businessaccess.cltbalk-sitigroup.com Open in urlscan Pro
2606:4700:3031::6815:3926 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://businessaccess.cltbalk-sitigroup.com/cbusol/ang
Effective URL:
https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/
Submission: On March 13 via api (March 13th 2024, 11:44:50 pm UTC) from US — Scanned from US

Summary HTTP 16 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 16 HTTP transactions. The main IP is 2606:4700:3031::6815:3926, located in United States and belongs to CLOUDFLARENET, US. The main domain is businessaccess.cltbalk-sitigroup.com.
TLS certificate: Issued by GTS CA 1P5 on March 13th 2024. Valid for: 3 months.

This is the only time businessaccess.cltbalk-sitigroup.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citibank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3034::ac43:bd1b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 16	2606:4700:303... 2606:4700:3031::6815:3926	13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	2

1 2606:4700:3034::ac43:bd1b (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

businessaccess.cltbalk-sitigroup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2606:4700:3031::6815:3926 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

businessaccess.cltbalk-sitigroup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	cltbalk-sitigroup.com 2 redirects businessaccess.cltbalk-sitigroup.com	6 MB
16	1

	Domain	Requested by
17	businessaccess.cltbalk-sitigroup.com	2 redirects businessaccess.cltbalk-sitigroup.com
16	1

This site contains links to these domains. Also see Links.

Domain
www.citi.com
online.citi.com
icg.citi.com
businessaccess.citibank.citigroup.com

Subject Issuer	Validity	Valid
cltbalk-sitigroup.com GTS CA 1P5	`2024-03-13` - `2024-06-11`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/
Frame ID: 826A72153C2FE27F3AA16AF60FE03836
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

CitiBusiness Online

Page URL History Show full URLs

http://businessaccess.cltbalk-sitigroup.com/cbusol/ang HTTP 301
https://businessaccess.cltbalk-sitigroup.com/cbusol/ang HTTP 301
https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/ Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

16
Requests

94 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

5794 kB
Transfer

6409 kB
Size

0
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://www.citi.com/commercialbank/sa/videos/cbusol-transformation.html
Title: new and redesigned CitiBusiness Online.

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=TermsDisclaimer&JFP_TOKEN=L1TFP0FY
Title: Terms & Conditions

Search URL Search Domain Scan URL

URL: https://icg.citi.com/icghome/privacy
Title: Privacy

Search URL Search Domain Scan URL

URL: https://businessaccess.citibank.citigroup.com/cbusol/ang/#/citi/contact-us
Title: Contact Us

