www.civil.line.pm Open in urlscan Pro
147.189.141.150  Malicious Activity! Public Scan

7 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request pik.html Show response www.civil.line.pm/cizen/	12 KB 4 KB	312ms 47ms	Document text/html	147.189.141.150 VELOXSERV
General Check archive.org Show headers Download Go to Full URL https://www.civil.line.pm/cizen/pik.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 147.189.141.150 Wolverhampton, United Kingdom, ASN3170 (VELOXSERV, GB), Reverse DNS wim6djwftw.salinascarinsurance.com Software nginx / Resource Hash e6f13dd6911b260616a11bfc11f15650c9d94f845c7f94ebf0d2819943a0bc88 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers Cache-Control max-age=315360000 Connection keep-alive Content-Encoding gzip Content-Type text/html Date Mon, 07 Nov 2022 19:30:53 GMT ETag W/"635fe4a8-3186" Expires Thu, 31 Dec 2037 23:55:55 GMT Keep-Alive timeout=60 Last-Modified Mon, 31 Oct 2022 15:07:20 GMT Server nginx Transfer-Encoding chunked Vary Accept-Encoding
GET H2	200	pm_fp.js Show response www3.citizensbankonline.com/efs/efs/jsp-ns/	23 KB 6 KB	925ms 623ms	Script application/x-javascript	2a02:26f0:3500:88c::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www3.citizensbankonline.com/efs/efs/jsp-ns/pm_fp.js Requested by Host: www.civil.line.pm URL: https://www.civil.line.pm/cizen/pik.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:88c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Akamai Resource Optimizer / Resource Hash c6fbe2de716de3100ada73ac3cd1f0c52d3bcd0957ae1623c2abd1c94e91e21e Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language en-GB,en;q=0.9 Referer https://www.civil.line.pm/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers expires Tue, 08 Nov 2022 15:52:09 GMT date Mon, 07 Nov 2022 19:30:54 GMT content-encoding br strict-transport-security max-age=15768000 server-timing cdn-cache; desc=HIT, edge; dur=544 content-length 5739 x-olb-req-received t=1667733824084690 last-modified Sun, 06 Nov 2022 15:02:46 GMT server Akamai Resource Optimizer etag "5cbf-5e885b034ff5f" vary Accept-Encoding x-frame-options SAMEORIGIN content-type application/x-javascript access-control-allow-origin * cache-control max-age=73275 accept-ranges bytes lb-action None, None x-olb-req-duration D=1008
GET H2	200	jquery-ui-1.10.1.custom.min.css www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-ui/css/custom-theme/	22 KB 4 KB	1208ms 906ms	Stylesheet text/css	2a02:26f0:3500:88c::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-ui/css/custom-theme/jquery-ui-1.10.1.custom.min.css Requested by Host: www.civil.line.pm URL: https://www.civil.line.pm/cizen/pik.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:88c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Akamai Resource Optimizer / Resource Hash f59cebc4c1888584b772204419501ba1c1d81e38fad05495e9991f468486fd55 Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language en-GB,en;q=0.9 Referer https://www.civil.line.pm/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers expires Tue, 08 Nov 2022 19:30:50 GMT date Mon, 07 Nov 2022 19:30:54 GMT content-encoding br strict-transport-security max-age=15768000 server-timing cdn-cache; desc=HIT, edge; dur=831 content-length 3624 x-olb-req-received t=1667735445182369 last-modified Sun, 06 Nov 2022 11:50:45 GMT server Akamai Resource Optimizer etag "5872-5e885b034c66a" vary Accept-Encoding x-frame-options SAMEORIGIN content-type text/css access-control-allow-origin * cache-control max-age=86396 accept-ranges bytes lb-action None, None x-olb-req-duration D=891
GET H2	200	jquery.min.js Show response www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-ui/js/	90 KB 29 KB	1217ms 917ms	Script application/x-javascript	2a02:26f0:3500:88c::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-ui/js/jquery.min.js Requested by Host: www.civil.line.pm URL: https://www.civil.line.pm/cizen/pik.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:88c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Akamai Resource Optimizer / Resource Hash c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4 Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language en-GB,en;q=0.9 Referer https://www.civil.line.pm/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers expires Tue, 08 Nov 2022 19:30:46 GMT date Mon, 07 Nov 2022 19:30:54 GMT content-encoding br strict-transport-security max-age=15768000 server-timing cdn-cache; desc=REVALIDATE, edge; dur=820, origin; dur=12 content-length 29348 x-olb-req-received t=1667735821308487 last-modified Sun, 06 Nov 2022 11:57:01 GMT server Akamai Resource Optimizer etag "169d5-5e885b035072f" vary Accept-Encoding x-frame-options SAMEORIGIN content-type application/x-javascript access-control-allow-origin * cache-control max-age=86392 accept-ranges bytes lb-action None, None x-olb-req-duration D=4725
