users2.online Open in urlscan Pro
217.79.180.214 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://users2.online/citizensbank.users2.online/
Effective URL:
https://users2.online/citizensbank.users2.online/Login/?token=d2746bf92eb2f1fb48ed29afbd183892dd8bb47e14a4b25fffc9e8ea...
Submission Tags: @ecarlesi possiblethreat #phishing Search All
Submission: On August 28 via api (August 28th 2023, 8:03:29 pm UTC) from SG — Scanned from SG

Summary HTTP 28 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 28 HTTP transactions. The main IP is 217.79.180.214, located in Germany and belongs to MYLOC-AS IP Backbone of myLoc managed IT AG, DE. The main domain is users2.online.
TLS certificate: Issued by R3 on August 24th 2023. Valid for: 3 months.

This is the only time users2.online was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citizens Bank (Banking)

Domain & IP information

	IP Address		AS Autonomous System
24	217.79.180.214 217.79.180.214		24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
28	2

24 217.79.180.214 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: 217.79.180.214.bwys.net

users2.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
24	users2.online users2.online	161 KB
28	1

	Domain	Requested by
24	users2.online	users2.online
28	1

This site contains no links.

Subject Issuer	Validity	Valid
mail.users2.online R3	`2023-08-24` - `2023-11-22`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://users2.online/citizensbank.users2.online/Login/?token=d2746bf92eb2f1fb48ed29afbd183892dd8bb47e14a4b25fffc9e8eaa1cb64f1f52e85e5342e5e5b00a283a70ac149ba35d628565da01aee0d376f67c4182b47
Frame ID: F1CFFAE292509DD7C61785F2811B941D
Requests: 28 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Online Login | Citizens Bank

Page URL History Show full URLs

https://users2.online/citizensbank.users2.online/ Page URL
https://users2.online/citizensbank.users2.online/Login/?token=d2746bf92eb2f1fb48ed29afbd183892dd8b... Page URL

Page Statistics

28
Requests

86 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

161 kB
Transfer

290 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://users2.online/citizensbank.users2.online/ Page URL
https://users2.online/citizensbank.users2.online/Login/?token=d2746bf92eb2f1fb48ed29afbd183892dd8bb47e14a4b25fffc9e8eaa1cb64f1f52e85e5342e5e5b00a283a70ac149ba35d628565da01aee0d376f67c4182b47 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

