citiukonline.com Open in urlscan Pro
5.100.152.180 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://citiukonline.com/aspx/ebl.php
Submission: On November 23 via automatic, source openphish (November 23rd 2017, 6:46:21 am UTC)

Summary HTTP 10 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 5.100.152.180, located in Virgin Islands (British) and belongs to PUBLIC-DOMAIN-REGISTRY - PDR, US. The main domain is citiukonline.com.

This is the only time citiukonline.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Banking (Banking)

Domain & IP information

	IP Address		AS Autonomous System
10	5.100.152.180 5.100.152.180		394695 (PUBLIC-DO...) (PUBLIC-DOMAIN-REGISTRY - PDR)
10	1

10 5.100.152.180 (Virgin Islands (British))

ASN394695 (PUBLIC-DOMAIN-REGISTRY - PDR, US)
PTR: bh-uk-2.webhostbox.net

citiukonline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	citiukonline.com citiukonline.com	66 KB
10	1

	Domain	Requested by
10	citiukonline.com	citiukonline.com
10	1

This site contains links to these domains. Also see Links.

Domain
www.citibank.co.uk

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://citiukonline.com/aspx/ebl.php
Frame ID: 24435.1
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

10
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

66 kB
Transfer

70 kB
Size

0
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: http://www.citibank.co.uk/personal/cards/terms_cond.htm
Title: Terms and Conditions

