urlscan.io logo urlscan.io
SecurityTrails logo

xxxxxuiiiq.dyn-vpn.de Open in urlscan Pro
45.15.131.113  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://bit.do/fT33J
Effective URL: https://xxxxxuiiiq.dyn-vpn.de/2.html
Submission: On April 04 via automatic, source phishtank — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 3 countries across 3 domains to perform 17 HTTP transactions. The main IP is 45.15.131.113, located in Torelló, Spain and belongs to DEDIPATH-LLC, US. The main domain is xxxxxuiiiq.dyn-vpn.de.
TLS certificate: Issued by R3 on April 4th 2022. Valid for: 3 months.
This is the only time xxxxxuiiiq.dyn-vpn.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citizens Bank (Banking)

Domain & IP information

IP Address AS Autonomous System
1 1 54.83.52.76 14618 (AMAZON-AES)
1 45.15.131.113 35913 (DEDIPATH-LLC)
16 23.79.132.221 16625 (AKAMAI-AS)
17 2
Apex Domain
Subdomains		 Transfer
16 citizensbankonline.com
www3.citizensbankonline.com — Cisco Umbrella Rank: 144068
144 KB
1 dyn-vpn.de
xxxxxuiiiq.dyn-vpn.de
4 KB
1 bit.do
bit.do — Cisco Umbrella Rank: 218003
231 B
17 3
Domain Requested by
16 www3.citizensbankonline.com xxxxxuiiiq.dyn-vpn.de
www3.citizensbankonline.com
1 xxxxxuiiiq.dyn-vpn.de
1 bit.do 1 redirects
17 3

This site contains links to these domains. Also see Links.

Domain
www.citizensbank.com
www3.citizensbankonline.com
Subject Issuer Validity Valid
xxxxxuiiiq.dyn-vpn.de
R3		 2022-04-04 -
2022-07-03		 3 months crt.sh
citizensbankonline.com
Entrust Certification Authority - L1M		 2021-05-18 -
2022-05-18		 a year crt.sh

This page contains 1 frames:

Primary Page: https://xxxxxuiiiq.dyn-vpn.de/2.html
Frame ID: 24D986718A3622C9980441537A7410A0
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://bit.do/fT33J HTTP 301
    https://xxxxxuiiiq.dyn-vpn.de/2.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery-ui[.-]([\d.]*\d)[^/]*\.js
  • jquery-ui.*\.js

Page Statistics

17
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

148 kB
Transfer

353 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://bit.do/fT33J HTTP 301
    https://xxxxxuiiiq.dyn-vpn.de/2.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 2.html
xxxxxuiiiq.dyn-vpn.de/
Redirect Chain
  • http://bit.do/fT33J
  • https://xxxxxuiiiq.dyn-vpn.de/2.html
12 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://xxxxxuiiiq.dyn-vpn.de/2.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
45.15.131.113 Torelló, Spain, ASN35913 (DEDIPATH-LLC, US),
Reverse DNS
Software
nginx /
Resource Hash
f6ebcd8e646b6fdc03d66d59dd7ed3725ec3cc694b684717f4973dbd85d77e23

Request headers

Accept-Language
de-DE,de;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Cache-Control
max-age=315360000
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Mon, 04 Apr 2022 19:07:58 GMT
ETag
W/"624b1ad5-3187"
Expires
Thu, 31 Dec 2037 23:55:55 GMT
Keep-Alive
timeout=60
Last-Modified
Mon, 04 Apr 2022 16:20:37 GMT
Server
nginx
Transfer-Encoding
chunked
Vary
Accept-Encoding

