cittiybank.com Open in urlscan Pro
135.181.68.210  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set / Show response cittiybank.com/	24 KB 7 KB	479ms 155ms	Document text/html	135.181.68.210 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://cittiybank.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 135.181.68.210 Helsinki, Finland, ASN24940 (HETZNER-AS, DE), Reverse DNS cloud.betahost247.com Software Apache / Resource Hash 997024928451bad8c6b3e9b2a313e1fd05f0b465fdb4a44a8067624330b8a914 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Host cittiybank.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Sec-Fetch-Dest document Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 22 Mar 2021 14:48:47 GMT Server Apache Cache-Control no-cache, private max-age=60, private, proxy-revalidate Set-Cookie XSRF-TOKEN=eyJpdiI6IlNoRnluLzFic2hNelJQdEVOdWxQV0E9PSIsInZhbHVlIjoiMHgwVUVNTDJNUFY2T1lvdGhDSFQzeEQ2YU9pMGs4QnJ3TjJ0TkkzdXFlSi9BKzBjT3RlQkhjVDg4WGk2ZXJVeUJmaTB2dzZxVDlZT1ROT2xPNTdMUEx0RWlNYzVnaDhNS3EvcUx3WVhGeDdlWHorTzVxbW5KM0dTcmZPODAwTTciLCJtYWMiOiI4OGI4ZTdhNjRjNzQ5NzNmMzc5ZGRmZTVmMTE3N2UxZjEyMThiNzkxM2EwMjI4YzdlZDJiNDUyOTIyY2VkNDI0In0%3D; expires=Mon, 22-Mar-2021 16:48:47 GMT; Max-Age=7200; path=/; samesite=lax online_banking_mortgages_personal_loans_investing_session=eyJpdiI6ImEvTEtHZU1HNlJCL1FSRE00K1hZSGc9PSIsInZhbHVlIjoibXNSM2E1Y0Rld3Y1M3V5UEdRNFQzQ3ZNaWJKVmVZbWp1UytVYzR2NFFrNG9aMTBZYVhDN3JRQkY1UEdYaEkxeE1ZeTIvNjYzSXYzZlc5R0xoK0hqWlpydDJDOER6elFWbnV5VkxFQkdDdGlDckpYRFpxS3dBK01Fd2p6aS9CZGciLCJtYWMiOiI2ZDUzOTcxZmEzN2NiMDIwZmFlNzQ3ODdlZjE5ZDhhYzlkN2EzZGZlZDNiN2U4ZjkwODg4MWU1YTE0MWNhYjM0In0%3D; expires=Mon, 22-Mar-2021 16:48:47 GMT; Max-Age=7200; path=/; httponly; samesite=lax Expires Wed, 21 Apr 2021 14:48:47 GMT Vary Accept-Encoding,User-Agent Content-Encoding gzip X-Content-Type-Options nosniff X-XSS-Protection 1; mode=block Content-Length 5723 Keep-Alive timeout=5, max=300 Connection Keep-Alive Content-Type text/html; charset=UTF-8
GET H2	200	css2 fonts.googleapis.com/	5 KB 727 B	15ms 14ms	Stylesheet text/css	2a00:1450:4001:80f::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Nunito:wght@400;600;700&display=swap Requested by Host: cittiybank.com URL: https://cittiybank.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 0e2bbf6399d58d1a0e33d667fad9810537c640ea2afcb5339a6d14921fae35f7 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://cittiybank.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Mon, 22 Mar 2021 13:11:09 GMT server ESF date Mon, 22 Mar 2021 14:48:47 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Mon, 22 Mar 2021 14:48:47 GMT
GET H/1.1	200 OK	app.css cittiybank.com/css/	3 MB 249 KB	60ms 60ms	Stylesheet text/css	135.181.68.210 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://cittiybank.com/css/app.css Requested by Host: cittiybank.com URL: https://cittiybank.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 135.181.68.210 Helsinki, Finland, ASN24940 (HETZNER-AS, DE), Reverse DNS cloud.betahost247.com Software Apache / Resource Hash c8151e3e536b290c94742007a4d644ecd9667e5edf2ed6aa4973d1b71a9998b4 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://cittiybank.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 22 Mar 2021 14:48:47 GMT Content-Encoding gzip X-Content-Type-Options nosniff Last-Modified Mon, 22 Mar 2021 14:37:13 GMT Server Apache Vary Accept-Encoding,User-Agent Content-Type text/css Cache-Control max-age=172800, proxy-revalidate Transfer-Encoding chunked Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=299 X-XSS-Protection 1; mode=block Expires Wed, 21 Apr 2021 14:48:47 GMT