28 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ Show response users2.online/citizensbank.users2.online/	4 KB 2 KB	1849ms 1108ms	Document text/html	217.79.180.214 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Full URL https://users2.online/citizensbank.users2.online/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 217.79.180.214 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS 217.79.180.214.bwys.net Software nginx / Resource Hash `f91af87013b9a84c4a927fda2e9dddf67a9ec510c1866820e0d2cb8fb9dce26e` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 accept-language zh-SG,zh;q=0.9 Response headers Cache-Control no-store, no-cache, must-revalidate Connection keep-alive Content-Encoding br Content-Type text/html; charset=UTF-8 Date Mon, 28 Aug 2023 20:03:23 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Pragma no-cache Server nginx Transfer-Encoding chunked Vary Accept-Encoding Accept-Encoding
GET H/1.1	200 OK	cf.css users2.online/citizensbank.users2.online/Guard/css/	2 KB 877 B	330ms 330ms	Stylesheet text/css	217.79.180.214 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Full URL https://users2.online/citizensbank.users2.online/Guard/css/cf.css Requested by Host: users2.online URL: https://users2.online/citizensbank.users2.online/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 217.79.180.214 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS 217.79.180.214.bwys.net Software nginx / Resource Hash `6026255cc26e031389358227ccd1b7de6cba842c3978f9144d31cb30032276ef` Request headers accept-language zh-SG,zh;q=0.9 Referer https://users2.online/citizensbank.users2.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Mon, 28 Aug 2023 20:03:24 GMT Content-Encoding br Last-Modified Sat, 01 May 2021 18:27:04 GMT Server nginx Transfer-Encoding chunked Vary Accept-Encoding, Accept-Encoding Content-Type text/css Connection keep-alive
GET H/1.1	200 OK	Primary Request / Show response users2.online/citizensbank.users2.online/Login/	32 KB 6 KB	421ms 420ms	Document text/html	217.79.180.214 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Full URL https://users2.online/citizensbank.users2.online/Login/?token=d2746bf92eb2f1fb48ed29afbd183892dd8bb47e14a4b25fffc9e8eaa1cb64f1f52e85e5342e5e5b00a283a70ac149ba35d628565da01aee0d376f67c4182b47 Requested by Host: users2.online URL: https://users2.online/citizensbank.users2.online/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 217.79.180.214 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS 217.79.180.214.bwys.net Software nginx / Resource Hash `51db81dc52988aae94b25148fa527da37d0cbc0ae709d8e819c55f9b84c91aec` Request headers Referer https://users2.online/citizensbank.users2.online/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 accept-language zh-SG,zh;q=0.9 Response headers Cache-Control no-store, no-cache, must-revalidate Connection keep-alive Content-Encoding br Content-Type text/html; charset=UTF-8 Date Mon, 28 Aug 2023 20:03:26 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Pragma no-cache Server nginx Transfer-Encoding chunked Vary Accept-Encoding Accept-Encoding
GET H/1.1	200 OK	jquery-ui-1.css users2.online/citizensbank.users2.online/Guard/css/Login/	19 KB 4 KB	358ms 358ms	Stylesheet text/css	217.79.180.214 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Full URL https://users2.online/citizensbank.users2.online/Guard/css/Login/jquery-ui-1.css Requested by Host: users2.online URL: https://users2.online/citizensbank.users2.online/Login/?token=d2746bf92eb2f1fb48ed29afbd183892dd8bb47e14a4b25fffc9e8eaa1cb64f1f52e85e5342e5e5b00a283a70ac149ba35d628565da01aee0d376f67c4182b47 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 217.79.180.214 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS 217.79.180.214.bwys.net Software nginx / Resource Hash `7aaf6df215bb7018439342fe6bcd1058de3e7dfa2c7b4e1176c842b1a8e529ac` Request headers accept-language zh-SG,zh;q=0.9 Referer https://users2.online/citizensbank.users2.online/Login/?token=d2746bf92eb2f1fb48ed29afbd183892dd8bb47e14a4b25fffc9e8eaa1cb64f1f52e85e5342e5e5b00a283a70ac149ba35d628565da01aee0d376f67c4182b47 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Mon, 28 Aug 2023 20:03:26 GMT Content-Encoding br Last-Modified Sat, 01 May 2021 18:39:40 GMT Server nginx Transfer-Encoding chunked Vary Accept-Encoding, Accept-Encoding Content-Type text/css Connection keep-alive
