www.pattabhiagro.com Open in urlscan Pro
192.186.223.129 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.pattabhiagro.com/bootstrap/css/citizens/verify.html
Submission: On June 17 via automatic, source openphish (June 17th 2017, 11:38:30 pm UTC)

Summary HTTP 8 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 8 HTTP transactions. The main IP is 192.186.223.129, located in Scottsdale, United States and belongs to AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US. The main domain is www.pattabhiagro.com.

This is the only time www.pattabhiagro.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citizens Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	192.186.223.129 192.186.223.129	26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com)
7	174.128.65.144 174.128.65.144	63335 (CITIZENS-...) (CITIZENS-BANK-AS - RBS Citizens)
8	2

1 192.186.223.129 (Scottsdale, United States)

ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-192-186-223-129.ip.secureserver.net

www.pattabhiagro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 174.128.65.144 (Riverside, United States)

ASN63335 (CITIZENS-BANK-AS - RBS Citizens, NA, US)

www3.citizensbankonline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	citizensbankonline.com www3.citizensbankonline.com	11 KB
1	pattabhiagro.com www.pattabhiagro.com	4 KB
8	2

	Domain	Requested by
7	www3.citizensbankonline.com	www.pattabhiagro.com
1	www.pattabhiagro.com
8	2

This site contains links to these domains. Also see Links.

Domain
www.citizensbank.com

Subject Issuer	Validity	Valid
www3.citizensbankonline.com Symantec Class 3 EV SSL CA - G3	`2017-03-16` - `2019-03-16`	2 years	crt.sh

This page contains 1 frames:

Primary Page: http://www.pattabhiagro.com/bootstrap/css/citizens/verify.html
Frame ID: 13748.1
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

8
Requests

88 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

14 kB
Transfer

47 kB
Size

0
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: http://www.citizensbank.com/
Title:

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/security/default.aspx
Title: Privacy & Security

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/misc/termsofuse.asp
Title: Terms of Use

Search URL Search Domain Scan URL

URL: http://www.citizensbank.com/pf/onlinebanking/online_guarantee.aspx
Title: Citizens Bank Online Guarantee

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request verify.html Show response
www.pattabhiagro.com/bootstrap/css/citizens/ 18 KB
4 KB 545ms
151ms Document
text/html 192.186.223.129
GoDaddy.com

General

Check archive.org

Show headers Download Go to

Full URL: http://www.pattabhiagro.com/bootstrap/css/citizens/verify.html
Protocol: HTTP/1.1
Server: 192.186.223.129 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US),
Reverse DNS: ip-192-186-223-129.ip.secureserver.net
Software: Apache/2.4.25 /
Resource Hash: 4ca664fa3f2df4dc0542d1d5be418688cb9b70eced933bfb76efcab7a37d45d8

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.104 Safari/537.36

Response headers

Date: Sat, 17 Jun 2017 23:38:19 GMT
Content-Encoding: gzip
Last-Modified: Thu, 30 Oct 2014 17:58:12 GMT
Server: Apache/2.4.25
ETag: "49e1d6a-49d9-506a79fb07500-gzip"
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5
Content-Length: 3672

GET
H/1.1 200
OK pm_fp.js Show response
www3.citizensbankonline.com/efs/efs/jsp-ns/ 24 KB
7 KB 588ms
112ms Script
application/x-javascript 174.128.65.144
RBS Citizens

General

Check archive.org

Show headers Download Go to

Full URL

https://www3.citizensbankonline.com/efs/efs/jsp-ns/pm_fp.js

Requested by

Host: www.pattabhiagro.com
URL: http://www.pattabhiagro.com/bootstrap/css/citizens/verify.html

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

174.128.65.144 Riverside, United States, ASN63335 (CITIZENS-BANK-AS - RBS Citizens, NA, US),

Reverse DNS

Software

Resource Hash

ae571edfb75648a099b4bb67a1b33cf1be1133eac6d74e92a786f0303fc08298

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: http://www.pattabhiagro.com/bootstrap/css/citizens/verify.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.104 Safari/537.36

Response headers

Date: Sat, 17 Jun 2017 23:38:19 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Sat, 10 Jun 2017 06:48:02 GMT
ETag: "20c05-6022-5519577984c80"
X-Frame-Options: SAMEORIGIN
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Connection: Keep-Alive
Accept-Ranges: bytes
X-OLB-REQ-RECEIVED: t=1497742699851155
Keep-Alive: timeout=15, max=100
Content-Length: 6921
X-OLB-REQ-DURATION: D=3121

