helpciti.duckdns.org Open in urlscan Pro
35.245.216.240 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://helpciti.duckdns.org/citi/online/login
Submission: On April 20 via automatic, source openphish (April 20th 2022, 1:28:52 pm UTC) — Scanned from DE

Summary HTTP 25 Redirects Links 33 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 25 HTTP transactions. The main IP is 35.245.216.240, located in Washington, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is helpciti.duckdns.org.

This is the only time helpciti.duckdns.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citibank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
23	35.245.216.240 35.245.216.240	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	23.75.227.86 23.75.227.86	16625 (AKAMAI-AS) (AKAMAI-AS)
1	96.16.129.152 96.16.129.152	16625 (AKAMAI-AS) (AKAMAI-AS)
25	3

23 35.245.216.240 (Washington, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 240.216.245.35.bc.googleusercontent.com

helpciti.duckdns.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.75.227.86 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-75-227-86.deploy.static.akamaitechnologies.com

online.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 96.16.129.152 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a96-16-129-152.deploy.static.akamaitechnologies.com

www.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
23	duckdns.org helpciti.duckdns.org	2 MB
2	citi.com online.citi.com — Cisco Umbrella Rank: 23648 www.citi.com — Cisco Umbrella Rank: 29811	174 KB
25	2

	Domain	Requested by
23	helpciti.duckdns.org	helpciti.duckdns.org
1	www.citi.com	helpciti.duckdns.org
1	online.citi.com	helpciti.duckdns.org
25	3

This site contains links to these domains. Also see Links.

Domain
www.citi.com
online.citi.com
www.citigroup.com
citieasydeals.com
www.citiprivatepass.com
www.privatebank.citibank.com
play.google.com
itunes.apple.com
www.jdpower.com
www.facebook.com
twitter.com
www.youtube.com

Subject Issuer	Validity	Valid
online.citibank.com DigiCert SHA2 Extended Validation Server CA	`2020-03-13` - `2022-05-14`	2 years	crt.sh
www.citi.com DigiCert SHA2 Extended Validation Server CA	`2021-11-02` - `2022-12-03`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://helpciti.duckdns.org/citi/online/login
Frame ID: 444EF1703273BFE114BF3618B70A766B
Requests: 25 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign On to Your Citi Account - Citibank

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

25
Requests

8 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

2491 kB
Transfer

2483 kB
Size

0
Cookies

33 Outgoing links

These are links going to different origins than the main page.

URL: https://www.citi.com/
Title: Skip to Content

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/citibank-location-finder
Title: ATM / BRANCH

Search URL Search Domain Scan URL

URL: http://www.citigroup.com/citi/
Title: Our Story

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=ServicesOverview
Title: Benefits and Services

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=Rewards
Title: Rewards

Search URL Search Domain Scan URL

URL: https://citieasydeals.com/
Title: Citi Easy DealsSM

Search URL Search Domain Scan URL

URL: http://www.citiprivatepass.com/
Title: Citi EntertainmentSM

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=SpecialOffers
Title: Special Offers

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/citigold-private-client
Title: Citigold® Private Client

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=CitigoldOverview
Title: Citigold®

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=CitiPriorityOverview
Title: Citi Priority

Search URL Search Domain Scan URL

URL: https://www.privatebank.citibank.com/
Title: Citi Private Bank

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/small-business-banking
Title: Small Business Accounts

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=CitiCommercialBanking
Title: Commercial Accounts

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/current-interest-rates/checking-saving-accounts
Title: Personal Banking

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare-credit-cards/citi.action?ID=view-all-credit-cards
Title: Credit Cards

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=todays_mortgage_rates&type=buy
Title: Mortgage

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=home_equity_rates
Title: Home Equity

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/current-interest-rates/personal-loans-and-lines-of-credit
Title: Lending

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/contactus
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/helptopic
Title: Help & FAQs

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/security-center
Title: Security Center

