Report - ctzunlock.com/login

Report Overview

Submitted URL
ctzunlock.com/login
IP
172.66.0.96
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-20 05:19:06
Access
public
Website Title
Online Login | Сitizеns
Final URL
ctzunlock.com/login
Tags
citizens financial phishing
urlquery detections
Phishing - Citizens Bank

Detections

urlquery
55
Network Intrusion Detection
0
Threat Detection Systems
86

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ctzunlock.com	unknown	unknown	2022-10-31	2022-11-02	26 kB	1.1 MB	162.159.140.98

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-19	medium	ctzunlock.com/login	RBS Citizens Bank

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-20	medium	ctzunlock.com	Sinkholed
2024-04-20	medium	ctzunlock.com	Sinkholed
2024-04-20	medium	ctzunlock.com	Sinkholed
2024-04-20	medium	ctzunlock.com	Sinkholed
2024-04-20	medium	ctzunlock.com	Sinkholed
2024-04-20	medium	ctzunlock.com	Sinkholed
2024-04-20	medium	ctzunlock.com	Sinkholed
2024-04-20	medium	ctzunlock.com	Sinkholed
2024-04-20	medium	ctzunlock.com	Sinkholed
2024-04-20	medium	ctzunlock.com	Sinkholed
2024-04-20	medium	ctzunlock.com	Sinkholed
2024-04-20	medium	ctzunlock.com	Sinkholed
2024-04-20	medium	ctzunlock.com	Sinkholed
2024-04-20	medium	ctzunlock.com	Sinkholed
2024-04-20	medium	ctzunlock.com	Sinkholed
2024-04-20	medium	ctzunlock.com	Sinkholed
2024-04-20	medium	ctzunlock.com	Sinkholed
2024-04-20	medium	ctzunlock.com	Sinkholed
2024-04-20	medium	ctzunlock.com	Sinkholed
2024-04-20	medium	ctzunlock.com	Sinkholed
2024-04-20	medium	ctzunlock.com	Sinkholed
2024-04-20	medium	ctzunlock.com	Sinkholed
2024-04-20	medium	ctzunlock.com	Sinkholed
2024-04-20	medium	ctzunlock.com	Sinkholed
2024-04-20	medium	ctzunlock.com	Sinkholed
2024-04-20	medium	ctzunlock.com	Sinkholed
2024-04-20	medium	ctzunlock.com	Sinkholed
2024-04-20	medium	ctzunlock.com	Sinkholed
2024-04-20	medium	ctzunlock.com	Sinkholed
2024-04-20	medium	ctzunlock.com	Sinkholed
2024-04-20	medium	ctzunlock.com	Sinkholed
2024-04-20	medium	ctzunlock.com	Sinkholed
2024-04-20	medium	ctzunlock.com	Sinkholed
2024-04-20	medium	ctzunlock.com	Sinkholed
2024-04-20	medium	ctzunlock.com	Sinkholed
2024-04-20	medium	ctzunlock.com	Sinkholed
2024-04-20	medium	ctzunlock.com	Sinkholed
2024-04-20	medium	ctzunlock.com	Sinkholed
2024-04-20	medium	ctzunlock.com	Sinkholed
2024-04-20	medium	ctzunlock.com	Sinkholed
2024-04-20	medium	ctzunlock.com	Sinkholed
2024-04-20	medium	ctzunlock.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (10)

	URL	Size	First Seen	Last Seen
	ctzunlock.com/_next/static/chunks/webpack-bb469f829a664d48.js	2.2 kB	2023-03-07	2024-04-20
Pretty URL ctzunlock.com/_next/static/chunks/webpack-bb469f829a664d48.js IP 162.159.140.98 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:36:05 Last Seen2024-04-20 07:19:07 Times Seen40 Hash 09985188723a77d0dc96533b3177fb30 120be09a92353d98363349d3a6459a296e2bf760 5dfe185409ff8cc0e73ea870cbefbcdac38297bbfa69c545686e536f7c51fa64 Loading...

	ctzunlock.com/_next/static/chunks/main-3123a443c688934f.js	105 kB	2023-03-07	2024-04-20
Pretty URL ctzunlock.com/_next/static/chunks/main-3123a443c688934f.js IP 162.159.140.98 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:53:51 Last Seen2024-04-20 07:19:07 Times Seen65 Hash 5c8fa4faef8700c12dd2c8fe8b29ee96 6882f5b250869c46d913875d48ae03c2b9be449d 0eed4542b90a01be928023ec3dc7abed45c63ffc8067a496863ecef579d4af9f Loading...

	ctzunlock.com/_next/static/chunks/237-d83b95ec01fca10d.js	46 kB	2023-03-08	2024-04-20
Pretty URL ctzunlock.com/_next/static/chunks/237-d83b95ec01fca10d.js IP 162.159.140.98 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:27:00 Last Seen2024-04-20 07:19:07 Times Seen10 Hash 1a8f6842ee616061966e572da1292de7 2543ba6b558add4c40537eabfd0fb3a873cb7638 1fe2ee7ad8adc143238b46680910506a433e98e7f3817f1f15e702fac365ac54 Loading...

	ctzunlock.com/_next/static/chunks/pages/login-1e82d89343fa1668.js	13 kB	2024-04-20	2024-04-20
Pretty URL ctzunlock.com/_next/static/chunks/pages/login-1e82d89343fa1668.js IP 162.159.140.98 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-20 07:19:07 Last Seen2024-04-20 07:19:07 Times Seen2 Hash a7ee2c3a9863ef2c4909e2d69761f489 638899116e7d921e89c782d3d8e02b42acabccf4 92a92e5d1ec7ac39b54df9554efc19fc776c141285aef4aaf25ffbaf79b3c29d Loading...

	ctzunlock.com/_next/static/1OCTy1zHpdX06BECEGlV7/_buildManifest.js	2.4 kB	2024-04-20	2024-04-20
Pretty URL ctzunlock.com/_next/static/1OCTy1zHpdX06BECEGlV7/_buildManifest.js IP 162.159.140.98 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-20 07:19:07 Last Seen2024-04-20 07:19:07 Times Seen1 Hash 3a1c420f2e824ebd4183be52fef73a71 96f21ebe2e46cb5ed2f73867e433c605cca359d0 ea41a31afec94432c3ef91271a95ecfb05ec06128a40c793a07bc63a6bcab3b5 Loading...

