citi-world-action.com Open in urlscan Pro
162.241.87.22 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://citi-world-action.com/p/10h.php
Submission: On June 04 via automatic, source openphish (June 4th 2022, 1:29:47 pm UTC) — Scanned from DE

Summary HTTP 23 Redirects Behaviour Indicators

Similar DOM Content API

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 23 HTTP transactions. The main IP is 162.241.87.22, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is citi-world-action.com.

This is the only time citi-world-action.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citibank (Banking)

Domain & IP information

	IP Address		AS Autonomous System
19	162.241.87.22 162.241.87.22		46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
2	2606:4700::68... 2606:4700::6810:5714		13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:809::200a		15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::200a		15169 (GOOGLE) (GOOGLE)
23	4

19 162.241.87.22 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: server.superhouseeducation.com

citi-world-action.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:5714 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	citi-world-action.com citi-world-action.com	438 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 42 ajax.googleapis.com — Cisco Umbrella Rank: 277	32 KB
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 419	53 KB
23	3

	Domain	Requested by
19	citi-world-action.com	citi-world-action.com
2	cdn.jsdelivr.net	citi-world-action.com
1	ajax.googleapis.com	citi-world-action.com
1	fonts.googleapis.com	citi-world-action.com
23	4

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-02` - `2023-06-01`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-05-09` - `2022-08-01`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://citi-world-action.com/p/10h.php
Frame ID: CAFD881EBB024E9A3A001C11516A343C
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign on to Your Citi Account

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

23
Requests

17 %
HTTPS

75 %
IPv6

3
Domains

4
Subdomains

4
IPs

2
Countries

522 kB
Transfer

788 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request 10h.php Show response
citi-world-action.com/p/ 16 KB
17 KB 576ms
413ms Document
text/html 162.241.87.22
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: http://citi-world-action.com/p/10h.php
Protocol: HTTP/1.1
Server: 162.241.87.22 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: server.superhouseeducation.com
Software: Apache /
Resource Hash: 8fb78703878f5ab173973292e3d0ff22ea209e9101bf1f46bf6af1cc111f297c

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Sat, 04 Jun 2022 13:29:40 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive: timeout=5, max=100
Pragma: no-cache
Server: Apache
Transfer-Encoding: chunked

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.2.0-beta1/dist/css/ 189 KB
29 KB 92ms
34ms Stylesheet
text/css 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@5.2.0-beta1/dist/css/bootstrap.min.css

Requested by

Host: citi-world-action.com
URL: http://citi-world-action.com/p/10h.php

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb1763b59f9f5764294b5af9fa5250835ae608282fe6f2f2213a5952aacf1fbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://citi-world-action.com/
Origin: http://citi-world-action.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Sat, 04 Jun 2022 13:29:42 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1577130
x-jsd-version: 5.2.0-beta1
x-cache: HIT, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19144-FRA, cache-iad-kiad7000071-IAD
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"2f3f9-YnOsGiPXmhIvAi9qh8W3XCz6/Do"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Eq6vGe0LG%2FVZT7MitBmsRFa0J2QC4jWCZuGtgspldApGtUB%2BSaCpDprDBUtdWaeHiNaVae8wAd5x2GKSZw4oGqEpCiW5l6NpPGZYxAmyUb6cHb8iUdt9WyFGhAUL%2FqV2fPvXZtGkKE1ow%2BVyRPY%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 716104d78cd05c6e-FRA
access-control-expose-headers: *

GET
H/1.1 200
OK style.css
citi-world-action.com/p/assets/css/ 5 KB
6 KB 292ms
148ms Stylesheet
text/css 162.241.87.22
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: http://citi-world-action.com/p/assets/css/style.css
Requested by: Host: citi-world-action.com
URL: http://citi-world-action.com/p/10h.php
Protocol: HTTP/1.1
Server: 162.241.87.22 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: server.superhouseeducation.com
Software: Apache /
Resource Hash: 63ed908a17ad58988e9ff4a92cec9439d9113862557838f8f68541d97a2c4074

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://citi-world-action.com/p/10h.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Sat, 04 Jun 2022 13:29:41 GMT
Last-Modified: Wed, 01 Jun 2022 20:38:30 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 5519