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.citi.citimobile
Title: Continue

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/app/citi-mobile-sm/id301724680?mt=8
Title: Continue

Search URL Search Domain Scan URL

URL: http://www.jdpower.com/awards
Title: Continue

Search URL Search Domain Scan URL

URL: https://www.facebook.com/citibank
Title: Continue

Search URL Search Domain Scan URL

URL: https://twitter.com/Citibank/
Title: Continue

Search URL Search Domain Scan URL

URL: https://www.youtube.com/citi
Title: Continue

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/termsdisclaimer/termsdisclaimerhome
Title: Terms & Conditions

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=Privacy
Title: Privacy

Search URL Search Domain Scan URL

URL: https://online.citi.com/JRS/portal/template.do?ID=Privacy#notice-at-collection
Title: Notice at Collection

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/dataprivacyhub
Title: CA Privacy Hub

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=Accessibility
Title: Accessibility

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

25 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request login Show response
helpciti.duckdns.org/citi/online/ 395 KB
395 KB 505ms
210ms Document
text/html 35.245.216.240
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: http://helpciti.duckdns.org/citi/online/login
Protocol: HTTP/1.1
Server: 35.245.216.240 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 240.216.245.35.bc.googleusercontent.com
Software: Apache /
Resource Hash: 80574f4c5d1399c25e16d67e748b972ff70ed58a097f8e0016f648ecbd17a771

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Wed, 20 Apr 2022 13:28:45 GMT
Keep-Alive: timeout=5, max=100
Server: Apache
Transfer-Encoding: chunked

GET
H/1.1 200
OK styles.a4a9307b7b034ca614a7.css
helpciti.duckdns.org/citi/online/assets/ 1 MB
1 MB 98ms
98ms Stylesheet
text/css 35.245.216.240
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: http://helpciti.duckdns.org/citi/online/assets/styles.a4a9307b7b034ca614a7.css
Requested by: Host: helpciti.duckdns.org
URL: http://helpciti.duckdns.org/citi/online/login
Protocol: HTTP/1.1
Server: 35.245.216.240 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 240.216.245.35.bc.googleusercontent.com
Software: Apache /
Resource Hash: 547012f25b735aec336f17b2dad949550709726ab8371a9bef194bef2b854106

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://helpciti.duckdns.org/citi/online/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 20 Apr 2022 13:28:45 GMT
Last-Modified: Fri, 04 Mar 2022 06:24:22 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1500456

GET
H/1.1 200
OK citilogoredesign.png
helpciti.duckdns.org/citi/online/assets/ 2 KB
2 KB 133ms
98ms Image
image/png 35.245.216.240
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://helpciti.duckdns.org/citi/online/assets/citilogoredesign.png
Requested by: Host: helpciti.duckdns.org
URL: http://helpciti.duckdns.org/citi/online/login
Protocol: HTTP/1.1
Server: 35.245.216.240 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 240.216.245.35.bc.googleusercontent.com
Software: Apache /
Resource Hash: 102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://helpciti.duckdns.org/citi/online/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 20 Apr 2022 13:28:46 GMT
Last-Modified: Fri, 04 Mar 2022 05:56:16 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 1799

GET
H/1.1 200
OK 050-location@2x.svg
helpciti.duckdns.org/citi/online/assets/ 2 KB
2 KB 208ms
113ms Image
image/svg+xml 35.245.216.240
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://helpciti.duckdns.org/citi/online/assets/050-location@2x.svg
Requested by: Host: helpciti.duckdns.org
URL: http://helpciti.duckdns.org/citi/online/login
Protocol: HTTP/1.1
Server: 35.245.216.240 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 240.216.245.35.bc.googleusercontent.com
Software: Apache /
Resource Hash: 6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://helpciti.duckdns.org/citi/online/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 20 Apr 2022 13:28:46 GMT
Last-Modified: Fri, 04 Mar 2022 05:56:16 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1752

