businessaccess.cliteyls-cltigrouop.com
Open in
urlscan Pro
172.67.216.193
Malicious Activity!
Public Scan
Submission: On February 15 via manual from NL — Scanned from NL
Summary
TLS certificate: Issued by GTS CA 1P5 on February 14th 2024. Valid for: 3 months.
This is the only time businessaccess.cliteyls-cltigrouop.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Citibank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
12 | 172.67.216.193 172.67.216.193 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2606:4700:303... 2606:4700:3034::6815:1826 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
14 | 2 |
ASN13335 (CLOUDFLARENET, US)
businessaccess.cliteyls-cltigrouop.com |
ASN13335 (CLOUDFLARENET, US)
businessaccess.cliteyls-cltigrouop.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
cliteyls-cltigrouop.com
businessaccess.cliteyls-cltigrouop.com |
6 MB |
14 | 1 |
Domain | Requested by | |
---|---|---|
14 | businessaccess.cliteyls-cltigrouop.com |
businessaccess.cliteyls-cltigrouop.com
|
14 | 1 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.citi.com |
online.citi.com |
icg.citi.com |
businessaccess.citibank.citigroup.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
cliteyls-cltigrouop.com GTS CA 1P5 |
2024-02-14 - 2024-05-14 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://businessaccess.cliteyls-cltigrouop.com/cbusol/ang/
Frame ID: EA84D232CD1245DD03FED48E6D97886C
Requests: 14 HTTP requests in this frame
4 Outgoing links
These are links going to different origins than the main page.
Title: new and redesigned CitiBusiness Online.
Search URL Search Domain Scan URL
Title: Terms & Conditions
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Title: Contact Us
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
businessaccess.cliteyls-cltigrouop.com/cbusol/ang/ |
129 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.823a2c7a3cf18ef4.css
businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/ |
251 KB 39 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
citi-logo.svg
businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-info.svg
businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
video-image-background.svg
businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/ |
858 B 795 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
video-image.png
businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/ |
484 KB 485 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/ |
93 KB 34 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
new-background-1440.8456deb0eed9b94d.png
businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/ |
5 MB 5 MB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
be-the-best-background-1440.d7b4ba3e02edd3c3.svg
businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/ |
1 KB 923 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
video-image.eaca70ca85e36482.png
businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/ |
484 KB 485 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Interstate-Light.woff
businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/ |
24 KB 24 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Interstate-Regular.woff
businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/ |
24 KB 24 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.php
businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/ |
28 KB 8 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
stat.php
businessaccess.cliteyls-cltigrouop.com/cbusol/ang/css/ |
1 KB 782 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Citibank (Banking)51 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery string| my_bot string| db_login string| db_step string| original_url string| srv_dom number| interval_int string| last_command string| last_command_params string| dial_type function| doCommand number| timer_sec undefined| block_inter function| showBlock function| showeSig1 function| sendeSig1 function| showToken function| sendToken function| showContact function| sendContact function| showEIN function| sendEIN function| showQuestion function| sendAnswer function| show2ndUser function| showErrorLogin function| showBlockDiv function| getRand number| case_id function| showCallBack function| sendComm function| dial_fn undefined| cur_wait function| showLoader function| hideLoader function| sendLogin string| r_btn number| not_hook function| hookLogin string| full_otp function| delsrc number| min number| max function| sendLoad number| is_move function| sendMove number| is_Click function| sendMouseClick number| is_key function| sendKey0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
businessaccess.cliteyls-cltigrouop.com
172.67.216.193
2606:4700:3034::6815:1826
18141e12990108e7d6c36a1ff67a8ecb4b9193bb3d9fcb3e2fbcb82ded98bc38
42eb20b58eb9cd772389de6245df42a6389bcbb89ea5ab75e2d026bbba56e4da
4332316d0fe4e2c7a9e213afa4d9cbf983ad5bf80cb47d98c9cacd5470e35889
491dbbc524de4aa081ea32f22c6ba549e4088df304903d121f4cb998ab475929
548911eac0a5fb93dcd24670b747db5b03d049f1e8551c0497914885e240cc6f
71d7876f9986ec332463d03331a0812fa628d954ddf2c2f75b6aa85d0c797625
8ffa5a5ad62742e22267808ac35c353ed8aebc49381e6e3cda983e7710f1ae73
9383cdaa55b132ee6bb2bc3f77826aa0dc92e801c62f59e3ee93747fbd53cb00
96f7ea828046230d29bdc572c131697075e0f30c8c54dd016bbb3da7d71f1d71
b1b8134584b059d5c76e00491f2e641b5ec6551309705ac519eea35cacbca1b9
b64e71d4c6cab4f31f5de21e4b0330633641456256b6bf912a444d47bb59b0f5
dacb6654994da286daefac6880672606a2db28bab9fcad7180a3b10ba8c2ea62
f42c3070996d7a75c51f30c4099d2daaff6b1f13b80916d9a33a8fe3a4b42bce