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://businessaccess.cltbalk-sitigroup.com/cbusol/ang HTTP 301
https://businessaccess.cltbalk-sitigroup.com/cbusol/ang HTTP 301
https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response businessaccess.cltbalk-sitigroup.com/cbusol/ang/ Redirect Chain http://businessaccess.cltbalk-sitigroup.com/cbusol/ang https://businessaccess.cltbalk-sitigroup.com/cbusol/ang https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/	129 KB 13 KB	191ms 190ms	Document text/html	2606:4700:3031::6815:3926 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::6815:3926 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `18141e12990108e7d6c36a1ff67a8ecb4b9193bb3d9fcb3e2fbcb82ded98bc38` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 accept-language en-US,en;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 863fe4ae1a7d1768-EWR content-encoding br content-type text/html date Wed, 13 Mar 2024 23:44:40 GMT last-modified Wed, 01 Mar 2023 17:12:06 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nmVe0a7OCx6n6nwc38hRNcGexvNEAN8%2FytHoL%2Fw1pbYjns0urp4tsXBfHoJjctYOmWxjvBviJbrnjCTZvq7v176vkbh5dBt%2FWcUSyqL13CxotcBnMPe21RBTVfzmHyhslBbg9ek%2FG5uqaOuTNS1nlyQBop4vvJbcWWt%2F2qrGK2598Cg%3D"}],"group":"cf-nel","max_age":604800} server cloudflare Redirect headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 863fe4ab0f9a1768-EWR content-type text/html; charset=iso-8859-1 date Wed, 13 Mar 2024 23:44:40 GMT location https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/ nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jxrTapCHZvBiHD52VOZ61T8iY2TqPK0GHwt6e2IucFYWD%2B3ZaNYWZS8gHZ%2BFzOPRt8b05XZGrILQTYkSkTmbzXNr7jSOuaARmFz4kXKZeV4n%2FKh9hGnOVjoCLhPB5eNhToeqlWIR%2BLAKMdGxJf%2Fzr0e21Nfo9Yll0UoFY3rf62UzsfM%3D"}],"group":"cf-nel","max_age":604800} server cloudflare
GET H2	200	styles.823a2c7a3cf18ef4.css businessaccess.cltbalk-sitigroup.com/cbusol/ang/css/	251 KB 39 KB	1084ms 1083ms	Stylesheet text/css	2606:4700:3031::6815:3926 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/css/styles.823a2c7a3cf18ef4.css Requested by Host: businessaccess.cltbalk-sitigroup.com URL: https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::6815:3926 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `dacb6654994da286daefac6880672606a2db28bab9fcad7180a3b10ba8c2ea62` Request headers accept-language en-US,en;q=0.9 Referer https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Wed, 13 Mar 2024 23:44:41 GMT content-encoding br cf-cache-status MISS last-modified Wed, 01 Mar 2023 15:37:04 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ot3yd6bXG9AOFxoe9DWrHp%2F2q6DWUqqJYgfO8LA61OOTqxUH1mRGo5YIHNYt%2FQBjdoF2ipoZOAr32Un4AsBK2s%2BzhIM2LFhESzSO0NOfjQ%2FuxPoKiE6uq6AR%2FALWY1ALyeMA97Dxlsmp%2Bbyrbn3RTTtL1YOteNFNhk7jnFtACpN1tMo%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 863fe4af6bb21768-EWR alt-svc h3=":443"; ma=86400
GET H3	200	citi-logo.svg businessaccess.cltbalk-sitigroup.com/cbusol/ang/css/	1 KB 1 KB	417ms 416ms	Image image/svg+xml	2606:4700:3031::6815:3926 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/css/citi-logo.svg Requested by Host: businessaccess.cltbalk-sitigroup.com URL: https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3926 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `9383cdaa55b132ee6bb2bc3f77826aa0dc92e801c62f59e3ee93747fbd53cb00` Request headers accept-language en-US,en;q=0.9 Referer https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Wed, 13 Mar 2024 23:44:41 GMT content-encoding br cf-cache-status MISS last-modified Wed, 01 Mar 2023 15:19:02 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=262tVXdrTfmfjp3amf6j0vU5Y%2BLxNYfbrkLXrn5Madkq0Ae4%2BLzJRnHDaIbgU3KLHwLhT7u2t3QOdycgJ5SFWmktO3G2XyEKnyZfrpzmzm68J27QpHjD8jKdp%2BRlkJJ7OEjJU6CwUe0T6%2BpQJ%2FpyHMLztJEGT%2FsPxvOUcqYY2eGiKJQ%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control max-age=14400 cf-ray 863fe4b15e3cc445-EWR alt-svc h3=":443"; ma=86400