GET
H/1.1 200
OK phone.png
helpciti.duckdns.org/citi/online/assets/ 10 KB
10 KB 209ms
115ms Image
image/png 35.245.216.240
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://helpciti.duckdns.org/citi/online/assets/phone.png
Requested by: Host: helpciti.duckdns.org
URL: http://helpciti.duckdns.org/citi/online/login
Protocol: HTTP/1.1
Server: 35.245.216.240 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 240.216.245.35.bc.googleusercontent.com
Software: Apache /
Resource Hash: 5df469ee4da2bc124065cb8df0e24173c5cbc8b9e0c807960fc39c93ffb640c8

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://helpciti.duckdns.org/citi/online/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 20 Apr 2022 13:28:46 GMT
Last-Modified: Fri, 04 Mar 2022 05:56:16 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 9873

GET
H/1.1 200
OK qrsignon.png
helpciti.duckdns.org/citi/online/assets/ 741 B
983 B 199ms
104ms Image
image/png 35.245.216.240
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://helpciti.duckdns.org/citi/online/assets/qrsignon.png
Requested by: Host: helpciti.duckdns.org
URL: http://helpciti.duckdns.org/citi/online/login
Protocol: HTTP/1.1
Server: 35.245.216.240 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 240.216.245.35.bc.googleusercontent.com
Software: Apache /
Resource Hash: dc876f814074650acde84db7a7f34c583f043b83130e5de49de65f18d1ee2683

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://helpciti.duckdns.org/citi/online/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 20 Apr 2022 13:28:46 GMT
Last-Modified: Fri, 04 Mar 2022 05:56:16 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 741

GET
H/1.1 200
OK laptop-and-phone-pairing.png
helpciti.duckdns.org/citi/online/assets/ 3 KB
3 KB 227ms
98ms Image
image/png 35.245.216.240
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://helpciti.duckdns.org/citi/online/assets/laptop-and-phone-pairing.png
Requested by: Host: helpciti.duckdns.org
URL: http://helpciti.duckdns.org/citi/online/login
Protocol: HTTP/1.1
Server: 35.245.216.240 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 240.216.245.35.bc.googleusercontent.com
Software: Apache /
Resource Hash: a9a43473908fb995ecdc6bd80d80fd42d3e43bf31687aff0978d7389de2573aa

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://helpciti.duckdns.org/citi/online/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 20 Apr 2022 13:28:46 GMT
Last-Modified: Fri, 04 Mar 2022 05:56:18 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 3044

GET
H/1.1 200
OK laptop-and-phone-success.png
helpciti.duckdns.org/citi/online/assets/ 2 KB
3 KB 101ms
101ms Image
image/png 35.245.216.240
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://helpciti.duckdns.org/citi/online/assets/laptop-and-phone-success.png
Requested by: Host: helpciti.duckdns.org
URL: http://helpciti.duckdns.org/citi/online/login
Protocol: HTTP/1.1
Server: 35.245.216.240 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 240.216.245.35.bc.googleusercontent.com
Software: Apache /
Resource Hash: e5c725c5a6510cd7323ff66fa032e69cfe7aec1dd042911cae0607d071670eec

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://helpciti.duckdns.org/citi/online/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 20 Apr 2022 13:28:46 GMT
Last-Modified: Fri, 04 Mar 2022 05:56:18 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 2544

GET
H/1.1 200
OK EqualHousing.png
helpciti.duckdns.org/citi/online/assets/ 2 KB
2 KB 100ms
100ms Image
image/png 35.245.216.240
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://helpciti.duckdns.org/citi/online/assets/EqualHousing.png
Requested by: Host: helpciti.duckdns.org
URL: http://helpciti.duckdns.org/citi/online/login
Protocol: HTTP/1.1
Server: 35.245.216.240 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 240.216.245.35.bc.googleusercontent.com
Software: Apache /
Resource Hash: f23485e8b9c368f28f18a0bb110573df79c00ac3a2ca71d68017db100207639d