GET H2	200	jquery.hoverIntent.js Show response www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/	1 KB 831 B	1761ms 1461ms	Script application/x-javascript	2a02:26f0:3500:88c::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery.hoverIntent.js Requested by Host: www.civil.line.pm URL: https://www.civil.line.pm/cizen/pik.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:88c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Akamai Resource Optimizer / Resource Hash 5f5174ecbf3d9d3a7154c20eba9fc818d9a208e4100a0f43a1f948a4331a92cc Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language en-GB,en;q=0.9 Referer https://www.civil.line.pm/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers expires Tue, 08 Nov 2022 19:29:06 GMT date Mon, 07 Nov 2022 19:30:55 GMT content-encoding br strict-transport-security max-age=15768000 server-timing cdn-cache; desc=REVALIDATE, edge; dur=1246, origin; dur=42 content-length 423 x-olb-req-received t=1667736009318082 last-modified Sun, 06 Nov 2022 12:01:30 GMT server Akamai Resource Optimizer etag "499-5e885b0350b17" vary Accept-Encoding x-frame-options SAMEORIGIN content-type application/x-javascript access-control-allow-origin * cache-control max-age=86291 accept-ranges bytes lb-action None, None x-olb-req-duration D=255
GET H2	200	jquery-ui-1.10.1.custom.min.js Show response www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-ui/js/	111 KB 28 KB	1386ms 1087ms	Script application/x-javascript	2a02:26f0:3500:88c::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/jquery-ui/js/jquery-ui-1.10.1.custom.min.js Requested by Host: www.civil.line.pm URL: https://www.civil.line.pm/cizen/pik.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:88c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Akamai Resource Optimizer / Resource Hash 9b0f09ae5fc8e00a9b17d7600e32dc11b1074248a3ae9e32f8a340eae91200af Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language en-GB,en;q=0.9 Referer https://www.civil.line.pm/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers expires Tue, 08 Nov 2022 19:30:54 GMT date Mon, 07 Nov 2022 19:30:54 GMT content-encoding br strict-transport-security max-age=15768000 server-timing cdn-cache; desc=REVALIDATE, edge; dur=975, origin; dur=24 content-length 27690 x-olb-req-received t=1667738064588496 last-modified Sun, 06 Nov 2022 12:34:25 GMT server Akamai Resource Optimizer etag "1bdee-5e885b034c66a" vary Accept-Encoding x-frame-options SAMEORIGIN content-type application/x-javascript access-control-allow-origin * cache-control max-age=86400 accept-ranges bytes lb-action None, None x-olb-req-duration D=5013
GET H2	200	capslock.jquery.js Show response www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/caps_lock/	3 KB 1 KB	995ms 697ms	Script application/x-javascript	2a02:26f0:3500:88c::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/caps_lock/capslock.jquery.js Requested by Host: www.civil.line.pm URL: https://www.civil.line.pm/cizen/pik.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:88c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Akamai Resource Optimizer / Resource Hash 1730f7d7aa6c474051605e0e7609cccd15ea3a39de9803973568e6c08effbdf1 Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language en-GB,en;q=0.9 Referer https://www.civil.line.pm/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers expires Tue, 08 Nov 2022 19:30:52 GMT date Mon, 07 Nov 2022 19:30:54 GMT content-encoding br strict-transport-security max-age=15768000 server-timing cdn-cache; desc=REVALIDATE, edge; dur=565, origin; dur=45 content-length 976 x-olb-req-received t=1667733985880978 last-modified Sun, 06 Nov 2022 11:26:27 GMT server Akamai Resource Optimizer etag "c44-5e885b034fd15" vary Accept-Encoding x-frame-options SAMEORIGIN content-type application/x-javascript access-control-allow-origin * cache-control max-age=86398 accept-ranges bytes lb-action None, None x-olb-req-duration D=312