GET H/1.1	200 OK	normalize.css users2.online/citizensbank.users2.online/Guard/css/Login/	10 KB 3 KB	687ms 328ms	Stylesheet text/css	217.79.180.214 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Full URL https://users2.online/citizensbank.users2.online/Guard/css/Login/normalize.css Requested by Host: users2.online URL: https://users2.online/citizensbank.users2.online/Login/?token=d2746bf92eb2f1fb48ed29afbd183892dd8bb47e14a4b25fffc9e8eaa1cb64f1f52e85e5342e5e5b00a283a70ac149ba35d628565da01aee0d376f67c4182b47 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 217.79.180.214 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS 217.79.180.214.bwys.net Software nginx / Resource Hash `91afb84bded857517d6a7e43932e3d4a43eaf42d1e4d0b77a8bc9c07973e21d2` Request headers accept-language zh-SG,zh;q=0.9 Referer https://users2.online/citizensbank.users2.online/Login/?token=d2746bf92eb2f1fb48ed29afbd183892dd8bb47e14a4b25fffc9e8eaa1cb64f1f52e85e5342e5e5b00a283a70ac149ba35d628565da01aee0d376f67c4182b47 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Mon, 28 Aug 2023 20:03:26 GMT Content-Encoding br Last-Modified Sat, 01 May 2021 18:39:40 GMT Server nginx Transfer-Encoding chunked Vary Accept-Encoding, Accept-Encoding Content-Type text/css Connection keep-alive
GET H/1.1	200 OK	main.css users2.online/citizensbank.users2.online/Guard/css/Login/	59 KB 12 KB	1170ms 493ms	Stylesheet text/css	217.79.180.214 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Full URL https://users2.online/citizensbank.users2.online/Guard/css/Login/main.css Requested by Host: users2.online URL: https://users2.online/citizensbank.users2.online/Login/?token=d2746bf92eb2f1fb48ed29afbd183892dd8bb47e14a4b25fffc9e8eaa1cb64f1f52e85e5342e5e5b00a283a70ac149ba35d628565da01aee0d376f67c4182b47 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 217.79.180.214 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS 217.79.180.214.bwys.net Software nginx / Resource Hash `ac687458578c7a3bea39134b211b3db1d9d064dcf01646bcb66312987fd15fe1` Request headers accept-language zh-SG,zh;q=0.9 Referer https://users2.online/citizensbank.users2.online/Login/?token=d2746bf92eb2f1fb48ed29afbd183892dd8bb47e14a4b25fffc9e8eaa1cb64f1f52e85e5342e5e5b00a283a70ac149ba35d628565da01aee0d376f67c4182b47 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Mon, 28 Aug 2023 20:03:27 GMT Content-Encoding br Last-Modified Sat, 01 May 2021 19:21:44 GMT Server nginx Transfer-Encoding chunked Vary Accept-Encoding, Accept-Encoding Content-Type text/css Connection keep-alive
GET H/1.1	200 OK	flows.css users2.online/citizensbank.users2.online/Guard/css/Login/	8 KB 2 KB	1148ms 471ms	Stylesheet text/css	217.79.180.214 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Full URL https://users2.online/citizensbank.users2.online/Guard/css/Login/flows.css Requested by Host: users2.online URL: https://users2.online/citizensbank.users2.online/Login/?token=d2746bf92eb2f1fb48ed29afbd183892dd8bb47e14a4b25fffc9e8eaa1cb64f1f52e85e5342e5e5b00a283a70ac149ba35d628565da01aee0d376f67c4182b47 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 217.79.180.214 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS 217.79.180.214.bwys.net Software nginx / Resource Hash `760a14e8872a498b478f3c942746d7657199d8d7f23ce151368c6e58d9fbc85f` Request headers accept-language zh-SG,zh;q=0.9 Referer https://users2.online/citizensbank.users2.online/Login/?token=d2746bf92eb2f1fb48ed29afbd183892dd8bb47e14a4b25fffc9e8eaa1cb64f1f52e85e5342e5e5b00a283a70ac149ba35d628565da01aee0d376f67c4182b47 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Mon, 28 Aug 2023 20:03:27 GMT Content-Encoding br Last-Modified Sat, 01 May 2021 19:20:10 GMT Server nginx Transfer-Encoding chunked Vary Accept-Encoding, Accept-Encoding Content-Type text/css Connection keep-alive