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://helpciti.duckdns.org/citi/online/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 20 Apr 2022 13:28:46 GMT
Last-Modified: Fri, 04 Mar 2022 05:56:18 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 1606

GET
H/1.1 200
OK googlePlay@3x.png
helpciti.duckdns.org/citi/online/assets/ 24 KB
25 KB 98ms
98ms Image
image/png 35.245.216.240
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://helpciti.duckdns.org/citi/online/assets/googlePlay@3x.png
Requested by: Host: helpciti.duckdns.org
URL: http://helpciti.duckdns.org/citi/online/login
Protocol: HTTP/1.1
Server: 35.245.216.240 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 240.216.245.35.bc.googleusercontent.com
Software: Apache /
Resource Hash: a079bb0d5590826bcc664715122004dff51e76c79608bc29f586c9388b623b77

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://helpciti.duckdns.org/citi/online/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 20 Apr 2022 13:28:46 GMT
Last-Modified: Fri, 04 Mar 2022 05:56:18 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 25077

GET
H/1.1 200
OK appStore@3x.png
helpciti.duckdns.org/citi/online/assets/ 20 KB
20 KB 98ms
98ms Image
image/png 35.245.216.240
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://helpciti.duckdns.org/citi/online/assets/appStore@3x.png
Requested by: Host: helpciti.duckdns.org
URL: http://helpciti.duckdns.org/citi/online/login
Protocol: HTTP/1.1
Server: 35.245.216.240 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 240.216.245.35.bc.googleusercontent.com
Software: Apache /
Resource Hash: 87c763c6b05015e55915d0a1e6647e4e5d0b996e78d79e1afe228dd33b68e65b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://helpciti.duckdns.org/citi/online/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 20 Apr 2022 13:28:46 GMT
Last-Modified: Fri, 04 Mar 2022 05:56:18 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 20047

GET
H/1.1 200
OK social-media_facebook@3x.png
helpciti.duckdns.org/citi/online/assets/ 445 B
686 B 100ms
100ms Image
image/png 35.245.216.240
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://helpciti.duckdns.org/citi/online/assets/social-media_facebook@3x.png
Requested by: Host: helpciti.duckdns.org
URL: http://helpciti.duckdns.org/citi/online/login
Protocol: HTTP/1.1
Server: 35.245.216.240 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 240.216.245.35.bc.googleusercontent.com
Software: Apache /
Resource Hash: 695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://helpciti.duckdns.org/citi/online/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 20 Apr 2022 13:28:46 GMT
Last-Modified: Fri, 04 Mar 2022 05:56:18 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 445

GET
H/1.1 200
OK social-media_twitter@3x.png
helpciti.duckdns.org/citi/online/assets/ 1 KB
1 KB 101ms
101ms Image
image/png 35.245.216.240
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://helpciti.duckdns.org/citi/online/assets/social-media_twitter@3x.png
Requested by: Host: helpciti.duckdns.org
URL: http://helpciti.duckdns.org/citi/online/login
Protocol: HTTP/1.1
Server: 35.245.216.240 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 240.216.245.35.bc.googleusercontent.com
Software: Apache /
Resource Hash: 5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://helpciti.duckdns.org/citi/online/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 20 Apr 2022 13:28:46 GMT
Last-Modified: Fri, 04 Mar 2022 05:56:20 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 1277

GET
H/1.1 200
OK social-media_youtube@3x.png
helpciti.duckdns.org/citi/online/assets/ 1 KB
1 KB 98ms
98ms Image
image/png 35.245.216.240
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://helpciti.duckdns.org/citi/online/assets/social-media_youtube@3x.png
Requested by: Host: helpciti.duckdns.org
URL: http://helpciti.duckdns.org/citi/online/login
Protocol: HTTP/1.1
Server: 35.245.216.240 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 240.216.245.35.bc.googleusercontent.com
Software: Apache /
Resource Hash: be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://helpciti.duckdns.org/citi/online/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 20 Apr 2022 13:28:46 GMT
Last-Modified: Fri, 04 Mar 2022 05:56:20 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 1175

