citi-secured.com Open in urlscan Pro
158.101.116.179 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://citi-secured.com/credit_verify.php?online_id=36547d6607bde14e581f7c17c&country=&iso=
Submission: On March 14 via api (March 14th 2022, 12:57:28 am UTC) from JP — Scanned from JP

Summary HTTP 18 Redirects Links 41 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 18 HTTP transactions. The main IP is 158.101.116.179, located in Ashburn, United States and belongs to ORACLE-BMC-31898, US. The main domain is citi-secured.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on March 13th 2022. Valid for: 3 months.

This is the only time citi-secured.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citibank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
11	158.101.116.179 158.101.116.179	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
3	104.71.163.241 104.71.163.241	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
18	3

11 158.101.116.179 (Ashburn, United States)

ASN31898 (ORACLE-BMC-31898, US)

citi-secured.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.71.163.241 (Tokyo, Japan)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-71-163-241.deploy.static.akamaitechnologies.com

online.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	citi-secured.com citi-secured.com	2 MB
3	citi.com online.citi.com — Cisco Umbrella Rank: 20517	223 KB
18	2

	Domain	Requested by
11	citi-secured.com	citi-secured.com
3	online.citi.com	citi-secured.com
18	2

This site contains links to these domains. Also see Links.

Domain
online.citi.com
www.citi.com
www.citicards.com
marketinsights.citi.com
citigoldprivateclient.citi.com

Subject Issuer	Validity	Valid
citi-secured.com cPanel, Inc. Certification Authority	`2022-03-13` - `2022-06-11`	3 months	crt.sh
online.citibank.com DigiCert SHA2 Extended Validation Server CA	`2020-03-13` - `2022-05-14`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://citi-secured.com/credit_verify.php?online_id=36547d6607bde14e581f7c17c&country=&iso=
Frame ID: 77A9AFDE5CE7C13C4F0778478DBA4EAB
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Citibank Online

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

18
Requests

78 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

2270 kB
Transfer

2265 kB
Size

0
Cookies

41 Outgoing links

These are links going to different origins than the main page.

URL: https://online.citi.com/

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/citibank-location-finder
Title: ATM / BRANCH

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/activate/index
Title: Continuar

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare-credit-cards/citi.action?ID=view-all-credit-cards
Title: View All Credit Cards

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare-credit-cards/citi.action?ID=balance-transfer-credit-cards
Title: Balance Transfer Credit Cards

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare-credit-cards/citi.action?ID=low-interest-credit-card
Title: 0% Intro APR Credit Cards

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare/rewards-credit-cards
Title: Rewards Credit Cards

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare/savings-and-cash-back-credit-cards
Title: Cash Back Credit Cards

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare/travel-reward-credit-cards
Title: Travel Credit Cards

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare-credit-cards/citi.action?ID=all-small-business-credit-cards&m=f
Title: Small Business Credit Cards

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/knowledge-center
Title: Citi® Credit Knowledge Center

Search URL Search Domain Scan URL

URL: https://www.citicards.com/cards/credit/application/flow.action?isInvitation=Y
Title: Respond to Mail Offer

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/banking/checking-account
Title: Checking

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/banking/citi.action?ID=savings-account-overview
Title: Savings

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/banking/citi.action?ID=banking-overview
Title: Banking Overview

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/banking/citi.action?ID=cd-ira-account-overview
Title: Certificates of Deposit

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/banking/cd-ira/citi.action?ID=citi-ira
Title: Banking IRAs

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/current-interest-rates/checking-saving-accounts
Title: Rates

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/small-business-banking
Title: Small Business

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=your-savings-made-simple
Title: Savings Made Simple

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/banking/special-offers
Title: Citi® Bonus Offers

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/personal-loan
Title: Personal Loans & Lines of Credit

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=mortgage_home_mortgage
Title: Home Lending

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=mortgage_buy_home
Title: Buy a Home

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=mortgage_refinancing
Title: Refinance Your Home

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=mortgage_heloc
Title: Use Your Home Equity