GET
H2 200 icon
fonts.googleapis.com/ 569 B
869 B 117ms
65ms Stylesheet
text/css 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/icon?family=Material+Icons

Requested by

Host: citi-world-action.com
URL: http://citi-world-action.com/p/10h.php

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7107aabf60743d01b5e28d3bcc9f9e285aace410a27567cbb7a8b69f35658c05

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://citi-world-action.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 04 Jun 2022 13:29:42 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Sat, 04 Jun 2022 13:29:42 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 04 Jun 2022 13:29:42 GMT

GET
H/1.1 200
OK lt.png
citi-world-action.com/p/assets/img/ 2 KB
2 KB 284ms
150ms Image
image/png 162.241.87.22
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://citi-world-action.com/p/assets/img/lt.png
Requested by: Host: citi-world-action.com
URL: http://citi-world-action.com/p/10h.php
Protocol: HTTP/1.1
Server: 162.241.87.22 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: server.superhouseeducation.com
Software: Apache /
Resource Hash: 102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://citi-world-action.com/p/10h.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Sat, 04 Jun 2022 13:29:41 GMT
Last-Modified: Wed, 01 Jun 2022 00:12:04 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1799

GET
H/1.1 200
OK loc.svg
citi-world-action.com/p/assets/img/ 2 KB
2 KB 293ms
146ms Image
image/svg+xml 162.241.87.22
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://citi-world-action.com/p/assets/img/loc.svg
Requested by: Host: citi-world-action.com
URL: http://citi-world-action.com/p/10h.php
Protocol: HTTP/1.1
Server: 162.241.87.22 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: server.superhouseeducation.com
Software: Apache /
Resource Hash: 6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://citi-world-action.com/p/10h.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Sat, 04 Jun 2022 13:29:41 GMT
Last-Modified: Wed, 01 Jun 2022 00:13:10 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1752

GET
H/1.1 200
OK world.svg
citi-world-action.com/p/assets/img/ 3 KB
4 KB 295ms
147ms Image
image/svg+xml 162.241.87.22
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://citi-world-action.com/p/assets/img/world.svg
Requested by: Host: citi-world-action.com
URL: http://citi-world-action.com/p/10h.php
Protocol: HTTP/1.1
Server: 162.241.87.22 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: server.superhouseeducation.com
Software: Apache /
Resource Hash: a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://citi-world-action.com/p/10h.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Sat, 04 Jun 2022 13:29:41 GMT
Last-Modified: Wed, 01 Jun 2022 00:13:18 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 3523

GET
H/1.1 200
OK citiqr.PNG
citi-world-action.com/p/assets/img/ 1 KB
1 KB 296ms
147ms Image
image/png 162.241.87.22
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://citi-world-action.com/p/assets/img/citiqr.PNG
Requested by: Host: citi-world-action.com
URL: http://citi-world-action.com/p/10h.php
Protocol: HTTP/1.1
Server: 162.241.87.22 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: server.superhouseeducation.com
Software: Apache /
Resource Hash: 12b48b07e600f88b3b8c6bbc29d739ca833d050023648c502d65941530025e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://citi-world-action.com/p/10h.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Sat, 04 Jun 2022 13:29:41 GMT
Last-Modified: Wed, 23 Mar 2022 06:44:36 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1101

GET
H/1.1 200
OK checkno.png
citi-world-action.com/p/assets/img/ 460 B
702 B 297ms
148ms Image
image/png 162.241.87.22
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://citi-world-action.com/p/assets/img/checkno.png
Requested by: Host: citi-world-action.com
URL: http://citi-world-action.com/p/10h.php
Protocol: HTTP/1.1
Server: 162.241.87.22 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: server.superhouseeducation.com
Software: Apache /
Resource Hash: aac1a7d29d34b82a0db97b2623938386e77c64091143f3cc64d593d51c7ea8ce

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://citi-world-action.com/p/10h.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Sat, 04 Jun 2022 13:29:41 GMT
Last-Modified: Wed, 01 Jun 2022 02:00:00 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 460