GET
H/1.1 200
OK 0
helpciti.duckdns.org/citi/online/assets/ 0
214 B 98ms
98ms Image
text/plain 35.245.216.240
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://helpciti.duckdns.org/citi/online/assets/0
Requested by: Host: helpciti.duckdns.org
URL: http://helpciti.duckdns.org/citi/online/login
Protocol: HTTP/1.1
Server: 35.245.216.240 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 240.216.245.35.bc.googleusercontent.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://helpciti.duckdns.org/citi/online/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 20 Apr 2022 13:28:46 GMT
Last-Modified: Fri, 04 Mar 2022 05:56:42 GMT
Server: Apache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 0

GET
H/1.1 200
OK 0(1)
helpciti.duckdns.org/citi/online/assets/ 0
214 B 98ms
98ms Image
text/plain 35.245.216.240
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://helpciti.duckdns.org/citi/online/assets/0(1)
Requested by: Host: helpciti.duckdns.org
URL: http://helpciti.duckdns.org/citi/online/login
Protocol: HTTP/1.1
Server: 35.245.216.240 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 240.216.245.35.bc.googleusercontent.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://helpciti.duckdns.org/citi/online/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 20 Apr 2022 13:28:46 GMT
Last-Modified: Fri, 04 Mar 2022 05:56:42 GMT
Server: Apache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 0

GET
H/1.1 200
OK 0(2)
helpciti.duckdns.org/citi/online/assets/ 0
214 B 105ms
103ms Image
text/plain 35.245.216.240
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://helpciti.duckdns.org/citi/online/assets/0(2)
Requested by: Host: helpciti.duckdns.org
URL: http://helpciti.duckdns.org/citi/online/login
Protocol: HTTP/1.1
Server: 35.245.216.240 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 240.216.245.35.bc.googleusercontent.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://helpciti.duckdns.org/citi/online/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 20 Apr 2022 13:28:46 GMT
Last-Modified: Fri, 04 Mar 2022 05:56:42 GMT
Server: Apache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 0

GET
H/1.1 200
OK 0(3)
helpciti.duckdns.org/citi/online/assets/ 0
214 B 104ms
103ms Image
text/plain 35.245.216.240
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://helpciti.duckdns.org/citi/online/assets/0(3)
Requested by: Host: helpciti.duckdns.org
URL: http://helpciti.duckdns.org/citi/online/login
Protocol: HTTP/1.1
Server: 35.245.216.240 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 240.216.245.35.bc.googleusercontent.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://helpciti.duckdns.org/citi/online/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 20 Apr 2022 13:28:46 GMT
Last-Modified: Fri, 04 Mar 2022 05:56:44 GMT
Server: Apache
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 0

GET
H/1.1 200
OK 1592741950571_CTA_Feedback(final).png
helpciti.duckdns.org/citi/online/assets/ 2 KB
2 KB 151ms
100ms Image
image/png 35.245.216.240
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://helpciti.duckdns.org/citi/online/assets/1592741950571_CTA_Feedback(final).png
Requested by: Host: helpciti.duckdns.org
URL: http://helpciti.duckdns.org/citi/online/login
Protocol: HTTP/1.1
Server: 35.245.216.240 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 240.216.245.35.bc.googleusercontent.com
Software: Apache /
Resource Hash: 25f4eeb23f67fe1d74534ed37230ecd54ab4f57524276970dcbeaaf3b0fc64f9

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://helpciti.duckdns.org/citi/online/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 20 Apr 2022 13:28:46 GMT
Last-Modified: Fri, 04 Mar 2022 05:56:44 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 2196