GET H/1.1	200 OK	citilogoredesign.png cittiybank.com/images/	2 KB 2 KB	130ms 46ms	Image image/png	135.181.68.210 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://cittiybank.com/images/citilogoredesign.png Requested by Host: cittiybank.com URL: https://cittiybank.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 135.181.68.210 Helsinki, Finland, ASN24940 (HETZNER-AS, DE), Reverse DNS cloud.betahost247.com Software Apache / Resource Hash 102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://cittiybank.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 22 Mar 2021 14:48:47 GMT X-Content-Type-Options nosniff Last-Modified Mon, 22 Mar 2021 14:37:13 GMT Server Apache Content-Type image/png Cache-Control max-age=604800, public Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=300 Content-Length 1799 X-XSS-Protection 1; mode=block Expires Tue, 22 Mar 2022 14:48:47 GMT
GET H/1.1	200 OK	mortgage.jpeg cittiybank.com/images/	97 KB 97 KB	131ms 46ms	Image image/jpeg	135.181.68.210 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://cittiybank.com/images/mortgage.jpeg Requested by Host: cittiybank.com URL: https://cittiybank.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 135.181.68.210 Helsinki, Finland, ASN24940 (HETZNER-AS, DE), Reverse DNS cloud.betahost247.com Software Apache / Resource Hash cd86be0645b0f2ba2f6a9eb8e8324a01cb93ef12726f1b46140c6af89164d726 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://cittiybank.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 22 Mar 2021 14:48:47 GMT X-Content-Type-Options nosniff Last-Modified Mon, 22 Mar 2021 14:37:13 GMT Server Apache Content-Type image/jpeg Cache-Control max-age=604800, public Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=300 Content-Length 98943 X-XSS-Protection 1; mode=block Expires Tue, 22 Mar 2022 14:48:47 GMT
GET H/1.1	200 OK	earn.jpeg cittiybank.com/images/	95 KB 95 KB	132ms 46ms	Image image/jpeg	135.181.68.210 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://cittiybank.com/images/earn.jpeg Requested by Host: cittiybank.com URL: https://cittiybank.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 135.181.68.210 Helsinki, Finland, ASN24940 (HETZNER-AS, DE), Reverse DNS cloud.betahost247.com Software Apache / Resource Hash 14c86696e46dc18eb89cb0d32055bd16b9a9f06da0fcbc0af3481fb0aa2c2cfe Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://cittiybank.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 22 Mar 2021 14:48:47 GMT X-Content-Type-Options nosniff Last-Modified Mon, 22 Mar 2021 14:37:13 GMT Server Apache Content-Type image/jpeg Cache-Control max-age=604800, public Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=300 Content-Length 97235 X-XSS-Protection 1; mode=block Expires Tue, 22 Mar 2022 14:48:47 GMT
GET H/1.1	200 OK	card.jpeg cittiybank.com/images/	31 KB 32 KB	140ms 49ms	Image image/jpeg	135.181.68.210 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://cittiybank.com/images/card.jpeg Requested by Host: cittiybank.com URL: https://cittiybank.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 135.181.68.210 Helsinki, Finland, ASN24940 (HETZNER-AS, DE), Reverse DNS cloud.betahost247.com Software Apache / Resource Hash ddfc50334e444d16f275b7a81eb09c83ddd05bf00a3d47bef2d878671244f2f4 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://cittiybank.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 22 Mar 2021 14:48:47 GMT X-Content-Type-Options nosniff Last-Modified Mon, 22 Mar 2021 14:37:13 GMT Server Apache Content-Type image/jpeg Cache-Control max-age=604800, public Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=300 Content-Length 32204 X-XSS-Protection 1; mode=block Expires Tue, 22 Mar 2022 14:48:47 GMT