GET
H/1.1 200
OK citlogo.gif
www3.citizensbankonline.com/efs/efs/grafx/ 2 KB
2 KB 589ms
115ms Image
image/gif 174.128.65.144
RBS Citizens

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/efs/grafx/citlogo.gif

Requested by

Host: www.pattabhiagro.com
URL: http://www.pattabhiagro.com/bootstrap/css/citizens/verify.html

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

174.128.65.144 Riverside, United States, ASN63335 (CITIZENS-BANK-AS - RBS Citizens, NA, US),

Reverse DNS

Software

Resource Hash

a88676de1836609194ae8a17b09966f99b505b11f69cc801c1f6c442f187d05d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: http://www.pattabhiagro.com/bootstrap/css/citizens/verify.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.104 Safari/537.36

Response headers

Date: Sat, 17 Jun 2017 23:38:19 GMT
X-OLB-REQ-RECEIVED: t=1497742699851825
Last-Modified: Sat, 10 Jun 2017 06:47:30 GMT
ETag: "18183c-719-5519575b00480"
X-Frame-Options: SAMEORIGIN
Content-Type: image/gif
Access-Control-Allow-Origin: *
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=100
Content-Length: 1817
X-OLB-REQ-DURATION: D=347

GET
H/1.1 200
OK spacer.gif
www3.citizensbankonline.com/efs/efs/grafx/ 42 B
42 B 105ms
105ms Image
image/gif 174.128.65.144
RBS Citizens

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/efs/grafx/spacer.gif

Requested by

Host: www.pattabhiagro.com
URL: http://www.pattabhiagro.com/bootstrap/css/citizens/verify.html

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

174.128.65.144 Riverside, United States, ASN63335 (CITIZENS-BANK-AS - RBS Citizens, NA, US),

Reverse DNS

Software

Resource Hash

99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: http://www.pattabhiagro.com/bootstrap/css/citizens/verify.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.104 Safari/537.36

Response headers

Date: Sat, 17 Jun 2017 23:38:19 GMT
X-OLB-REQ-RECEIVED: t=1497742699962142
Last-Modified: Sat, 10 Jun 2017 06:47:28 GMT
ETag: "18140b-2a-5519575918000"
X-Frame-Options: SAMEORIGIN
Content-Type: image/gif
Access-Control-Allow-Origin: *
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=99
Content-Length: 42
X-OLB-REQ-DURATION: D=346

GET
H/1.1 200
OK home.gif
www3.citizensbankonline.com/efs/efs/grafx/ 1 KB
1 KB 113ms
112ms Image
image/gif 174.128.65.144
RBS Citizens

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/efs/grafx/home.gif

Requested by

Host: www.pattabhiagro.com
URL: http://www.pattabhiagro.com/bootstrap/css/citizens/verify.html

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

174.128.65.144 Riverside, United States, ASN63335 (CITIZENS-BANK-AS - RBS Citizens, NA, US),

Reverse DNS

Software

Resource Hash

d570f71cca1ef1b531281269207bb3808c31737c62f2b3b8169825fd0fe9f591

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: http://www.pattabhiagro.com/bootstrap/css/citizens/verify.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.104 Safari/537.36

Response headers

Date: Sat, 17 Jun 2017 23:38:19 GMT
X-OLB-REQ-RECEIVED: t=1497742699963589
Last-Modified: Sat, 10 Jun 2017 06:47:29 GMT
ETag: "181797-48e-5519575a0c240"
X-Frame-Options: SAMEORIGIN
Content-Type: image/gif
Access-Control-Allow-Origin: *
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=99
Content-Length: 1166
X-OLB-REQ-DURATION: D=338

GET
H/1.1 200
OK btn_continue.gif
www3.citizensbankonline.com/efs/efs/grafx/ 468 B
468 B 210ms
105ms Image
image/gif 174.128.65.144
RBS Citizens

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/efs/grafx/btn_continue.gif

Requested by

Host: www.pattabhiagro.com
URL: http://www.pattabhiagro.com/bootstrap/css/citizens/verify.html

