expires Mon, 20 Jun 2022 08:48:20 GMT
GET H2	200	arrow-collapse.png www3.citizensbankonline.com/efs/efs/grafx/	1 KB 1 KB	1666ms 1666ms	Image image/png	23.205.230.114 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www3.citizensbankonline.com/efs/efs/grafx/arrow-collapse.png Requested by Host: www3.citizensbankonline.com URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.205.230.114 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-205-230-114.deploy.static.akamaitechnologies.com Software / Resource Hash 34a0f68c279cbb29c79717498dbe63d577a1f94ae9c57aa886a5af279c56b9be Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Tue, 14 Jun 2022 00:20:36 GMT x-olb-req-received t=1655110246749070 last-modified Sat, 29 Jan 2022 03:02:19 GMT etag "40c-5d6afc790e7e4" x-frame-options SAMEORIGIN content-type image/png access-control-allow-origin * cache-control max-age=549008 x-olb-req-duration D=128 server-timing cdn-cache; desc=HIT, edge; dur=1597 content-length 1036 strict-transport-security max-age=15768000 accept-ranges bytes lb-action None expires Mon, 20 Jun 2022 08:50:44 GMT
GET H2	200	citizen_roman.woff www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/	31 KB 32 KB	157ms 45ms	Font application/octet-stream	23.205.230.114 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_roman.woff Requested by Host: www3.citizensbankonline.com URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.205.230.114 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-205-230-114.deploy.static.akamaitechnologies.com Software / Resource Hash c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42 Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers Referer https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css Origin https://www.knoxon.com.vn accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Tue, 14 Jun 2022 00:20:34 GMT x-olb-req-received t=1655100403501047 last-modified Mon, 13 Jun 2022 01:51:00 GMT etag "7ce0-5e14a8518a702" x-frame-options SAMEORIGIN access-control-allow-origin * cache-control max-age=539189 x-olb-req-duration D=185 server-timing cdn-cache; desc=HIT, edge; dur=1 content-length 31968 strict-transport-security max-age=15768000 accept-ranges bytes lb-action None expires Mon, 20 Jun 2022 06:07:03 GMT
GET H2	200	citizen_bold.woff www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/	29 KB 29 KB	196ms 85ms	Font application/octet-stream	23.205.230.114 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_bold.woff Requested by Host: www3.citizensbankonline.com URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.205.230.114 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-205-230-114.deploy.static.akamaitechnologies.com Software / Resource Hash 5bb2d438470a02799577010a14310fa8ac3ed7ea77ca15435aaaa154e407b3e6 Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers Referer https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css Origin https://www.knoxon.com.vn accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Tue, 14 Jun 2022 00:20:34 GMT x-olb-req-received t=1655100398219596 last-modified Mon, 13 Jun 2022 01:51:00 GMT etag "7278-5e14a85189f32" x-frame-options SAMEORIGIN access-control-allow-origin * cache-control max-age=539159 x-olb-req-duration D=222 server-timing cdn-cache; desc=HIT, edge; dur=1 content-length 29304 strict-transport-security max-age=15768000 accept-ranges bytes lb-action None expires Mon, 20 Jun 2022 06:06:33 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citizens Bank (Banking)

47 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation string| SEP string| PAIR function| activeXDetect function| stripIllegalChars function| stripFullPath object| BrowserDetect function| FingerPrint function| Hashtable function| IE_FingerPrint function| Mozilla_FingerPrint function| Opera_FingerPrint function| add_deviceprint function| urlEncode function| encode_deviceprint function| decode_deviceprint function| post_deviceprint function| $ function| jQuery function| DP_jQuery_1655166034365 object| theBody function| isNumeric function| needHelp function| isSpecialChar function| validateIE7 function| setFieldState function| hasErrors function| getValidateMessageListCheckSpaces function| getValidateMessageList function| getBasicFieldErrorMessages function| getBasicFieldSuccessMessages function| isIE7 function| isUnsupported function| setupToolTip function| setupNonStickyToolTip function| initPasswordToolTip function| initPasswordCapsLock function| validatePasswordRules function| validateField function| isEmpty function| validateGoodPasswordRules

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://www.knoxon.com.vn/(Line 30) Message: X-Frame-Options may only be set via an HTTP header sent along with a document. It may not be set inside <meta>.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.knoxon.com.vn
www3.citizensbankonline.com
103.90.234.136
23.205.230.114
089d475a97a845f1fa56d66ce227f9a70170aa893249052a7089c307c614daf1
1730f7d7aa6c474051605e0e7609cccd15ea3a39de9803973568e6c08effbdf1
19bc7e5458ebf92f38e4135878f166318630777c059b386613f2871c4d15fda2
34a0f68c279cbb29c79717498dbe63d577a1f94ae9c57aa886a5af279c56b9be
5bb2d438470a02799577010a14310fa8ac3ed7ea77ca15435aaaa154e407b3e6
5f5174ecbf3d9d3a7154c20eba9fc818d9a208e4100a0f43a1f948a4331a92cc
61ab87df5a701ac0749d98660ebbdca021127991d12c2f79cdd723f8a96ecd5a
7574983a9af6d447856f9965e1d156c0027cead27de40ea7af026da3574fc566
9b0f09ae5fc8e00a9b17d7600e32dc11b1074248a3ae9e32f8a340eae91200af
a8db8d719b68b2525b8c01dae4bd2a70b4d48e0d7970ca218009ef977436b22c
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c6fbe2de716de3100ada73ac3cd1f0c52d3bcd0957ae1623c2abd1c94e91e21e
c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42
e8c5013c999bee8dd455c1ac01133c69dd9aa06b34a7397bdff291c5ecbdc84d
f38ccfb82832d5d520a762b30713c43d178f8e9b6e0f9f51970611f06636d6aa
f59cebc4c1888584b772204419501ba1c1d81e38fad05495e9991f468486fd55
f94fc49d5ff852c411e3da487bd4f63aed16a07642fd0b1231887e8ac3d9b05f