GET H/1.1	200 OK	bike.jpeg cittiybank.com/images/	63 KB 63 KB	140ms 50ms	Image image/jpeg	135.181.68.210 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://cittiybank.com/images/bike.jpeg Requested by Host: cittiybank.com URL: https://cittiybank.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 135.181.68.210 Helsinki, Finland, ASN24940 (HETZNER-AS, DE), Reverse DNS cloud.betahost247.com Software Apache / Resource Hash f268dcdb7e59e888bf611ab61e2235cb56ca24dc5e5bfd1dcb1cba3c5e56441e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://cittiybank.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 22 Mar 2021 14:48:47 GMT X-Content-Type-Options nosniff Last-Modified Mon, 22 Mar 2021 14:37:13 GMT Server Apache Content-Type image/jpeg Cache-Control max-age=604800, public Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=300 Content-Length 64418 X-XSS-Protection 1; mode=block Expires Tue, 22 Mar 2022 14:48:47 GMT
GET H/1.1	200 OK	self-care.jpeg cittiybank.com/images/	74 KB 75 KB	47ms 46ms	Image image/jpeg	135.181.68.210 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://cittiybank.com/images/self-care.jpeg Requested by Host: cittiybank.com URL: https://cittiybank.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 135.181.68.210 Helsinki, Finland, ASN24940 (HETZNER-AS, DE), Reverse DNS cloud.betahost247.com Software Apache / Resource Hash 9cf8b5ad7e9cb229a95f878ff4e87a9fe38577e4767b796ca3d1e9d35f70cc61 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://cittiybank.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 22 Mar 2021 14:48:47 GMT X-Content-Type-Options nosniff Last-Modified Mon, 22 Mar 2021 14:37:13 GMT Server Apache Content-Type image/jpeg Cache-Control max-age=604800, public Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=299 Content-Length 75904 X-XSS-Protection 1; mode=block Expires Tue, 22 Mar 2022 14:48:47 GMT
GET H/1.1	200 OK	equality.jpeg cittiybank.com/images/	91 KB 91 KB	47ms 46ms	Image image/jpeg	135.181.68.210 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://cittiybank.com/images/equality.jpeg Requested by Host: cittiybank.com URL: https://cittiybank.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 135.181.68.210 Helsinki, Finland, ASN24940 (HETZNER-AS, DE), Reverse DNS cloud.betahost247.com Software Apache / Resource Hash 6d745a03d69826ae4fda27d32a598fd6433094598558b2521cf238524d05ffa9 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://cittiybank.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 22 Mar 2021 14:48:47 GMT X-Content-Type-Options nosniff Last-Modified Mon, 22 Mar 2021 14:37:13 GMT Server Apache Content-Type image/jpeg Cache-Control max-age=604800, public Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=298 Content-Length 92721 X-XSS-Protection 1; mode=block Expires Tue, 22 Mar 2022 14:48:47 GMT
