13.jtyh.erlenhof-zucht.de Open in urlscan Pro
116.202.19.95  Malicious Activity! Public Scan

11 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

31 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request wiring-instructions-citizens-bank.html Show response 13.jtyh.erlenhof-zucht.de/vfe/	26 KB 6 KB	5037ms 1877ms	Document text/html	116.202.19.95 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html Protocol HTTP/1.1 Server 116.202.19.95 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.95.19.202.116.clients.your-server.de Software nginx / Resource Hash 21ed5613a9b442b053dd2dec13d6212ec4ec3599a48cc66a74f153c2f4bcdd79 Request headers Host 13.jtyh.erlenhof-zucht.de Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Server nginx Date Mon, 01 Jul 2019 16:47:04 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Vary Accept-Encoding Link <http://116.202.19.95/wp-json/>; rel="https://api.w.org/" Content-Encoding gzip
GET H2	200	bootstrap.min.css maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/	118 KB 20 KB	6573ms 17ms	Stylesheet text/css	209.197.3.15 Highwinds Network...
General Check archive.org Show headers Download Go to Full URL https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css Requested by Host: 13.jtyh.erlenhof-zucht.de URL: http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 209.197.3.15 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US), Reverse DNS vip0x00f.map2.ssl.hwcdn.net Software / Resource Hash f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c Request headers Referer http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Mon, 01 Jul 2019 16:47:12 GMT content-encoding gzip last-modified Wed, 12 Dec 2018 18:34:07 GMT access-control-allow-origin * etag "1544639647" vary Accept-Encoding x-cache HIT content-type text/css; charset=utf-8 status 200 cache-control public, max-age=31536000 x-hello-human Say hello back! @getBootstrapCDN on Twitter accept-ranges bytes timing-allow-origin * content-length 19740
GET H2	200	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/3.1.1/	85 KB 30 KB	93ms 6ms	Script text/javascript	2a00:1450:4001:808::200a Google LLC
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js Requested by Host: 13.jtyh.erlenhof-zucht.de URL: http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software sffe / Resource Hash 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Tue, 18 Jun 2019 08:19:55 GMT content-encoding gzip x-content-type-options nosniff age 1153630 status 200 alt-svc quic=":443"; ma=2592000; v="46,44,43,39" content-length 30244 x-xss-protection 0 last-modified Tue, 20 Dec 2016 18:17:03 GMT server sffe vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Wed, 17 Jun 2020 08:19:55 GMT
GET H2	200	bootstrap.min.js Show response maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/	36 KB 10 KB	6574ms 20ms	Script text/javascript	209.197.3.15 Highwinds Network...
General Check archive.org Show headers Download Go to Full URL https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js Requested by Host: 13.jtyh.erlenhof-zucht.de URL: http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 209.197.3.15 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US), Reverse DNS vip0x00f.map2.ssl.hwcdn.net Software / Resource Hash 53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef Request headers Referer http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Mon, 01 Jul 2019 16:47:12 GMT content-encoding gzip last-modified Wed, 12 Dec 2018 18:33:51 GMT access-control-allow-origin * etag "1544639631" vary Accept-Encoding x-cache HIT content-type text/javascript; charset=utf-8 status 200 cache-control public, max-age=31536000 x-hello-human Say hello back! @getBootstrapCDN on Twitter accept-ranges bytes timing-allow-origin * content-length 9832