GET H3	200	icon-info.svg businessaccess.cltbalk-sitigroup.com/cbusol/ang/css/	2 KB 1 KB	430ms 429ms	Image image/svg+xml	2606:4700:3031::6815:3926 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/css/icon-info.svg Requested by Host: businessaccess.cltbalk-sitigroup.com URL: https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3926 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8ffa5a5ad62742e22267808ac35c353ed8aebc49381e6e3cda983e7710f1ae73` Request headers accept-language en-US,en;q=0.9 Referer https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Wed, 13 Mar 2024 23:44:41 GMT content-encoding br cf-cache-status REVALIDATED last-modified Wed, 01 Mar 2023 15:20:12 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zCEaeP90zeVd53huCe8Qtju5kguSXGFUbbgLs2jtE9ThjNFOkprm6CYDvjh%2B57PoX9BrrDOq7VQoL6paNeMzafLp2JFrxe7llmYsJWMgyl1%2FKQYfe0k2Vx4ZAlz1ztN4XNe4VwJa5ma3I4mukwUt9LSH6%2BYwBjjCojPF5f6nC2ATkVQ%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control max-age=14400 cf-ray 863fe4b15e3ec445-EWR alt-svc h3=":443"; ma=86400
GET H3	200	video-image-background.svg businessaccess.cltbalk-sitigroup.com/cbusol/ang/css/	858 B 944 B	430ms 429ms	Image image/svg+xml	2606:4700:3031::6815:3926 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/css/video-image-background.svg Requested by Host: businessaccess.cltbalk-sitigroup.com URL: https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3926 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `b64e71d4c6cab4f31f5de21e4b0330633641456256b6bf912a444d47bb59b0f5` Request headers accept-language en-US,en;q=0.9 Referer https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Wed, 13 Mar 2024 23:44:41 GMT content-encoding br cf-cache-status MISS last-modified Wed, 01 Mar 2023 15:20:36 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M3MUTJx29Pjvy%2BfoLnIeUeGZoBxEtgf8EDVQ4V3MUEtIVGfny1iqgYv4EaEdoR6rkZuhfQDPhY9yxIf7GPfodNRTr9hfOwSnZocLSM0vKwENt8vW0whuvTI2KL4RrQ9PUAIJUb0pZeyGA7ZB%2FaCCy%2Bu9v9LNhm%2FZgWTvsZ5s2hX2RIA%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control max-age=14400 cf-ray 863fe4b15e41c445-EWR alt-svc h3=":443"; ma=86400
GET H3	200	video-image.png businessaccess.cltbalk-sitigroup.com/cbusol/ang/css/	484 KB 485 KB	762ms 761ms	Image image/png	2606:4700:3031::6815:3926 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/css/video-image.png Requested by Host: businessaccess.cltbalk-sitigroup.com URL: https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3926 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `42eb20b58eb9cd772389de6245df42a6389bcbb89ea5ab75e2d026bbba56e4da` Request headers accept-language en-US,en;q=0.9 Referer https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Wed, 13 Mar 2024 23:44:41 GMT cf-cache-status MISS last-modified Wed, 01 Mar 2023 15:21:04 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=daxkK4RY7Kv5X20iWocAIa2HYfMjNX1eq%2Fhyqs%2FZS4uRlCuM52KmnJ0zAYXwng%2Fzn40OLA39Jn76uhW%2BYtP06ozWOjvfxSyAE%2BUgrAoxdfQ%2FLwffd6u7G9oEG6VBS%2FkSLgB6xHS12Nhi49cWZPTMOTUIxiIDjnb2YErK3aD7LDFXP0o%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 863fe4b15e42c445-EWR alt-svc h3=":443"; ma=86400 content-length 496105
GET H3	200	jquery.min.js Show response businessaccess.cltbalk-sitigroup.com/cbusol/ang/css/	93 KB 34 KB	1203ms 1203ms	Script text/javascript	2606:4700:3031::6815:3926 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/css/jquery.min.js Requested by Host: businessaccess.cltbalk-sitigroup.com URL: https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3926 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4332316d0fe4e2c7a9e213afa4d9cbf983ad5bf80cb47d98c9cacd5470e35889` Request headers accept-language en-US,en;q=0.9 Referer https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Wed, 13 Mar 2024 23:44:41 GMT content-encoding br cf-cache-status MISS last-modified Wed, 01 Apr 2015 15:54:52 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yzp4SnuybNpHi1mtqjHvPpqTp16xdwnPby1LSHI12fn2JikkkkVbc7D72yiMnTt2RJs0Ryj5KA7UYzHb%2BOj%2FdEdXVVFZSYqMk4oaADzf3lvbRhP334IQ1FNvMjQq89wAX5vYWrREOkdj9jED6ljvBSlXQYpaHYZk6xzGlne6ovS4k0E%3D"}],"group":"cf-nel","max_age":604800} content-type text/javascript cache-control max-age=14400 cf-ray 863fe4b17e7dc445-EWR alt-svc h3=":443"; ma=86400
GET H3	200	styles.823a2c7a3cf18ef4.css businessaccess.cltbalk-sitigroup.com/cbusol/ang/css/	251 KB 39 KB	496ms 494ms	Stylesheet text/css	2606:4700:3031::6815:3926 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/css/styles.823a2c7a3cf18ef4.css Requested by Host: businessaccess.cltbalk-sitigroup.com URL: https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3926 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `dacb6654994da286daefac6880672606a2db28bab9fcad7180a3b10ba8c2ea62` Request headers accept-language en-US,en;q=0.9 Referer https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Wed, 13 Mar 2024 23:44:41 GMT content-encoding br cf-cache-status HIT last-modified Wed, 01 Mar 2023 15:37:04 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 0 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XCa%2FVuQE9dBF0dXaHNQ5NN5rv%2FpDhMcHX3F6n7hYAVLaeUrfC4Riej8PjCwf8dP3cZ%2FDRQBzZW8MKuAbIPdtJ7G5ns8JxrrLxmdH8Bzau0h1uTmEvA92uoAFOa9ecCc0KHPh60uMxwEinzeyqNY%2Feav%2FmYn%2BaUTnp9hUgEmaJMaGWPg%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 863fe4b64be7c445-EWR alt-svc h3=":443"; ma=86400