	ctzunlock.com/_next/static/chunks/framework-9b5d6ec4444c80fa.js	142 kB	2023-03-07	2024-04-20
Pretty URL ctzunlock.com/_next/static/chunks/framework-9b5d6ec4444c80fa.js IP 162.159.140.98 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19:07 Last Seen2024-04-20 07:19:07 Times Seen89 Hash 4f45f9a036208ef5b00302eaa0de99d4 6271883ba52614a6412d4146f7b905cd75807c55 1aee3a5f0c4b6735edff60d58f20a936ce11e5d4a36a5a76390aeda043ae4048 Loading...

	ctzunlock.com/_next/static/chunks/pages/_app-b51eec3fb892f995.js	1.6 kB	2023-06-19	2024-04-20
Pretty URL ctzunlock.com/_next/static/chunks/pages/_app-b51eec3fb892f995.js IP 162.159.140.98 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-19 13:29:07 Last Seen2024-04-20 07:19:07 Times Seen5 Hash a4d5fe9ec1b83ad3e2b7cabfb39c8a97 a45753df9928c2ccf71dfc1e2a8f2117a9263d50 9bf28c89a1ae6b14b5a7f5113e4c2eff0664c383f42d3422f9442523d739fa0f Loading...

	ctzunlock.com/_next/static/chunks/170-eb8e8532566fbaf1.js	19 kB	2023-03-08	2024-04-20
Pretty URL ctzunlock.com/_next/static/chunks/170-eb8e8532566fbaf1.js IP 162.159.140.98 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:27:00 Last Seen2024-04-20 07:19:07 Times Seen10 Hash a9ee7221834165db19e90fcca0f715f9 110468c4004bc8f0067689e83b090afcef044fc3 0cd7c773bc65874492c5dc26d281e1498a33672f8ed1eb38e3dc5c7ac6b4e727 Loading...

	ctzunlock.com/_next/static/chunks/90-5000044baabcdd96.js	402 kB	2024-04-20	2024-04-20
Pretty URL ctzunlock.com/_next/static/chunks/90-5000044baabcdd96.js IP 162.159.140.98 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-20 07:19:07 Last Seen2024-04-20 07:19:07 Times Seen1 Hash 4e31070e07bf6c69a7f4fd0d88a51761 6d64db23882d8bb7384f87c9f088018a888cf941 e4ee84d0d8b97b7baa5d4b9a15aa371996e8551da768560a3152c952d7019c05 Loading...

	ctzunlock.com/_next/static/1OCTy1zHpdX06BECEGlV7/_ssgManifest.js	76 B	2023-03-07	2024-05-03
Pretty URL ctzunlock.com/_next/static/1OCTy1zHpdX06BECEGlV7/_ssgManifest.js IP 162.159.140.98 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19:07 Last Seen2024-05-03 11:35:55 Times Seen795 Hash 5352cb582146311d1540f6075d1f265e cbe5dad683f4f887122db6f6d343aa8ba41dee8b e182e3257a3b5564f7bfb9fb1c6a1e13f8f7c9a3fa0dd6e39ccf473ef8d4f960 Loading...

HTTP Transactions (42)

URL IP Response Size

ctzunlock.com/images/footer-follow-twitter.png

162.159.140.98

200 OK

3.3 kB

URL GET HTTP/2
ctzunlock.com/images/footer-follow-twitter.png
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ctzunlock.com/login
Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type
PNG image data, 25 x 21, 8-bit/color RGBA, non-interlaced
Size
3.3 kB (3295 bytes)
Hash
ab8d8dc7ea3d7b572b2dc47f2aebe5ae
900c9f837d9a015e6609b14eed6d99c384ec5441
9b4ffac9ea755d2aaff724fa471d90fd63ae5648e18f60a67db0a5c3bffd84e5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citizens Bank
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/footer-follow-twitter.png HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ctzunlock.com/login
Cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 20 Apr 2024 05:18:40 GMT
content-type: image/png
content-length: 3295
cache-control: public, max-age=0
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"cdf-49773873e8"
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8772acd02fc256c0-OSL
X-Firefox-Spdy: h2

ctzunlock.com/images/footer-follow-facebook.png

162.159.140.98

200 OK

395 B

URL GET HTTP/2
ctzunlock.com/images/footer-follow-facebook.png
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ctzunlock.com/login
Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type
PNG image data, 28 x 21, 8-bit/color RGB, non-interlaced
Size
395 B (395 bytes)
Hash
25dbaaa7fa1bf41ca6614f1d2cf699f5
56a9e2459a275ef7178ff8c90c2b277265f64fb0
eb175662762ef5f2c9011cc1c4f9d09361c50a366fad8a544bda1c439b99d3a0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citizens Bank
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/footer-follow-facebook.png HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ctzunlock.com/login
Cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 20 Apr 2024 05:18:40 GMT
content-type: image/png
content-length: 395
cache-control: public, max-age=0
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"18b-49773873e8"
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8772acd02fc156c0-OSL
X-Firefox-Spdy: h2

ctzunlock.com/images/footer-follow-linkedin.png

162.159.140.98

200 OK

3.2 kB

URL GET HTTP/2
ctzunlock.com/images/footer-follow-linkedin.png
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ctzunlock.com/login
Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type
PNG image data, 25 x 21, 8-bit/color RGBA, non-interlaced
Size
3.2 kB (3239 bytes)
Hash
b187d1cd61b1912b22ebfb4efce30bad
b502a6ed3e50ffe6da8d8d5114fd404650d38ea7
fe3ddc37707c93f338a1f6359dfa03019e096df14454808aaccbb7538aa3c67b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citizens Bank
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/footer-follow-linkedin.png HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ctzunlock.com/login
Cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 20 Apr 2024 05:18:40 GMT
content-type: image/png
content-length: 3239
cache-control: public, max-age=0
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"ca7-49773873e8"
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8772acd02fc356c0-OSL
X-Firefox-Spdy: h2