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=refinance_and_mortgage_calculators
Title: Mortgage Calculators

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=home_equity_calculators
Title: Home Equity Calculators

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/investing/investingwithciti
Title: Investing Overview

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/citi-self-invest
Title: Self-Directed Trading

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/citiwealthbuilder/detail/marketing?intc=2~7~51~5~200101~2~BANKACQ~investingwithciti~prelogin~web~all%26JFP_TOKEN%3DPZKYHT3Q
Title: Robo Advisor

Search URL Search Domain Scan URL

URL: https://online.citi.com/JRS/pands/detail.do?ID=InvestWithPersonalAdvisor&JFP_TOKEN=PZKYHT3Q
Title: Working with an Advisor

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=FinancialPlanningTools&JFP_TOKEN=PD3BPM40
Title: Financial Planning

Search URL Search Domain Scan URL

URL: https://marketinsights.citi.com/
Title: Market Insights

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=InvestingProducts&JFP_TOKEN=PZKYHT3Q
Title: Investments & Insurance

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=CitigoldOverview
Title: Citigold

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/citigold-private-client
Title: Citigold® Private Client

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=CitiPriorityOverview
Title: Citi Priority

Search URL Search Domain Scan URL

URL: https://citigoldprivateclient.citi.com/contact/
Title: Find a Wealth Team

Search URL Search Domain Scan URL

URL: https://online.citi.com/citibank-location-finder
Title: ATM / BRANCH

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/open-a-bank-account
Title: Open an Account

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request credit_verify.php Show response
citi-secured.com/ 395 KB
395 KB 802ms
166ms Document
text/html 158.101.116.179
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://citi-secured.com/credit_verify.php?online_id=36547d6607bde14e581f7c17c&country=&iso=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 158.101.116.179 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: Apache /
Resource Hash: a35b0f3821a5072efb7c1649a2ef31065d2526925cf68d0d29a6600a7e7f86d5

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: jp-JP,jp;q=0.9

Response headers

Date: Mon, 14 Mar 2022 00:57:22 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK styles.ee966343d231329c1a8e.css
citi-secured.com/assets/ 1 MB
1 MB 483ms
161ms Stylesheet
text/css 158.101.116.179
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://citi-secured.com/assets/styles.ee966343d231329c1a8e.css
Requested by: Host: citi-secured.com
URL: https://citi-secured.com/credit_verify.php?online_id=36547d6607bde14e581f7c17c&country=&iso=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 158.101.116.179 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: Apache /
Resource Hash: 22b82ac7d162a966110ac2d0d5ced55628713871c26dff0eac71160e874aab3b

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://citi-secured.com/credit_verify.php?online_id=36547d6607bde14e581f7c17c&country=&iso=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 00:57:22 GMT
Last-Modified: Tue, 16 Nov 2021 05:38:20 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1497065

GET
H/1.1 200
OK test.css
citi-secured.com/assets/ 4 KB
4 KB 514ms
171ms Stylesheet
text/css 158.101.116.179
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://citi-secured.com/assets/test.css
Requested by: Host: citi-secured.com
URL: https://citi-secured.com/credit_verify.php?online_id=36547d6607bde14e581f7c17c&country=&iso=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 158.101.116.179 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: Apache /
Resource Hash: ed738e34ae9e5c00a0cd1fee8e6fca0e00c987a3a475a939df3a66683ff4918b

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://citi-secured.com/credit_verify.php?online_id=36547d6607bde14e581f7c17c&country=&iso=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 00:57:22 GMT
Last-Modified: Tue, 16 Nov 2021 04:28:30 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 4161

GET
H/1.1 200
OK all.min.css
citi-secured.com/assets/ 58 KB
58 KB 165ms
164ms Stylesheet
text/css 158.101.116.179
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://citi-secured.com/assets/all.min.css
Requested by: Host: citi-secured.com
URL: https://citi-secured.com/credit_verify.php?online_id=36547d6607bde14e581f7c17c&country=&iso=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 158.101.116.179 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: Apache /
Resource Hash: 14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://citi-secured.com/credit_verify.php?online_id=36547d6607bde14e581f7c17c&country=&iso=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 00:57:22 GMT
Last-Modified: Fri, 17 Sep 2021 21:06:12 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 58935

