urlscan.io logo urlscan.io
SecurityTrails logo

citintlonline.com Open in urlscan Pro
198.54.124.206  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://citintlonline.com/web/online/accounts/login/emplogin.php
Submission: On June 01 via manual from ES
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 21 HTTP transactions. The main IP is 198.54.124.206, located in Los Angeles, United States and belongs to NAMECHEAP-NET - Namecheap, Inc., US. The main domain is citintlonline.com.
This is the only time citintlonline.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Western Union (Banking)

Domain & IP information

IP Address AS Autonomous System
19 198.54.124.206 22612 (NAMECHEAP...)
2 217.148.70.193 16383 (LACAIXA-AS)
21 2
Apex Domain
Subdomains		 Transfer
19 citintlonline.com
citintlonline.com
510 KB
2 lacaixa.es
loc3.lacaixa.es
86 B
21 2
Domain Requested by
19 citintlonline.com citintlonline.com
2 loc3.lacaixa.es
21 2

This site contains links to these domains. Also see Links.

Domain
global.moneygram.com
westernunion.com
Subject Issuer Validity Valid
lo.caixabank.es
Symantec Class 3 EV SSL CA - G3		 2017-03-02 -
2018-03-02		 a year crt.sh

This page contains 1 frames:

Primary Page: http://citintlonline.com/web/online/accounts/login/emplogin.php
Frame ID: 2434.1
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Statistics

21
Requests

10 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

510 kB
Transfer

510 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request 16
  • https://lo.lacaixa.es/imatge/pixel.gif?extlothref=http://global.moneygram.com/ng/en
  • https://loc3.lacaixa.es/imatge/pixel.gif?extlothref=http://global.moneygram.com/ng/en
Request 17
  • https://lo.lacaixa.es/imatge/pixel.gif?extlothref=http://westernunion.com/Home
  • https://loc3.lacaixa.es/imatge/pixel.gif?extlothref=http://westernunion.com/Home

21 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set emplogin.php
citintlonline.com/web/online/accounts/login/ 		19 KB
19 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://citintlonline.com/web/online/accounts/login/emplogin.php
Protocol
HTTP/1.1
Server
198.54.124.206 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
1e8be74efe793b01dc9ca95d1ee96754b90086625a467891c99e4b0004455737

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch
Host
citintlonline.com
Accept-Language
en-US,en;q=0.8
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Cache-Control
no-cache
Connection
keep-alive
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 01 Jun 2017 12:40:29 GMT
Server
Apache
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
Set-Cookie
PHPSESSID=tsc1ecbia5ur62evj2rk9fq985; path=/
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Expires
Thu, 19 Nov 1981 08:52:00 GMT
loginTeclat.css
citintlonline.com/web/images/ 		8 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://citintlonline.com/web/images/loginTeclat.css
Requested by
Host: citintlonline.com
URL: http://citintlonline.com/web/online/accounts/login/emplogin.php
Protocol
HTTP/1.1
Server
198.54.124.206 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
2bcdc93842ebd4f93baa9ce9d4641efa62e54a64922e9f3d5e551c580d5e352a

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch
Host
citintlonline.com
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://citintlonline.com/web/online/accounts/login/emplogin.php
Cookie
PHPSESSID=tsc1ecbia5ur62evj2rk9fq985
Connection
keep-alive
Cache-Control
no-cache
Referer
http://citintlonline.com/web/online/accounts/login/emplogin.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36

Response headers

Date
Thu, 01 Jun 2017 12:40:29 GMT
Last-Modified
Wed, 01 Mar 2017 10:25:10 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
7999
jquery-1.8.3.min.js
citintlonline.com/web/images/ 		91 KB
91 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://citintlonline.com/web/images/jquery-1.8.3.min.js
Requested by
Host: citintlonline.com
URL: http://citintlonline.com/web/online/accounts/login/emplogin.php
Protocol
HTTP/1.1
Server
198.54.124.206 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
42dd197f5d15d2a06539ab87fb97e1d3e1c40583deee00b6899a68981f0e33fa