GET
H/1.1 200
OK jquery.js Show response
helpciti.duckdns.org/citi/online/assets/ 92 KB
92 KB 168ms
109ms Script
application/javascript 35.245.216.240
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: http://helpciti.duckdns.org/citi/online/assets/jquery.js
Requested by: Host: helpciti.duckdns.org
URL: http://helpciti.duckdns.org/citi/online/login
Protocol: HTTP/1.1
Server: 35.245.216.240 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 240.216.245.35.bc.googleusercontent.com
Software: Apache /
Resource Hash: 42c0b3eef2e0ad3e2cbe13a1ccaf105bcb12373a533b4b340f8cd2b3a373666d

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://helpciti.duckdns.org/citi/online/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 20 Apr 2022 13:28:46 GMT
Last-Modified: Fri, 04 Mar 2022 02:19:08 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 94159

GET
H/1.1 200
OK mask.js Show response
helpciti.duckdns.org/citi/online/assets/ 146 KB
146 KB 101ms
101ms Script
application/javascript 35.245.216.240
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: http://helpciti.duckdns.org/citi/online/assets/mask.js
Requested by: Host: helpciti.duckdns.org
URL: http://helpciti.duckdns.org/citi/online/login
Protocol: HTTP/1.1
Server: 35.245.216.240 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 240.216.245.35.bc.googleusercontent.com
Software: Apache /
Resource Hash: 3c149e754af1a297e924c97c84aa5a1fafebc7c2b377e825738b8cb452fb3237

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://helpciti.duckdns.org/citi/online/login
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 20 Apr 2022 13:28:46 GMT
Last-Modified: Fri, 04 Jun 2021 23:38:46 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 149061

GET
H2 200 LSO_4959.jpg
online.citi.com/nga-lite-signon/ 171 KB
172 KB 97ms
30ms Image
image/jpeg 23.75.227.86
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/nga-lite-signon/LSO_4959.jpg

Requested by

Host: helpciti.duckdns.org
URL: http://helpciti.duckdns.org/citi/online/login

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.75.227.86 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-75-227-86.deploy.static.akamaitechnologies.com

Software

Resource Hash

48e89b7e40e096b89d864a5c8ee340ce44ca60fe9675310ef2f3f40a53a7d593

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://helpciti.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 20 Apr 2022 13:28:46 GMT
last-modified: Mon, 11 Jan 2021 11:55:43 GMT
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 174933
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H/1.1 200
OK qrsignon-1.png
www.citi.com/cbol-pre-login-static-assets/assets/partner-login/qr/images/ 964 B
2 KB 134ms
68ms Image
image/png 96.16.129.152
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.citi.com/cbol-pre-login-static-assets/assets/partner-login/qr/images/qrsignon-1.png

Requested by

Host: helpciti.duckdns.org
URL: http://helpciti.duckdns.org/citi/online/login

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

96.16.129.152 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a96-16-129-152.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

b77f337d13fb0416c60878ca32e9e8f04e3df195ca40adbc4744c0c693b0abe8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://helpciti.duckdns.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 964
X-Xss-Protection: 1; mode=block
Last-Modified: Thu, 07 Apr 2022 06:55:22 GMT
Server: nginx
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Wed, 20 Apr 2022 13:28:46 GMT
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Content-Type: image/png
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: 249af3e1-4abf-48e9-5a65-d50aa4eddaa2
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Cache-Control: public, no-transform, max-age=21600
Access-Control-Allow-Credentials: true
ETag: W/"3c4-18002ce6390"
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
Expires: Wed, 20 Apr 2022 19:28:46 GMT