GET H/1.1	200 OK	style.css 116.202.19.95/wp-content/themes/gn/	7 KB 2 KB	3104ms 27ms	Stylesheet text/css	116.202.19.95 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL http://116.202.19.95/wp-content/themes/gn/style.css Requested by Host: 13.jtyh.erlenhof-zucht.de URL: http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html Protocol HTTP/1.1 Security , , Server 116.202.19.95 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.95.19.202.116.clients.your-server.de Software nginx / Resource Hash 9293004ffea27d33c649adfb86cc7a14bffebd27eb61e65be86f93457ba576a0 Request headers Referer http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 01 Jul 2019 16:47:08 GMT Content-Encoding gzip Last-Modified Wed, 11 Jul 2018 01:05:58 GMT Server nginx ETag W/"1be6-570aed96d6980" Vary Accept-Encoding Content-Type text/css Transfer-Encoding chunked Connection keep-alive
GET H/1.1	200 OK	jquery.mousewheel.pack.js Show response 116.202.19.95/wp-content/themes/gn/images/	2 KB 1 KB	3160ms 27ms	Script application/javascript	116.202.19.95 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL http://116.202.19.95/wp-content/themes/gn/images/jquery.mousewheel.pack.js Requested by Host: 13.jtyh.erlenhof-zucht.de URL: http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html Protocol HTTP/1.1 Security , , Server 116.202.19.95 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.95.19.202.116.clients.your-server.de Software nginx / Resource Hash 3262d61214c051fd1ddc466741e89970ef1755f2044de8ba9d6821a7adfa8841 Request headers Referer http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 01 Jul 2019 16:47:09 GMT Content-Encoding gzip Last-Modified Thu, 29 Jun 2017 19:37:52 GMT Server nginx ETag W/"735-5531e6fb7e400" Vary Accept-Encoding Content-Type application/javascript Transfer-Encoding chunked Connection keep-alive
GET H/1.1	200 OK	jquery.fancybox.css 116.202.19.95/wp-content/themes/gn/images/source/	5 KB 2 KB	3104ms 27ms	Stylesheet text/css	116.202.19.95 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL http://116.202.19.95/wp-content/themes/gn/images/source/jquery.fancybox.css Requested by Host: 13.jtyh.erlenhof-zucht.de URL: http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html Protocol HTTP/1.1 Security , , Server 116.202.19.95 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.95.19.202.116.clients.your-server.de Software nginx / Resource Hash 33675f4a8b0e98d8cac9af2b3cd9374abd17070a24de91ee5c4035754c9127f5 Request headers Referer http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 01 Jul 2019 16:47:08 GMT Content-Encoding gzip Last-Modified Thu, 29 Jun 2017 19:37:52 GMT Server nginx ETag W/"134b-5531e6fb7e400" Vary Accept-Encoding Content-Type text/css Transfer-Encoding chunked Connection keep-alive
GET H/1.1	200 OK	jquery.fancybox.pack.js Show response 116.202.19.95/wp-content/themes/gn/images/source/	23 KB 9 KB	3160ms 29ms	Script application/javascript	116.202.19.95 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL http://116.202.19.95/wp-content/themes/gn/images/source/jquery.fancybox.pack.js Requested by Host: 13.jtyh.erlenhof-zucht.de URL: http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html Protocol HTTP/1.1 Security , , Server 116.202.19.95 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.95.19.202.116.clients.your-server.de Software nginx / Resource Hash 5512f400cac3fbb1fdfbb02989ed098f88a2af5a6e4ba3d88a039bc421ea7ffe Request headers Referer http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 01 Jul 2019 16:47:09 GMT Content-Encoding gzip Last-Modified Thu, 29 Jun 2017 19:37:52 GMT Server nginx ETag W/"5a93-5531e6fb7e400" Vary Accept-Encoding Content-Type application/javascript Transfer-Encoding chunked Connection keep-alive