GET
H/1.1 200
OK checkyes.png
citi-world-action.com/p/assets/img/ 479 B
720 B 148ms
148ms Image
image/png 162.241.87.22
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://citi-world-action.com/p/assets/img/checkyes.png
Requested by: Host: citi-world-action.com
URL: http://citi-world-action.com/p/10h.php
Protocol: HTTP/1.1
Server: 162.241.87.22 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: server.superhouseeducation.com
Software: Apache /
Resource Hash: 45f3c0afc3be4e6b87f7b8e250bb191fe3765cc0e0676df3732393c09d66ed82

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://citi-world-action.com/p/10h.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Sat, 04 Jun 2022 13:29:41 GMT
Last-Modified: Wed, 01 Jun 2022 02:00:40 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 479

GET
H/1.1 200
OK eqh.png
citi-world-action.com/p/assets/img/ 2 KB
2 KB 578ms
148ms Image
image/png 162.241.87.22
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://citi-world-action.com/p/assets/img/eqh.png
Requested by: Host: citi-world-action.com
URL: http://citi-world-action.com/p/10h.php
Protocol: HTTP/1.1
Server: 162.241.87.22 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: server.superhouseeducation.com
Software: Apache /
Resource Hash: f23485e8b9c368f28f18a0bb110573df79c00ac3a2ca71d68017db100207639d

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://citi-world-action.com/p/10h.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Sat, 04 Jun 2022 13:29:42 GMT
Last-Modified: Wed, 01 Jun 2022 10:37:26 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 1606

GET
H/1.1 200
OK gp.png
citi-world-action.com/p/assets/img/ 24 KB
25 KB 430ms
148ms Image
image/png 162.241.87.22
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://citi-world-action.com/p/assets/img/gp.png
Requested by: Host: citi-world-action.com
URL: http://citi-world-action.com/p/10h.php
Protocol: HTTP/1.1
Server: 162.241.87.22 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: server.superhouseeducation.com
Software: Apache /
Resource Hash: a079bb0d5590826bcc664715122004dff51e76c79608bc29f586c9388b623b77

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://citi-world-action.com/p/10h.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Sat, 04 Jun 2022 13:29:41 GMT
Last-Modified: Wed, 01 Jun 2022 10:45:16 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 25077

GET
H/1.1 200
OK ap.png
citi-world-action.com/p/assets/img/ 20 KB
20 KB 302ms
148ms Image
image/png 162.241.87.22
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://citi-world-action.com/p/assets/img/ap.png
Requested by: Host: citi-world-action.com
URL: http://citi-world-action.com/p/10h.php
Protocol: HTTP/1.1
Server: 162.241.87.22 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: server.superhouseeducation.com
Software: Apache /
Resource Hash: 87c763c6b05015e55915d0a1e6647e4e5d0b996e78d79e1afe228dd33b68e65b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://citi-world-action.com/p/10h.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Sat, 04 Jun 2022 13:29:41 GMT
Last-Modified: Wed, 01 Jun 2022 10:45:22 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 20047

GET
H/1.1 200
OK f.png
citi-world-action.com/p/assets/img/ 445 B
686 B 282ms
148ms Image
image/png 162.241.87.22
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://citi-world-action.com/p/assets/img/f.png
Requested by: Host: citi-world-action.com
URL: http://citi-world-action.com/p/10h.php
Protocol: HTTP/1.1
Server: 162.241.87.22 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: server.superhouseeducation.com
Software: Apache /
Resource Hash: 695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://citi-world-action.com/p/10h.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Sat, 04 Jun 2022 13:29:41 GMT
Last-Modified: Wed, 01 Jun 2022 10:46:04 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 445

GET
H/1.1 200
OK t.png
citi-world-action.com/p/assets/img/ 1 KB
1 KB 586ms
149ms Image
image/png 162.241.87.22
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://citi-world-action.com/p/assets/img/t.png
Requested by: Host: citi-world-action.com
URL: http://citi-world-action.com/p/10h.php
Protocol: HTTP/1.1
Server: 162.241.87.22 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: server.superhouseeducation.com
Software: Apache /
Resource Hash: 5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://citi-world-action.com/p/10h.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Sat, 04 Jun 2022 13:29:42 GMT
Last-Modified: Wed, 01 Jun 2022 10:46:10 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 1277