Redirect headers

Connection
keep-alive
Content-Length
316
Content-Type
text/html; charset=iso-8859-1
Date
Mon, 04 Apr 2022 19:07:57 GMT
Location
https://xxxxxuiiiq.dyn-vpn.de/2.html
Server
nginx/1.18.0
pm_fp.js
www3.citizensbankonline.com/efs/efs/jsp-ns/ 		23 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www3.citizensbankonline.com/efs/efs/jsp-ns/pm_fp.js
Requested by
Host: xxxxxuiiiq.dyn-vpn.de
URL: https://xxxxxuiiiq.dyn-vpn.de/2.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.79.132.221 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-132-221.deploy.static.akamaitechnologies.com
Software
Akamai Resource Optimizer /
Resource Hash
c6fbe2de716de3100ada73ac3cd1f0c52d3bcd0957ae1623c2abd1c94e91e21e
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xxxxxuiiiq.dyn-vpn.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Mon, 04 Apr 2022 19:07:58 GMT
content-encoding
br
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
5739
x-olb-req-received
t=1648999739687466
x-akamai-origin-object-size
5739
last-modified
Sun, 03 Apr 2022 15:29:39 GMT
server
Akamai Resource Optimizer
x-frame-options
SAMEORIGIN
etag
"5cbf-5db2cf0daac79"
vary
Accept-Encoding
strict-transport-security
max-age=15768000
content-type
application/x-javascript
access-control-allow-origin
*
expires
Tue, 05 Apr 2022 14:42:22 GMT
cache-control
max-age=70464
accept-ranges
bytes
lb-action
None, None
x-olb-req-duration
D=1522
jquery-ui-1.10.1.custom.min.css
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-ui/css/custom-theme/ 		22 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-ui/css/custom-theme/jquery-ui-1.10.1.custom.min.css
Requested by
Host: xxxxxuiiiq.dyn-vpn.de
URL: https://xxxxxuiiiq.dyn-vpn.de/2.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.79.132.221 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-132-221.deploy.static.akamaitechnologies.com
Software
Akamai Resource Optimizer /
Resource Hash
f59cebc4c1888584b772204419501ba1c1d81e38fad05495e9991f468486fd55
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xxxxxuiiiq.dyn-vpn.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Mon, 04 Apr 2022 19:07:58 GMT
content-encoding
br
server-timing
cdn-cache; desc=HIT, edge; dur=94
content-length
3624
x-olb-req-received
t=1649000254733044
x-akamai-origin-object-size
3624
last-modified
Sun, 03 Apr 2022 15:37:42 GMT
server
Akamai Resource Optimizer
x-frame-options
SAMEORIGIN
etag
"5872-5db2cf0dab449"
vary
Accept-Encoding
strict-transport-security
max-age=15768000
content-type
text/css
access-control-allow-origin
*
expires
Tue, 05 Apr 2022 19:07:28 GMT
cache-control
max-age=86370
accept-ranges
bytes
lb-action
None, None
x-olb-req-duration
D=752
jquery.min.js
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-ui/js/ 		90 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-ui/js/jquery.min.js
Requested by
Host: xxxxxuiiiq.dyn-vpn.de
URL: https://xxxxxuiiiq.dyn-vpn.de/2.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.79.132.221 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-132-221.deploy.static.akamaitechnologies.com
Software
Akamai Resource Optimizer /
Resource Hash
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xxxxxuiiiq.dyn-vpn.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Mon, 04 Apr 2022 19:07:58 GMT
content-encoding
br
server-timing
cdn-cache; desc=HIT, edge; dur=73
content-length
29348
x-olb-req-received
t=1649000237621557
last-modified
Sun, 03 Apr 2022 15:37:18 GMT
server
Akamai Resource Optimizer
x-frame-options
SAMEORIGIN
etag
"169d5-5db2cf0dab449"
vary
Accept-Encoding
strict-transport-security
max-age=15768000
content-type
application/x-javascript
access-control-allow-origin
*
expires
Tue, 05 Apr 2022 19:07:51 GMT
cache-control
max-age=86393
accept-ranges
bytes
lb-action
None, None
x-olb-req-duration
D=5140
jquery.hoverIntent.js
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/ 		1 KB
799 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery.hoverIntent.js
Requested by
Host: xxxxxuiiiq.dyn-vpn.de
URL: https://xxxxxuiiiq.dyn-vpn.de/2.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.79.132.221 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-132-221.deploy.static.akamaitechnologies.com
Software
Akamai Resource Optimizer /
Resource Hash
5f5174ecbf3d9d3a7154c20eba9fc818d9a208e4100a0f43a1f948a4331a92cc
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xxxxxuiiiq.dyn-vpn.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Mon, 04 Apr 2022 19:07:58 GMT
content-encoding
br
server-timing
cdn-cache; desc=HIT, edge; dur=41
content-length
423
x-olb-req-received
t=1649000289394293
last-modified
Sun, 03 Apr 2022 15:38:09 GMT
server
Akamai Resource Optimizer