GET H/1.1	200 OK	jquery.fancybox-buttons.css 116.202.19.95/wp-content/themes/gn/images/source/helpers/	2 KB 1019 B	3130ms 27ms	Stylesheet text/css	116.202.19.95 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL http://116.202.19.95/wp-content/themes/gn/images/source/helpers/jquery.fancybox-buttons.css Requested by Host: 13.jtyh.erlenhof-zucht.de URL: http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html Protocol HTTP/1.1 Security , , Server 116.202.19.95 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.95.19.202.116.clients.your-server.de Software nginx / Resource Hash 9affe5c517b86320fb70fb24812ccfbd9aa27f8078ff6024f9e58c0e2033d4ba Request headers Referer http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 01 Jul 2019 16:47:08 GMT Content-Encoding gzip Last-Modified Thu, 29 Jun 2017 19:37:52 GMT Server nginx ETag W/"996-5531e6fb7e400" Vary Accept-Encoding Content-Type text/css Transfer-Encoding chunked Connection keep-alive
GET H/1.1	200 OK	jquery.fancybox-buttons.js Show response 116.202.19.95/wp-content/themes/gn/images/source/helpers/	3 KB 1 KB	3185ms 27ms	Script application/javascript	116.202.19.95 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL http://116.202.19.95/wp-content/themes/gn/images/source/helpers/jquery.fancybox-buttons.js Requested by Host: 13.jtyh.erlenhof-zucht.de URL: http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html Protocol HTTP/1.1 Security , , Server 116.202.19.95 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.95.19.202.116.clients.your-server.de Software nginx / Resource Hash e5039e2221ad6b206c213c77be0b4e477234a47dddd4c39327edabb58f11339a Request headers Referer http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 01 Jul 2019 16:47:09 GMT Content-Encoding gzip Last-Modified Thu, 29 Jun 2017 19:37:52 GMT Server nginx ETag W/"be2-5531e6fb7e400" Vary Accept-Encoding Content-Type application/javascript Transfer-Encoding chunked Connection keep-alive
GET H/1.1	200 OK	jquery.fancybox-media.js Show response 116.202.19.95/wp-content/themes/gn/images/source/helpers/	5 KB 2 KB	3186ms 28ms	Script application/javascript	116.202.19.95 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL http://116.202.19.95/wp-content/themes/gn/images/source/helpers/jquery.fancybox-media.js Requested by Host: 13.jtyh.erlenhof-zucht.de URL: http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html Protocol HTTP/1.1 Security , , Server 116.202.19.95 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.95.19.202.116.clients.your-server.de Software nginx / Resource Hash 350116180d1380c4d6a892badb35ac9e41fa80d165e822a43264ef52dda640ce Request headers Referer http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 01 Jul 2019 16:47:09 GMT Content-Encoding gzip Last-Modified Thu, 29 Jun 2017 19:37:52 GMT Server nginx ETag W/"1502-5531e6fb7e400" Vary Accept-Encoding Content-Type application/javascript Transfer-Encoding chunked Connection keep-alive
GET H/1.1	200 OK	jquery.fancybox-thumbs.css 116.202.19.95/wp-content/themes/gn/images/source/helpers/	735 B 584 B	3129ms 27ms	Stylesheet text/css	116.202.19.95 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL http://116.202.19.95/wp-content/themes/gn/images/source/helpers/jquery.fancybox-thumbs.css Requested by Host: 13.jtyh.erlenhof-zucht.de URL: http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html Protocol HTTP/1.1 Security , , Server 116.202.19.95 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.95.19.202.116.clients.your-server.de Software nginx / Resource Hash d836d81acb5d5e712c55c4f7911d93513fe1d7d0336353085aa5bd0f36b6998c Request headers Referer http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 01 Jul 2019 16:47:08 GMT Content-Encoding gzip Last-Modified Thu, 29 Jun 2017 19:37:52 GMT Server nginx ETag W/"2df-5531e6fb7e400" Vary Accept-Encoding Content-Type text/css Transfer-Encoding chunked Connection keep-alive