Search URL Search Domain Scan URL

URL: http://www.citibank.co.uk/personal/banking/info/privacy/index.htm
Title: Privacy and cookies policy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request ebl.php Show response citiukonline.com/aspx/	8 KB 8 KB	58ms 35ms	Document text/html	5.100.152.180 PDR
General Check archive.org Show headers Download Go to Full URL http://citiukonline.com/aspx/ebl.php Protocol HTTP/1.1 Server 5.100.152.180 , Virgin Islands (British), ASN394695 (PUBLIC-DOMAIN-REGISTRY - PDR, US), Reverse DNS bh-uk-2.webhostbox.net Software Apache / PHP/5.4.45 Resource Hash `cf192821869e6d13bcc18e69ba7c537f260e5cb7cea71611da7c4b6500e68587` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host citiukonline.com Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Cache-Control no-cache Connection keep-alive Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Date Thu, 23 Nov 2017 06:46:10 GMT Server Apache Connection Keep-Alive X-Powered-By PHP/5.4.45 Transfer-Encoding chunked Keep-Alive timeout=3, max=30 Content-Type text/html
GET H/1.1	200 OK	contac3.jpg citiukonline.com/aspx/	24 KB 24 KB	43ms 43ms	Image image/jpeg	5.100.152.180 PDR
General Check archive.org Show headers Download Go to Show image Full URL http://citiukonline.com/aspx/contac3.jpg Requested by Host: citiukonline.com URL: http://citiukonline.com/aspx/ebl.php Protocol HTTP/1.1 Server 5.100.152.180 , Virgin Islands (British), ASN394695 (PUBLIC-DOMAIN-REGISTRY - PDR, US), Reverse DNS bh-uk-2.webhostbox.net Software Apache / Resource Hash `e4d1a49a478e31125fa91b9e2ceb00571c832ceedd3ed6ebc0799a358bee1bf7` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host citiukonline.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://citiukonline.com/aspx/ebl.php Connection keep-alive Cache-Control no-cache Referer http://citiukonline.com/aspx/ebl.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Date Thu, 23 Nov 2017 06:46:10 GMT Last-Modified Thu, 23 Oct 2014 08:21:40 GMT Server Apache Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=3, max=29 Content-Length 24800
GET H/1.1	200 OK	xlogin32.jpg citiukonline.com/aspx/	5 KB 5 KB	53ms 30ms	Image image/jpeg	5.100.152.180 PDR
General Check archive.org Show headers Download Go to Show image Full URL http://citiukonline.com/aspx/xlogin32.jpg Requested by Host: citiukonline.com URL: http://citiukonline.com/aspx/ebl.php Protocol HTTP/1.1 Server 5.100.152.180 , Virgin Islands (British), ASN394695 (PUBLIC-DOMAIN-REGISTRY - PDR, US), Reverse DNS bh-uk-2.webhostbox.net Software Apache / Resource Hash `269fcda8b98d3efc5e46c3ac3dc89fdbc76ea6fc66d993168a8f61992f0f49bc` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host citiukonline.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://citiukonline.com/aspx/ebl.php Connection keep-alive Cache-Control no-cache Referer http://citiukonline.com/aspx/ebl.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Date Thu, 23 Nov 2017 06:46:10 GMT Last-Modified Thu, 21 Jul 2011 09:33:40 GMT Server Apache Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=3, max=30 Content-Length 5174
GET H/1.1	404 Not Found	spacer.gif citiukonline.com/aspx/	2 KB 0	49ms 26ms	Image text/html	5.100.152.180 PDR
General Check archive.org Show headers Download Go to Show image Full URL http://citiukonline.com/aspx/spacer.gif Requested by Host: citiukonline.com URL: http://citiukonline.com/aspx/ebl.php Protocol HTTP/1.1 Server 5.100.152.180 , Virgin Islands (British), ASN394695 (PUBLIC-DOMAIN-REGISTRY - PDR, US), Reverse DNS bh-uk-2.webhostbox.net Software Apache / Resource Hash `313cf3aedda208a9438dbc924bf20bbabcea2e46e1d3cc4bf8a4ea943e07a66b` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host citiukonline.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://citiukonline.com/aspx/ebl.php Connection keep-alive Cache-Control no-cache Referer http://citiukonline.com/aspx/ebl.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Date Thu, 23 Nov 2017 06:46:10 GMT Last-Modified Wed, 16 Aug 2017 15:50:38 GMT Server Apache Content-Type text/html Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=3, max=30 Content-Length 2556
GET H/1.1	404 Not Found	title_line.gif citiukonline.com/aspx/	1 KB 0	76ms 27ms	Image text/html	5.100.152.180 PDR
General Check archive.org Show headers Download Go to Show image Full URL http://citiukonline.com/aspx/title_line.gif Requested by Host: citiukonline.com URL: http://citiukonline.com/aspx/ebl.php Protocol HTTP/1.1 Server 5.100.152.180 , Virgin Islands (British), ASN394695 (PUBLIC-DOMAIN-REGISTRY - PDR, US), Reverse DNS bh-uk-2.webhostbox.net Software Apache / Resource Hash `4a2966794f6473ffc4bbed4e40fd212b34f52b44cbcd7a5b61711d690cb424c1` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host citiukonline.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://citiukonline.com/aspx/ebl.php Connection keep-alive Cache-Control no-cache Referer http://citiukonline.com/aspx/ebl.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Date Thu, 23 Nov 2017 06:46:10 GMT Last-Modified Wed, 16 Aug 2017 15:50:38 GMT Server Apache Content-Type text/html Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=3, max=29 Content-Length 2556
GET H/1.1	200 OK	xlogin33.gif citiukonline.com/aspx/	1 KB 1 KB	74ms 24ms	Image image/gif	5.100.152.180 PDR
General Check archive.org Show headers Download Go to Show image Full URL http://citiukonline.com/aspx/xlogin33.gif Requested by Host: citiukonline.com URL: http://citiukonline.com/aspx/ebl.php Protocol HTTP/1.1 Server 5.100.152.180 , Virgin Islands (British), ASN394695 (PUBLIC-DOMAIN-REGISTRY - PDR, US), Reverse DNS bh-uk-2.webhostbox.net Software Apache / Resource Hash `fea27da10c2fc2442a5964f39b1fe76d9c03be85b249c33721c900a784bdcaa0` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host citiukonline.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://citiukonline.com/aspx/ebl.php Connection keep-alive Cache-Control no-cache Referer http://citiukonline.com/aspx/ebl.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Date Thu, 23 Nov 2017 06:46:10 GMT Last-Modified Thu, 21 Jul 2011 09:35:46 GMT Server Apache Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=3, max=29 Content-Length 1316
GET H/1.1	200 OK	xlogin34.gif citiukonline.com/aspx/	1 KB 1 KB	78ms 26ms	Image image/gif	5.100.152.180 PDR
General Check archive.org Show headers Download Go to Show image Full URL http://citiukonline.com/aspx/xlogin34.gif Requested by Host: citiukonline.com URL: http://citiukonline.com/aspx/ebl.php Protocol HTTP/1.1 Server 5.100.152.180 , Virgin Islands (British), ASN394695 (PUBLIC-DOMAIN-REGISTRY - PDR, US), Reverse DNS bh-uk-2.webhostbox.net Software Apache / Resource Hash `5d7a19fb6b5ec93f9f65ea8d63b6a277e89786b32c965d23739dbba5bb35c7e0` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host citiukonline.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://citiukonline.com/aspx/ebl.php Connection keep-alive Cache-Control no-cache Referer http://citiukonline.com/aspx/ebl.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Date Thu, 23 Nov 2017 06:46:10 GMT Last-Modified Thu, 21 Jul 2011 09:34:42 GMT Server Apache Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=3, max=29 Content-Length 1146
GET H/1.1	200 OK	xlogin40.jpg citiukonline.com/aspx/	20 KB 20 KB	39ms 31ms	Image image/jpeg	5.100.152.180 PDR
General Check archive.org Show headers Download Go to Show image Full URL http://citiukonline.com/aspx/xlogin40.jpg Requested by Host: citiukonline.com URL: http://citiukonline.com/aspx/ebl.php Protocol HTTP/1.1 Server 5.100.152.180 , Virgin Islands (British), ASN394695 (PUBLIC-DOMAIN-REGISTRY - PDR, US), Reverse DNS bh-uk-2.webhostbox.net Software Apache / Resource Hash `dc35ce883c689260038189f605fc4aaaf72eace6e8c20cbbb6c01529c4019cca` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host citiukonline.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://citiukonline.com/aspx/ebl.php Connection keep-alive Cache-Control no-cache Referer http://citiukonline.com/aspx/ebl.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Date Thu, 23 Nov 2017 06:46:10 GMT Last-Modified Sat, 30 Jan 2010 10:00:56 GMT Server Apache Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=3, max=30 Content-Length 20545
GET H/1.1	200 OK	index.4.gif citiukonline.com/aspx/	1 KB 1 KB	37ms 28ms	Image image/gif	5.100.152.180 PDR
General Check archive.org Show headers Download Go to Show image Full URL http://citiukonline.com/aspx/index.4.gif Requested by Host: citiukonline.com URL: http://citiukonline.com/aspx/ebl.php Protocol HTTP/1.1 Server 5.100.152.180 , Virgin Islands (British), ASN394695 (PUBLIC-DOMAIN-REGISTRY - PDR, US), Reverse DNS bh-uk-2.webhostbox.net Software Apache / Resource Hash `4627eea8789b95ab606c965db13f9d943b78c55f223a24d648100956c5324eaf` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host citiukonline.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://citiukonline.com/aspx/ebl.php Connection keep-alive Cache-Control no-cache Referer http://citiukonline.com/aspx/ebl.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Date Thu, 23 Nov 2017 06:46:10 GMT Last-Modified Thu, 23 Oct 2014 05:55:14 GMT Server Apache Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=3, max=30 Content-Length 1079
GET H/1.1	200 OK	fscs.gif citiukonline.com/aspx/	5 KB 5 KB	47ms 40ms	Image image/gif	5.100.152.180 PDR
General Check archive.org Show headers Download Go to Show image Full URL http://citiukonline.com/aspx/fscs.gif Requested by Host: citiukonline.com URL: http://citiukonline.com/aspx/ebl.php Protocol HTTP/1.1 Server 5.100.152.180 , Virgin Islands (British), ASN394695 (PUBLIC-DOMAIN-REGISTRY - PDR, US), Reverse DNS bh-uk-2.webhostbox.net Software Apache / Resource Hash `8c4e63b03fe1ba44c2e63f05d6a1dbbbeafff2881ba1c9a8c7c3dab35a5983dc` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host citiukonline.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://citiukonline.com/aspx/ebl.php Connection keep-alive Cache-Control no-cache Referer http://citiukonline.com/aspx/ebl.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Response headers Date Thu, 23 Nov 2017 06:46:10 GMT Last-Modified Thu, 23 Oct 2014 05:55:34 GMT Server Apache Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=3, max=30 Content-Length 5289

