businessaccess.cliteyls-cltigrouop.com Open in urlscan Pro
172.67.216.193  Malicious Activity! Public Scan

URL: https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/
Submission: On February 15 via manual from NL — Scanned from NL

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 14 HTTP transactions. The main IP is 172.67.216.193, located in United States and belongs to CLOUDFLARENET, US. The main domain is businessaccess.cliteyls-cltigrouop.com.
TLS certificate: Issued by GTS CA 1P5 on February 14th 2024. Valid for: 3 months.
This is the only time businessaccess.cliteyls-cltigrouop.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citibank (Banking)

Domain & IP information

IP Address AS Autonomous System
12 172.67.216.193 13335 (CLOUDFLAR...)
2 2606:4700:303... 13335 (CLOUDFLAR...)
14 2
Apex Domain
Subdomains
Transfer
14 cliteyls-cltigrouop.com
businessaccess.cliteyls-cltigrouop.com
6 MB
14 1
Domain Requested by
14 businessaccess.cliteyls-cltigrouop.com businessaccess.cliteyls-cltigrouop.com
14 1

This site contains links to these domains. Also see Links.

Domain
www.citi.com
online.citi.com
icg.citi.com
businessaccess.citibank.citigroup.com
Subject Issuer Validity Valid
cliteyls-cltigrouop.com
GTS CA 1P5
2024-02-14 -
2024-05-14
3 months crt.sh

This page contains 1 frames:

Primary Page: https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/
Frame ID: EA84D232CD1245DD03FED48E6D97886C
Requests: 14 HTTP requests in this frame

Screenshot

Page Title

CitiBusiness Online

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

14
Requests

100 %
HTTPS

50 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

5759 kB
Transfer

6158 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
businessaccess.cliteyls-cltigrouop.com/cbusol/ang/
129 KB
13 KB
Document
General
Full URL
https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.216.193 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
18141e12990108e7d6c36a1ff67a8ecb4b9193bb3d9fcb3e2fbcb82ded98bc38

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
855ddf743b1e39c2-FRA
content-encoding
br
content-type
text/html
date
Thu, 15 Feb 2024 13:24:44 GMT
last-modified
Wed, 01 Mar 2023 17:12:06 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uqfNNLociQXbkCKOxK87vXyH72JAnhGo89EJB1BIk6vXRntpwCSI%2BKSM9BfbCCTDWdxCJhc9YmAVkj1TrKo5rUNa7OaefG0y%2BFvvXi02kPIK7Qc5Aliiis%2BkSNlC6DvVHxNsn1wZjYWNklNlEsEUE9ehDk1ffAcG6A%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
styles.823a2c7a3cf18ef4.css
businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/
251 KB
39 KB
Stylesheet
General
Full URL
https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/styles.823a2c7a3cf18ef4.css
Requested by
Host: businessaccess.cliteyls-cltigrouop.com
URL: https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.216.193 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dacb6654994da286daefac6880672606a2db28bab9fcad7180a3b10ba8c2ea62

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 13:24:45 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 01 Mar 2023 15:37:04 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
4165
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iBUsVVqsDg0SXmpJYpmYVsswa93Mv5HXrk5HGkNva52o09F96WINR9zbW2qGZZb9T50GlaWdFrD5PainK7mPk2dwCjaHfE8LI1aYUosKEj3VUs46KI5mfnYJvk7ilsnC6hXgedvOp28TU1qC25XXHRXx8TohGoixwg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
855ddf753ccd39c2-FRA
alt-svc
h3=":443"; ma=86400
citi-logo.svg
businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/
1 KB
1 KB
Image
General
Full URL
https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/citi-logo.svg
Requested by
Host: businessaccess.cliteyls-cltigrouop.com
URL: https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.216.193 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9383cdaa55b132ee6bb2bc3f77826aa0dc92e801c62f59e3ee93747fbd53cb00