GET H2	200	styles-2013.css www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/	16 KB 3 KB	863ms 565ms	Stylesheet text/css	2a02:26f0:3500:88c::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css Requested by Host: www.civil.line.pm URL: https://www.civil.line.pm/cizen/pik.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:88c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Akamai Resource Optimizer / Resource Hash 19bc7e5458ebf92f38e4135878f166318630777c059b386613f2871c4d15fda2 Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language en-GB,en;q=0.9 Referer https://www.civil.line.pm/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers expires Tue, 08 Nov 2022 19:29:01 GMT date Mon, 07 Nov 2022 19:30:54 GMT content-encoding br strict-transport-security max-age=15768000 server-timing cdn-cache; desc=REVALIDATE, edge; dur=484, origin; dur=14 content-length 3128 x-olb-req-received t=1667735457076661 last-modified Sun, 06 Nov 2022 11:50:57 GMT server Akamai Resource Optimizer etag "40cc-5e885b034ff5f" vary Accept-Encoding x-frame-options SAMEORIGIN content-type text/css access-control-allow-origin * cache-control max-age=86287 accept-ranges bytes lb-action None, None x-olb-req-duration D=695
GET H2	200	hinticon.png www3.citizensbankonline.com/efs/efs/grafx/	1 KB 2 KB	851ms 851ms	Image image/png	2a02:26f0:3500:88c::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://www3.citizensbankonline.com/efs/efs/grafx/hinticon.png Requested by Host: www.civil.line.pm URL: https://www.civil.line.pm/cizen/pik.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:88c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash f94fc49d5ff852c411e3da487bd4f63aed16a07642fd0b1231887e8ac3d9b05f Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language en-GB,en;q=0.9 Referer https://www.civil.line.pm/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers x-olb-req-duration D=149 date Mon, 07 Nov 2022 19:30:55 GMT x-olb-req-received t=1667849455826078 strict-transport-security max-age=15768000 last-modified Sat, 20 Aug 2022 01:34:05 GMT etag "4c3-5e6a235cbfeb9" x-frame-options SAMEORIGIN content-type image/png access-control-allow-origin * cache-control max-age=604800 server-timing cdn-cache; desc=MISS, edge; dur=763, origin; dur=29 accept-ranges bytes content-length 1219 lb-action None expires Mon, 14 Nov 2022 19:30:55 GMT
GET H2	200	ehl.gif www3.citizensbankonline.com/efs/efs/grafx/	88 B 425 B	165ms 164ms	Image image/gif	2a02:26f0:3500:88c::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://www3.citizensbankonline.com/efs/efs/grafx/ehl.gif Requested by Host: www.civil.line.pm URL: https://www.civil.line.pm/cizen/pik.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:88c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash f38ccfb82832d5d520a762b30713c43d178f8e9b6e0f9f51970611f06636d6aa Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language en-GB,en;q=0.9 Referer https://www.civil.line.pm/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers x-olb-req-duration D=117 date Mon, 07 Nov 2022 19:30:55 GMT x-olb-req-received t=1667733831896435 strict-transport-security max-age=15768000 last-modified Sat, 20 Aug 2022 01:34:05 GMT etag "58-5e6a235cbcfbf" x-frame-options SAMEORIGIN content-type image/gif access-control-allow-origin * cache-control max-age=489232 server-timing cdn-cache; desc=MISS, edge; dur=33, origin; dur=29 accept-ranges bytes content-length 88 lb-action None expires Sun, 13 Nov 2022 11:24:47 GMT
GET H2	200	common.js Show response www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/	5 KB 2 KB	70ms 69ms	Script application/x-javascript	2a02:26f0:3500:88c::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www3.citizensbankonline.com/efs/efs/jsp-ns/scripts/common.js Requested by Host: www.civil.line.pm URL: https://www.civil.line.pm/cizen/pik.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:88c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Akamai Resource Optimizer / Resource Hash e8c5013c999bee8dd455c1ac01133c69dd9aa06b34a7397bdff291c5ecbdc84d Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language en-GB,en;q=0.9 Referer https://www.civil.line.pm/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers expires Tue, 08 Nov 2022 19:28:23 GMT date Mon, 07 Nov 2022 19:30:55 GMT content-encoding br strict-transport-security max-age=15768000 server-timing cdn-cache; desc=HIT, edge; dur=6 content-length 1356 x-olb-req-received t=1667733889223618 last-modified Sun, 06 Nov 2022 11:27:55 GMT server Akamai Resource Optimizer etag "12f5-5e885b034be9a" vary Accept-Encoding x-frame-options SAMEORIGIN content-type application/x-javascript access-control-allow-origin * cache-control max-age=86248 accept-ranges bytes lb-action None, None x-olb-req-duration D=501