GET H/1.1	200 OK	jquery.fancybox-thumbs.js Show response 116.202.19.95/wp-content/themes/gn/images/source/helpers/	4 KB 2 KB	3211ms 27ms	Script application/javascript	116.202.19.95 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL http://116.202.19.95/wp-content/themes/gn/images/source/helpers/jquery.fancybox-thumbs.js Requested by Host: 13.jtyh.erlenhof-zucht.de URL: http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html Protocol HTTP/1.1 Security , , Server 116.202.19.95 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.95.19.202.116.clients.your-server.de Software nginx / Resource Hash f51a418aede1e4e22f87a247f4847d94eb87f9f92197ef73284924b5d39dee16 Request headers Referer http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 01 Jul 2019 16:47:09 GMT Content-Encoding gzip Last-Modified Thu, 29 Jun 2017 19:37:52 GMT Server nginx ETag W/"f38-5531e6fb7e400" Vary Accept-Encoding Content-Type application/javascript Transfer-Encoding chunked Connection keep-alive
GET H2	200	wiring-instructions-citizens-bank-wiring-diagram-services-citizens-bank-beneficiary-form.jpg www.kurashix.com/wp-content/uploads/2018/10/	293 KB 293 KB	128ms 15ms	Image image/jpeg	2606:4700:30::681c:11e9 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://www.kurashix.com/wp-content/uploads/2018/10/wiring-instructions-citizens-bank-wiring-diagram-services-citizens-bank-beneficiary-form.jpg Requested by Host: 13.jtyh.erlenhof-zucht.de URL: http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::681c:11e9 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 0774d7e7d48a0eb66afdc672356268aa188a9f09dfc9662d2a9c07287db47ab5 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Mon, 01 Jul 2019 16:47:05 GMT x-content-type-options nosniff cf-cache-status HIT age 13604 status 200 strict-transport-security max-age=31536000; includeSubDomains; preload x-xss-protection 1; mode=block last-modified Sat, 27 Oct 2018 11:46:23 GMT server cloudflare x-frame-options SAMEORIGIN etag W/"5bd4500f-4925d" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/jpeg cache-control public, max-age=31536000 cf-ray 4ef9dc1e6b4697e4-FRA expires Tue, 30 Jun 2020 16:47:05 GMT
GET		citzens-check.jpg online-banking.org/wp-content/uploads/	0 0
GET		routing-number-icon.png online-banking.org/wp-content/uploads/2014/10/	0 0
GET H2	200	literature-citizens-bank-beneficiary-form-630x380.png www.kurashix.com/wp-content/uploads/2018/10/	135 KB 135 KB	196ms 93ms	Image image/png	2606:4700:30::681c:11e9 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://www.kurashix.com/wp-content/uploads/2018/10/literature-citizens-bank-beneficiary-form-630x380.png Requested by Host: 13.jtyh.erlenhof-zucht.de URL: http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::681c:11e9 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 125687b1ba1701a9a06abd8511acb55e725ece00a264a10bc2a27694c5b1e145 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Mon, 01 Jul 2019 16:47:12 GMT x-content-type-options nosniff cf-cache-status HIT age 10 status 200 strict-transport-security max-age=31536000; includeSubDomains; preload x-xss-protection 1; mode=block last-modified Tue, 08 Jan 2019 19:48:00 GMT server cloudflare x-frame-options SAMEORIGIN etag W/"5c34fe70-21aa4" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png cache-control public, max-age=31536000 cf-ray 4ef9dc4a0ad697e4-FRA expires Tue, 30 Jun 2020 16:47:12 GMT