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch
Host
citintlonline.com
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36
Accept
*/*
Referer
http://citintlonline.com/web/online/accounts/login/emplogin.php
Cookie
PHPSESSID=tsc1ecbia5ur62evj2rk9fq985
Connection
keep-alive
Cache-Control
no-cache
Referer
http://citintlonline.com/web/online/accounts/login/emplogin.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36

Response headers

Date
Thu, 01 Jun 2017 12:40:29 GMT
Last-Modified
Wed, 01 Mar 2017 10:24:29 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
93637
jquery-ui-1.9.2.custom.min.js
citintlonline.com/web/images/ 		232 KB
232 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://citintlonline.com/web/images/jquery-ui-1.9.2.custom.min.js
Requested by
Host: citintlonline.com
URL: http://citintlonline.com/web/online/accounts/login/emplogin.php
Protocol
HTTP/1.1
Server
198.54.124.206 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
daf728aaefa7a524a97280481b2996b310d185ddac37a8cc26ba4cb9e79aef66

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch
Host
citintlonline.com
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36
Accept
*/*
Referer
http://citintlonline.com/web/online/accounts/login/emplogin.php
Cookie
PHPSESSID=tsc1ecbia5ur62evj2rk9fq985
Connection
keep-alive
Cache-Control
no-cache
Referer
http://citintlonline.com/web/online/accounts/login/emplogin.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36

Response headers

Date
Thu, 01 Jun 2017 12:40:29 GMT
Last-Modified
Wed, 01 Mar 2017 10:24:40 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
237798
validacionURLs.js
citintlonline.com/web/images/ 		6 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://citintlonline.com/web/images/validacionURLs.js
Requested by
Host: citintlonline.com
URL: http://citintlonline.com/web/online/accounts/login/emplogin.php
Protocol
HTTP/1.1
Server
198.54.124.206 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
c3ccb1a0a0a710db937829e5711e5985b7578bd6ddd7ec30486fdac5744225b1

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch
Host
citintlonline.com
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36
Accept
*/*
Referer
http://citintlonline.com/web/online/accounts/login/emplogin.php
Cookie
PHPSESSID=tsc1ecbia5ur62evj2rk9fq985
Connection
keep-alive
Cache-Control
no-cache
Referer
http://citintlonline.com/web/online/accounts/login/emplogin.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36

Response headers

Date
Thu, 01 Jun 2017 12:40:29 GMT
Last-Modified
Wed, 01 Mar 2017 10:26:29 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
6630
site.css
citintlonline.com/web/Login.aspx_files/ 		9 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://citintlonline.com/web/Login.aspx_files/site.css
Requested by
Host: citintlonline.com
URL: http://citintlonline.com/web/online/accounts/login/emplogin.php
Protocol
HTTP/1.1
Server
198.54.124.206 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
e68add4e0d3e1f6aa2c2538f1496f3fac27ce5c0f9d3c4e0c12228aba8a8d850

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch
Host
citintlonline.com
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://citintlonline.com/web/online/accounts/login/emplogin.php
Cookie
PHPSESSID=tsc1ecbia5ur62evj2rk9fq985
Connection
keep-alive
Cache-Control
no-cache
Referer
http://citintlonline.com/web/online/accounts/login/emplogin.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36

Response headers

Date
Thu, 01 Jun 2017 12:40:29 GMT
Last-Modified
Wed, 01 Mar 2017 10:19:13 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
9080
jquery-ui-1.css
citintlonline.com/web/Login.aspx_files/ 		32 KB
32 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://citintlonline.com/web/Login.aspx_files/jquery-ui-1.css
Requested by
Host: citintlonline.com
URL: http://citintlonline.com/web/online/accounts/login/emplogin.php
Protocol
HTTP/1.1
Server
198.54.124.206 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
3596f1e1af0806fe42dd3eeb1af476884d45b7d7c06f5c3ff69227086f5bd73a