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Banking (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

citiukonline.com
5.100.152.180
269fcda8b98d3efc5e46c3ac3dc89fdbc76ea6fc66d993168a8f61992f0f49bc
313cf3aedda208a9438dbc924bf20bbabcea2e46e1d3cc4bf8a4ea943e07a66b
4627eea8789b95ab606c965db13f9d943b78c55f223a24d648100956c5324eaf
4a2966794f6473ffc4bbed4e40fd212b34f52b44cbcd7a5b61711d690cb424c1
5d7a19fb6b5ec93f9f65ea8d63b6a277e89786b32c965d23739dbba5bb35c7e0
8c4e63b03fe1ba44c2e63f05d6a1dbbbeafff2881ba1c9a8c7c3dab35a5983dc
cf192821869e6d13bcc18e69ba7c537f260e5cb7cea71611da7c4b6500e68587
dc35ce883c689260038189f605fc4aaaf72eace6e8c20cbbb6c01529c4019cca
e4d1a49a478e31125fa91b9e2ceb00571c832ceedd3ed6ebc0799a358bee1bf7
fea27da10c2fc2442a5964f39b1fe76d9c03be85b249c33721c900a784bdcaa0

citiukonline.com Open in urlscan Pro 5.100.152.180 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

10 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

66 kBTransfer

70 kBSize

0 Cookies

2 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

citiukonline.com Open in urlscan Pro
5.100.152.180 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

66 kB
Transfer

70 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!