GET H2	200	wiring-instructions-citizens-bank-wiring-diagram-services-citizens-bank-beneficiary-form-630x380.jpg www.kurashix.com/wp-content/uploads/2018/10/	34 KB 34 KB	295ms 194ms	Image image/jpeg	2606:4700:30::681c:11e9 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://www.kurashix.com/wp-content/uploads/2018/10/wiring-instructions-citizens-bank-wiring-diagram-services-citizens-bank-beneficiary-form-630x380.jpg Requested by Host: 13.jtyh.erlenhof-zucht.de URL: http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::681c:11e9 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash aba8193ed29acc214f4afc7fecf8766de16fda4d7d0f02cb2f88349cf797f9c4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Mon, 01 Jul 2019 16:47:12 GMT x-content-type-options nosniff cf-cache-status HIT age 10 status 200 strict-transport-security max-age=31536000; includeSubDomains; preload x-xss-protection 1; mode=block last-modified Tue, 08 Jan 2019 16:29:24 GMT server cloudflare x-frame-options SAMEORIGIN etag W/"5c34cfe4-898c" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/jpeg cache-control public, max-age=31536000 cf-ray 4ef9dc4a0ad997e4-FRA expires Tue, 30 Jun 2020 16:47:12 GMT
GET H2	200	reporting-trust-and-estate-distributions-to-foreign-beneficiaries-citizens-bank-beneficiary-form-630x380.png www.kurashix.com/wp-content/uploads/2018/10/	177 KB 177 KB	292ms 191ms	Image image/png	2606:4700:30::681c:11e9 Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL https://www.kurashix.com/wp-content/uploads/2018/10/reporting-trust-and-estate-distributions-to-foreign-beneficiaries-citizens-bank-beneficiary-form-630x380.png Requested by Host: 13.jtyh.erlenhof-zucht.de URL: http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:30::681c:11e9 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 3572f5f7695aa3dd41d63fabd2410a1af75aba46bf4e6e116d0c06735b5338b0 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Mon, 01 Jul 2019 16:47:12 GMT x-content-type-options nosniff cf-cache-status HIT age 10 status 200 strict-transport-security max-age=31536000; includeSubDomains; preload x-xss-protection 1; mode=block last-modified Tue, 08 Jan 2019 16:29:24 GMT server cloudflare x-frame-options SAMEORIGIN etag W/"5c34cfe4-2c238" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type image/png cache-control public, max-age=31536000 cf-ray 4ef9dc4a0ada97e4-FRA expires Tue, 30 Jun 2020 16:47:12 GMT
GET H2	200	421566637.png www.pdffiller.com/preview/421/566/	830 B 1 KB	400ms 6ms	Image image/png	2a02:26f0:6c00:187::3c9a AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://www.pdffiller.com/preview/421/566/421566637.png Requested by Host: 13.jtyh.erlenhof-zucht.de URL: http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_256_GCM Server 2a02:26f0:6c00:187::3c9a , Ascension Island, ASN20940 (AKAMAI-ASN1, US), Reverse DNS Software nginx / Resource Hash 2e7c234508c50968929979ca4772f37a1d1b861ca514eebe34e3f6966942c497 Request headers Referer http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Mon, 01 Jul 2019 16:47:13 GMT last-modified Wed, 13 Dec 2017 07:56:15 GMT server nginx etag "e69d61a92b53e1c27082ac0bf745c692" content-type image/png status 200 cache-control public, max-age=86366 accept-ranges bytes x-img-cache MISS content-length 830 expires Tue, 02 Jul 2019 16:46:39 GMT
GET H/1.1	200 OK	mobile-deposit.jpg www.cbnm.com/sites/www.cbnm.com/themes/composerv1/images/	122 KB 122 KB	16990ms 187ms	Image image/jpeg	192.0.50.124 Q2 Software
General Check archive.org Show headers Download Go to Show image Full URL https://www.cbnm.com/sites/www.cbnm.com/themes/composerv1/images/mobile-deposit.jpg Requested by Host: 13.jtyh.erlenhof-zucht.de URL: http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 192.0.50.124 , United States, ASN62659 (Q2HOLDINGS - Q2 Software, Inc., US), Reverse DNS Software / Resource Hash 24c5bc2c3e0ceee4fa47facec5f688cb9649d1d9ae91ee4582af8b6425201d6a Request headers Referer http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 01 Jul 2019 16:47:29 GMT Last-Modified Wed, 12 Sep 2018 16:41:21 GMT Connection keep-alive Accept-Ranges bytes ETag "5b9941b1-1e850" Content-Length 125008 Content-Type image/jpeg