ctzunlock.com/images/elh.gif

162.159.140.98

200 OK

1.4 kB

URL GET HTTP/2
ctzunlock.com/images/elh.gif
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ctzunlock.com/login
Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type
GIF image data, version 89a, 31 x 24
Size
1.4 kB (1433 bytes)
Hash
f79e78d673f51194d9b9021cbc72b5b3
79a917fad527cef8d96af24d142653f2f49109b3
56c43c6f5c8209acd47f355810bca2f9b0fc86c4bbdf1361d60fb2d2e2e66f8c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citizens Bank
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/elh.gif HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ctzunlock.com/login
Cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 20 Apr 2024 05:18:40 GMT
content-type: image/gif
content-length: 1433
cache-control: public, max-age=0
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"599-49773873e8"
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8772acd02fc956c0-OSL
X-Firefox-Spdy: h2

ctzunlock.com/images/CTZ_Green-01.png

162.159.140.98

200 OK

5.3 kB

URL GET HTTP/2
ctzunlock.com/images/CTZ_Green-01.png
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ctzunlock.com/login
Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type
PNG image data, 406 x 50, 8-bit/color RGBA, non-interlaced
Size
5.3 kB (5277 bytes)
Hash
beb4d1c9f430bb08a4ed54df069e8f0c
39950ddd690d1cbe2d08610da5c11c854450523f
bf99a3203217c802888087df8a2c84b92e087829e7e24d38581a57cee763923b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citizens Bank
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/CTZ_Green-01.png HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ctzunlock.com/login
Cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 20 Apr 2024 05:18:40 GMT
content-type: image/png
content-length: 5277
cache-control: public, max-age=0
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"149d-49773873e8"
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8772acd01fbe56c0-OSL
X-Firefox-Spdy: h2

ctzunlock.com/images/footer-follow-youtube.png

162.159.140.98

200 OK

3.3 kB

URL GET HTTP/2
ctzunlock.com/images/footer-follow-youtube.png
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ctzunlock.com/login
Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type
PNG image data, 25 x 21, 8-bit/color RGBA, non-interlaced
Size
3.3 kB (3278 bytes)
Hash
09c8c4f0f417a049b8ab6acdd2581717
2c9dbf84a80167a9c7b41e5955969dd4d1d75c6f
9af5181113e5d0eacfc3d9c0b3ad627dc3ad50708755fbe45ab18e0cad4f3b36

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citizens Bank
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/footer-follow-youtube.png HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ctzunlock.com/login
Cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 20 Apr 2024 05:18:40 GMT
content-type: image/png
content-length: 3278
cache-control: public, max-age=0
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"cce-49773873e8"
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8772acd02fc756c0-OSL
X-Firefox-Spdy: h2

ctzunlock.com/images/feedback.png

162.159.140.98

200 OK

824 B

URL GET HTTP/2
ctzunlock.com/images/feedback.png
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ctzunlock.com/login
Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type
PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Size
824 B (824 bytes)
Hash
561da56e59bf569d0f41d6bb9713ce2f
20bee990614a20ae69d2cd21fc9f0688f9fc02e1
713f1268435943170faadadc547d8c68bb00822783e5e0c2d1129972a784f949

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citizens Bank
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/feedback.png HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ctzunlock.com/login
Cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 20 Apr 2024 05:18:40 GMT
content-type: image/png
content-length: 824
cache-control: public, max-age=0
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"338-49773873e8"
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8772acd01fbf56c0-OSL
X-Firefox-Spdy: h2

ctzunlock.com/images/fdicFooter.gif

162.159.140.98

200 OK

2.2 kB

URL GET HTTP/2
ctzunlock.com/images/fdicFooter.gif
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ctzunlock.com/login
Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type
GIF image data, version 89a, 56 x 24
Size
2.2 kB (2245 bytes)
Hash
a0742f4f717eac3a1e61f53cbbec74f2
f85639ee91bccd2bddaf043b80c892ae6b700d49
dddb031e5144ce20d909dbf4829d637738efa477bf5ab4eab67b1990ef0efb2d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citizens Bank
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/fdicFooter.gif HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ctzunlock.com/login
Cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 20 Apr 2024 05:18:40 GMT
content-type: image/gif
content-length: 2245
cache-control: public, max-age=0
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"8c5-49773873e8"
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8772acd02fcc56c0-OSL
X-Firefox-Spdy: h2

ctzunlock.com/images/equal-housing.gif

162.159.140.98

200 OK

1.1 kB

URL GET HTTP/2
ctzunlock.com/images/equal-housing.gif
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ctzunlock.com/login
Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type
GIF image data, version 89a, 14 x 9
Size
1.1 kB (1134 bytes)
Hash
39fc59327cb01ffbd5ab0ece1b08fba4
6cc1099707564164c3de6f94714808cdb1c415a7
319d82f567037eafefea25abbc64ea902db9255c5e7231fe9ddd462e4f5b9149

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citizens Bank
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/equal-housing.gif HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ctzunlock.com/login
Cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 20 Apr 2024 05:18:40 GMT
content-type: image/gif
content-length: 1134
cache-control: public, max-age=0
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"46e-49773873e8"
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8772acd02fc056c0-OSL
X-Firefox-Spdy: h2

ctzunlock.com/_next/static/1OCTy1zHpdX06BECEGlV7/_ssgManifest.js

162.159.140.98

200 OK

415 B

URL GET HTTP/2
ctzunlock.com/_next/static/1OCTy1zHpdX06BECEGlV7/_ssgManifest.js
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ctzunlock.com/login
Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type
ASCII text, with no line terminators
Size
415 B (415 bytes)
Hash
5352cb582146311d1540f6075d1f265e
cbe5dad683f4f887122db6f6d343aa8ba41dee8b
e182e3257a3b5564f7bfb9fb1c6a1e13f8f7c9a3fa0dd6e39ccf473ef8d4f960