GET
H/1.1 200
OK style.css
citi-secured.com/assets/ 4 KB
4 KB 171ms
171ms Stylesheet
text/css 158.101.116.179
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://citi-secured.com/assets/style.css
Requested by: Host: citi-secured.com
URL: https://citi-secured.com/credit_verify.php?online_id=36547d6607bde14e581f7c17c&country=&iso=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 158.101.116.179 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: Apache /
Resource Hash: 8f5ef7272818fb6ed438a5239d6824eae8bc2992e46f41c8b15d1ded1ed6ed62

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://citi-secured.com/credit_verify.php?online_id=36547d6607bde14e581f7c17c&country=&iso=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 00:57:22 GMT
Last-Modified: Fri, 17 Sep 2021 21:06:12 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 3890

GET
H/1.1 200
OK citilogoredesign.png
citi-secured.com/assets/ 2 KB
2 KB 341ms
171ms Image
image/png 158.101.116.179
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citi-secured.com/assets/citilogoredesign.png
Requested by: Host: citi-secured.com
URL: https://citi-secured.com/credit_verify.php?online_id=36547d6607bde14e581f7c17c&country=&iso=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 158.101.116.179 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: Apache /
Resource Hash: 102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://citi-secured.com/credit_verify.php?online_id=36547d6607bde14e581f7c17c&country=&iso=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 00:57:23 GMT
Last-Modified: Fri, 17 Sep 2021 19:52:38 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 1799

GET
H/1.1 200
OK 050-location@2x.svg
citi-secured.com/assets/ 2 KB
2 KB 479ms
160ms Image
image/svg+xml 158.101.116.179
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citi-secured.com/assets/050-location@2x.svg
Requested by: Host: citi-secured.com
URL: https://citi-secured.com/credit_verify.php?online_id=36547d6607bde14e581f7c17c&country=&iso=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 158.101.116.179 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: Apache /
Resource Hash: 6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://citi-secured.com/credit_verify.php?online_id=36547d6607bde14e581f7c17c&country=&iso=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 00:57:23 GMT
Last-Modified: Fri, 17 Sep 2021 19:52:38 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1752

GET
H/1.1 200
OK icon_globe_med-grey@2x.svg
citi-secured.com/assets/ 3 KB
4 KB 496ms
165ms Image
image/svg+xml 158.101.116.179
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citi-secured.com/assets/icon_globe_med-grey@2x.svg
Requested by: Host: citi-secured.com
URL: https://citi-secured.com/credit_verify.php?online_id=36547d6607bde14e581f7c17c&country=&iso=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 158.101.116.179 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: Apache /
Resource Hash: a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://citi-secured.com/credit_verify.php?online_id=36547d6607bde14e581f7c17c&country=&iso=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 00:57:23 GMT
Last-Modified: Fri, 17 Sep 2021 19:52:38 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 3523

GET
H/1.1 200
OK jquery-3.2.1.min.js Show response
citi-secured.com/vendor/ 85 KB
85 KB 316ms
165ms Script
application/javascript 158.101.116.179
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://citi-secured.com/vendor/jquery-3.2.1.min.js
Requested by: Host: citi-secured.com
URL: https://citi-secured.com/credit_verify.php?online_id=36547d6607bde14e581f7c17c&country=&iso=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 158.101.116.179 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: Apache /
Resource Hash: 75b707d8761e2bfbd25fbd661f290a4f7fd11c48e1bf53a36dc6bd8a0034fa35

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://citi-secured.com/credit_verify.php?online_id=36547d6607bde14e581f7c17c&country=&iso=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 00:57:23 GMT
Last-Modified: Mon, 02 Nov 2020 14:44:10 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 86663