GET H3	200	new-background-1440.8456deb0eed9b94d.png businessaccess.cltbalk-sitigroup.com/cbusol/ang/css/	5 MB 5 MB	687ms 676ms	Image image/png	2606:4700:3031::6815:3926 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/css/new-background-1440.8456deb0eed9b94d.png Requested by Host: businessaccess.cltbalk-sitigroup.com URL: https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3926 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `71d7876f9986ec332463d03331a0812fa628d954ddf2c2f75b6aa85d0c797625` Request headers accept-language en-US,en;q=0.9 Referer https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Wed, 13 Mar 2024 23:44:42 GMT cf-cache-status MISS last-modified Wed, 01 Mar 2023 15:24:28 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WjJzMCOY5u1JR764nsxyU7hGa9KFmqiGwCrRxkcnlFD7EyfmPQ9ax529Fm3icytVapNJrX7vc3K%2BY0oECDBjnzS5j205gxv%2BWVCaFZPjvx4%2FwoOIANv5FFp3Cg6S2HifNoU5cCvmCIPw1XOGSxcv%2FBw3jOM%2B%2FKKTw74IrjuJ5NNvn0I%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 863fe4b65c08c445-EWR alt-svc h3=":443"; ma=86400 content-length 4745964
GET H3	200	be-the-best-background-1440.d7b4ba3e02edd3c3.svg businessaccess.cltbalk-sitigroup.com/cbusol/ang/css/	1 KB 1 KB	511ms 501ms	Image image/svg+xml	2606:4700:3031::6815:3926 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/css/be-the-best-background-1440.d7b4ba3e02edd3c3.svg Requested by Host: businessaccess.cltbalk-sitigroup.com URL: https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3926 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `548911eac0a5fb93dcd24670b747db5b03d049f1e8551c0497914885e240cc6f` Request headers accept-language en-US,en;q=0.9 Referer https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Wed, 13 Mar 2024 23:44:42 GMT content-encoding br cf-cache-status MISS last-modified Wed, 01 Mar 2023 15:28:28 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bevwPmoroG33UBMiWGaF4TVe1nMgooEZNKqEoIfxipxM6FnChjLLS6n9yj3tRLxaeP1oSxyanCR6QSqJc222%2FWLUOpHddWK7IpGiDLDDGLs45aBorqUjJVHaGRH%2BbjXIBwRznAtZFAPYww%2F%2BvqJEtOj1%2Fuj5REkbXQiEZrrx%2FaY0898%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control max-age=14400 cf-ray 863fe4b65c0bc445-EWR alt-svc h3=":443"; ma=86400
GET H3	200	video-image.eaca70ca85e36482.png businessaccess.cltbalk-sitigroup.com/cbusol/ang/css/	484 KB 485 KB	1084ms 1074ms	Image image/png	2606:4700:3031::6815:3926 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/css/video-image.eaca70ca85e36482.png Requested by Host: businessaccess.cltbalk-sitigroup.com URL: https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3926 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `42eb20b58eb9cd772389de6245df42a6389bcbb89ea5ab75e2d026bbba56e4da` Request headers accept-language en-US,en;q=0.9 Referer https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Wed, 13 Mar 2024 23:44:42 GMT cf-cache-status REVALIDATED last-modified Wed, 01 Mar 2023 15:38:32 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xYWMmhnnIYGiz69gAoUGgb5FS%2B1qtBB6nZt1S5bTSQnDZVV5YU%2Fg63Fdk3DsHdjPw6LTILdd1FI3RQgXMSllaVQDTK2gCfucquypEZhv25JSRuHrrx7YBuSnGNRbtsWH4g%2Byt74Z7alegMiMxuiGblv%2BOZfsv0WX2cBx5crAks2ZHKA%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 863fe4b65c0ec445-EWR alt-svc h3=":443"; ma=86400 content-length 496105
GET H3	200	Interstate-Light.woff businessaccess.cltbalk-sitigroup.com/cbusol/ang/css/	24 KB 24 KB	1755ms 1746ms	Font font/woff	2606:4700:3031::6815:3926 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/css/Interstate-Light.woff Requested by Host: businessaccess.cltbalk-sitigroup.com URL: https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3926 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f42c3070996d7a75c51f30c4099d2daaff6b1f13b80916d9a33a8fe3a4b42bce` Request headers Referer https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/ Origin https://businessaccess.cltbalk-sitigroup.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Wed, 13 Mar 2024 23:44:43 GMT cf-cache-status MISS last-modified Wed, 01 Mar 2023 15:34:04 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ora7nG5BQnNFeorFn4OKS5gGFaHSa0DYN5raoaIk9%2BhDCBJ7jD6orEWJSbHAal4fbEtfvq3Tyh%2FOJeT0E0UFEEEdxTQcYAbiT%2FoZkBiR8NVXMSE06iKqQKBw3cBb%2FARNFNpbXAwJ%2BYZQ1VdgW%2Fk6vdHnhpvqb6Reo%2Bb0XepiZPI7KiE%3D"}],"group":"cf-nel","max_age":604800} content-type font/woff cache-control max-age=14400 accept-ranges bytes cf-ray 863fe4b65c16c445-EWR alt-svc h3=":443"; ma=86400 content-length 24344