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch
Host
citintlonline.com
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://citintlonline.com/web/online/accounts/login/emplogin.php
Cookie
PHPSESSID=tsc1ecbia5ur62evj2rk9fq985
Connection
keep-alive
Cache-Control
no-cache
Referer
http://citintlonline.com/web/online/accounts/login/emplogin.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36

Response headers

Date
Thu, 01 Jun 2017 12:40:29 GMT
Last-Modified
Wed, 01 Mar 2017 10:18:50 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
32877
BankStyles.css
citintlonline.com/web/Login.aspx_files/ 		33 B
33 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://citintlonline.com/web/Login.aspx_files/BankStyles.css
Requested by
Host: citintlonline.com
URL: http://citintlonline.com/web/online/accounts/login/emplogin.php
Protocol
HTTP/1.1
Server
198.54.124.206 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
773c7736aeaa524dd1f8d213951bcacc444c91420aa94d6f7de2622bc1f5cf1c

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch
Host
citintlonline.com
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://citintlonline.com/web/online/accounts/login/emplogin.php
Cookie
PHPSESSID=tsc1ecbia5ur62evj2rk9fq985
Connection
keep-alive
Cache-Control
no-cache
Referer
http://citintlonline.com/web/online/accounts/login/emplogin.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36

Response headers

Date
Thu, 01 Jun 2017 12:40:29 GMT
Last-Modified
Wed, 01 Mar 2017 10:18:18 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
33
logo_CaixaBank.png
citintlonline.com/web/images/ 		30 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://citintlonline.com/web/images/logo_CaixaBank.png
Requested by
Host: citintlonline.com
URL: http://citintlonline.com/web/online/accounts/login/emplogin.php
Protocol
HTTP/1.1
Server
198.54.124.206 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
8f1f51681b418c37aef9e2bbfc795f5e1ad7e21ad3fabd6b564c6b710fb82a5c

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch
Host
citintlonline.com
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36
Accept
image/webp,image/*,*/*;q=0.8
Referer
http://citintlonline.com/web/online/accounts/login/emplogin.php
Cookie
PHPSESSID=tsc1ecbia5ur62evj2rk9fq985
Connection
keep-alive
Cache-Control
no-cache
Referer
http://citintlonline.com/web/online/accounts/login/emplogin.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36

Response headers

Date
Thu, 01 Jun 2017 12:40:30 GMT
Last-Modified
Wed, 01 Mar 2017 10:25:17 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
31182
pixel.gif
citintlonline.com/web/images/ 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://citintlonline.com/web/images/pixel.gif
Requested by
Host: citintlonline.com
URL: http://citintlonline.com/web/online/accounts/login/emplogin.php
Protocol
HTTP/1.1
Server
198.54.124.206 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch
Host
citintlonline.com
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36
Accept
image/webp,image/*,*/*;q=0.8
Referer
http://citintlonline.com/web/online/accounts/login/emplogin.php
Cookie
PHPSESSID=tsc1ecbia5ur62evj2rk9fq985
Connection
keep-alive
Cache-Control
no-cache
Referer
http://citintlonline.com/web/online/accounts/login/emplogin.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36

Response headers

Date
Thu, 01 Jun 2017 12:40:30 GMT
Last-Modified
Wed, 01 Mar 2017 10:25:52 GMT
Server
Apache
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
43
moneygram.png
citintlonline.com/web/online/accounts/login/images/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://citintlonline.com/web/online/accounts/login/images/moneygram.png
Requested by
Host: citintlonline.com
URL: http://citintlonline.com/web/online/accounts/login/emplogin.php
Protocol
HTTP/1.1
Server
198.54.124.206 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
5c3acd37c4e4e8bdcb599343a74f0c42d74bbb6448e1426dcd7a5761ca04be91