x-frame-options
SAMEORIGIN
etag
"499-5db2cf0dab449"
vary
Accept-Encoding
strict-transport-security
max-age=15768000
content-type
application/x-javascript
access-control-allow-origin
*
expires
Tue, 05 Apr 2022 19:07:58 GMT
cache-control
max-age=86400
accept-ranges
bytes
lb-action
None, None
x-olb-req-duration
D=244
jquery-ui-1.10.1.custom.min.js
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-ui/js/ 		111 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-ui/js/jquery-ui-1.10.1.custom.min.js
Requested by
Host: xxxxxuiiiq.dyn-vpn.de
URL: https://xxxxxuiiiq.dyn-vpn.de/2.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.79.132.221 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-132-221.deploy.static.akamaitechnologies.com
Software
Akamai Resource Optimizer /
Resource Hash
9b0f09ae5fc8e00a9b17d7600e32dc11b1074248a3ae9e32f8a340eae91200af
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xxxxxuiiiq.dyn-vpn.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Mon, 04 Apr 2022 19:07:58 GMT
content-encoding
br
server-timing
cdn-cache; desc=HIT, edge; dur=36
content-length
27690
x-olb-req-received
t=1649000270028988
x-akamai-origin-object-size
27690
last-modified
Sun, 03 Apr 2022 15:37:56 GMT
server
Akamai Resource Optimizer
x-frame-options
SAMEORIGIN
etag
"1bdee-5db2ce93f0cbc"
vary
Accept-Encoding
strict-transport-security
max-age=15768000
content-type
application/x-javascript
access-control-allow-origin
*
expires
Tue, 05 Apr 2022 19:07:05 GMT
cache-control
max-age=86347
accept-ranges
bytes
lb-action
None, None
x-olb-req-duration
D=5029
capslock.jquery.js
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/caps_lock/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/caps_lock/capslock.jquery.js
Requested by
Host: xxxxxuiiiq.dyn-vpn.de
URL: https://xxxxxuiiiq.dyn-vpn.de/2.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.79.132.221 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-132-221.deploy.static.akamaitechnologies.com
Software
Akamai Resource Optimizer /
Resource Hash
1730f7d7aa6c474051605e0e7609cccd15ea3a39de9803973568e6c08effbdf1
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xxxxxuiiiq.dyn-vpn.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Mon, 04 Apr 2022 19:07:58 GMT
content-encoding
br
server-timing
cdn-cache; desc=HIT, edge; dur=20
content-length
976
x-olb-req-received
t=1649000237713404
last-modified
Sun, 03 Apr 2022 15:37:18 GMT
server
Akamai Resource Optimizer
x-frame-options
SAMEORIGIN
etag
"c44-5db2ce063bf63"
vary
Accept-Encoding
strict-transport-security
max-age=15768000
content-type
application/x-javascript
access-control-allow-origin
*
expires
Tue, 05 Apr 2022 19:07:58 GMT
cache-control
max-age=86400
accept-ranges
bytes
lb-action
None, None
x-olb-req-duration
D=297
styles-2013.css
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/ 		16 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css
Requested by
Host: xxxxxuiiiq.dyn-vpn.de
URL: https://xxxxxuiiiq.dyn-vpn.de/2.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.79.132.221 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-132-221.deploy.static.akamaitechnologies.com
Software
Akamai Resource Optimizer /
Resource Hash
19bc7e5458ebf92f38e4135878f166318630777c059b386613f2871c4d15fda2
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xxxxxuiiiq.dyn-vpn.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Mon, 04 Apr 2022 19:07:58 GMT
content-encoding
br
server-timing
cdn-cache; desc=HIT, edge; dur=41
content-length
3128
x-olb-req-received
t=1649000249033001
x-akamai-origin-object-size
3128
last-modified
Sun, 03 Apr 2022 15:37:29 GMT
server
Akamai Resource Optimizer
x-frame-options
SAMEORIGIN
etag
"40cc-5db2ce93f04ec"
vary
Accept-Encoding
strict-transport-security
max-age=15768000
content-type
text/css
access-control-allow-origin
*
expires
Tue, 05 Apr 2022 19:07:58 GMT
cache-control
max-age=86400
accept-ranges
bytes
lb-action
None, None
x-olb-req-duration
D=668
hinticon.png
www3.citizensbankonline.com/efs/efs/grafx/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www3.citizensbankonline.com/efs/efs/grafx/hinticon.png
Requested by
Host: xxxxxuiiiq.dyn-vpn.de
URL: https://xxxxxuiiiq.dyn-vpn.de/2.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.79.132.221 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-132-221.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
f94fc49d5ff852c411e3da487bd4f63aed16a07642fd0b1231887e8ac3d9b05f
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xxxxxuiiiq.dyn-vpn.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Mon, 04 Apr 2022 19:07:59 GMT
x-olb-req-received
t=1649072989719990
last-modified
Sat, 29 Jan 2022 03:00:50 GMT