GET H3	200	Interstate-Regular.woff businessaccess.cltbalk-sitigroup.com/cbusol/ang/css/	24 KB 24 KB	1762ms 1754ms	Font font/woff	2606:4700:3031::6815:3926 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/css/Interstate-Regular.woff Requested by Host: businessaccess.cltbalk-sitigroup.com URL: https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3926 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `b1b8134584b059d5c76e00491f2e641b5ec6551309705ac519eea35cacbca1b9` Request headers Referer https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/ Origin https://businessaccess.cltbalk-sitigroup.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Wed, 13 Mar 2024 23:44:43 GMT cf-cache-status REVALIDATED last-modified Wed, 01 Mar 2023 15:32:04 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2sFD5vAw24PhJhfFK53kfxrrP53ebQXQPSutmrvkHFdgm%2B3pwP2DZHHL3ISnqv1dXa8TRluYcWv%2BZFd6aujn8E%2BUApNCzRKeCR%2FcN6fvYUJFw1sU64MdJGWsh1Ec9%2FZ5UnBSKCiyX7t9%2BPiU3liMWaVNPggK5%2BiqKO4Ol5abLzcw9I4%3D"}],"group":"cf-nel","max_age":604800} content-type font/woff cache-control max-age=14400 accept-ranges bytes cf-ray 863fe4b65c1ec445-EWR alt-svc h3=":443"; ma=86400 content-length 24544
GET H3	200	main.php Show response businessaccess.cltbalk-sitigroup.com/cbusol/ang/css/	28 KB 8 KB	1992ms 1990ms	XHR text/html	2606:4700:3031::6815:3926 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/css/main.php?_=1710373482426 Requested by Host: businessaccess.cltbalk-sitigroup.com URL: https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/css/jquery.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3926 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8f75a66e9103ffe8f8014866fbb58f403c12c45772e5d909d57f38b3f43f5d20` Request headers Accept text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, /; q=0.01 Referer https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/ X-Requested-With XMLHttpRequest accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Wed, 13 Mar 2024 23:44:44 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tnm2NMR0MOdM6fKuYHKQ%2ByCKpm8f7jCky%2FisrYdGNGYE1cNEeSg3U1zWYgeTBcwqP9znzed2twqZHAwqW47bIP709yXGqAxgYR5JURsKkpVRVG2Cyg8a24Vi6PLm7PGMabef85XIW8Bz6vGE6fSOGuG4XTR%2B2GA%2BTNkFj092y6RGrWA%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cf-ray 863fe4b95f8cc445-EWR alt-svc h3=":443"; ma=86400
GET H3	200	stat.php Show response businessaccess.cltbalk-sitigroup.com/cbusol/ang/css/	1 KB 776 B	2026ms 2025ms	XHR text/html	2606:4700:3031::6815:3926 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/css/stat.php?_=1710373482427 Requested by Host: businessaccess.cltbalk-sitigroup.com URL: https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/css/jquery.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3031::6815:3926 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `491dbbc524de4aa081ea32f22c6ba549e4088df304903d121f4cb998ab475929` Request headers Accept text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, /; q=0.01 Referer https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/ X-Requested-With XMLHttpRequest accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36 Response headers date Wed, 13 Mar 2024 23:44:44 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wCF1wiekvNmrjd2xpTxOrrAyf1YPT4MXShTE6yC02WWY%2F3UDe4v0IONTCqf7CISZsAR7X71J2gaznItgxxvWJ44%2FRPF4HNLWHfLqb4fQ2XeItFcjwi01k3O8jz2uG8Dy3jZTztbKWGntJj%2BCSprPBzRdEKOZPTaDObQ2f4frWkiXr4o%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cf-ray 863fe4b95f8fc445-EWR alt-svc h3=":443"; ma=86400
GET		pload.php businessaccess.cltbalk-sitigroup.com/cbusol/ang/gate/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: businessaccess.cltbalk-sitigroup.com
URL: https://businessaccess.cltbalk-sitigroup.com/cbusol/ang/gate/pload.php?&bot_id=CITIGROUP_2602%3Affc8%3A2%3A104%3A%3A13&url=https%3A%2F%2Fbusinessaccess.cltbalk-sitigroup.com%2Fcbusol%2Fang%2F&event=load&_=1710373489460