GET H2	200	citizens-logo-sm.png www3.citizensbankonline.com/efs/efs/grafx/	3 KB 3 KB	705ms 705ms	Image image/png	2a02:26f0:3500:88c::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://www3.citizensbankonline.com/efs/efs/grafx/citizens-logo-sm.png Requested by Host: www3.citizensbankonline.com URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:88c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 61ab87df5a701ac0749d98660ebbdca021127991d12c2f79cdd723f8a96ecd5a Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language en-GB,en;q=0.9 Referer https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers x-olb-req-duration D=97 date Mon, 07 Nov 2022 19:30:56 GMT x-olb-req-received t=1667849455974630 strict-transport-security max-age=15768000 last-modified Sat, 20 Aug 2022 01:34:05 GMT etag "ae9-5e6a235cae947" x-frame-options SAMEORIGIN content-type image/png access-control-allow-origin * cache-control max-age=604800 server-timing cdn-cache; desc=MISS, edge; dur=584, origin; dur=29 accept-ranges bytes content-length 2793 lb-action None expires Mon, 14 Nov 2022 19:30:56 GMT
GET H2	200	splitter.png www3.citizensbankonline.com/efs/efs/grafx/	2 KB 2 KB	739ms 739ms	Image image/png	2a02:26f0:3500:88c::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://www3.citizensbankonline.com/efs/efs/grafx/splitter.png Requested by Host: www3.citizensbankonline.com URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:88c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 089d475a97a845f1fa56d66ce227f9a70170aa893249052a7089c307c614daf1 Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language en-GB,en;q=0.9 Referer https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers x-olb-req-duration D=99 date Mon, 07 Nov 2022 19:30:56 GMT x-olb-req-received t=1667849456020615 strict-transport-security max-age=15768000 last-modified Sat, 20 Aug 2022 01:34:05 GMT etag "6f1-5e6a235cc50a7" x-frame-options SAMEORIGIN content-type image/png access-control-allow-origin * cache-control max-age=604748 server-timing cdn-cache; desc=MISS, edge; dur=620, origin; dur=26 accept-ranges bytes content-length 1777 lb-action None expires Mon, 14 Nov 2022 19:30:04 GMT
GET H2	200	lock-grn.png www3.citizensbankonline.com/efs/efs/grafx/	1 KB 2 KB	689ms 688ms	Image image/png	2a02:26f0:3500:88c::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://www3.citizensbankonline.com/efs/efs/grafx/lock-grn.png Requested by Host: www3.citizensbankonline.com URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:88c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 7574983a9af6d447856f9965e1d156c0027cead27de40ea7af026da3574fc566 Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language en-GB,en;q=0.9 Referer https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers x-olb-req-duration D=99 date Mon, 07 Nov 2022 19:30:56 GMT x-olb-req-received t=1667849455961472 strict-transport-security max-age=15768000 last-modified Sat, 20 Aug 2022 01:34:05 GMT etag "51b-5e6a235cc1ddf" x-frame-options SAMEORIGIN content-type image/png access-control-allow-origin * cache-control max-age=604786 server-timing cdn-cache; desc=MISS, edge; dur=559, origin; dur=26 accept-ranges bytes content-length 1307 lb-action None expires Mon, 14 Nov 2022 19:30:42 GMT
GET H2	200	arrow-collapse.png www3.citizensbankonline.com/efs/efs/grafx/	1 KB 1 KB	721ms 721ms	Image image/png	2a02:26f0:3500:88c::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://www3.citizensbankonline.com/efs/efs/grafx/arrow-collapse.png Requested by Host: www3.citizensbankonline.com URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:88c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 34a0f68c279cbb29c79717498dbe63d577a1f94ae9c57aa886a5af279c56b9be Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers accept-language en-GB,en;q=0.9 Referer https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers x-olb-req-duration D=129 date Mon, 07 Nov 2022 19:30:56 GMT x-olb-req-received t=1667772792341619 strict-transport-security max-age=15768000 last-modified Sat, 20 Aug 2022 01:34:05 GMT etag "40c-5e6a235ca4f6f" x-frame-options SAMEORIGIN content-type image/png access-control-allow-origin * cache-control max-age=528066 server-timing cdn-cache; desc=HIT, edge; dur=615 accept-ranges bytes content-length 1036 lb-action None expires Sun, 13 Nov 2022 22:12:02 GMT