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

174.128.65.144 Riverside, United States, ASN63335 (CITIZENS-BANK-AS - RBS Citizens, NA, US),

Reverse DNS

Software

Resource Hash

d2c454e5be26b1dab56fc01f7e723e531d883b9d9f0c2f46f9efc63d644b7beb

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: http://www.pattabhiagro.com/bootstrap/css/citizens/verify.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.104 Safari/537.36

Response headers

Date: Sat, 17 Jun 2017 23:38:20 GMT
X-OLB-REQ-RECEIVED: t=1497742700067270
Last-Modified: Sat, 10 Jun 2017 06:47:29 GMT
ETag: "1817ae-1d4-5519575a0c240"
X-Frame-Options: SAMEORIGIN
Content-Type: image/gif
Access-Control-Allow-Origin: *
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=98
Content-Length: 468
X-OLB-REQ-DURATION: D=336

GET
H/1.1 200
OK ehl.gif
www3.citizensbankonline.com/efs/efs/grafx/ 88 B
88 B 224ms
111ms Image
image/gif 174.128.65.144
RBS Citizens

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/efs/grafx/ehl.gif

Requested by

Host: www.pattabhiagro.com
URL: http://www.pattabhiagro.com/bootstrap/css/citizens/verify.html

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

174.128.65.144 Riverside, United States, ASN63335 (CITIZENS-BANK-AS - RBS Citizens, NA, US),

Reverse DNS

Software

Resource Hash

f38ccfb82832d5d520a762b30713c43d178f8e9b6e0f9f51970611f06636d6aa

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: http://www.pattabhiagro.com/bootstrap/css/citizens/verify.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.104 Safari/537.36

Response headers

Date: Sat, 17 Jun 2017 23:38:20 GMT
X-OLB-REQ-RECEIVED: t=1497742700075110
Last-Modified: Sat, 10 Jun 2017 06:47:30 GMT
ETag: "181820-58-5519575b00480"
X-Frame-Options: SAMEORIGIN
Content-Type: image/gif
Access-Control-Allow-Origin: *
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=98
Content-Length: 88
X-OLB-REQ-DURATION: D=471

GET
H/1.1 200
OK logo_bg.jpg
www3.citizensbankonline.com/efs/efs/grafx/ 667 B
667 B 316ms
108ms Image
image/jpeg 174.128.65.144
RBS Citizens

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www3.citizensbankonline.com/efs/efs/grafx/logo_bg.jpg

Requested by

Host: www.pattabhiagro.com
URL: http://www.pattabhiagro.com/bootstrap/css/citizens/verify.html

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

174.128.65.144 Riverside, United States, ASN63335 (CITIZENS-BANK-AS - RBS Citizens, NA, US),

Reverse DNS

Software

Resource Hash

5cd35c8ac4630375a6b89e2d770c6023bca82d772a6454e65135ec1713970ebd

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: http://www.pattabhiagro.com/bootstrap/css/citizens/verify.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.104 Safari/537.36

Response headers

Date: Sat, 17 Jun 2017 23:38:20 GMT
X-OLB-REQ-RECEIVED: t=1497742700174000
Last-Modified: Sat, 10 Jun 2017 06:47:30 GMT
ETag: "1818da-29b-5519575b00480"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=100
Content-Length: 667
X-OLB-REQ-DURATION: D=546

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citizens Bank (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.pattabhiagro.com
www3.citizensbankonline.com
174.128.65.144
192.186.223.129
4ca664fa3f2df4dc0542d1d5be418688cb9b70eced933bfb76efcab7a37d45d8
5cd35c8ac4630375a6b89e2d770c6023bca82d772a6454e65135ec1713970ebd
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
a88676de1836609194ae8a17b09966f99b505b11f69cc801c1f6c442f187d05d
ae571edfb75648a099b4bb67a1b33cf1be1133eac6d74e92a786f0303fc08298
d2c454e5be26b1dab56fc01f7e723e531d883b9d9f0c2f46f9efc63d644b7beb
d570f71cca1ef1b531281269207bb3808c31737c62f2b3b8169825fd0fe9f591
f38ccfb82832d5d520a762b30713c43d178f8e9b6e0f9f51970611f06636d6aa

www.pattabhiagro.com Open in urlscan Pro 192.186.223.129 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

8 Requests

88 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

14 kBTransfer

47 kBSize

0 Cookies

4 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

www.pattabhiagro.com Open in urlscan Pro
192.186.223.129 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

88 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

14 kB
Transfer

47 kB
Size

0
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!