GET
H/1.1 200
OK Interstate-Light.woff
helpciti.duckdns.org/citi/online/assets/ 74 KB
74 KB 164ms
98ms Font
font/woff 35.245.216.240
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: http://helpciti.duckdns.org/citi/online/assets/Interstate-Light.woff
Requested by: Host: helpciti.duckdns.org
URL: http://helpciti.duckdns.org/citi/online/assets/styles.a4a9307b7b034ca614a7.css
Protocol: HTTP/1.1
Server: 35.245.216.240 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 240.216.245.35.bc.googleusercontent.com
Software: Apache /
Resource Hash: f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296

Request headers

Referer: http://helpciti.duckdns.org/citi/online/assets/styles.a4a9307b7b034ca614a7.css
Origin: http://helpciti.duckdns.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 20 Apr 2022 13:28:46 GMT
Last-Modified: Fri, 04 Mar 2022 06:19:04 GMT
Server: Apache
Content-Type: font/woff
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 75538

GET
H/1.1 200
OK Interstate-Bold.woff
helpciti.duckdns.org/citi/online/assets/ 70 KB
70 KB 171ms
101ms Font
font/woff 35.245.216.240
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: http://helpciti.duckdns.org/citi/online/assets/Interstate-Bold.woff
Requested by: Host: helpciti.duckdns.org
URL: http://helpciti.duckdns.org/citi/online/assets/styles.a4a9307b7b034ca614a7.css
Protocol: HTTP/1.1
Server: 35.245.216.240 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 240.216.245.35.bc.googleusercontent.com
Software: Apache /
Resource Hash: e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7

Request headers

Referer: http://helpciti.duckdns.org/citi/online/assets/styles.a4a9307b7b034ca614a7.css
Origin: http://helpciti.duckdns.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 20 Apr 2022 13:28:46 GMT
Last-Modified: Fri, 04 Mar 2022 06:19:12 GMT
Server: Apache
Content-Type: font/woff
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 71874

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citibank (Banking)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

helpciti.duckdns.org
online.citi.com
www.citi.com
23.75.227.86
35.245.216.240
96.16.129.152
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed
25f4eeb23f67fe1d74534ed37230ecd54ab4f57524276970dcbeaaf3b0fc64f9
3c149e754af1a297e924c97c84aa5a1fafebc7c2b377e825738b8cb452fb3237
42c0b3eef2e0ad3e2cbe13a1ccaf105bcb12373a533b4b340f8cd2b3a373666d
48e89b7e40e096b89d864a5c8ee340ce44ca60fe9675310ef2f3f40a53a7d593
5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837
547012f25b735aec336f17b2dad949550709726ab8371a9bef194bef2b854106
5df469ee4da2bc124065cb8df0e24173c5cbc8b9e0c807960fc39c93ffb640c8
6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b
80574f4c5d1399c25e16d67e748b972ff70ed58a097f8e0016f648ecbd17a771
87c763c6b05015e55915d0a1e6647e4e5d0b996e78d79e1afe228dd33b68e65b
a079bb0d5590826bcc664715122004dff51e76c79608bc29f586c9388b623b77
a9a43473908fb995ecdc6bd80d80fd42d3e43bf31687aff0978d7389de2573aa
b77f337d13fb0416c60878ca32e9e8f04e3df195ca40adbc4744c0c693b0abe8
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8
dc876f814074650acde84db7a7f34c583f043b83130e5de49de65f18d1ee2683
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5c725c5a6510cd7323ff66fa032e69cfe7aec1dd042911cae0607d071670eec
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7
f23485e8b9c368f28f18a0bb110573df79c00ac3a2ca71d68017db100207639d
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296

helpciti.duckdns.org Open in urlscan Pro 35.245.216.240 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

25 Requests

8 %HTTPS

0 %IPv6

2 Domains

3 Subdomains

3 IPs

2 Countries

2491 kBTransfer

2483 kBSize

0 Cookies

33 Outgoing links

Redirected requests

25 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

0 Cookies

Indicators

helpciti.duckdns.org Open in urlscan Pro
35.245.216.240 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

25
Requests

8 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

2491 kB
Transfer

2483 kB
Size

0
Cookies

25 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!