citibank.addc.ir
Open in
urlscan Pro
136.243.102.120
Malicious Activity!
Public Scan
Submission: On June 10 via automatic, source openphish — Scanned from DE
Summary
This is the only time citibank.addc.ir was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Citibank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
17 | 136.243.102.120 136.243.102.120 | 24940 (HETZNER-AS) (HETZNER-AS) | |
17 | 1 |
ASN24940 (HETZNER-AS, DE)
PTR: static.120.102.243.136.clients.your-server.de
citibank.addc.ir |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
addc.ir
citibank.addc.ir |
655 KB |
17 | 1 |
Domain | Requested by | |
---|---|---|
17 | citibank.addc.ir |
citibank.addc.ir
|
17 | 1 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://citibank.addc.ir/Login.php?sslchannel=3Dtrue&sessi=
Frame ID: 044C41B81AA476D8E38E62D6513E6EAC
Requests: 17 HTTP requests in this frame
Screenshot
Page Title
Sign On to Your Citi Account - CitibankDetected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
34 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: ATM / BRANCH
Search URL Search Domain Scan URL
Title: Continuar
Search URL Search Domain Scan URL
Title: Our Story
Search URL Search Domain Scan URL
Title: Benefits and Services
Search URL Search Domain Scan URL
Title: Rewards
Search URL Search Domain Scan URL
Title: Citi Easy DealsSM
Search URL Search Domain Scan URL
Title: Citi EntertainmentSM
Search URL Search Domain Scan URL
Title: Special Offers
Search URL Search Domain Scan URL
Title: CitigoldĀ® Private Client
Search URL Search Domain Scan URL
Title: CitigoldĀ®
Search URL Search Domain Scan URL
Title: Citi Priority
Search URL Search Domain Scan URL
Title: Citi Private Bank
Search URL Search Domain Scan URL
Title: Small Business Accounts
Search URL Search Domain Scan URL
Title: Commercial Accounts
Search URL Search Domain Scan URL
Title: Personal Banking
Search URL Search Domain Scan URL
Title: Credit Cards
Search URL Search Domain Scan URL
Title: Mortgage
Search URL Search Domain Scan URL
Title: Home Equity
Search URL Search Domain Scan URL
Title: Lending
Search URL Search Domain Scan URL
Title: Contact Us
Search URL Search Domain Scan URL
Title: Help & FAQs
Search URL Search Domain Scan URL
Title: Security Center
Search URL Search Domain Scan URL
Title: Continue
Search URL Search Domain Scan URL
Title: Continue
Search URL Search Domain Scan URL
Title: Continue
Search URL Search Domain Scan URL
Title: Continue
Search URL Search Domain Scan URL
Title: Continue
Search URL Search Domain Scan URL
Title: Continue
Search URL Search Domain Scan URL
Title: Terms & Conditions
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Title: Notice at Collection
Search URL Search Domain Scan URL
Title: CA Privacy Hub
Search URL Search Domain Scan URL
Title: Accessibility
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Login.php
citibank.addc.ir/ |
163 KB 17 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.css
citibank.addc.ir/si_assetz/css/ |
1 MB 148 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.css
citibank.addc.ir/si_assetz/css/ |
347 KB 43 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
citibank.addc.ir/si_assetz/js/ |
292 KB 84 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
citilogoredesign.png
citibank.addc.ir/si_assetz/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
050-location2x.svg
citibank.addc.ir/si_assetz/img/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon_globe_med-grey2x.svg
citibank.addc.ir/si_assetz/img/ |
3 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
320_Citi-PLT3x.png
citibank.addc.ir/si_assetz/img/ |
11 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1440_Citi-PLT3x.png
citibank.addc.ir/si_assetz/img/ |
27 KB 28 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Interstate-Light.woff
citibank.addc.ir/si_assetz/fonts/ |
74 KB 74 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
LSO_4959.jpg
citibank.addc.ir/si_assetz/img/ |
171 KB 171 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Citi-Branding-Sprite.png
citibank.addc.ir/si_assetz/css/cbol-pre-login-static-assets/citi-branding-assets/images/ |
708 B 708 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Appstore-Googleplay-JDPower-Sprite.png
citibank.addc.ir/si_assetz/css/cbol-pre-login-static-assets/citi-branding-assets/images/ |
708 B 708 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
social-media_facebook@3x.png
citibank.addc.ir/si_assetz/css/cbol-pre-login-static-assets/citi-branding-assets/images/ |
708 B 708 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
social-media_twitter@3x.png
citibank.addc.ir/si_assetz/css/cbol-pre-login-static-assets/citi-branding-assets/images/ |
708 B 708 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
social-media_youtube@3x.png
citibank.addc.ir/si_assetz/css/cbol-pre-login-static-assets/citi-branding-assets/images/ |
708 B 708 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Interstate-Bold.woff
citibank.addc.ir/si_assetz/fonts/ |
70 KB 70 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Citibank (Banking)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation function| $ function| jQuery1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
citibank.addc.ir/ | Name: PHPSESSID Value: 68560c3957aa3c5b5bcc5758a2375743 |
5 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
citibank.addc.ir
136.243.102.120
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed
143c0e1a700ab4e6b3d162dcce647d3baa10a506122c203be01a3bd6b2ccece1
29223fdf1c42ac27b10aea5dcd02513f507a22a83ed8d03e5f6bb7f1c41daaaf
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
48e89b7e40e096b89d864a5c8ee340ce44ca60fe9675310ef2f3f40a53a7d593
6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452
84c41acc75f9b8fd185f3f0b98e9ed16c34879d48795c6fbe47ea5ca7033beee
a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f
e082d79918d0ffbf647dc9fcc34607a1dbfddeb17c7028c4999a9a77d5d134da
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296
f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631