GET H/1.1	200 OK	ad-containers.css users2.online/citizensbank.users2.online/Guard/css/Login/	8 KB 2 KB	999ms 312ms	Stylesheet text/css	217.79.180.214 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Full URL https://users2.online/citizensbank.users2.online/Guard/css/Login/ad-containers.css Requested by Host: users2.online URL: https://users2.online/citizensbank.users2.online/Login/?token=d2746bf92eb2f1fb48ed29afbd183892dd8bb47e14a4b25fffc9e8eaa1cb64f1f52e85e5342e5e5b00a283a70ac149ba35d628565da01aee0d376f67c4182b47 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 217.79.180.214 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS 217.79.180.214.bwys.net Software nginx / Resource Hash `c8a977fd23fc151d7944387ad07220eb673de84b4343d6304efe5a8e1c061b02` Request headers accept-language zh-SG,zh;q=0.9 Referer https://users2.online/citizensbank.users2.online/Login/?token=d2746bf92eb2f1fb48ed29afbd183892dd8bb47e14a4b25fffc9e8eaa1cb64f1f52e85e5342e5e5b00a283a70ac149ba35d628565da01aee0d376f67c4182b47 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Mon, 28 Aug 2023 20:03:27 GMT Content-Encoding br Last-Modified Sat, 01 May 2021 18:39:40 GMT Server nginx Transfer-Encoding chunked Vary Accept-Encoding, Accept-Encoding Content-Type text/css Connection keep-alive
GET H/1.1	200 OK	citizensns.css users2.online/citizensbank.users2.online/Guard/css/Login/	6 KB 2 KB	1045ms 346ms	Stylesheet text/css	217.79.180.214 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Full URL https://users2.online/citizensbank.users2.online/Guard/css/Login/citizensns.css Requested by Host: users2.online URL: https://users2.online/citizensbank.users2.online/Login/?token=d2746bf92eb2f1fb48ed29afbd183892dd8bb47e14a4b25fffc9e8eaa1cb64f1f52e85e5342e5e5b00a283a70ac149ba35d628565da01aee0d376f67c4182b47 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 217.79.180.214 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS 217.79.180.214.bwys.net Software nginx / Resource Hash `80a21256af0f906e9289c08c8b0d7ad99cfa05e1817729775eea640ce9219457` Request headers accept-language zh-SG,zh;q=0.9 Referer https://users2.online/citizensbank.users2.online/Login/?token=d2746bf92eb2f1fb48ed29afbd183892dd8bb47e14a4b25fffc9e8eaa1cb64f1f52e85e5342e5e5b00a283a70ac149ba35d628565da01aee0d376f67c4182b47 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Mon, 28 Aug 2023 20:03:27 GMT Content-Encoding br Last-Modified Sat, 01 May 2021 18:39:40 GMT Server nginx Transfer-Encoding chunked Vary Accept-Encoding, Accept-Encoding Content-Type text/css Connection keep-alive
GET H/1.1	200 OK	sec-3-3.css users2.online/citizensbank.users2.online/Guard/css/Login/	2 KB 776 B	1299ms 583ms	Stylesheet text/css	217.79.180.214 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Full URL https://users2.online/citizensbank.users2.online/Guard/css/Login/sec-3-3.css Requested by Host: users2.online URL: https://users2.online/citizensbank.users2.online/Login/?token=d2746bf92eb2f1fb48ed29afbd183892dd8bb47e14a4b25fffc9e8eaa1cb64f1f52e85e5342e5e5b00a283a70ac149ba35d628565da01aee0d376f67c4182b47 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 217.79.180.214 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS 217.79.180.214.bwys.net Software nginx / Resource Hash `e98c61d19f0e628139216fc2f3103faedad7910a4653db598c120b8fa7537ac8` Request headers accept-language zh-SG,zh;q=0.9 Referer https://users2.online/citizensbank.users2.online/Login/?token=d2746bf92eb2f1fb48ed29afbd183892dd8bb47e14a4b25fffc9e8eaa1cb64f1f52e85e5342e5e5b00a283a70ac149ba35d628565da01aee0d376f67c4182b47 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Mon, 28 Aug 2023 20:03:27 GMT Content-Encoding br Last-Modified Sat, 01 May 2021 18:39:40 GMT Server nginx Transfer-Encoding chunked Vary Accept-Encoding, Accept-Encoding Content-Type text/css Connection keep-alive