etag
"4c3-5d6afc2410b0e"
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=578503
x-olb-req-duration
D=112
server-timing
cdn-cache; desc=HIT, edge; dur=101
content-length
1219
strict-transport-security
max-age=15768000
accept-ranges
bytes
lb-action
None
expires
Mon, 11 Apr 2022 11:49:42 GMT
ehl.gif
www3.citizensbankonline.com/efs/efs/grafx/ 		88 B
399 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www3.citizensbankonline.com/efs/efs/grafx/ehl.gif
Requested by
Host: xxxxxuiiiq.dyn-vpn.de
URL: https://xxxxxuiiiq.dyn-vpn.de/2.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.79.132.221 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-132-221.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
f38ccfb82832d5d520a762b30713c43d178f8e9b6e0f9f51970611f06636d6aa
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xxxxxuiiiq.dyn-vpn.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Mon, 04 Apr 2022 19:07:59 GMT
x-olb-req-received
t=1648999759046726
last-modified
Sat, 29 Jan 2022 03:01:30 GMT
etag
"58-5d6afc4a3ef6f"
x-frame-options
SAMEORIGIN
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=505382
x-olb-req-duration
D=105
server-timing
cdn-cache; desc=HIT, edge; dur=11
content-length
88
strict-transport-security
max-age=15768000
accept-ranges
bytes
lb-action
None
expires
Sun, 10 Apr 2022 15:31:01 GMT
common.js
www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/common.js
Requested by
Host: xxxxxuiiiq.dyn-vpn.de
URL: https://xxxxxuiiiq.dyn-vpn.de/2.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.79.132.221 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-132-221.deploy.static.akamaitechnologies.com
Software
Akamai Resource Optimizer /
Resource Hash
e8c5013c999bee8dd455c1ac01133c69dd9aa06b34a7397bdff291c5ecbdc84d
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://xxxxxuiiiq.dyn-vpn.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Mon, 04 Apr 2022 19:07:59 GMT
content-encoding
br
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
1356
x-olb-req-received
t=1648999740310772
x-akamai-origin-object-size
1356
last-modified
Sun, 03 Apr 2022 15:31:16 GMT
server
Akamai Resource Optimizer
x-frame-options
SAMEORIGIN
etag
"12f5-5db2ce93f08d4"
vary
Accept-Encoding
strict-transport-security
max-age=15768000
content-type
application/x-javascript
access-control-allow-origin
*
expires
Tue, 05 Apr 2022 14:42:22 GMT
cache-control
max-age=70463
accept-ranges
bytes
lb-action
None, None
x-olb-req-duration
D=506
citizens-logo-sm.png
www3.citizensbankonline.com/efs/efs/grafx/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www3.citizensbankonline.com/efs/efs/grafx/citizens-logo-sm.png
Requested by
Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.79.132.221 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-132-221.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
61ab87df5a701ac0749d98660ebbdca021127991d12c2f79cdd723f8a96ecd5a
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Mon, 04 Apr 2022 19:07:59 GMT
x-olb-req-received
t=1649016331514860
last-modified
Sat, 29 Jan 2022 03:00:50 GMT
etag
"ae9-5d6afc2402c6a"
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=521785
x-olb-req-duration
D=98
server-timing
cdn-cache; desc=HIT, edge; dur=222
content-length
2793
strict-transport-security
max-age=15768000
accept-ranges
bytes
lb-action
None
expires
Sun, 10 Apr 2022 20:04:24 GMT
splitter.png
www3.citizensbankonline.com/efs/efs/grafx/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www3.citizensbankonline.com/efs/efs/grafx/splitter.png
Requested by
Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.79.132.221 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-132-221.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
089d475a97a845f1fa56d66ce227f9a70170aa893249052a7089c307c614daf1
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Mon, 04 Apr 2022 19:07:59 GMT
x-olb-req-received
t=1649016331525525
last-modified
Sat, 29 Jan 2022 03:00:50 GMT
etag
"6f1-5d6afc2414d75"
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=521835
x-olb-req-duration
D=87
server-timing
cdn-cache; desc=HIT, edge; dur=162
content-length
1777
strict-transport-security
max-age=15768000
accept-ranges
bytes
lb-action
None
expires
Sun, 10 Apr 2022 20:05:14 GMT
lock-grn.png
www3.citizensbankonline.com/efs/efs/grafx/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www3.citizensbankonline.com/efs/efs/grafx/lock-grn.png
Requested by
Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.79.132.221 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-132-221.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
7574983a9af6d447856f9965e1d156c0027cead27de40ea7af026da3574fc566