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citizens Bank
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/1OCTy1zHpdX06BECEGlV7/_ssgManifest.js HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ctzunlock.com/login
Cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 20 Apr 2024 05:18:40 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"4c-49773873e8"
vary: Accept-Encoding
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
x-do-orig-status: 200
cf-cache-status: HIT
age: 56
server: cloudflare
cf-ray: 8772acd01fbd56c0-OSL
content-encoding: br
X-Firefox-Spdy: h2

ctzunlock.com/images/arrow-down-blue.png

162.159.140.98

200 OK

1.1 kB

URL GET HTTP/2
ctzunlock.com/images/arrow-down-blue.png
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ctzunlock.com/login
Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type
PNG image data, 28 x 11, 8-bit/color RGBA, non-interlaced
Size
1.1 kB (1054 bytes)
Hash
dc25c0429ceba4038c36551d05760dd7
a79832f9ae49997cd90701d48a02bd06bf29a7d0
56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citizens Bank
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/arrow-down-blue.png HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ctzunlock.com/login
Cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 20 Apr 2024 05:18:40 GMT
content-type: image/png
content-length: 1054
cache-control: public, max-age=0
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"41e-49773873e8"
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8772acd0d81956c0-OSL
X-Firefox-Spdy: h2

ctzunlock.com/_next/static/chunks/pages/login-1e82d89343fa1668.js

162.159.140.98

200 OK

5.1 kB

URL GET HTTP/2
ctzunlock.com/_next/static/chunks/pages/login-1e82d89343fa1668.js
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ctzunlock.com/login
Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (12812), with no line terminators
Size
5.1 kB (5125 bytes)
Hash
a7ee2c3a9863ef2c4909e2d69761f489
638899116e7d921e89c782d3d8e02b42acabccf4
92a92e5d1ec7ac39b54df9554efc19fc776c141285aef4aaf25ffbaf79b3c29d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/pages/login-1e82d89343fa1668.js HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ctzunlock.com/login
Cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 20 Apr 2024 05:18:40 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"3234-49773873e8"
vary: Accept-Encoding
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
x-do-orig-status: 200
cf-cache-status: HIT
age: 56
server: cloudflare
cf-ray: 8772acd01fb956c0-OSL
content-encoding: br
X-Firefox-Spdy: h2

ctzunlock.com/_next/static/chunks/90-5000044baabcdd96.js

162.159.140.98

200 OK

76 kB

URL GET HTTP/2
ctzunlock.com/_next/static/chunks/90-5000044baabcdd96.js
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ctzunlock.com/login
Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65490), with no line terminators
Size
76 kB (76358 bytes)
Hash
32a336b568db2b615636c0b8c9caca10
ccb73a2367cf212a7cb1ab8e21118a2b2401e365
6a4086b4d1975e9b6b910f01be321633d7cd01a5e79fa6464c28823ad92579cb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/90-5000044baabcdd96.js HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ctzunlock.com/login
Cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 20 Apr 2024 05:18:40 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"621bb-49773873e8"
vary: Accept-Encoding
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
x-do-orig-status: 200
cf-cache-status: HIT
age: 56
server: cloudflare
cf-ray: 8772acd01fb756c0-OSL
content-encoding: br
X-Firefox-Spdy: h2

ctzunlock.com/font/citizen_roman.ttf

162.159.140.98

404 Not Found

4.7 kB

URL GET HTTP/2
ctzunlock.com/font/citizen_roman.ttf
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ctzunlock.com/login
Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type
HTML document, ASCII text, with very long lines (1466)
Size
4.7 kB (4725 bytes)
Hash
f9018bb644cd47054d0eeb6e0340e73d
9067c85c63397d60efd804fedf33d0c7bfd980f7
a9ab70f0c6e9132aae6ca02b7d4a95286fda2c1efd8d5b3fb13b306f8d3294ad

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /font/citizen_roman.ttf HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ctzunlock.com/login
Cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
date: Sat, 20 Apr 2024 05:18:40 GMT
content-type: text/html; charset=utf-8
x-powered-by: Next.js
vary: Accept-Encoding
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
cache-control: private
x-do-orig-status: 404
cf-cache-status: MISS
server: cloudflare
cf-ray: 8772acd1a88256c0-OSL
content-encoding: br
X-Firefox-Spdy: h2

ctzunlock.com/fonts/citizen_roman.woff

162.159.140.98

200 OK

32 kB

URL GET HTTP/2
ctzunlock.com/fonts/citizen_roman.woff
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ctzunlock.com/login
Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type
Web Open Font Format, TrueType, length 31968, version 1.0
Size
32 kB (31968 bytes)
Hash
d496c6122c776cae7c2a783bfcd7a3a1
fbdbec90d23bd77f471be50a3c6711e535ac72bc
c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citizens Bank
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/citizen_roman.woff HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://ctzunlock.com/login
Cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 20 Apr 2024 05:18:41 GMT
content-type: font/woff
content-length: 31968
cache-control: public, max-age=0
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"7ce0-49773873e8"
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8772acd278e756c0-OSL
X-Firefox-Spdy: h2

ctzunlock.com/font/citizen_bold.ttf

162.159.140.98

404 Not Found

33 kB

URL GET HTTP/2
ctzunlock.com/font/citizen_bold.ttf
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ctzunlock.com/login
Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type
HTML document, ASCII text, with very long lines (1466)
Size
33 kB (32849 bytes)
Hash
f9018bb644cd47054d0eeb6e0340e73d
9067c85c63397d60efd804fedf33d0c7bfd980f7
a9ab70f0c6e9132aae6ca02b7d4a95286fda2c1efd8d5b3fb13b306f8d3294ad

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /font/citizen_bold.ttf HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ctzunlock.com/login
Cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
date: Sat, 20 Apr 2024 05:18:41 GMT
content-type: text/html; charset=utf-8
x-powered-by: Next.js
vary: Accept-Encoding
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
cache-control: private
x-do-orig-status: 404
cf-cache-status: MISS
server: cloudflare
cf-ray: 8772acd1a88656c0-OSL
content-encoding: br
X-Firefox-Spdy: h2

ctzunlock.com/fonts/citiolb_icons.woff

162.159.140.98

200 OK

18 kB

URL GET HTTP/2
ctzunlock.com/fonts/citiolb_icons.woff
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ctzunlock.com/login
Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type
Web Open Font Format, TrueType, length 18524, version 0.0
Size
18 kB (18524 bytes)
Hash
022cb73ac43269074f73e97b9cca4f2d
85f96bbe6d675a4892fbb483cde78c6eb9419d78
b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citizens Bank
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/citiolb_icons.woff HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://ctzunlock.com/login
Cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 20 Apr 2024 05:18:41 GMT
content-type: font/woff
content-length: 18524
cache-control: public, max-age=0
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"485c-49773873e8"
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8772acd288f456c0-OSL
X-Firefox-Spdy: h2

ctzunlock.com/font/citizen_extrabold.ttf

162.159.140.98

404 Not Found

29 kB

URL GET HTTP/2
ctzunlock.com/font/citizen_extrabold.ttf
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ctzunlock.com/login
Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type
HTML document, ASCII text, with very long lines (1466)
Size
29 kB (28837 bytes)
Hash
f9018bb644cd47054d0eeb6e0340e73d
9067c85c63397d60efd804fedf33d0c7bfd980f7
a9ab70f0c6e9132aae6ca02b7d4a95286fda2c1efd8d5b3fb13b306f8d3294ad