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch
Host
citintlonline.com
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36
Accept
image/webp,image/*,*/*;q=0.8
Referer
http://citintlonline.com/web/online/accounts/login/emplogin.php
Cookie
PHPSESSID=tsc1ecbia5ur62evj2rk9fq985
Connection
keep-alive
Cache-Control
no-cache
Referer
http://citintlonline.com/web/online/accounts/login/emplogin.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36

Response headers

Date
Thu, 01 Jun 2017 12:40:30 GMT
Last-Modified
Wed, 01 Mar 2017 08:28:37 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=96
Content-Length
7898
westernunion.png
citintlonline.com/web/online/accounts/login/images/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://citintlonline.com/web/online/accounts/login/images/westernunion.png
Requested by
Host: citintlonline.com
URL: http://citintlonline.com/web/online/accounts/login/emplogin.php
Protocol
HTTP/1.1
Server
198.54.124.206 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
281b8ca8f6b45042883032eaa47a206ab5f503dbcf8a0c375340701b9ef560a2

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch
Host
citintlonline.com
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36
Accept
image/webp,image/*,*/*;q=0.8
Referer
http://citintlonline.com/web/online/accounts/login/emplogin.php
Cookie
PHPSESSID=tsc1ecbia5ur62evj2rk9fq985
Connection
keep-alive
Cache-Control
no-cache
Referer
http://citintlonline.com/web/online/accounts/login/emplogin.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36

Response headers

Date
Thu, 01 Jun 2017 12:40:31 GMT
Last-Modified
Wed, 01 Mar 2017 08:29:34 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
4402
EloLgnB011000.js
citintlonline.com/web/images/ 		31 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://citintlonline.com/web/images/EloLgnB011000.js
Requested by
Host: citintlonline.com
URL: http://citintlonline.com/web/online/accounts/login/emplogin.php
Protocol
HTTP/1.1
Server
198.54.124.206 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
27de5918496d669c17fcc04509df3ee96b000850d118ee863cf89645f6efa88f

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch
Host
citintlonline.com
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36
Accept
*/*
Referer
http://citintlonline.com/web/online/accounts/login/emplogin.php
Cookie
PHPSESSID=tsc1ecbia5ur62evj2rk9fq985
Connection
keep-alive
Cache-Control
no-cache
Referer
http://citintlonline.com/web/online/accounts/login/emplogin.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36

Response headers

Date
Thu, 01 Jun 2017 12:40:30 GMT
Last-Modified
Wed, 01 Mar 2017 10:23:06 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
31284
BTN-apply-online.gif
citintlonline.com/web/images/ 		381 B
381 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://citintlonline.com/web/images/BTN-apply-online.gif
Requested by
Host: citintlonline.com
URL: http://citintlonline.com/web/online/accounts/login/emplogin.php
Protocol
HTTP/1.1
Server
198.54.124.206 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
a1583dded5d91a41d2a2d92c4538366c46f6607703ca30d66b5552dacbf5e8d8

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch
Host
citintlonline.com
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36
Accept
image/webp,image/*,*/*;q=0.8
Referer
http://citintlonline.com/web/images/loginTeclat.css
Cookie
PHPSESSID=tsc1ecbia5ur62evj2rk9fq985
Connection
keep-alive
Cache-Control
no-cache
Referer
http://citintlonline.com/web/images/loginTeclat.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36

Response headers

Date
Thu, 01 Jun 2017 12:40:31 GMT
Last-Modified
Wed, 01 Mar 2017 10:21:12 GMT
Server
Apache
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
381
loginCSSSprite.png
citintlonline.com/web/images/ 		91 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://citintlonline.com/web/images/loginCSSSprite.png
Requested by
Host: citintlonline.com
URL: http://citintlonline.com/web/online/accounts/login/emplogin.php
Protocol
HTTP/1.1
Server
198.54.124.206 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
37615b6b7480737a974e32ba14efe1b242ee0d91c46707f8f962d0ec441143cc