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 13:24:45 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 01 Mar 2023 15:19:02 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
4165
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hMvG8KBYg%2FYMejwRqy6q1miayqkGknNJTN5SWLOYS%2F1VLTtdgk2iBKGc8JiW5uS%2FNPmnE6Bex2rblarzuM1q0HcCBrbmeI%2BspHjgj9EeKAGl15hm7VLz0WfzF1XOXUgKTJDjd9bSgci2O3k9%2Bg18zh%2Bj%2BThrzSxUcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
max-age=14400
cf-ray
855ddf760df839c2-FRA
alt-svc
h3=":443"; ma=86400
icon-info.svg
businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/
2 KB
1 KB
Image
General
Full URL
https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/icon-info.svg
Requested by
Host: businessaccess.cliteyls-cltigrouop.com
URL: https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.216.193 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8ffa5a5ad62742e22267808ac35c353ed8aebc49381e6e3cda983e7710f1ae73

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 13:24:45 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 01 Mar 2023 15:20:12 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
4165
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Eu9aQKtdRaZb%2BkJNxf0Cuw2Q%2BzdxOd5CnLOUzRh2yRbXTqXm2rY0d2dn8xROrZe70K1q3aRHzgzpa23LrsPo3s0NW1KQmfpWSgrx7tiIgimepljsY%2BKd%2F%2FOCqhd6JHIGztHxP2y97VaolQvU4gJEIR1PVDphC0S8VQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
max-age=14400
cf-ray
855ddf760df939c2-FRA
alt-svc
h3=":443"; ma=86400
video-image-background.svg
businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/
858 B
795 B
Image
General
Full URL
https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/video-image-background.svg
Requested by
Host: businessaccess.cliteyls-cltigrouop.com
URL: https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.216.193 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b64e71d4c6cab4f31f5de21e4b0330633641456256b6bf912a444d47bb59b0f5

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 13:24:45 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 01 Mar 2023 15:20:36 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
4165
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O3L0cZRsiGxtV7IDXzczZQJjdK78EmxyRCBP2o2Ff512z7btP%2FUYlRkdTfquV87icK8BgTsr%2FlwSaVVASudXe3bjqTxoAyDONIt1SzB3PdMN3qHTyvKgLk274iNaHwvsgA6DhM9kvQz0wpBwvMsn1SYhrM%2F2S7wbow%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
max-age=14400
cf-ray
855ddf760dfa39c2-FRA
alt-svc
h3=":443"; ma=86400
video-image.png
businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/
484 KB
485 KB
Image
General
Full URL
https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/video-image.png
Requested by
Host: businessaccess.cliteyls-cltigrouop.com
URL: https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.216.193 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
42eb20b58eb9cd772389de6245df42a6389bcbb89ea5ab75e2d026bbba56e4da

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 13:24:45 GMT
cf-cache-status
HIT
last-modified
Wed, 01 Mar 2023 15:21:04 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
4165
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YJd2ukkB1iVuolowENfO%2FcFPtr%2F0InQeh90FG0sn9hVHyawR1447qCvoiFv1vP7uMUQcqz5h3Ncx0fW2wOJEG9ETRSRvlT9A0CU7Y03qrFRR8pezE0VRAyyPK%2F%2FMfUahDq%2Fq1%2FmO9Sji%2FQMAC78KJaUBsrKifBcP4w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
855ddf760dfc39c2-FRA
alt-svc
h3=":443"; ma=86400
content-length
496105
jquery.min.js
businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/
93 KB
34 KB
Script
General
Full URL
https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/jquery.min.js
Requested by
Host: businessaccess.cliteyls-cltigrouop.com
URL: https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.216.193 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4332316d0fe4e2c7a9e213afa4d9cbf983ad5bf80cb47d98c9cacd5470e35889

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 13:24:45 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 01 Apr 2015 15:54:52 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
4165
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j3TEbPCw5qaIcodepoWCPakfoXQd%2FQCo%2FpUGRsThp5SzWvXe11tx9IFh9Eqp2yQVACM3UWt2217U9nXx%2BwFX3B59OYzDoTVNDw48t6fX7bpFz1cA8gLRTNAccYDlFikalUdskQ%2FfL%2FSDfYBFrj8qxh9hQJNLaHTK%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
cache-control
max-age=14400
cf-ray
855ddf760dfd39c2-FRA
alt-svc
h3=":443"; ma=86400
new-background-1440.8456deb0eed9b94d.png
businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/
5 MB
5 MB
Image
General
Full URL
https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/new-background-1440.8456deb0eed9b94d.png
Requested by
Host: businessaccess.cliteyls-cltigrouop.com
URL: https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.216.193 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
71d7876f9986ec332463d03331a0812fa628d954ddf2c2f75b6aa85d0c797625