GET H2	200	citizen_roman.woff www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/	31 KB 32 KB	235ms 66ms	Font application/octet-stream	2a02:26f0:3500:88c::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_roman.woff Requested by Host: www3.citizensbankonline.com URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:88c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42 Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers Referer https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css Origin https://www.civil.line.pm accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers x-olb-req-duration D=148 date Mon, 07 Nov 2022 19:30:55 GMT x-olb-req-received t=1667733824525353 strict-transport-security max-age=15768000 last-modified Tue, 13 Sep 2022 02:22:48 GMT etag "7ce0-5e885b034ff5f" x-frame-options SAMEORIGIN access-control-allow-origin * cache-control max-age=489126 server-timing cdn-cache; desc=HIT, edge; dur=7 accept-ranges bytes content-length 31968 lb-action None expires Sun, 13 Nov 2022 11:23:01 GMT
GET H2	200	citizen_bold.woff www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/	29 KB 29 KB	294ms 125ms	Font application/octet-stream	2a02:26f0:3500:88c::17c7 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/font/citizen_bold.woff Requested by Host: www3.citizensbankonline.com URL: https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3500:88c::17c7 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 5bb2d438470a02799577010a14310fa8ac3ed7ea77ca15435aaaa154e407b3e6 Security Headers Name Value Strict-Transport-Security max-age=15768000 X-Frame-Options SAMEORIGIN Request headers Referer https://www3.citizensbankonline.com/efs/efs/jsp-ns/inc/css/styles-2013.css Origin https://www.civil.line.pm accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers x-olb-req-duration D=184 date Mon, 07 Nov 2022 19:30:55 GMT x-olb-req-received t=1667733833739069 strict-transport-security max-age=15768000 last-modified Tue, 13 Sep 2022 02:22:48 GMT etag "7278-5e885b034b2e2" x-frame-options SAMEORIGIN access-control-allow-origin * cache-control max-age=489226 server-timing cdn-cache; desc=HIT, edge; dur=1 accept-ranges bytes content-length 29304 lb-action None expires Sun, 13 Nov 2022 11:24:41 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citizens Bank (Banking)

49 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation string| SEP string| PAIR function| activeXDetect function| stripIllegalChars function| stripFullPath object| BrowserDetect function| FingerPrint function| Hashtable function| IE_FingerPrint function| Mozilla_FingerPrint function| Opera_FingerPrint function| add_deviceprint function| urlEncode function| encode_deviceprint function| decode_deviceprint function| post_deviceprint function| $ function| jQuery function| DP_jQuery_1667849455360 object| theBody function| isNumeric function| needHelp function| isSpecialChar function| validateIE7 function| setFieldState function| hasErrors function| getValidateMessageListCheckSpaces function| getValidateMessageList function| getBasicFieldErrorMessages function| getBasicFieldSuccessMessages function| isIE7 function| isUnsupported function| setupToolTip function| setupNonStickyToolTip function| initPasswordToolTip function| initPasswordCapsLock function| validatePasswordRules function| validateField function| isEmpty function| validateGoodPasswordRules

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://www.civil.line.pm/cizen/pik.html(Line 30) Message: X-Frame-Options may only be set via an HTTP header sent along with a document. It may not be set inside <meta>.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.civil.line.pm
www3.citizensbankonline.com
147.189.141.150
2a02:26f0:3500:88c::17c7
089d475a97a845f1fa56d66ce227f9a70170aa893249052a7089c307c614daf1
1730f7d7aa6c474051605e0e7609cccd15ea3a39de9803973568e6c08effbdf1
19bc7e5458ebf92f38e4135878f166318630777c059b386613f2871c4d15fda2
34a0f68c279cbb29c79717498dbe63d577a1f94ae9c57aa886a5af279c56b9be
5bb2d438470a02799577010a14310fa8ac3ed7ea77ca15435aaaa154e407b3e6
5f5174ecbf3d9d3a7154c20eba9fc818d9a208e4100a0f43a1f948a4331a92cc
61ab87df5a701ac0749d98660ebbdca021127991d12c2f79cdd723f8a96ecd5a
7574983a9af6d447856f9965e1d156c0027cead27de40ea7af026da3574fc566
9b0f09ae5fc8e00a9b17d7600e32dc11b1074248a3ae9e32f8a340eae91200af
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c6fbe2de716de3100ada73ac3cd1f0c52d3bcd0957ae1623c2abd1c94e91e21e
c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42
e6f13dd6911b260616a11bfc11f15650c9d94f845c7f94ebf0d2819943a0bc88
e8c5013c999bee8dd455c1ac01133c69dd9aa06b34a7397bdff291c5ecbdc84d
f38ccfb82832d5d520a762b30713c43d178f8e9b6e0f9f51970611f06636d6aa
f59cebc4c1888584b772204419501ba1c1d81e38fad05495e9991f468486fd55
f94fc49d5ff852c411e3da487bd4f63aed16a07642fd0b1231887e8ac3d9b05f