GET
H/1.1 200
OK y.png
citi-world-action.com/p/assets/img/ 1 KB
1 KB 154ms
148ms Image
image/png 162.241.87.22
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://citi-world-action.com/p/assets/img/y.png
Requested by: Host: citi-world-action.com
URL: http://citi-world-action.com/p/10h.php
Protocol: HTTP/1.1
Server: 162.241.87.22 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: server.superhouseeducation.com
Software: Apache /
Resource Hash: be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://citi-world-action.com/p/10h.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Sat, 04 Jun 2022 13:29:41 GMT
Last-Modified: Wed, 01 Jun 2022 10:46:14 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 1175

GET
H/1.1 200
OK bot.png
citi-world-action.com/p/assets/img/ 27 KB
28 KB 148ms
148ms Image
image/png 162.241.87.22
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://citi-world-action.com/p/assets/img/bot.png
Requested by: Host: citi-world-action.com
URL: http://citi-world-action.com/p/10h.php
Protocol: HTTP/1.1
Server: 162.241.87.22 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: server.superhouseeducation.com
Software: Apache /
Resource Hash: 6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://citi-world-action.com/p/10h.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Sat, 04 Jun 2022 13:29:42 GMT
Last-Modified: Wed, 01 Jun 2022 12:55:36 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 28149

GET
H2 200 bootstrap.bundle.min.js Show response
cdn.jsdelivr.net/npm/bootstrap@5.2.0-beta1/dist/js/ 78 KB
24 KB 34ms
34ms Script
application/javascript 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@5.2.0-beta1/dist/js/bootstrap.bundle.min.js

Requested by

Host: citi-world-action.com
URL: http://citi-world-action.com/p/10h.php

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2515e37eee31f5ef3d659b21dcc84dc6ea732b06872da51078b5b526de34c0c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://citi-world-action.com/
Origin: http://citi-world-action.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Sat, 04 Jun 2022 13:29:42 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1577334
x-jsd-version: 5.2.0-beta1
x-cache: HIT, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19132-FRA, cache-iad-kiad7000098-IAD
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"1377e-a0uYWpCr16scLjX/O4dNB8+EEO4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5cDcues9znChCEx7ERxciBAQgJd5ybmCiVg3WUUJ%2FQFQW21JG09fGxkmWFe4f2Vt0btviCFXyY93yEYAMZFslSLYAQqqyefkmwWxBnayHV0mH8%2BCUTUqZs8FramlWXYZLlvO9aO2K5YSa%2BJKXUg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 716104d81dd85c6e-FRA
access-control-expose-headers: *

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.6.0/ 87 KB
31 KB 78ms
23ms Script
text/javascript 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js

Requested by

Host: citi-world-action.com
URL: http://citi-world-action.com/p/10h.php

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://citi-world-action.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Thu, 02 Jun 2022 07:24:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 194738
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31017
x-xss-protection: 0
last-modified: Wed, 10 Mar 2021 14:28:09 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 02 Jun 2023 07:24:04 GMT

GET
H/1.1 200
OK bg.jpg
citi-world-action.com/p/assets/img/ 106 KB
106 KB 153ms
149ms Image
image/jpeg 162.241.87.22
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://citi-world-action.com/p/assets/img/bg.jpg
Requested by: Host: citi-world-action.com
URL: http://citi-world-action.com/p/assets/css/style.css
Protocol: HTTP/1.1
Server: 162.241.87.22 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: server.superhouseeducation.com
Software: Apache /
Resource Hash: dbdebfcc2ed9932006edcfc7f8190ca5c9a04ff737e990645712ccc33e5ce070

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://citi-world-action.com/p/assets/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Sat, 04 Jun 2022 13:29:41 GMT
Last-Modified: Wed, 01 Jun 2022 00:14:56 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 108233