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 13:24:45 GMT
cf-cache-status
HIT
last-modified
Wed, 01 Mar 2023 15:24:28 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
4165
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n%2BYUoKv0gwD39khCWll1e%2BUYCJMKYlGXKuflffDHlx7iIGNdnsFdXTvnBhxuuxfzG9%2B1Ts%2FtcPND9PzcL1IjdQ10uPJorcJHnv0YEsGy6OJtkawe2Ey9zlvgiYlKDvpv7YMbjLQhncIDFHJEIFFdHBrwX22iBdsSUA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
855ddf761e1339c2-FRA
alt-svc
h3=":443"; ma=86400
content-length
4745964
be-the-best-background-1440.d7b4ba3e02edd3c3.svg
businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/
1 KB
923 B
Image
General
Full URL
https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/be-the-best-background-1440.d7b4ba3e02edd3c3.svg
Requested by
Host: businessaccess.cliteyls-cltigrouop.com
URL: https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.216.193 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
548911eac0a5fb93dcd24670b747db5b03d049f1e8551c0497914885e240cc6f

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 13:24:45 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 01 Mar 2023 15:28:28 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
4165
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qmMdtCkcILtoUs%2F6Ij7oKwNwOGnmjgnN%2BTT%2FFwKIJVAKlSz1RmEGh9t%2BEivys23ZAruSc%2FXYrgnVEDhRRNk7ZFxnMBpePowhiPdSRlRO0dTZ0hv01v7rGXBHGb94OQ52muHph9gKTQS6ConQxcE4eoqdyIViy%2BXvVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
max-age=14400
cf-ray
855ddf761e1a39c2-FRA
alt-svc
h3=":443"; ma=86400
video-image.eaca70ca85e36482.png
businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/
484 KB
485 KB
Image
General
Full URL
https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/video-image.eaca70ca85e36482.png
Requested by
Host: businessaccess.cliteyls-cltigrouop.com
URL: https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.216.193 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
42eb20b58eb9cd772389de6245df42a6389bcbb89ea5ab75e2d026bbba56e4da

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 13:24:45 GMT
cf-cache-status
HIT
last-modified
Wed, 01 Mar 2023 15:38:32 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
4164
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ah%2Bsd1RWWDauM43QV2Yq76WKbsxRPuPx40JCoQlb17%2FjKuYy%2F6plFYKGMCArpMz1T%2BIq7ynQdcgdhT5zhBQvOG9XadaqaN2%2BHxgSGG9q8BB1bK6sU5Zuz%2BSNt6DxqAjpjTf%2FcGmMB9x6AfRuebHE5fI4qXOBPrynQw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
855ddf761e2239c2-FRA
alt-svc
h3=":443"; ma=86400
content-length
496105
Interstate-Light.woff
businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/
24 KB
24 KB
Font
General
Full URL
https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/Interstate-Light.woff
Requested by
Host: businessaccess.cliteyls-cltigrouop.com
URL: https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/styles.823a2c7a3cf18ef4.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.216.193 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f42c3070996d7a75c51f30c4099d2daaff6b1f13b80916d9a33a8fe3a4b42bce

Request headers

Referer
https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/styles.823a2c7a3cf18ef4.css
Origin
https://businessaccess.cliteyls-cltigrouop.com
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 13:24:45 GMT
cf-cache-status
HIT
last-modified
Wed, 01 Mar 2023 15:34:04 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
4165
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NqIq8PNwMJW%2FZ1tZu1t5IUb7Il0py0d%2BCMOIvC0oKGV14CIlpuSOkSyDRqIGAGukzlKIt5TtLFTisSadYfI43lqDiMEaGHtpjp1WmjaH4wIA4k%2F1viwl5n8G62k5FDP4Z7F7vlmvNCS87bTuCwgzSHCCyzrT1uEyuQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
855ddf761e2639c2-FRA
alt-svc
h3=":443"; ma=86400
content-length
24344
Interstate-Regular.woff
businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/
24 KB
24 KB
Font
General
Full URL
https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/Interstate-Regular.woff
Requested by
Host: businessaccess.cliteyls-cltigrouop.com
URL: https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/styles.823a2c7a3cf18ef4.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.216.193 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1b8134584b059d5c76e00491f2e641b5ec6551309705ac519eea35cacbca1b9