GET		cit-logo-120x120.jpeg www.onlinebankdirectory.com/wp-content/uploads/2017/04/	0 0
GET		CitizensBankRoutingNumber_mob2.jpg www.citizensbank.com/assets/CB_resources/images/content_2_0/	0 0
GET		25838.png preview-templates.biztreeapps.com/thumbnails_size/460px/	0 0
GET		Cit_Bank_Calc_mobile_2x.png www.citizensbank.com/assets/CB_media/images/im/CIT_BANK_CALC/	0 0
GET		logo.jpg www.cbkamericus.com/design/	0 0
GET		Savings.svg texascitizensbank.com/wp-content/uploads/2017/08/	0 0
GET H/1.1	200 OK	transfers_hdr.png www.firstcitizens.com/content/images/digital/	25 KB 25 KB	4459ms 137ms	Image image/png	69.89.129.19 First Citizens Bank
General Check archive.org Show headers Download Go to Show image Full URL https://www.firstcitizens.com/content/images/digital/transfers_hdr.png Requested by Host: 13.jtyh.erlenhof-zucht.de URL: http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 69.89.129.19 , United States, ASN22976 (FIRST-CITIZENS-01 - First Citizens Bank, US), Reverse DNS dnssectest.first-citizens-bank.bank Software Apache / Resource Hash 2ea415cd4e34ee427ef9d5f07b73e43cd8feb5ca73ba42d799a7f396855b56fb Request headers Referer http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 01 Jul 2019 16:47:17 GMT Last-Modified Thu, 27 Jun 2019 20:04:16 GMT Server Apache ETag "201b9-63a1-58c53aa9ad000" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=15, max=200 Content-Length 25505 X-dynaTrace PT=979556864;PA=525680336;SP=DOT COM - PRD;PS=2013945258
GET H2	200	images encrypted-tbn0.gstatic.com/	7 KB 7 KB	496ms 91ms	Image image/jpeg	2a00:1450:4001:81d::200e Google LLC
General Check archive.org Show headers Download Go to Show image Full URL https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcScdOMUCP4-ag-MSEjugEirMt86fTTPvBCfqGmhsQuWpjKr3KQRAw Requested by Host: 13.jtyh.erlenhof-zucht.de URL: http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software sffe / Resource Hash 5219a1cf0ee95c4130a134857ea3aec0a1faa46378d08d60be6f9506eb755f1b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Mon, 01 Jul 2019 16:47:13 GMT x-content-type-options nosniff last-modified Tue, 08 Jan 2019 16:29:45 GMT server sffe access-control-allow-origin * content-type image/jpeg status 200 cache-control public, max-age=31536000 accept-ranges bytes alt-svc quic=":443"; ma=2592000; v="46,44,43,39" content-length 7176 x-xss-protection 0 expires Tue, 30 Jun 2020 16:47:13 GMT
GET H/1.1	200 OK	secure-icon.png 116.202.19.95/wp-content/themes/gn/images/	18 KB 18 KB	102ms 101ms	Image image/png	116.202.19.95 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL http://116.202.19.95/wp-content/themes/gn/images/secure-icon.png Requested by Host: 13.jtyh.erlenhof-zucht.de URL: http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html Protocol HTTP/1.1 Security , , Server 116.202.19.95 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.95.19.202.116.clients.your-server.de Software nginx / Resource Hash 590f387b0eb98f9507c0697fc62872b8f4047201e2daa1c4dd3169fdc5614d43 Request headers Referer http://13.jtyh.erlenhof-zucht.de/vfe/wiring-instructions-citizens-bank.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 01 Jul 2019 16:47:13 GMT Last-Modified Thu, 30 Mar 2017 01:57:44 GMT Server nginx ETag "4614-54be904d3b600" Content-Type image/png Connection keep-alive Accept-Ranges bytes Content-Length 17940
GET		js15_as.js s10.histats.com/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