GET
H/1.1 200
OK Interstate-Regular.woff
citi-world-action.com/p/assets/fonts/ 77 KB
77 KB 150ms
149ms Font
font/woff 162.241.87.22
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: http://citi-world-action.com/p/assets/fonts/Interstate-Regular.woff
Requested by: Host: citi-world-action.com
URL: http://citi-world-action.com/p/assets/css/style.css
Protocol: HTTP/1.1
Server: 162.241.87.22 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: server.superhouseeducation.com
Software: Apache /
Resource Hash: 045cd226594cb32ddf9d4db8ee45611f4d0788675ae50180b68da975e66fe1fe

Request headers

Referer: http://citi-world-action.com/p/assets/css/style.css
Origin: http://citi-world-action.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Sat, 04 Jun 2022 13:29:41 GMT
Last-Modified: Wed, 01 Jun 2022 00:23:52 GMT
Server: Apache
Content-Type: font/woff
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 78762

GET
H/1.1 200
OK Interstate-Light.woff
citi-world-action.com/p/assets/fonts/ 74 KB
74 KB 158ms
147ms Font
font/woff 162.241.87.22
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: http://citi-world-action.com/p/assets/fonts/Interstate-Light.woff
Requested by: Host: citi-world-action.com
URL: http://citi-world-action.com/p/assets/css/style.css
Protocol: HTTP/1.1
Server: 162.241.87.22 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: server.superhouseeducation.com
Software: Apache /
Resource Hash: f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296

Request headers

Referer: http://citi-world-action.com/p/assets/css/style.css
Origin: http://citi-world-action.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Sat, 04 Jun 2022 13:29:41 GMT
Last-Modified: Wed, 01 Jun 2022 00:23:56 GMT
Server: Apache
Content-Type: font/woff
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 75538

GET
H/1.1 200
OK Interstate-Bold.woff
citi-world-action.com/p/assets/fonts/ 70 KB
70 KB 162ms
149ms Font
font/woff 162.241.87.22
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: http://citi-world-action.com/p/assets/fonts/Interstate-Bold.woff
Requested by: Host: citi-world-action.com
URL: http://citi-world-action.com/p/assets/css/style.css
Protocol: HTTP/1.1
Server: 162.241.87.22 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: server.superhouseeducation.com
Software: Apache /
Resource Hash: e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7

Request headers

Referer: http://citi-world-action.com/p/assets/css/style.css
Origin: http://citi-world-action.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Sat, 04 Jun 2022 13:29:41 GMT
Last-Modified: Wed, 01 Jun 2022 00:23:56 GMT
Server: Apache
Content-Type: font/woff
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 71874

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citibank (Banking)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation number| uidEvent object| bootstrap function| $ function| jQuery number| fst

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			citi-world-action.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 479427ad7f39ac4053848eb72aee3781

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdn.jsdelivr.net
citi-world-action.com
fonts.googleapis.com
162.241.87.22
2606:4700::6810:5714
2a00:1450:4001:809::200a
2a00:1450:4001:813::200a
045cd226594cb32ddf9d4db8ee45611f4d0788675ae50180b68da975e66fe1fe
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed
12b48b07e600f88b3b8c6bbc29d739ca833d050023648c502d65941530025e49
2515e37eee31f5ef3d659b21dcc84dc6ea732b06872da51078b5b526de34c0c1
45f3c0afc3be4e6b87f7b8e250bb191fe3765cc0e0676df3732393c09d66ed82
5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837
6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b
63ed908a17ad58988e9ff4a92cec9439d9113862557838f8f68541d97a2c4074
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452
7107aabf60743d01b5e28d3bcc9f9e285aace410a27567cbb7a8b69f35658c05
87c763c6b05015e55915d0a1e6647e4e5d0b996e78d79e1afe228dd33b68e65b
8fb78703878f5ab173973292e3d0ff22ea209e9101bf1f46bf6af1cc111f297c
a079bb0d5590826bcc664715122004dff51e76c79608bc29f586c9388b623b77
a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f
aac1a7d29d34b82a0db97b2623938386e77c64091143f3cc64d593d51c7ea8ce
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8
dbdebfcc2ed9932006edcfc7f8190ca5c9a04ff737e990645712ccc33e5ce070
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7
f23485e8b9c368f28f18a0bb110573df79c00ac3a2ca71d68017db100207639d
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296
fb1763b59f9f5764294b5af9fa5250835ae608282fe6f2f2213a5952aacf1fbf
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e