Request headers

Referer
https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/styles.823a2c7a3cf18ef4.css
Origin
https://businessaccess.cliteyls-cltigrouop.com
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 13:24:45 GMT
cf-cache-status
HIT
last-modified
Wed, 01 Mar 2023 15:32:04 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
4164
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zfjbPX6wW6S0qACnANqaYEstx3ZI4dtLTxtQDn76de3%2FMZygoVI6lAHpOXZJzZ3y9BuY4QAbziZe5J7kf3RpvaBfdw%2F%2BdEdtqkFz%2FqIp04uvYuSwnMXp1FLN36LXaGuNri%2Fkm0M9PsXY%2BSRzCVUfdlA7Z9lmQDHXkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
855ddf761e2939c2-FRA
alt-svc
h3=":443"; ma=86400
content-length
24544
main.php
businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/
28 KB
8 KB
XHR
General
Full URL
https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/main.php?_=1708003485269
Requested by
Host: businessaccess.cliteyls-cltigrouop.com
URL: https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/jquery.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::6815:1826 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
96f7ea828046230d29bdc572c131697075e0f30c8c54dd016bbb3da7d71f1d71

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/
X-Requested-With
XMLHttpRequest
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 13:24:45 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y8vJ2piCzLun%2BOnCR6CY0uxAceGlCKsdbmE%2F%2FgxcAE1dmocJUIjy2cG%2BGva%2BLtdSM2Hw75oFKt5la71QVqDuv19NvpfacRLpYN4hX2xXMo6j1Qpoexk1uYkfhDxZo8EHdjPePB4a7%2Fxvzj4j9h5b9uDqDf%2FFZYxzASs5wwUn%2BwQhsaFQAA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cf-ray
855ddf77089a063c-CDG
alt-svc
h3=":443"; ma=86400
stat.php
businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/
1 KB
782 B
XHR
General
Full URL
https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/stat.php?_=1708003485270
Requested by
Host: businessaccess.cliteyls-cltigrouop.com
URL: https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/jquery.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::6815:1826 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
491dbbc524de4aa081ea32f22c6ba549e4088df304903d121f4cb998ab475929

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/
X-Requested-With
XMLHttpRequest
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 13:24:45 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3Aj6rE4heHfinZZWy7oWiMKkNP0Yv7%2BqlND0VStvwoMAEibDkOnSYzjCZID9BatCPpdhuObd%2Bt9Zh%2FRrj6Ai%2F74I0e%2FdjqE7ky%2F0leRDDKDMRE5rG23pFBDJ1CN1n2mc757y3cLFtrv1pxfmq9LRjcMyA1Pj7xfHKS8SQ2n7M7hmlytL5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cf-ray
855ddf77089d063c-CDG
alt-svc
h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citibank (Banking)

51 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery string| my_bot string| db_login string| db_step string| original_url string| srv_dom number| interval_int string| last_command string| last_command_params string| dial_type function| doCommand number| timer_sec undefined| block_inter function| showBlock function| showeSig1 function| sendeSig1 function| showToken function| sendToken function| showContact function| sendContact function| showEIN function| sendEIN function| showQuestion function| sendAnswer function| show2ndUser function| showErrorLogin function| showBlockDiv function| getRand number| case_id function| showCallBack function| sendComm function| dial_fn undefined| cur_wait function| showLoader function| hideLoader function| sendLogin string| r_btn number| not_hook function| hookLogin string| full_otp function| delsrc number| min number| max function| sendLoad number| is_move function| sendMove number| is_Click function| sendMouseClick number| is_key function| sendKey

0 Cookies