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /font/citizen_extrabold.ttf HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ctzunlock.com/login
Cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
date: Sat, 20 Apr 2024 05:18:41 GMT
content-type: text/html; charset=utf-8
x-powered-by: Next.js
vary: Accept-Encoding
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
cache-control: private
x-do-orig-status: 404
cf-cache-status: MISS
server: cloudflare
cf-ray: 8772acd1a88356c0-OSL
content-encoding: br
X-Firefox-Spdy: h2

ctzunlock.com/fonts/citizen_bold.woff

162.159.140.98

200 OK

29 kB

URL GET HTTP/2
ctzunlock.com/fonts/citizen_bold.woff
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ctzunlock.com/login
Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type
Web Open Font Format, TrueType, length 29304, version 1.0
Size
29 kB (29304 bytes)
Hash
c0f795cba89d0c65078577b8b1b7c62a
6fd231b6616aad9abdfc37562541da3db904e6ac
5bb2d438470a02799577010a14310fa8ac3ed7ea77ca15435aaaa154e407b3e6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citizens Bank
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/citizen_bold.woff HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://ctzunlock.com/login
Cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 20 Apr 2024 05:18:41 GMT
content-type: font/woff
content-length: 29304
cache-control: public, max-age=0
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"7278-49773873e8"
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8772acd288f956c0-OSL
X-Firefox-Spdy: h2

ctzunlock.com/favicon.png

162.159.140.98

200 OK

11 kB

URL GET HTTP/2
ctzunlock.com/favicon.png
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ctzunlock.com/login
Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Size
11 kB (10871 bytes)
Hash
f62b2664dd6a40ab3a9f7af34412f8b7
02438189257c795c3726e4f45b1ce3bb921255d5
707a3217546ca6852234cb3fa3b61f458581ca943b6195032ba9efe7e1e0ee5f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citizens Bank
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.png HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ctzunlock.com/login
Cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 20 Apr 2024 05:18:41 GMT
content-type: image/png
content-length: 10871
cache-control: public, max-age=0
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"2a77-49773873e8"
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8772acd3697756c0-OSL
X-Firefox-Spdy: h2

ctzunlock.com/font/citizen_book.woff

162.159.140.98

404 Not Found

3.1 kB

URL GET HTTP/2
ctzunlock.com/font/citizen_book.woff
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ctzunlock.com/login
Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type
data
Size
3.1 kB (3080 bytes)
Hash
0d6dba4509d26c6ee77c68a7e923c107
200fd93dfae2a528ed24bf2ed4b8055ed12afc7b
21da030f3fc89a66122ff132f1d57c7bab8825048276978cfa7b7be25837b77d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /font/citizen_book.woff HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://ctzunlock.com/login
Cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
date: Sat, 20 Apr 2024 05:18:40 GMT
content-type: text/html; charset=utf-8
x-powered-by: Next.js
vary: Accept-Encoding
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
cache-control: private
x-do-orig-status: 404
cf-cache-status: MISS
server: cloudflare
cf-ray: 8772acd0d81d56c0-OSL
X-Firefox-Spdy: h2

ctzunlock.com/_next/static/chunks/237-d83b95ec01fca10d.js

162.159.140.98

200 OK

16 kB

URL GET HTTP/2
ctzunlock.com/_next/static/chunks/237-d83b95ec01fca10d.js
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ctzunlock.com/login
Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type
JavaScript source, ASCII text, with very long lines (24535)
Size
16 kB (16068 bytes)
Hash
1a8f6842ee616061966e572da1292de7
2543ba6b558add4c40537eabfd0fb3a873cb7638
1fe2ee7ad8adc143238b46680910506a433e98e7f3817f1f15e702fac365ac54

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citizens Bank
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/237-d83b95ec01fca10d.js HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ctzunlock.com/login
Cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Sat, 20 Apr 2024 05:18:40 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"b444-49773873e8"
vary: Accept-Encoding
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
x-do-orig-status: 200
cf-cache-status: HIT
age: 56
server: cloudflare
cf-ray: 8772acd01fb556c0-OSL
content-encoding: br
X-Firefox-Spdy: h2

ctzunlock.com/efs/efs/grafx/arrow-right-orange.png

162.159.140.98

404 Not Found

8.9 kB

URL GET HTTP/2
ctzunlock.com/efs/efs/grafx/arrow-right-orange.png
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ctzunlock.com/login
Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type
HTML document, ASCII text, with very long lines (1466)
Size
8.9 kB (8860 bytes)
Hash
f9018bb644cd47054d0eeb6e0340e73d
9067c85c63397d60efd804fedf33d0c7bfd980f7
a9ab70f0c6e9132aae6ca02b7d4a95286fda2c1efd8d5b3fb13b306f8d3294ad