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Mon, 04 Apr 2022 19:07:59 GMT
x-olb-req-received
t=1649016331529744
last-modified
Sat, 29 Jan 2022 03:00:50 GMT
etag
"51b-5d6afc24116c6"
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=521832
x-olb-req-duration
D=94
server-timing
cdn-cache; desc=HIT, edge; dur=124
content-length
1307
strict-transport-security
max-age=15768000
accept-ranges
bytes
lb-action
None
expires
Sun, 10 Apr 2022 20:05:11 GMT
arrow-collapse.png
www3.citizensbankonline.com/efs/efs/grafx/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www3.citizensbankonline.com/efs/efs/grafx/arrow-collapse.png
Requested by
Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.79.132.221 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-132-221.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
34a0f68c279cbb29c79717498dbe63d577a1f94ae9c57aa886a5af279c56b9be
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Mon, 04 Apr 2022 19:07:59 GMT
x-olb-req-received
t=1649014251358818
last-modified
Sat, 29 Jan 2022 03:01:29 GMT
etag
"40c-5d6afc493e9fa"
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=519787
x-olb-req-duration
D=90
server-timing
cdn-cache; desc=HIT, edge; dur=92
content-length
1036
strict-transport-security
max-age=15768000
accept-ranges
bytes
lb-action
None
expires
Sun, 10 Apr 2022 19:31:06 GMT
citizen_roman.woff
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/ 		31 KB
32 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_roman.woff
Requested by
Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.79.132.221 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-132-221.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css
Origin
https://xxxxxuiiiq.dyn-vpn.de
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Mon, 04 Apr 2022 19:07:59 GMT
x-olb-req-received
t=1648999740316911
last-modified
Sun, 27 Mar 2022 05:57:53 GMT
etag
"7ce0-5db2ce063bb7b"
x-frame-options
SAMEORIGIN
access-control-allow-origin
*
cache-control
max-age=505213
x-olb-req-duration
D=130
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
31968
strict-transport-security
max-age=15768000
accept-ranges
bytes
lb-action
None
expires
Sun, 10 Apr 2022 15:28:12 GMT
citizen_bold.woff
www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/ 		29 KB
29 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_bold.woff
Requested by
Host: www3.citizensbankonline.com
URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.79.132.221 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-132-221.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
5bb2d438470a02799577010a14310fa8ac3ed7ea77ca15435aaaa154e407b3e6
Security Headers
Name Value
Strict-Transport-Security max-age=15768000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css
Origin
https://xxxxxuiiiq.dyn-vpn.de
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date
Mon, 04 Apr 2022 19:07:59 GMT
x-olb-req-received
t=1648999740312640
last-modified
Sun, 27 Mar 2022 06:02:29 GMT
etag
"7278-5db2cf0daa0c1"
x-frame-options
SAMEORIGIN
access-control-allow-origin
*
cache-control
max-age=505214
x-olb-req-duration
D=133
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
29304
strict-transport-security
max-age=15768000
accept-ranges
bytes
lb-action
None
expires
Sun, 10 Apr 2022 15:28:13 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citizens Bank (Banking)

44 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails string| SEP string| PAIR function| activeXDetect function| stripIllegalChars function| stripFullPath object| BrowserDetect function| FingerPrint function| Hashtable function| IE_FingerPrint function| Mozilla_FingerPrint function| Opera_FingerPrint function| add_deviceprint function| urlEncode function| encode_deviceprint function| decode_deviceprint function| post_deviceprint function| $ function| jQuery function| DP_jQuery_1649099280102 object| theBody function| isNumeric function| needHelp function| isSpecialChar function| validateIE7 function| setFieldState function| hasErrors function| getValidateMessageListCheckSpaces function| getValidateMessageList function| getBasicFieldErrorMessages function| getBasicFieldSuccessMessages function| isIE7 function| isUnsupported function| setupToolTip function| setupNonStickyToolTip function| initPasswordToolTip function| initPasswordCapsLock function| validatePasswordRules function| validateField function| isEmpty function| validateGoodPasswordRules

0 Cookies

1 Console Messages

Source Level URL
Text
security error URL: https://xxxxxuiiiq.dyn-vpn.de/2.html(Line 30)
Message:
X-Frame-Options may only be set via an HTTP header sent along with a document. It may not be set inside <meta>.