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch
Host
citintlonline.com
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36
Accept
image/webp,image/*,*/*;q=0.8
Referer
http://citintlonline.com/web/images/loginTeclat.css
Cookie
PHPSESSID=tsc1ecbia5ur62evj2rk9fq985
Connection
keep-alive
Cache-Control
no-cache
Referer
http://citintlonline.com/web/images/loginTeclat.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36

Response headers

Date
Thu, 01 Jun 2017 12:40:31 GMT
Server
Apache
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Transfer-Encoding
chunked
Content-Type
text/html
line0000.jpg
citintlonline.com/web/Login.aspx_files/ 		91 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://citintlonline.com/web/Login.aspx_files/line0000.jpg
Requested by
Host: citintlonline.com
URL: http://citintlonline.com/web/online/accounts/login/emplogin.php
Protocol
HTTP/1.1
Server
198.54.124.206 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
37615b6b7480737a974e32ba14efe1b242ee0d91c46707f8f962d0ec441143cc

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch
Host
citintlonline.com
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36
Accept
image/webp,image/*,*/*;q=0.8
Referer
http://citintlonline.com/web/Login.aspx_files/site.css
Cookie
PHPSESSID=tsc1ecbia5ur62evj2rk9fq985
Connection
keep-alive
Cache-Control
no-cache
Referer
http://citintlonline.com/web/Login.aspx_files/site.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36

Response headers

Date
Thu, 01 Jun 2017 12:40:31 GMT
Server
Apache
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Transfer-Encoding
chunked
Content-Type
text/html
fondP.jpg
citintlonline.com/web/images/ 		315 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://citintlonline.com/web/images/fondP.jpg
Requested by
Host: citintlonline.com
URL: http://citintlonline.com/web/online/accounts/login/emplogin.php
Protocol
HTTP/1.1
Server
198.54.124.206 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
e5ef358953a511316d900be00f8a3928e0605e389c4a3e843241ca2b4dd99d50

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch
Host
citintlonline.com
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36
Accept
image/webp,image/*,*/*;q=0.8
Referer
http://citintlonline.com/web/images/loginTeclat.css
Cookie
PHPSESSID=tsc1ecbia5ur62evj2rk9fq985
Connection
keep-alive
Cache-Control
no-cache
Referer
http://citintlonline.com/web/images/loginTeclat.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36

Response headers

Date
Thu, 01 Jun 2017 12:40:31 GMT
Last-Modified
Wed, 01 Mar 2017 10:23:22 GMT
Server
Apache
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
315
pixel.gif
loc3.lacaixa.es/imatge/
Redirect Chain
  • https://lo.lacaixa.es/imatge/pixel.gif?extlothref=http://global.moneygram.com/ng/en
  • https://loc3.lacaixa.es/imatge/pixel.gif?extlothref=http://global.moneygram.com/ng/en
 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://loc3.lacaixa.es/imatge/pixel.gif?extlothref=http://global.moneygram.com/ng/en
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.148.70.193 , Spain, ASN16383 (LACAIXA-AS, ES),
Reverse DNS
Software
Apache /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch, br
Host
loc3.lacaixa.es
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36
Accept
image/webp,image/*,*/*;q=0.8
Referer
http://citintlonline.com/web/online/accounts/login/emplogin.php
Connection
keep-alive
Cache-Control
no-cache
Referer
http://citintlonline.com/web/online/accounts/login/emplogin.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36

Response headers

Date
Thu, 01 Jun 2017 12:40:32 GMT
Strict-Transport-Security
max-age=15768000
Last-Modified
Fri, 03 Jun 2011 08:32:06 GMT
Server
Apache
Vary
User-Agent
Content-Type
image/gif
Cache-Control
max-age=3600
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=10
Content-Length
43
Expires
Thu, 01 Jun 2017 13:40:32 GMT