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /efs/efs/grafx/arrow-right-orange.png HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ctzunlock.com/login
Cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
date: Sat, 20 Apr 2024 05:18:40 GMT
content-type: text/html; charset=utf-8
x-powered-by: Next.js
vary: Accept-Encoding
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
cache-control: private
x-do-orig-status: 404
cf-cache-status: MISS
server: cloudflare
cf-ray: 8772acd0d81a56c0-OSL
content-encoding: br
X-Firefox-Spdy: h2

ctzunlock.com/font/citizen_roman.woff

162.159.140.98

404 Not Found

10 kB

URL GET HTTP/2
ctzunlock.com/font/citizen_roman.woff
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ctzunlock.com/login
Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type
data
Size
10 kB (10338 bytes)
Hash
da7cd7207777f0e188f03732a56e774b
487645cd7a72d621067a55c55305f673a28e4af6
9618f37c426b86b21f04248af259a0c4b3442da678cfa36a58c926c51ef638e1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /font/citizen_roman.woff HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://ctzunlock.com/login
Cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
date: Sat, 20 Apr 2024 05:18:40 GMT
content-type: text/html; charset=utf-8
x-powered-by: Next.js
vary: Accept-Encoding
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
cache-control: private
x-do-orig-status: 404
cf-cache-status: MISS
server: cloudflare
cf-ray: 8772acd0d81c56c0-OSL
X-Firefox-Spdy: h2

ctzunlock.com/font/citizen_extrabold.woff

162.159.140.98

404 Not Found

14 kB

URL GET HTTP/2
ctzunlock.com/font/citizen_extrabold.woff
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ctzunlock.com/login
Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type
data
Size
14 kB (14058 bytes)
Hash
4e63ac7d81161eda59db3fa2edb51837
899af2e9b81a0f7d3a5445e80093e52c9b1828f7
f840f11066d3745c8275003537d348fa4fbb9d182c9b68183fd2042eda7184e2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /font/citizen_extrabold.woff HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://ctzunlock.com/login
Cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
date: Sat, 20 Apr 2024 05:18:40 GMT
content-type: text/html; charset=utf-8
x-powered-by: Next.js
vary: Accept-Encoding
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
cache-control: private
x-do-orig-status: 404
cf-cache-status: MISS
server: cloudflare
cf-ray: 8772acd0e82256c0-OSL
X-Firefox-Spdy: h2

ctzunlock.com/_next/static/css/40454bbab671217b.css

162.159.140.98

200 OK

7.1 kB

URL GET HTTP/2
ctzunlock.com/_next/static/css/40454bbab671217b.css
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ctzunlock.com/login
Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type
ASCII text, with very long lines (7155), with no line terminators
Size
7.1 kB (7079 bytes)
Hash
a6bdf237698d53a799e4a559512f0f2a
0659cd49d2b32eca7b14e9d7bcc8bd00a539b4a2
99edcf6b58aedb2adcecbc3ae649bbc8ecd265d9ccfdb7805bd5b68d05adaace

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citizens Bank
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/css/40454bbab671217b.css HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ctzunlock.com/login
Cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 20 Apr 2024 05:18:40 GMT
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"1ba7-49773873e8"
vary: Accept-Encoding
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
x-do-orig-status: 200
cf-cache-status: HIT
age: 56
server: cloudflare
cf-ray: 8772acd01faa56c0-OSL
content-encoding: br
X-Firefox-Spdy: h2

ctzunlock.com/_next/static/chunks/webpack-bb469f829a664d48.js

162.159.140.98

200 OK

2.2 kB

URL GET HTTP/2
ctzunlock.com/_next/static/chunks/webpack-bb469f829a664d48.js
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ctzunlock.com/login
Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type
JavaScript source, ASCII text, with very long lines (2215), with no line terminators
Size
2.2 kB (2193 bytes)
Hash
8d44158c9de8b1d01bd08ad2a37082b4
7d9b2ee701fee322917a02a1c05bddd879374b82
4fde5771041940a50d17303625e402069d0a0fc2d7ad2838d9fc680ea75ccf5b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citizens Bank
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/webpack-bb469f829a664d48.js HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ctzunlock.com/login
Cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 20 Apr 2024 05:18:40 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"891-49773873e8"
vary: Accept-Encoding
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
x-do-orig-status: 200
cf-cache-status: HIT
age: 56
server: cloudflare
cf-ray: 8772acd01fad56c0-OSL
content-encoding: br
X-Firefox-Spdy: h2

ctzunlock.com/_next/static/chunks/pages/_app-b51eec3fb892f995.js

162.159.140.98

200 OK

1.6 kB

URL GET HTTP/2
ctzunlock.com/_next/static/chunks/pages/_app-b51eec3fb892f995.js
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ctzunlock.com/login
Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type
JavaScript source, ASCII text, with very long lines (1632), with no line terminators
Size
1.6 kB (1610 bytes)
Hash
62c87367c0047dd57d725d9adf9d881c
694b4379f1a74bb4104e931d0050bccee77d3556
a3dedebd1bcf3a60212222df53aa595f2fdcc3a904b3c058d3b040b715cfa8f4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citizens Bank
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/pages/_app-b51eec3fb892f995.js HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ctzunlock.com/login
Cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 20 Apr 2024 05:18:40 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"64a-49773873e8"
vary: Accept-Encoding
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
x-do-orig-status: 200
cf-cache-status: HIT
age: 56
server: cloudflare
cf-ray: 8772acd01fb456c0-OSL
content-encoding: br
X-Firefox-Spdy: h2

ctzunlock.com/_next/static/1OCTy1zHpdX06BECEGlV7/_buildManifest.js

162.159.140.98

200 OK

2.4 kB

URL GET HTTP/2
ctzunlock.com/_next/static/1OCTy1zHpdX06BECEGlV7/_buildManifest.js
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ctzunlock.com/login
Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type
ASCII text, with very long lines (2512), with no line terminators
Size
2.4 kB (2390 bytes)
Hash
301057781ec4716aa77c068b2f499a10
cc568f5bfc263cf63c10be081873ee23671f9cd5
ab96b9cac76ef2a31f3972c8c8b40e0c6905767e01b90a907d9741ba66a4e261

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/1OCTy1zHpdX06BECEGlV7/_buildManifest.js HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ctzunlock.com/login
Cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 20 Apr 2024 05:18:40 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"956-49773873e8"
vary: Accept-Encoding
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
x-do-orig-status: 200
cf-cache-status: HIT
age: 56
server: cloudflare
cf-ray: 8772acd01fbc56c0-OSL
content-encoding: br
X-Firefox-Spdy: h2

ctzunlock.com/images/icon-secure.png

162.159.140.98

200 OK

292 B

URL GET HTTP/2
ctzunlock.com/images/icon-secure.png
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ctzunlock.com/login
Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type
PNG image data, 16 x 20, 8-bit/color RGBA, non-interlaced
Size
292 B (292 bytes)
Hash
18ffa7c3d8f40b5da7df780d91930e20
524ca8ffaadbd033fd0504fe580d47315690afa1
c8d87d770112e188f7b1482e9a416ffc441a9a6e08e2fc38a886fa2986efdb46