GET H/1.1	200 OK	playstore.png cittiybank.com/images/	85 KB 85 KB	59ms 58ms	Image image/png	135.181.68.210 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://cittiybank.com/images/playstore.png Requested by Host: cittiybank.com URL: https://cittiybank.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 135.181.68.210 Helsinki, Finland, ASN24940 (HETZNER-AS, DE), Reverse DNS cloud.betahost247.com Software Apache / Resource Hash 1500f0a2c6e2940596f230a3b29d193108975c1ef83f1130b99108ba432183c8 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://cittiybank.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 22 Mar 2021 14:48:47 GMT X-Content-Type-Options nosniff Last-Modified Mon, 22 Mar 2021 14:37:13 GMT Server Apache Content-Type image/png Cache-Control max-age=604800, public Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=299 Content-Length 86737 X-XSS-Protection 1; mode=block Expires Tue, 22 Mar 2022 14:48:47 GMT
GET H/1.1	200 OK	appstore.png cittiybank.com/images/	46 KB 46 KB	56ms 56ms	Image image/png	135.181.68.210 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://cittiybank.com/images/appstore.png Requested by Host: cittiybank.com URL: https://cittiybank.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 135.181.68.210 Helsinki, Finland, ASN24940 (HETZNER-AS, DE), Reverse DNS cloud.betahost247.com Software Apache / Resource Hash f61d450968de97885f6554398c9ba3b2c82a36f931f3a008297b713ae3be3fa3 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://cittiybank.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 22 Mar 2021 14:48:47 GMT X-Content-Type-Options nosniff Last-Modified Mon, 22 Mar 2021 14:37:13 GMT Server Apache Content-Type image/png Cache-Control max-age=604800, public Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=297 Content-Length 47134 X-XSS-Protection 1; mode=block Expires Tue, 22 Mar 2022 14:48:47 GMT
GET H/1.1	200 OK	footer-image.png cittiybank.com/images/	27 KB 28 KB	57ms 56ms	Image image/png	135.181.68.210 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://cittiybank.com/images/footer-image.png Requested by Host: cittiybank.com URL: https://cittiybank.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 135.181.68.210 Helsinki, Finland, ASN24940 (HETZNER-AS, DE), Reverse DNS cloud.betahost247.com Software Apache / Resource Hash 6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://cittiybank.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 22 Mar 2021 14:48:47 GMT X-Content-Type-Options nosniff Last-Modified Mon, 22 Mar 2021 14:37:13 GMT Server Apache Content-Type image/png Cache-Control max-age=604800, public Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=299 Content-Length 28149 X-XSS-Protection 1; mode=block Expires Tue, 22 Mar 2022 14:48:47 GMT
GET H/1.1	200 OK	header-bg.jpeg cittiybank.com/images/	196 KB 196 KB	63ms 62ms	Image image/jpeg	135.181.68.210 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://cittiybank.com/images/header-bg.jpeg Requested by Host: cittiybank.com URL: https://cittiybank.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 135.181.68.210 Helsinki, Finland, ASN24940 (HETZNER-AS, DE), Reverse DNS cloud.betahost247.com Software Apache / Resource Hash 6f76589585a8e6aa963b9d8383c6369dee410c68ef8fbef5df7abef4b6ce5fa1 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://cittiybank.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Mon, 22 Mar 2021 14:48:47 GMT X-Content-Type-Options nosniff Last-Modified Mon, 22 Mar 2021 14:37:13 GMT Server Apache Content-Type image/jpeg Cache-Control max-age=604800, public Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=299 Content-Length 200475 X-XSS-Protection 1; mode=block Expires Tue, 22 Mar 2022 14:48:47 GMT