GET H/1.1	200 OK	CTZ_Green-01.png users2.online/citizensbank.users2.online/Guard/img/	4 KB 4 KB	613ms 383ms	Image image/png	217.79.180.214 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Show image Full URL https://users2.online/citizensbank.users2.online/Guard/img/CTZ_Green-01.png Requested by Host: users2.online URL: https://users2.online/citizensbank.users2.online/Login/?token=d2746bf92eb2f1fb48ed29afbd183892dd8bb47e14a4b25fffc9e8eaa1cb64f1f52e85e5342e5e5b00a283a70ac149ba35d628565da01aee0d376f67c4182b47 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 217.79.180.214 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS 217.79.180.214.bwys.net Software nginx / Resource Hash `c401ce328e0383e71cd811709055aa8671cee50e355c6588bd567c1320b4e4ab` Request headers accept-language zh-SG,zh;q=0.9 Referer https://users2.online/citizensbank.users2.online/Login/?token=d2746bf92eb2f1fb48ed29afbd183892dd8bb47e14a4b25fffc9e8eaa1cb64f1f52e85e5342e5e5b00a283a70ac149ba35d628565da01aee0d376f67c4182b47 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Mon, 28 Aug 2023 20:03:27 GMT Last-Modified Sat, 01 May 2021 18:52:32 GMT Server nginx Connection keep-alive Accept-Ranges bytes Content-Length 4206 Content-Type image/png
GET H/1.1	200 OK	equal-housing.gif users2.online/citizensbank.users2.online/Guard/img/	1 KB 1 KB	340ms 339ms	Image image/gif	217.79.180.214 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Show image Full URL https://users2.online/citizensbank.users2.online/Guard/img/equal-housing.gif Requested by Host: users2.online URL: https://users2.online/citizensbank.users2.online/Login/?token=d2746bf92eb2f1fb48ed29afbd183892dd8bb47e14a4b25fffc9e8eaa1cb64f1f52e85e5342e5e5b00a283a70ac149ba35d628565da01aee0d376f67c4182b47 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 217.79.180.214 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS 217.79.180.214.bwys.net Software nginx / Resource Hash `319d82f567037eafefea25abbc64ea902db9255c5e7231fe9ddd462e4f5b9149` Request headers accept-language zh-SG,zh;q=0.9 Referer https://users2.online/citizensbank.users2.online/Login/?token=d2746bf92eb2f1fb48ed29afbd183892dd8bb47e14a4b25fffc9e8eaa1cb64f1f52e85e5342e5e5b00a283a70ac149ba35d628565da01aee0d376f67c4182b47 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Mon, 28 Aug 2023 20:03:27 GMT Last-Modified Sat, 01 May 2021 18:52:32 GMT Server nginx Connection keep-alive Accept-Ranges bytes Content-Length 1134 Content-Type image/gif
GET H/1.1	200 OK	footer-follow-facebook.png users2.online/citizensbank.users2.online/Guard/img/	395 B 604 B	344ms 343ms	Image image/png	217.79.180.214 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Show image Full URL https://users2.online/citizensbank.users2.online/Guard/img/footer-follow-facebook.png Requested by Host: users2.online URL: https://users2.online/citizensbank.users2.online/Login/?token=d2746bf92eb2f1fb48ed29afbd183892dd8bb47e14a4b25fffc9e8eaa1cb64f1f52e85e5342e5e5b00a283a70ac149ba35d628565da01aee0d376f67c4182b47 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 217.79.180.214 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS 217.79.180.214.bwys.net Software nginx / Resource Hash `eb175662762ef5f2c9011cc1c4f9d09361c50a366fad8a544bda1c439b99d3a0` Request headers accept-language zh-SG,zh;q=0.9 Referer https://users2.online/citizensbank.users2.online/Login/?token=d2746bf92eb2f1fb48ed29afbd183892dd8bb47e14a4b25fffc9e8eaa1cb64f1f52e85e5342e5e5b00a283a70ac149ba35d628565da01aee0d376f67c4182b47 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Mon, 28 Aug 2023 20:03:27 GMT Last-Modified Sat, 01 May 2021 18:52:32 GMT Server nginx Connection keep-alive Accept-Ranges bytes Content-Length 395 Content-Type image/png
GET H/1.1	200 OK	footer-follow-twitter.png users2.online/citizensbank.users2.online/Guard/img/	3 KB 3 KB	413ms 413ms	Image image/png	217.79.180.214 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Show image Full URL https://users2.online/citizensbank.users2.online/Guard/img/footer-follow-twitter.png Requested by Host: users2.online URL: https://users2.online/citizensbank.users2.online/Login/?token=d2746bf92eb2f1fb48ed29afbd183892dd8bb47e14a4b25fffc9e8eaa1cb64f1f52e85e5342e5e5b00a283a70ac149ba35d628565da01aee0d376f67c4182b47 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 217.79.180.214 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS 217.79.180.214.bwys.net Software nginx / Resource Hash `9b4ffac9ea755d2aaff724fa471d90fd63ae5648e18f60a67db0a5c3bffd84e5` Request headers accept-language zh-SG,zh;q=0.9 Referer https://users2.online/citizensbank.users2.online/Login/?token=d2746bf92eb2f1fb48ed29afbd183892dd8bb47e14a4b25fffc9e8eaa1cb64f1f52e85e5342e5e5b00a283a70ac149ba35d628565da01aee0d376f67c4182b47 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Mon, 28 Aug 2023 20:03:27 GMT Last-Modified Sat, 01 May 2021 18:52:32 GMT Server nginx Connection keep-alive Accept-Ranges bytes Content-Length 3295 Content-Type image/png