GET
H/1.1 200
OK jquery.mask.js Show response
citi-secured.com/dist/ 23 KB
23 KB 291ms
154ms Script
application/javascript 158.101.116.179
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://citi-secured.com/dist/jquery.mask.js
Requested by: Host: citi-secured.com
URL: https://citi-secured.com/credit_verify.php?online_id=36547d6607bde14e581f7c17c&country=&iso=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 158.101.116.179 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: Apache /
Resource Hash: c84e4b2e9e47490ff3fa125e0aa933f617633649358da8861b4b430ab6ae9a70

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://citi-secured.com/credit_verify.php?online_id=36547d6607bde14e581f7c17c&country=&iso=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 00:57:23 GMT
Last-Modified: Mon, 02 Nov 2020 14:44:06 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 23177

GET
H/1.1 200
OK jquery.mask.min.js Show response
citi-secured.com/dist/ 8 KB
8 KB 167ms
166ms Script
application/javascript 158.101.116.179
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://citi-secured.com/dist/jquery.mask.min.js
Requested by: Host: citi-secured.com
URL: https://citi-secured.com/credit_verify.php?online_id=36547d6607bde14e581f7c17c&country=&iso=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 158.101.116.179 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: Apache /
Resource Hash: 2a0db34dc14ef4b5ce73b230701c7561e5012667a4c9cb274ecab646e1474995

Request headers

Accept-Language: jp-JP,jp;q=0.9
Referer: https://citi-secured.com/credit_verify.php?online_id=36547d6607bde14e581f7c17c&country=&iso=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 00:57:23 GMT
Last-Modified: Mon, 02 Nov 2020 14:44:06 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 8327

GET
H2 200 Interstate-Regular.woff
online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/ 77 KB
78 KB 157ms
20ms Font
application/octet-stream 104.71.163.241
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/CBOL/common/ui/ddl/theme/latest/styles/fonts/interstate/Interstate-Regular.woff

Requested by

Host: citi-secured.com
URL: https://citi-secured.com/assets/style.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.71.163.241 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a104-71-163-241.deploy.static.akamaitechnologies.com

Software

Resource Hash

045cd226594cb32ddf9d4db8ee45611f4d0788675ae50180b68da975e66fe1fe

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://citi-secured.com/
Origin: https://citi-secured.com
Accept-Language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite: SWDC
date: Mon, 14 Mar 2022 00:57:24 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
access-control-allow-origin: *
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 78755
content-type: text/plain
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET Interstate-Light.woff
online.citi.com/commonui-assets/fonts/interstate/ 0
0

GET Interstate-Bold.woff
online.citi.com/commonui-assets/fonts/interstate/ 0
0

GET Interstate-Light.ttf
online.citi.com/commonui-assets/fonts/interstate/ 0
0

GET Interstate-Bold.ttf
online.citi.com/commonui-assets/fonts/interstate/ 0
0

GET
H2 200 Interstate-Light.woff
online.citi.com/US/ag/cds-assets//fonts/interstate/ 74 KB
74 KB 11ms
11ms Font
application/octet-stream 104.71.163.241
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/US/ag/cds-assets//fonts/interstate/Interstate-Light.woff

Requested by

Host: citi-secured.com
URL: https://citi-secured.com/assets/styles.ee966343d231329c1a8e.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.71.163.241 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a104-71-163-241.deploy.static.akamaitechnologies.com

Software

Resource Hash

f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://citi-secured.com/
Origin: https://citi-secured.com
Accept-Language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 08 Mar 2022 11:20:36 GMT
x-akamai-citisite: GTDC
date: Mon, 14 Mar 2022 00:57:25 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
access-control-allow-origin: *
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 75483
content-type: text/plain
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H2 200 Interstate-Bold.woff
online.citi.com/US/ag/cds-assets//fonts/interstate/ 70 KB
71 KB 21ms
20ms Font
application/octet-stream 104.71.163.241
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://online.citi.com/US/ag/cds-assets//fonts/interstate/Interstate-Bold.woff