GET H3-Q050	200	css2 fonts.googleapis.com/	9 KB 1 KB	44ms 29ms	Stylesheet text/css	2a00:1450:4001:813::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;800&display=swap Requested by Host: cittiybank.com URL: https://cittiybank.com/css/app.css Protocol H3-Q050 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 3cc0cbedf7ea96b7382a3fa771299749e8d94c503583d676b579306bdc7bdd31 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://cittiybank.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Mon, 22 Mar 2021 14:48:47 GMT server ESF date Mon, 22 Mar 2021 14:48:47 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Mon, 22 Mar 2021 14:48:47 GMT
GET H2	200	UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 fonts.gstatic.com/s/inter/v3/	36 KB 36 KB	7ms 6ms	Font font/woff2	2a00:1450:4001:800::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/inter/v3/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;800&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f6789b1579e3915acc50ce2f56d956c05dc3186238eb4d1a0d4ad1e403a625ac Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Origin https://cittiybank.com Referer https://fonts.googleapis.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Thu, 18 Mar 2021 19:41:26 GMT x-content-type-options nosniff last-modified Thu, 28 Jan 2021 22:48:53 GMT server sffe age 328041 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 37056 x-xss-protection 0 expires Fri, 18 Mar 2022 19:41:26 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citibank (Banking)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			cittiybank.com/	1970-01-19 17:00:31	Name: online_banking_mortgages_personal_loans_investing_session Value: eyJpdiI6ImEvTEtHZU1HNlJCL1FSRE00K1hZSGc9PSIsInZhbHVlIjoibXNSM2E1Y0Rld3Y1M3V5UEdRNFQzQ3ZNaWJKVmVZbWp1UytVYzR2NFFrNG9aMTBZYVhDN3JRQkY1UEdYaEkxeE1ZeTIvNjYzSXYzZlc5R0xoK0hqWlpydDJDOER6elFWbnV5VkxFQkdDdGlDckpYRFpxS3dBK01Fd2p6aS9CZGciLCJtYWMiOiI2ZDUzOTcxZmEzN2NiMDIwZmFlNzQ3ODdlZjE5ZDhhYzlkN2EzZGZlZDNiN2U4ZjkwODg4MWU1YTE0MWNhYjM0In0%3D
			cittiybank.com/	1970-01-19 17:00:31	Name: XSRF-TOKEN Value: eyJpdiI6IlNoRnluLzFic2hNelJQdEVOdWxQV0E9PSIsInZhbHVlIjoiMHgwVUVNTDJNUFY2T1lvdGhDSFQzeEQ2YU9pMGs4QnJ3TjJ0TkkzdXFlSi9BKzBjT3RlQkhjVDg4WGk2ZXJVeUJmaTB2dzZxVDlZT1ROT2xPNTdMUEx0RWlNYzVnaDhNS3EvcUx3WVhGeDdlWHorTzVxbW5KM0dTcmZPODAwTTciLCJtYWMiOiI4OGI4ZTdhNjRjNzQ5NzNmMzc5ZGRmZTVmMTE3N2UxZjEyMThiNzkxM2EwMjI4YzdlZDJiNDUyOTIyY2VkNDI0In0%3D

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cittiybank.com
fonts.googleapis.com
fonts.gstatic.com
135.181.68.210
2a00:1450:4001:800::2003
2a00:1450:4001:80f::200a
2a00:1450:4001:813::200a
0e2bbf6399d58d1a0e33d667fad9810537c640ea2afcb5339a6d14921fae35f7
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed
14c86696e46dc18eb89cb0d32055bd16b9a9f06da0fcbc0af3481fb0aa2c2cfe
1500f0a2c6e2940596f230a3b29d193108975c1ef83f1130b99108ba432183c8
3cc0cbedf7ea96b7382a3fa771299749e8d94c503583d676b579306bdc7bdd31
6d745a03d69826ae4fda27d32a598fd6433094598558b2521cf238524d05ffa9
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452
6f76589585a8e6aa963b9d8383c6369dee410c68ef8fbef5df7abef4b6ce5fa1
997024928451bad8c6b3e9b2a313e1fd05f0b465fdb4a44a8067624330b8a914
9cf8b5ad7e9cb229a95f878ff4e87a9fe38577e4767b796ca3d1e9d35f70cc61
c8151e3e536b290c94742007a4d644ecd9667e5edf2ed6aa4973d1b71a9998b4
cd86be0645b0f2ba2f6a9eb8e8324a01cb93ef12726f1b46140c6af89164d726
ddfc50334e444d16f275b7a81eb09c83ddd05bf00a3d47bef2d878671244f2f4
f268dcdb7e59e888bf611ab61e2235cb56ca24dc5e5bfd1dcb1cba3c5e56441e
f61d450968de97885f6554398c9ba3b2c82a36f931f3a008297b713ae3be3fa3
f6789b1579e3915acc50ce2f56d956c05dc3186238eb4d1a0d4ad1e403a625ac