GET H/1.1	200 OK	footer-follow-linkedin.png users2.online/citizensbank.users2.online/Guard/img/	3 KB 3 KB	329ms 328ms	Image image/png	217.79.180.214 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Show image Full URL https://users2.online/citizensbank.users2.online/Guard/img/footer-follow-linkedin.png Requested by Host: users2.online URL: https://users2.online/citizensbank.users2.online/Login/?token=d2746bf92eb2f1fb48ed29afbd183892dd8bb47e14a4b25fffc9e8eaa1cb64f1f52e85e5342e5e5b00a283a70ac149ba35d628565da01aee0d376f67c4182b47 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 217.79.180.214 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS 217.79.180.214.bwys.net Software nginx / Resource Hash `fe3ddc37707c93f338a1f6359dfa03019e096df14454808aaccbb7538aa3c67b` Request headers accept-language zh-SG,zh;q=0.9 Referer https://users2.online/citizensbank.users2.online/Login/?token=d2746bf92eb2f1fb48ed29afbd183892dd8bb47e14a4b25fffc9e8eaa1cb64f1f52e85e5342e5e5b00a283a70ac149ba35d628565da01aee0d376f67c4182b47 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Mon, 28 Aug 2023 20:03:27 GMT Last-Modified Sat, 01 May 2021 18:52:32 GMT Server nginx Connection keep-alive Accept-Ranges bytes Content-Length 3239 Content-Type image/png
GET H/1.1	200 OK	footer-follow-youtube.png users2.online/citizensbank.users2.online/Guard/img/	3 KB 3 KB	301ms 301ms	Image image/png	217.79.180.214 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Show image Full URL https://users2.online/citizensbank.users2.online/Guard/img/footer-follow-youtube.png Requested by Host: users2.online URL: https://users2.online/citizensbank.users2.online/Login/?token=d2746bf92eb2f1fb48ed29afbd183892dd8bb47e14a4b25fffc9e8eaa1cb64f1f52e85e5342e5e5b00a283a70ac149ba35d628565da01aee0d376f67c4182b47 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 217.79.180.214 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS 217.79.180.214.bwys.net Software nginx / Resource Hash `9af5181113e5d0eacfc3d9c0b3ad627dc3ad50708755fbe45ab18e0cad4f3b36` Request headers accept-language zh-SG,zh;q=0.9 Referer https://users2.online/citizensbank.users2.online/Login/?token=d2746bf92eb2f1fb48ed29afbd183892dd8bb47e14a4b25fffc9e8eaa1cb64f1f52e85e5342e5e5b00a283a70ac149ba35d628565da01aee0d376f67c4182b47 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Mon, 28 Aug 2023 20:03:27 GMT Last-Modified Sat, 01 May 2021 18:52:32 GMT Server nginx Connection keep-alive Accept-Ranges bytes Content-Length 3278 Content-Type image/png
GET H/1.1	200 OK	elh.gif users2.online/citizensbank.users2.online/Guard/img/	1 KB 2 KB	309ms 309ms	Image image/gif	217.79.180.214 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Show image Full URL https://users2.online/citizensbank.users2.online/Guard/img/elh.gif Requested by Host: users2.online URL: https://users2.online/citizensbank.users2.online/Login/?token=d2746bf92eb2f1fb48ed29afbd183892dd8bb47e14a4b25fffc9e8eaa1cb64f1f52e85e5342e5e5b00a283a70ac149ba35d628565da01aee0d376f67c4182b47 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 217.79.180.214 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS 217.79.180.214.bwys.net Software nginx / Resource Hash `56c43c6f5c8209acd47f355810bca2f9b0fc86c4bbdf1361d60fb2d2e2e66f8c` Request headers accept-language zh-SG,zh;q=0.9 Referer https://users2.online/citizensbank.users2.online/Login/?token=d2746bf92eb2f1fb48ed29afbd183892dd8bb47e14a4b25fffc9e8eaa1cb64f1f52e85e5342e5e5b00a283a70ac149ba35d628565da01aee0d376f67c4182b47 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Mon, 28 Aug 2023 20:03:27 GMT Last-Modified Sat, 01 May 2021 18:52:32 GMT Server nginx Connection keep-alive Accept-Ranges bytes Content-Length 1433 Content-Type image/gif
GET		fdicFooter.gif users2.online/citizensbank.users2.online/Guard/img/	0 0