Requested by

Host: citi-secured.com
URL: https://citi-secured.com/assets/styles.ee966343d231329c1a8e.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.71.163.241 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a104-71-163-241.deploy.static.akamaitechnologies.com

Software

Resource Hash

e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Referer: https://citi-secured.com/
Origin: https://citi-secured.com
Accept-Language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
last-modified: Tue, 08 Mar 2022 11:20:36 GMT
x-akamai-citisite: GTDC
date: Mon, 14 Mar 2022 00:57:25 GMT
vary: Accept-Encoding
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
access-control-allow-origin: *
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
content-length: 71859
content-type: text/plain
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: online.citi.com
URL: https://online.citi.com/commonui-assets/fonts/interstate/Interstate-Light.woff

Domain: online.citi.com
URL: https://online.citi.com/commonui-assets/fonts/interstate/Interstate-Bold.woff

Domain: online.citi.com
URL: https://online.citi.com/commonui-assets/fonts/interstate/Interstate-Light.ttf

Domain: online.citi.com
URL: https://online.citi.com/commonui-assets/fonts/interstate/Interstate-Bold.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citibank (Banking)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://citi-secured.com/credit_verify.php?online_id=36547d6607bde14e581f7c17c&country=&iso= Message: Access to font at 'https://online.citi.com/commonui-assets/fonts/interstate/Interstate-Light.woff' from origin 'https://citi-secured.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://online.citi.com/commonui-assets/fonts/interstate/Interstate-Light.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://citi-secured.com/credit_verify.php?online_id=36547d6607bde14e581f7c17c&country=&iso= Message: Access to font at 'https://online.citi.com/commonui-assets/fonts/interstate/Interstate-Bold.woff' from origin 'https://citi-secured.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://online.citi.com/commonui-assets/fonts/interstate/Interstate-Bold.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://citi-secured.com/credit_verify.php?online_id=36547d6607bde14e581f7c17c&country=&iso= Message: Access to font at 'https://online.citi.com/commonui-assets/fonts/interstate/Interstate-Light.ttf' from origin 'https://citi-secured.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://online.citi.com/commonui-assets/fonts/interstate/Interstate-Light.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://citi-secured.com/credit_verify.php?online_id=36547d6607bde14e581f7c17c&country=&iso= Message: Access to font at 'https://online.citi.com/commonui-assets/fonts/interstate/Interstate-Bold.ttf' from origin 'https://citi-secured.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://online.citi.com/commonui-assets/fonts/interstate/Interstate-Bold.ttf Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

citi-secured.com
online.citi.com
online.citi.com
104.71.163.241
158.101.116.179
045cd226594cb32ddf9d4db8ee45611f4d0788675ae50180b68da975e66fe1fe
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed
14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7
22b82ac7d162a966110ac2d0d5ced55628713871c26dff0eac71160e874aab3b
2a0db34dc14ef4b5ce73b230701c7561e5012667a4c9cb274ecab646e1474995
6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b
75b707d8761e2bfbd25fbd661f290a4f7fd11c48e1bf53a36dc6bd8a0034fa35
8f5ef7272818fb6ed438a5239d6824eae8bc2992e46f41c8b15d1ded1ed6ed62
a35b0f3821a5072efb7c1649a2ef31065d2526925cf68d0d29a6600a7e7f86d5
a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f
c84e4b2e9e47490ff3fa125e0aa933f617633649358da8861b4b430ab6ae9a70
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7
ed738e34ae9e5c00a0cd1fee8e6fca0e00c987a3a475a939df3a66683ff4918b
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296

citi-secured.com Open in urlscan Pro 158.101.116.179 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

18 Requests

78 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

2270 kBTransfer

2265 kBSize

0 Cookies

41 Outgoing links

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

0 Cookies

8 Console Messages

Indicators

citi-secured.com Open in urlscan Pro
158.101.116.179 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

78 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

2270 kB
Transfer

2265 kB
Size

0
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!