Redirect headers

Location
https://loc3.lacaixa.es:443/imatge/pixel.gif?extlothref=http://global.moneygram.com/ng/en
Date
Thu, 01 Jun 2017 12:40:32 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=1
Content-Length
273
Content-Type
text/html; charset=iso-8859-1
pixel.gif
loc3.lacaixa.es/imatge/
Redirect Chain
  • https://lo.lacaixa.es/imatge/pixel.gif?extlothref=http://westernunion.com/Home
  • https://loc3.lacaixa.es/imatge/pixel.gif?extlothref=http://westernunion.com/Home
 		43 B
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://loc3.lacaixa.es/imatge/pixel.gif?extlothref=http://westernunion.com/Home
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.148.70.193 , Spain, ASN16383 (LACAIXA-AS, ES),
Reverse DNS
Software
Apache /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch, br
Host
loc3.lacaixa.es
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36
Accept
image/webp,image/*,*/*;q=0.8
Referer
http://citintlonline.com/web/online/accounts/login/emplogin.php
Connection
keep-alive
Cache-Control
no-cache
Referer
http://citintlonline.com/web/online/accounts/login/emplogin.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36

Response headers

Date
Thu, 01 Jun 2017 12:40:32 GMT
Strict-Transport-Security
max-age=15768000
Last-Modified
Fri, 03 Jun 2011 08:32:06 GMT
Server
Apache
Vary
User-Agent
Content-Type
image/gif
Cache-Control
max-age=3600
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=10
Content-Length
43
Expires
Thu, 01 Jun 2017 13:40:32 GMT

Redirect headers

Location
https://loc3.lacaixa.es:443/imatge/pixel.gif?extlothref=http://westernunion.com/Home
Date
Thu, 01 Jun 2017 12:40:32 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=1
Content-Length
268
Content-Type
text/html; charset=iso-8859-1
emplogin.php
citintlonline.com/web/online/accounts/login/ 		19 KB
19 KB 		Other
General
Check archive.org
Download Go to
Full URL
http://citintlonline.com/web/online/accounts/login/emplogin.php
Protocol
HTTP/1.1
Server
198.54.124.206 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
1e8be74efe793b01dc9ca95d1ee96754b90086625a467891c99e4b0004455737

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch
Host
citintlonline.com
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36
Accept
image/webp,image/*,*/*;q=0.8
Referer
http://citintlonline.com/web/online/accounts/login/emplogin.php
Cookie
PHPSESSID=tsc1ecbia5ur62evj2rk9fq985
Connection
keep-alive
Cache-Control
no-cache
Referer
http://citintlonline.com/web/online/accounts/login/emplogin.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 01 Jun 2017 12:40:31 GMT
Server
Apache
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
Keep-Alive
Keep-Alive
timeout=5, max=98
Expires
Thu, 19 Nov 1981 08:52:00 GMT
emplogin.php
citintlonline.com/web/online/accounts/login/ 		19 KB
19 KB 		Other
General
Check archive.org
Download Go to
Full URL
http://citintlonline.com/web/online/accounts/login/emplogin.php
Protocol
HTTP/1.1
Server
198.54.124.206 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US),
Reverse DNS
Software
Apache /
Resource Hash
1e8be74efe793b01dc9ca95d1ee96754b90086625a467891c99e4b0004455737

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch
Host
citintlonline.com
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36
Accept
image/webp,image/*,*/*;q=0.8
Referer
http://citintlonline.com/web/online/accounts/login/emplogin.php
Cookie
PHPSESSID=tsc1ecbia5ur62evj2rk9fq985
Connection
keep-alive
Cache-Control
no-cache
Referer
http://citintlonline.com/web/online/accounts/login/emplogin.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 01 Jun 2017 12:40:31 GMT
Server
Apache
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
Keep-Alive
Keep-Alive
timeout=5, max=97
Expires
Thu, 19 Nov 1981 08:52:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Western Union (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Domain/Path Name / Value
citintlonline.com/ Name: PHPSESSID
Value: tsc1ecbia5ur62evj2rk9fq985