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citibank (Banking)

51 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

businessaccess.cltbalk-sitigroup.com
businessaccess.cltbalk-sitigroup.com
2606:4700:3031::6815:3926
2606:4700:3034::ac43:bd1b
18141e12990108e7d6c36a1ff67a8ecb4b9193bb3d9fcb3e2fbcb82ded98bc38
42eb20b58eb9cd772389de6245df42a6389bcbb89ea5ab75e2d026bbba56e4da
4332316d0fe4e2c7a9e213afa4d9cbf983ad5bf80cb47d98c9cacd5470e35889
491dbbc524de4aa081ea32f22c6ba549e4088df304903d121f4cb998ab475929
548911eac0a5fb93dcd24670b747db5b03d049f1e8551c0497914885e240cc6f
71d7876f9986ec332463d03331a0812fa628d954ddf2c2f75b6aa85d0c797625
8f75a66e9103ffe8f8014866fbb58f403c12c45772e5d909d57f38b3f43f5d20
8ffa5a5ad62742e22267808ac35c353ed8aebc49381e6e3cda983e7710f1ae73
9383cdaa55b132ee6bb2bc3f77826aa0dc92e801c62f59e3ee93747fbd53cb00
b1b8134584b059d5c76e00491f2e641b5ec6551309705ac519eea35cacbca1b9
b64e71d4c6cab4f31f5de21e4b0330633641456256b6bf912a444d47bb59b0f5
dacb6654994da286daefac6880672606a2db28bab9fcad7180a3b10ba8c2ea62
f42c3070996d7a75c51f30c4099d2daaff6b1f13b80916d9a33a8fe3a4b42bce

businessaccess.cltbalk-sitigroup.com Open in urlscan Pro 2606:4700:3031::6815:3926 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

94 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

5794 kBTransfer

6409 kBSize

0 Cookies

4 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

51 JavaScript Global Variables

0 Cookies

Indicators

businessaccess.cltbalk-sitigroup.com Open in urlscan Pro
2606:4700:3031::6815:3926 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

94 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

5794 kB
Transfer

6409 kB
Size

0
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!