GET		icon-secure.png users2.online/citizensbank.users2.online/Guard/img/	0 0

GET H/1.1	200 OK	flows-tooltip.png users2.online/citizensbank.users2.online/Guard/img/	364 B 573 B	767ms 268ms	Image image/png	217.79.180.214 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Show image Full URL https://users2.online/citizensbank.users2.online/Guard/img/flows-tooltip.png Requested by Host: users2.online URL: https://users2.online/citizensbank.users2.online/Guard/css/Login/flows.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 217.79.180.214 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS 217.79.180.214.bwys.net Software nginx / Resource Hash `dfc042f7ff75f3c2f916bcfbff48c82834bab07b698a2c564906ca073f8286b2` Request headers accept-language zh-SG,zh;q=0.9 Referer https://users2.online/citizensbank.users2.online/Guard/css/Login/flows.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Mon, 28 Aug 2023 20:03:28 GMT Last-Modified Sat, 01 May 2021 18:55:16 GMT Server nginx Connection keep-alive Accept-Ranges bytes Content-Length 364 Content-Type image/png
GET		arrow-button-white.png users2.online/citizensbank.users2.online/Guard/img/	0 0

GET H/1.1	200 OK	arrow-down-blue.png users2.online/citizensbank.users2.online/Guard/img/	1 KB 1 KB	652ms 368ms	Image image/png	217.79.180.214 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Show image Full URL https://users2.online/citizensbank.users2.online/Guard/img/arrow-down-blue.png Requested by Host: users2.online URL: https://users2.online/citizensbank.users2.online/Guard/css/Login/main.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 217.79.180.214 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS 217.79.180.214.bwys.net Software nginx / Resource Hash `56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c` Request headers accept-language zh-SG,zh;q=0.9 Referer https://users2.online/citizensbank.users2.online/Guard/css/Login/main.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Mon, 28 Aug 2023 20:03:28 GMT Last-Modified Sat, 01 May 2021 19:19:58 GMT Server nginx Connection keep-alive Accept-Ranges bytes Content-Length 1054 Content-Type image/png
GET		arrow-right-orange.png users2.online/efs/efs/grafx/	0 0

GET H/1.1	200 OK	citizen_roman.woff users2.online/citizensbank.users2.online/Guard/Fonts/	31 KB 31 KB	512ms 475ms	Font font/woff	217.79.180.214 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Full URL https://users2.online/citizensbank.users2.online/Guard/Fonts/citizen_roman.woff Requested by Host: users2.online URL: https://users2.online/citizensbank.users2.online/Guard/css/Login/main.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 217.79.180.214 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS 217.79.180.214.bwys.net Software nginx / Resource Hash `c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42` Request headers Referer https://users2.online/citizensbank.users2.online/Guard/css/Login/main.css Origin https://users2.online accept-language zh-SG,zh;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Mon, 28 Aug 2023 20:03:27 GMT Last-Modified Sat, 01 May 2021 18:49:16 GMT Server nginx Vary Accept-Encoding Content-Type font/woff Connection keep-alive Accept-Ranges bytes Content-Length 31968
GET H/1.1	200 OK	citiolb_icons.woff users2.online/citizensbank.users2.online/Guard/Fonts/	18 KB 18 KB	595ms 512ms	Font font/woff	217.79.180.214 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Full URL https://users2.online/citizensbank.users2.online/Guard/Fonts/citiolb_icons.woff Requested by Host: users2.online URL: https://users2.online/citizensbank.users2.online/Guard/css/Login/main.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 217.79.180.214 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS 217.79.180.214.bwys.net Software nginx / Resource Hash `b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115` Request headers Referer https://users2.online/citizensbank.users2.online/Guard/css/Login/main.css Origin https://users2.online accept-language zh-SG,zh;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Mon, 28 Aug 2023 20:03:27 GMT Last-Modified Sat, 01 May 2021 18:45:30 GMT Server nginx Vary Accept-Encoding Content-Type font/woff Connection keep-alive Accept-Ranges bytes Content-Length 18524
GET H/1.1	200 OK	citizen_extrabold.woff users2.online/citizensbank.users2.online/Guard/Fonts/	27 KB 27 KB	529ms 335ms	Font font/woff	217.79.180.214 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Full URL https://users2.online/citizensbank.users2.online/Guard/Fonts/citizen_extrabold.woff Requested by Host: users2.online URL: https://users2.online/citizensbank.users2.online/Guard/css/Login/main.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 217.79.180.214 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS 217.79.180.214.bwys.net Software nginx / Resource Hash `0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759` Request headers Referer https://users2.online/citizensbank.users2.online/Guard/css/Login/main.css Origin https://users2.online accept-language zh-SG,zh;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Mon, 28 Aug 2023 20:03:28 GMT Last-Modified Sat, 01 May 2021 18:49:16 GMT Server nginx Vary Accept-Encoding Content-Type font/woff Connection keep-alive Accept-Ranges bytes Content-Length 27852
GET H/1.1	200 OK	citizen_book.woff users2.online/citizensbank.users2.online/Guard/Fonts/	31 KB 31 KB	770ms 515ms	Font font/woff	217.79.180.214 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Full URL https://users2.online/citizensbank.users2.online/Guard/Fonts/citizen_book.woff Requested by Host: users2.online URL: https://users2.online/citizensbank.users2.online/Guard/css/Login/main.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 217.79.180.214 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS 217.79.180.214.bwys.net Software nginx / Resource Hash `2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277` Request headers Referer https://users2.online/citizensbank.users2.online/Guard/css/Login/main.css Origin https://users2.online accept-language zh-SG,zh;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Mon, 28 Aug 2023 20:03:28 GMT Last-Modified Sat, 01 May 2021 18:49:16 GMT Server nginx Vary Accept-Encoding Content-Type font/woff Connection keep-alive Accept-Ranges bytes Content-Length 31864
GET H/1.1	200 OK	citizen_bold.woff users2.online/citizensbank.users2.online/Guard/Fonts/	16 KB 0	635ms 340ms	Font font/woff	217.79.180.214 MYLOC-AS IP Backb...
General Check archive.org Show headers Download Go to Full URL https://users2.online/citizensbank.users2.online/Guard/Fonts/citizen_bold.woff Requested by Host: users2.online URL: https://users2.online/citizensbank.users2.online/Guard/css/Login/main.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 217.79.180.214 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE), Reverse DNS 217.79.180.214.bwys.net Software nginx / Resource Hash Request headers Referer https://users2.online/citizensbank.users2.online/Guard/css/Login/main.css Origin https://users2.online accept-language zh-SG,zh;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers Date Mon, 28 Aug 2023 20:03:28 GMT Last-Modified Sat, 01 May 2021 18:49:16 GMT Server nginx Vary Accept-Encoding Content-Type font/woff Connection keep-alive Accept-Ranges bytes Content-Length 29304