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citizens Bank
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/icon-secure.png HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ctzunlock.com/login
Cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 20 Apr 2024 05:18:40 GMT
content-type: image/png
content-length: 292
cache-control: public, max-age=0
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"124-49773873e8"
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8772acd0d81656c0-OSL
X-Firefox-Spdy: h2

ctzunlock.com/fonts/citizen_extrabold.woff

162.159.140.98

200 OK

28 kB

URL GET HTTP/2
ctzunlock.com/fonts/citizen_extrabold.woff
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ctzunlock.com/login
Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type
Web Open Font Format, TrueType, length 27852, version 1.0
Size
28 kB (27852 bytes)
Hash
76f4964f6d001aa6967fb570438d80cc
5259516d0615338a701e5a19a37d6bc45c6bcedc
0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citizens Bank
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/citizen_extrabold.woff HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://ctzunlock.com/login
Cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 20 Apr 2024 05:18:41 GMT
content-type: font/woff
content-length: 27852
cache-control: public, max-age=0
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"6ccc-49773873e8"
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8772acd288f256c0-OSL
X-Firefox-Spdy: h2

ctzunlock.com/login

162.159.140.98

200 OK

389 kB

URL User Request GET HTTP/2
ctzunlock.com/login
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type

Size
389 kB (388774 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	RBS Citizens Bank
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 20 Apr 2024 05:18:40 GMT
content-type: text/html; charset=utf-8
x-powered-by: Next.js
vary: Accept-Encoding
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
cache-control: private
x-do-orig-status: 200
cf-cache-status: MISS
set-cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA; path=/; expires=Sat, 20-Apr-24 05:48:40 GMT; domain=.ctzunlock.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 8772accd5e1056c0-OSL
content-encoding: br
X-Firefox-Spdy: h2

ctzunlock.com/_next/static/chunks/framework-9b5d6ec4444c80fa.js

162.159.140.98

200 OK

142 kB

URL GET HTTP/2
ctzunlock.com/_next/static/chunks/framework-9b5d6ec4444c80fa.js
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ctzunlock.com/login
Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type
JavaScript source, ASCII text, with very long lines (65154)
Size
142 kB (141509 bytes)
Hash
4f45f9a036208ef5b00302eaa0de99d4
6271883ba52614a6412d4146f7b905cd75807c55
1aee3a5f0c4b6735edff60d58f20a936ce11e5d4a36a5a76390aeda043ae4048

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citizens Bank
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/framework-9b5d6ec4444c80fa.js HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ctzunlock.com/login
Cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 20 Apr 2024 05:18:40 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"228c5-49773873e8"
vary: Accept-Encoding
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
x-do-orig-status: 200
cf-cache-status: HIT
age: 56
server: cloudflare
cf-ray: 8772acd01fb256c0-OSL
content-encoding: br
X-Firefox-Spdy: h2

ctzunlock.com/font/citiolb_icons.woff

162.159.140.98

404 Not Found

2.6 kB

URL GET HTTP/2
ctzunlock.com/font/citiolb_icons.woff
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ctzunlock.com/login
Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type
HTML document, ASCII text, with very long lines (2692), with no line terminators
Size
2.6 kB (2577 bytes)
Hash
46ed0bab0b9b5f4f9d3b8031fb39b096
fcefa41efa2031ab2554d01f850ab6597a57084e
fb176665076aa48dde01d9aaca6e336ee514410b19842a88917d9bc0ca98a49d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /font/citiolb_icons.woff HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://ctzunlock.com/login
Cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Sat, 20 Apr 2024 05:18:40 GMT
content-type: text/html; charset=utf-8
x-powered-by: Next.js
vary: Accept-Encoding
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
cache-control: private
x-do-orig-status: 404
cf-cache-status: MISS
server: cloudflare
cf-ray: 8772acd0e82856c0-OSL
X-Firefox-Spdy: h2

ctzunlock.com/font/citizen_bold.woff

162.159.140.98

404 Not Found

2.6 kB

URL GET HTTP/2
ctzunlock.com/font/citizen_bold.woff
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ctzunlock.com/login
Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type
HTML document, ASCII text, with very long lines (2692), with no line terminators
Size
2.6 kB (2577 bytes)
Hash
46ed0bab0b9b5f4f9d3b8031fb39b096
fcefa41efa2031ab2554d01f850ab6597a57084e
fb176665076aa48dde01d9aaca6e336ee514410b19842a88917d9bc0ca98a49d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /font/citizen_bold.woff HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://ctzunlock.com/login
Cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Sat, 20 Apr 2024 05:18:40 GMT
content-type: text/html; charset=utf-8
x-powered-by: Next.js
vary: Accept-Encoding
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
cache-control: private
x-do-orig-status: 404
cf-cache-status: MISS
server: cloudflare
cf-ray: 8772acd0f82d56c0-OSL
X-Firefox-Spdy: h2

ctzunlock.com/images/arrow-button-white.png

162.159.140.98

200 OK

1.0 kB

URL GET HTTP/2
ctzunlock.com/images/arrow-button-white.png
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ctzunlock.com/login
Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type
PNG image data, 18 x 12, 8-bit/color RGBA, non-interlaced
Size
1.0 kB (1017 bytes)
Hash
e7b1dd2b4db648b74fc5b873e7196a87
2f053c0827091b3929ea889dd2dc5c923dcb450a
ff327ec2a6dbd3fc76ceecf59e472d5d2f43c94dce851ced740abe5f75bb832e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citizens Bank
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/arrow-button-white.png HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ctzunlock.com/login
Cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 20 Apr 2024 05:18:40 GMT
content-type: image/png
content-length: 1017
cache-control: public, max-age=0
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"3f9-49773873e8"
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8772acd0d81856c0-OSL
X-Firefox-Spdy: h2