online-banking.org

URL

https://online-banking.org/wp-content/uploads/citzens-check.jpg

Domain

online-banking.org

URL

https://online-banking.org/wp-content/uploads/2014/10/routing-number-icon.png

Domain

www.onlinebankdirectory.com

URL

http://www.onlinebankdirectory.com/wp-content/uploads/2017/04/cit-logo-120x120.jpeg

Domain

www.citizensbank.com

URL

https://www.citizensbank.com/assets/CB_resources/images/content_2_0/CitizensBankRoutingNumber_mob2.jpg

Domain

preview-templates.biztreeapps.com

URL

https://preview-templates.biztreeapps.com/thumbnails_size/460px/25838.png

Domain

www.citizensbank.com

URL

https://www.citizensbank.com/assets/CB_media/images/im/CIT_BANK_CALC/Cit_Bank_Calc_mobile_2x.png

Domain

www.cbkamericus.com

URL

https://www.cbkamericus.com/design/logo.jpg

Domain

texascitizensbank.com

URL

https://texascitizensbank.com/wp-content/uploads/2017/08/Savings.svg

Domain

s10.histats.com

URL

http://s10.histats.com/js15_as.js

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Banking (Banking)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery object| _Hasync

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

13.jtyh.erlenhof-zucht.de
ajax.googleapis.com
encrypted-tbn0.gstatic.com
maxcdn.bootstrapcdn.com
online-banking.org
preview-templates.biztreeapps.com
s10.histats.com
texascitizensbank.com
www.cbkamericus.com
www.cbnm.com
www.citizensbank.com
www.firstcitizens.com
www.kurashix.com
www.onlinebankdirectory.com
www.pdffiller.com
online-banking.org
preview-templates.biztreeapps.com
s10.histats.com
texascitizensbank.com
www.cbkamericus.com
www.citizensbank.com
www.onlinebankdirectory.com
116.202.19.95
192.0.50.124
209.197.3.15
2606:4700:30::681c:11e9
2a00:1450:4001:808::200a
2a00:1450:4001:81d::200e
2a02:26f0:6c00:187::3c9a
69.89.129.19
0774d7e7d48a0eb66afdc672356268aa188a9f09dfc9662d2a9c07287db47ab5
125687b1ba1701a9a06abd8511acb55e725ece00a264a10bc2a27694c5b1e145
21ed5613a9b442b053dd2dec13d6212ec4ec3599a48cc66a74f153c2f4bcdd79
24c5bc2c3e0ceee4fa47facec5f688cb9649d1d9ae91ee4582af8b6425201d6a
2e7c234508c50968929979ca4772f37a1d1b861ca514eebe34e3f6966942c497
2ea415cd4e34ee427ef9d5f07b73e43cd8feb5ca73ba42d799a7f396855b56fb
3262d61214c051fd1ddc466741e89970ef1755f2044de8ba9d6821a7adfa8841
33675f4a8b0e98d8cac9af2b3cd9374abd17070a24de91ee5c4035754c9127f5
350116180d1380c4d6a892badb35ac9e41fa80d165e822a43264ef52dda640ce
3572f5f7695aa3dd41d63fabd2410a1af75aba46bf4e6e116d0c06735b5338b0
5219a1cf0ee95c4130a134857ea3aec0a1faa46378d08d60be6f9506eb755f1b
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
5512f400cac3fbb1fdfbb02989ed098f88a2af5a6e4ba3d88a039bc421ea7ffe
590f387b0eb98f9507c0697fc62872b8f4047201e2daa1c4dd3169fdc5614d43
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
9293004ffea27d33c649adfb86cc7a14bffebd27eb61e65be86f93457ba576a0
9affe5c517b86320fb70fb24812ccfbd9aa27f8078ff6024f9e58c0e2033d4ba
aba8193ed29acc214f4afc7fecf8766de16fda4d7d0f02cb2f88349cf797f9c4
d836d81acb5d5e712c55c4f7911d93513fe1d7d0336353085aa5bd0f36b6998c
e5039e2221ad6b206c213c77be0b4e477234a47dddd4c39327edabb58f11339a
f51a418aede1e4e22f87a247f4847d94eb87f9f92197ef73284924b5d39dee16
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c