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: users2.online
URL: https://users2.online/citizensbank.users2.online/Guard/img/fdicFooter.gif

Domain: users2.online
URL: https://users2.online/citizensbank.users2.online/Guard/img/icon-secure.png

Domain: users2.online
URL: https://users2.online/citizensbank.users2.online/Guard/img/arrow-button-white.png

Domain: users2.online
URL: https://users2.online/efs/efs/grafx/arrow-right-orange.png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citizens Bank (Banking)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			users2.online/	1969-12-31 23:59:59	Name: PHPSESSID Value: c0f94acb594c0d287439d5337120946b

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

users2.online
users2.online
217.79.180.214
0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759
2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277
319d82f567037eafefea25abbc64ea902db9255c5e7231fe9ddd462e4f5b9149
51db81dc52988aae94b25148fa527da37d0cbc0ae709d8e819c55f9b84c91aec
56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c
56c43c6f5c8209acd47f355810bca2f9b0fc86c4bbdf1361d60fb2d2e2e66f8c
6026255cc26e031389358227ccd1b7de6cba842c3978f9144d31cb30032276ef
760a14e8872a498b478f3c942746d7657199d8d7f23ce151368c6e58d9fbc85f
7aaf6df215bb7018439342fe6bcd1058de3e7dfa2c7b4e1176c842b1a8e529ac
80a21256af0f906e9289c08c8b0d7ad99cfa05e1817729775eea640ce9219457
91afb84bded857517d6a7e43932e3d4a43eaf42d1e4d0b77a8bc9c07973e21d2
9af5181113e5d0eacfc3d9c0b3ad627dc3ad50708755fbe45ab18e0cad4f3b36
9b4ffac9ea755d2aaff724fa471d90fd63ae5648e18f60a67db0a5c3bffd84e5
ac687458578c7a3bea39134b211b3db1d9d064dcf01646bcb66312987fd15fe1
b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115
c401ce328e0383e71cd811709055aa8671cee50e355c6588bd567c1320b4e4ab
c8a977fd23fc151d7944387ad07220eb673de84b4343d6304efe5a8e1c061b02
c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42
dfc042f7ff75f3c2f916bcfbff48c82834bab07b698a2c564906ca073f8286b2
e98c61d19f0e628139216fc2f3103faedad7910a4653db598c120b8fa7537ac8
eb175662762ef5f2c9011cc1c4f9d09361c50a366fad8a544bda1c439b99d3a0
f91af87013b9a84c4a927fda2e9dddf67a9ec510c1866820e0d2cb8fb9dce26e
fe3ddc37707c93f338a1f6359dfa03019e096df14454808aaccbb7538aa3c67b

users2.online Open in urlscan Pro 217.79.180.214 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

28 Requests

86 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

161 kBTransfer

290 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

28 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

11 JavaScript Global Variables

1 Cookies

Indicators

users2.online Open in urlscan Pro
217.79.180.214 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

28
Requests

86 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

161 kB
Transfer

290 kB
Size

1
Cookies

28 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!