ctzunlock.com/font/citiolb_icons.ttf

162.159.140.98

404 Not Found

2.6 kB

URL GET HTTP/2
ctzunlock.com/font/citiolb_icons.ttf
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ctzunlock.com/login
Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type
HTML document, ASCII text, with very long lines (2692), with no line terminators
Size
2.6 kB (2577 bytes)
Hash
46ed0bab0b9b5f4f9d3b8031fb39b096
fcefa41efa2031ab2554d01f850ab6597a57084e
fb176665076aa48dde01d9aaca6e336ee514410b19842a88917d9bc0ca98a49d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /font/citiolb_icons.ttf HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ctzunlock.com/login
Cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Sat, 20 Apr 2024 05:18:41 GMT
content-type: text/html; charset=utf-8
x-powered-by: Next.js
vary: Accept-Encoding
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
cache-control: private
x-do-orig-status: 404
cf-cache-status: MISS
server: cloudflare
cf-ray: 8772acd1b88e56c0-OSL
content-encoding: br
X-Firefox-Spdy: h2

ctzunlock.com/_next/static/chunks/main-3123a443c688934f.js

162.159.140.98

200 OK

105 kB

URL GET HTTP/2
ctzunlock.com/_next/static/chunks/main-3123a443c688934f.js
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ctzunlock.com/login
Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
105 kB (104950 bytes)
Hash
5c8fa4faef8700c12dd2c8fe8b29ee96
6882f5b250869c46d913875d48ae03c2b9be449d
0eed4542b90a01be928023ec3dc7abed45c63ffc8067a496863ecef579d4af9f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citizens Bank
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/main-3123a443c688934f.js HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ctzunlock.com/login
Cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 20 Apr 2024 05:18:40 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"199f6-49773873e8"
vary: Accept-Encoding
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
x-do-orig-status: 200
cf-cache-status: HIT
age: 56
server: cloudflare
cf-ray: 8772acd01fb356c0-OSL
content-encoding: br
X-Firefox-Spdy: h2

ctzunlock.com/_next/static/chunks/170-eb8e8532566fbaf1.js

162.159.140.98

200 OK

19 kB

URL GET HTTP/2
ctzunlock.com/_next/static/chunks/170-eb8e8532566fbaf1.js
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ctzunlock.com/login
Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type
JavaScript source, ASCII text, with very long lines (19133), with no line terminators
Size
19 kB (19133 bytes)
Hash
a9ee7221834165db19e90fcca0f715f9
110468c4004bc8f0067689e83b090afcef044fc3
0cd7c773bc65874492c5dc26d281e1498a33672f8ed1eb38e3dc5c7ac6b4e727

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citizens Bank
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /_next/static/chunks/170-eb8e8532566fbaf1.js HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ctzunlock.com/login
Cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 20 Apr 2024 05:18:40 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"4abd-49773873e8"
vary: Accept-Encoding
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
x-do-orig-status: 200
cf-cache-status: HIT
age: 56
server: cloudflare
cf-ray: 8772acd01fb656c0-OSL
content-encoding: br
X-Firefox-Spdy: h2

ctzunlock.com/images/flows-tooltip.png

162.159.140.98

200 OK

364 B

URL GET HTTP/2
ctzunlock.com/images/flows-tooltip.png
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ctzunlock.com/login
Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type
PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
Size
364 B (364 bytes)
Hash
35a7359b239ddca8639017dfc4b71b4a
dfdd659f24502fbe7dd79c9564e1e528233fdcad
dfc042f7ff75f3c2f916bcfbff48c82834bab07b698a2c564906ca073f8286b2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citizens Bank
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/flows-tooltip.png HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ctzunlock.com/login
Cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 20 Apr 2024 05:18:40 GMT
content-type: image/png
content-length: 364
cache-control: public, max-age=0
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"16c-49773873e8"
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8772acd0d81756c0-OSL
X-Firefox-Spdy: h2

ctzunlock.com/font/citizen_book.ttf

162.159.140.98

404 Not Found

2.6 kB

URL GET HTTP/2
ctzunlock.com/font/citizen_book.ttf
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ctzunlock.com/login
Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type
HTML document, ASCII text, with very long lines (2692), with no line terminators
Size
2.6 kB (2577 bytes)
Hash
46ed0bab0b9b5f4f9d3b8031fb39b096
fcefa41efa2031ab2554d01f850ab6597a57084e
fb176665076aa48dde01d9aaca6e336ee514410b19842a88917d9bc0ca98a49d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /font/citizen_book.ttf HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ctzunlock.com/login
Cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Sat, 20 Apr 2024 05:18:41 GMT
content-type: text/html; charset=utf-8
x-powered-by: Next.js
vary: Accept-Encoding
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
cache-control: private
x-do-orig-status: 404
cf-cache-status: MISS
server: cloudflare
cf-ray: 8772acd1a88456c0-OSL
content-encoding: br
X-Firefox-Spdy: h2

ctzunlock.com/fonts/citizen_book.woff

162.159.140.98

200 OK

32 kB

URL GET HTTP/2
ctzunlock.com/fonts/citizen_book.woff
IP
162.159.140.98:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ctzunlock.com/login
Certificate
IssuerGoogle Trust Services LLC
Subjectctzunlock.com
Fingerprint70:A1:A2:7B:7C:58:91:9F:48:F2:59:51:75:14:05:69:19:AA:8E:81
ValidityMon, 15 Apr 2024 16:22:35 GMT - Sun, 14 Jul 2024 16:22:34 GMT

File type
Web Open Font Format, TrueType, length 31864, version 1.0
Size
32 kB (31864 bytes)
Hash
0dd22599312493e4bb7b8662f71dddcc
29f5fd587566f80d886dc0109f53ecf47eb5bbf5
2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Citizens Bank
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/citizen_book.woff HTTP/1.1
Host: ctzunlock.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://ctzunlock.com/login
Cookie: __cf_bm=nZL1ycOvgMTrQPwWYGYmhW44T2YkbPr4SmjrEZr7wLg-1713590320-1.0.1.1-.nd4fD6i2wopTtwSa28Vf7ewzeHQqowzQbqZvpVTkz0A9sSXC5Rbx1U3A1Lf.s.ocO2BkYi1rjawYISZmm3izA
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 20 Apr 2024 05:18:41 GMT
content-type: font/woff
content-length: 31864
cache-control: public, max-age=0
last-modified: Tue, 01 Jan 1980 00:00:01 GMT
etag: W/"7c78-49773873e8"
x-do-app-origin: df5436f7-3c40-4570-8908-16c8c9ca9976
x-do-orig-status: 200
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8772acd288f056c0-OSL
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (10)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML