citibanksupports.co.vu Open in urlscan Pro
34.102.28.51 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://citibanksupports.co.vu/
Effective URL:
https://citibanksupports.co.vu/login.php
Submission: On January 24 via manual (January 24th 2022, 6:44:30 am UTC) from PL — Scanned from PL

Summary HTTP 19 Redirects Links 34 Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 3 domains to perform 19 HTTP transactions. The main IP is 34.102.28.51, located in Los Angeles, United States and belongs to GOOGLE, US. The main domain is citibanksupports.co.vu.
TLS certificate: Issued by cPanel, Inc. Certification Authority on January 24th 2022. Valid for: 3 months.

This is the only time citibanksupports.co.vu was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citibank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 10	34.102.28.51 34.102.28.51	15169 (GOOGLE) (GOOGLE)
1	142.250.186.170 142.250.186.170	15169 (GOOGLE) (GOOGLE)
1	104.111.238.178 104.111.238.178	16625 (AKAMAI-AS) (AKAMAI-AS)
5	104.117.204.150 104.117.204.150	16625 (AKAMAI-AS) (AKAMAI-AS)
19	5

10 34.102.28.51 (Los Angeles, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 51.28.102.34.bc.googleusercontent.com

citibanksupports.co.vu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.170 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f10.1e100.net

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.238.178 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-238-178.deploy.static.akamaitechnologies.com

online.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.117.204.150 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-117-204-150.deploy.static.akamaitechnologies.com

www.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	co.vu 1 redirects citibanksupports.co.vu	2 MB
6	citi.com www.citi.com — Cisco Umbrella Rank: 25635 Failed online.citi.com — Cisco Umbrella Rank: 22687	230 KB
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 293	31 KB
19	3

	Domain	Requested by
10	citibanksupports.co.vu	1 redirects citibanksupports.co.vu
5	www.citi.com	citibanksupports.co.vu
1	online.citi.com	citibanksupports.co.vu
1	ajax.googleapis.com	citibanksupports.co.vu
19	4

This site contains links to these domains. Also see Links.

Domain
www.citi.com
online.citi.com
www.citigroup.com
citieasydeals.com
www.citiprivatepass.com
www.privatebank.citibank.com
play.google.com
itunes.apple.com
www.jdpower.com
www.facebook.com
twitter.com
www.youtube.com

Subject Issuer	Validity	Valid
citibanksupports.co.vu cPanel, Inc. Certification Authority	`2022-01-24` - `2022-04-24`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
online.citibank.com DigiCert SHA2 Extended Validation Server CA	`2020-03-13` - `2022-05-14`	2 years	crt.sh
www.citi.com DigiCert SHA2 Extended Validation Server CA	`2021-11-02` - `2022-12-03`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://citibanksupports.co.vu/login.php
Frame ID: CA4656CA05E6C7DB17DBC2340106C722
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign On to Your Citi Account - Citibank

Page URL History Show full URLs

https://citibanksupports.co.vu/ HTTP 302
https://citibanksupports.co.vu/login.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

19
Requests

84 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

5
IPs

2
Countries

2299 kB
Transfer

2346 kB
Size

1
Cookies

34 Outgoing links

These are links going to different origins than the main page.

URL: https://www.citi.com/
Title: Skip to Content

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/citibank-location-finder
Title: ATM / BRANCH

Search URL Search Domain Scan URL

URL: https://www.citi.com/login
Title: Continuar

Search URL Search Domain Scan URL

URL: http://www.citigroup.com/citi/
Title: Our Story

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=ServicesOverview
Title: Benefits and Services

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=Rewards
Title: Rewards

Search URL Search Domain Scan URL

URL: https://citieasydeals.com/
Title: Citi Easy DealsSM

Search URL Search Domain Scan URL

URL: http://www.citiprivatepass.com/
Title: Citi EntertainmentSM

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=SpecialOffers
Title: Special Offers

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/citigold-private-client
Title: Citigold® Private Client

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=CitigoldOverview
Title: Citigold®

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=CitiPriorityOverview
Title: Citi Priority

Search URL Search Domain Scan URL

URL: https://www.privatebank.citibank.com/
Title: Citi Private Bank

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/small-business-banking
Title: Small Business Accounts

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=CitiCommercialBanking
Title: Commercial Accounts

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/current-interest-rates/checking-saving-accounts
Title: Personal Banking

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare-credit-cards/citi.action?ID=view-all-credit-cards
Title: Credit Cards

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=todays_mortgage_rates&type=buy
Title: Mortgage

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=home_equity_rates
Title: Home Equity

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/current-interest-rates/personal-loans-and-lines-of-credit
Title: Lending

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/contactus
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/helptopic
Title: Help & FAQs

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/security-center
Title: Security Center

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.citi.citimobile
Title: Continue

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/app/citi-mobile-sm/id301724680?mt=8
Title: Continue

Search URL Search Domain Scan URL

URL: http://www.jdpower.com/awards
Title: Continue

Search URL Search Domain Scan URL

URL: https://www.facebook.com/citibank
Title: Continue

Search URL Search Domain Scan URL

URL: https://twitter.com/Citibank/
Title: Continue

Search URL Search Domain Scan URL

URL: https://www.youtube.com/citi
Title: Continue

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/termsdisclaimer/termsdisclaimerhome
Title: Terms & Conditions

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=Privacy
Title: Privacy

Search URL Search Domain Scan URL

URL: https://online.citi.com/JRS/portal/template.do?ID=Privacy#notice-at-collection
Title: Notice at Collection

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/dataprivacyhub
Title: CA Privacy Hub

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=Accessibility
Title: Accessibility

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://citibanksupports.co.vu/ HTTP 302
https://citibanksupports.co.vu/login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request login.php Show response
citibanksupports.co.vu/
Redirect Chain

https://citibanksupports.co.vu/
https://citibanksupports.co.vu/login.php

388 KB
389 KB

1122ms
1122ms

Document
text/html

34.102.28.51
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://citibanksupports.co.vu/login.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.28.51 Los Angeles, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 51.28.102.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: 020f7b8c4b960aaaa22045d5574c8532ca0bc818adf616bd973d647dd5ca7d51

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: pl-PL,pl;q=0.9

Response headers

Date: Mon, 24 Jan 2022 06:44:22 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

Redirect headers

Date: Mon, 24 Jan 2022 06:44:21 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: ./login.php
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

GET Interstate-Light.woff
www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0

GET Interstate-Bold.woff
www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0

GET Interstate-Regular.woff
www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0

GET
H/1.1 200
OK styles.96e48ab9a5610e0bcfb4.css
citibanksupports.co.vu/assets/ 1 MB
1 MB 192ms
192ms Stylesheet
text/css 34.102.28.51
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://citibanksupports.co.vu/assets/styles.96e48ab9a5610e0bcfb4.css
Requested by: Host: citibanksupports.co.vu
URL: https://citibanksupports.co.vu/login.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.28.51 Los Angeles, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 51.28.102.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: 14274e6c692a3d4609b789e9beec3219c272321b759b39cfb513f4eaf35f10bf

Request headers

Accept-Language: pl-PL,pl;q=0.9
Referer: https://citibanksupports.co.vu/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 24 Jan 2022 06:44:24 GMT
Last-Modified: Tue, 16 Nov 2021 11:29:54 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1493247

GET
H/1.1 200
OK citilogoredesign.png
citibanksupports.co.vu/assets/ 2 KB
2 KB 372ms
190ms Image
image/png 34.102.28.51
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citibanksupports.co.vu/assets/citilogoredesign.png
Requested by: Host: citibanksupports.co.vu
URL: https://citibanksupports.co.vu/login.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.28.51 Los Angeles, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 51.28.102.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: 102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed

Request headers

Accept-Language: pl-PL,pl;q=0.9
Referer: https://citibanksupports.co.vu/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 24 Jan 2022 06:44:24 GMT
Last-Modified: Sat, 18 Sep 2021 02:52:38 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 1799

GET
H/1.1 200
OK 050-location@2x.svg
citibanksupports.co.vu/assets/ 2 KB
2 KB 572ms
201ms Image
image/svg+xml 34.102.28.51
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citibanksupports.co.vu/assets/050-location@2x.svg
Requested by: Host: citibanksupports.co.vu
URL: https://citibanksupports.co.vu/login.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.28.51 Los Angeles, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 51.28.102.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: 6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b

Request headers

Accept-Language: pl-PL,pl;q=0.9
Referer: https://citibanksupports.co.vu/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 24 Jan 2022 06:44:25 GMT
Last-Modified: Sat, 18 Sep 2021 02:52:38 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 1752

GET
H/1.1 200
OK icon_globe_med-grey@2x.svg
citibanksupports.co.vu/assets/ 3 KB
4 KB 573ms
201ms Image
image/svg+xml 34.102.28.51
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citibanksupports.co.vu/assets/icon_globe_med-grey@2x.svg
Requested by: Host: citibanksupports.co.vu
URL: https://citibanksupports.co.vu/login.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.28.51 Los Angeles, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 51.28.102.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f

Request headers

Accept-Language: pl-PL,pl;q=0.9
Referer: https://citibanksupports.co.vu/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 24 Jan 2022 06:44:25 GMT
Last-Modified: Sat, 18 Sep 2021 02:52:38 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 3523

GET
H/1.1 200
OK 320_Citi-PLT@3x.png
citibanksupports.co.vu/assets/ 11 KB
12 KB 393ms
200ms Image
image/png 34.102.28.51
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citibanksupports.co.vu/assets/320_Citi-PLT@3x.png
Requested by: Host: citibanksupports.co.vu
URL: https://citibanksupports.co.vu/login.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.28.51 Los Angeles, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 51.28.102.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631

Request headers

Accept-Language: pl-PL,pl;q=0.9
Referer: https://citibanksupports.co.vu/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 24 Jan 2022 06:44:25 GMT
Last-Modified: Sat, 18 Sep 2021 02:52:40 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 11562

GET
H/1.1 200
OK 1440_Citi-PLT@3x.png
citibanksupports.co.vu/assets/ 27 KB
28 KB 391ms
196ms Image
image/png 34.102.28.51
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citibanksupports.co.vu/assets/1440_Citi-PLT@3x.png
Requested by: Host: citibanksupports.co.vu
URL: https://citibanksupports.co.vu/login.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.28.51 Los Angeles, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 51.28.102.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: 6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452

Request headers

Accept-Language: pl-PL,pl;q=0.9
Referer: https://citibanksupports.co.vu/login.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 24 Jan 2022 06:44:25 GMT
Last-Modified: Sat, 18 Sep 2021 02:52:40 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 28149

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.6.0/ 87 KB
31 KB 126ms
39ms Script
text/javascript 142.250.186.170
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js

Requested by

Host: citibanksupports.co.vu
URL: https://citibanksupports.co.vu/login.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.170 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f10.1e100.net

Software

sffe /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: pl-PL,pl;q=0.9
Referer: https://citibanksupports.co.vu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 21 Jan 2022 13:02:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 236534
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31017
x-xss-protection: 0
last-modified: Wed, 10 Mar 2021 14:28:09 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 21 Jan 2023 13:02:10 GMT

GET
H2 200 LSO_4959.jpg
online.citi.com/nga-lite-signon/ 171 KB
172 KB 623ms
511ms Image
image/jpeg 104.111.238.178
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/nga-lite-signon/LSO_4959.jpg

Requested by

Host: citibanksupports.co.vu
URL: https://citibanksupports.co.vu/login.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.111.238.178 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-238-178.deploy.static.akamaitechnologies.com

Software

Resource Hash

48e89b7e40e096b89d864a5c8ee340ce44ca60fe9675310ef2f3f40a53a7d593

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

Accept-Language: pl-PL,pl;q=0.9
Referer: https://citibanksupports.co.vu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 24 Jan 2022 06:44:26 GMT
last-modified: Mon, 11 Jan 2021 11:55:43 GMT
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 174933
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H/1.1 200
OK Citi-Branding-Sprite.png
www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 5 KB
6 KB 227ms
100ms Image
image/png 104.117.204.150
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/Citi-Branding-Sprite.png

Requested by

Host: citibanksupports.co.vu
URL: https://citibanksupports.co.vu/login.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.117.204.150 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-117-204-150.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

3fca3de24621f0f10186594054444d608016297c2e853e548710b3521e42a609

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: pl-PL,pl;q=0.9
Referer: https://citibanksupports.co.vu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 4952
X-Xss-Protection: 1; mode=block
Last-Modified: Sun, 23 Jan 2022 09:52:23 GMT
Server: nginx
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Mon, 24 Jan 2022 06:44:25 GMT
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Content-Type: image/png
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: e6dd06ba-29ad-497b-5141-6a3ac1b84c81
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Cache-Control: public, no-transform, max-age=21600
Access-Control-Allow-Credentials: true
ETag: W/"1358-17e8659dbd8"
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
Expires: Mon, 24 Jan 2022 12:44:25 GMT

GET
H/1.1 200
OK Appstore-Googleplay-JDPower-Sprite.png
www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 44 KB
45 KB 237ms
109ms Image
image/png 104.117.204.150
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/Appstore-Googleplay-JDPower-Sprite.png

Requested by

Host: citibanksupports.co.vu
URL: https://citibanksupports.co.vu/login.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.117.204.150 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-117-204-150.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

b8e446605f92c29a178dd6494688103ac268004592afe06643df46f4bff68577

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: pl-PL,pl;q=0.9
Referer: https://citibanksupports.co.vu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 44996
X-Xss-Protection: 1; mode=block
Last-Modified: Sun, 23 Jan 2022 09:52:23 GMT
Server: nginx
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Mon, 24 Jan 2022 06:44:25 GMT
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Content-Type: image/png
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: 08e2e07a-fd66-4d1c-53ad-92bd90fa225c
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Cache-Control: public, no-transform, max-age=21600
Access-Control-Allow-Credentials: true
ETag: W/"afc4-17e8659dbd8"
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
Expires: Mon, 24 Jan 2022 12:44:25 GMT

GET
H/1.1 200
OK social-media_facebook@3x.png
www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 445 B
2 KB 176ms
49ms Image
image/png 104.117.204.150
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/social-media_facebook@3x.png

Requested by

Host: citibanksupports.co.vu
URL: https://citibanksupports.co.vu/login.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.117.204.150 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-117-204-150.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: pl-PL,pl;q=0.9
Referer: https://citibanksupports.co.vu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 445
X-Xss-Protection: 1; mode=block
Last-Modified: Sun, 23 Jan 2022 09:52:23 GMT
Server: nginx
X-Akamai-CITISITE: GTDC
X-Frame-Options: DENY
Date: Mon, 24 Jan 2022 06:44:25 GMT
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Content-Type: image/png
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: a83f97ee-894a-4abc-71bd-6c48bf18c753
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Cache-Control: public, no-transform, max-age=21600
Access-Control-Allow-Credentials: true
ETag: W/"1bd-17e8659dbd8"
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
Expires: Mon, 24 Jan 2022 12:44:25 GMT

GET
H/1.1 200
OK social-media_twitter@3x.png
www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 1 KB
2 KB 175ms
48ms Image
image/png 104.117.204.150
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/social-media_twitter@3x.png

Requested by

Host: citibanksupports.co.vu
URL: https://citibanksupports.co.vu/login.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.117.204.150 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-117-204-150.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: pl-PL,pl;q=0.9
Referer: https://citibanksupports.co.vu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 1277
X-Xss-Protection: 1; mode=block
Last-Modified: Sun, 23 Jan 2022 02:57:17 GMT
Server: nginx
X-Akamai-CITISITE: SWDC
X-Frame-Options: DENY
Date: Mon, 24 Jan 2022 06:44:25 GMT
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Content-Type: image/png
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: 8a97d9e1-236d-4f43-79ad-08163dd657e7
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Cache-Control: public, no-transform, max-age=21600
Access-Control-Allow-Credentials: true
ETag: W/"4fd-17e84ddd2c8"
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
Expires: Mon, 24 Jan 2022 12:44:25 GMT

GET
H/1.1 200
OK social-media_youtube@3x.png
www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ 1 KB
2 KB 174ms
47ms Image
image/png 104.117.204.150
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/social-media_youtube@3x.png

Requested by

Host: citibanksupports.co.vu
URL: https://citibanksupports.co.vu/login.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.117.204.150 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-117-204-150.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: pl-PL,pl;q=0.9
Referer: https://citibanksupports.co.vu/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000 ; includeSubDomains, max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 1175
X-Xss-Protection: 1; mode=block
Last-Modified: Sun, 23 Jan 2022 02:57:17 GMT
Server: nginx
X-Akamai-CITISITE: SWDC
X-Frame-Options: DENY
Date: Mon, 24 Jan 2022 06:44:25 GMT
Access-Control-Max-Age: 2147483647
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,HEAD
Content-Type: image/png
Access-Control-Allow-Origin: https://citimobile.citibankonline.com
X-Vcap-Request-Id: ee052f1b-1afd-404d-707d-1e0a53a6aadb
Access-Control-Expose-Headers: action,challengeType,bizToken,eventid,Eventid,Eventidexpirytime,eventidexpirytime,accesstoken,Authorization,sid,SessionId,CCPToken,CFIToken
Cache-Control: public, no-transform, max-age=21600
Access-Control-Allow-Credentials: true
ETag: W/"497-17e84ddd2c8"
Accept-Ranges: bytes
Access-Control-Allow-Headers: action,challengeType,accesstoken,appVersion,,Content-Type,sid,CCPToken,CFIToken,countryCode,businessCode,channelId,uuid,client_id,environmentId
Expires: Mon, 24 Jan 2022 12:44:25 GMT

GET
H/1.1 200
OK Interstate-Light.woff
citibanksupports.co.vu/assets/ 74 KB
74 KB 194ms
194ms Font
font/woff 34.102.28.51
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://citibanksupports.co.vu/assets/Interstate-Light.woff
Requested by: Host: citibanksupports.co.vu
URL: https://citibanksupports.co.vu/login.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.28.51 Los Angeles, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 51.28.102.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296

Request headers

Referer: https://citibanksupports.co.vu/login.php
Origin: https://citibanksupports.co.vu
Accept-Language: pl-PL,pl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 24 Jan 2022 06:44:25 GMT
Last-Modified: Sat, 18 Sep 2021 01:55:18 GMT
Server: Apache
Content-Type: font/woff
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 75538

GET
H/1.1 200
OK Interstate-Bold.woff
citibanksupports.co.vu/assets/ 70 KB
70 KB 195ms
195ms Font
font/woff 34.102.28.51
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://citibanksupports.co.vu/assets/Interstate-Bold.woff
Requested by: Host: citibanksupports.co.vu
URL: https://citibanksupports.co.vu/login.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.28.51 Los Angeles, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 51.28.102.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7

Request headers

Referer: https://citibanksupports.co.vu/login.php
Origin: https://citibanksupports.co.vu
Accept-Language: pl-PL,pl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 24 Jan 2022 06:44:25 GMT
Last-Modified: Sat, 18 Sep 2021 01:55:22 GMT
Server: Apache
Content-Type: font/woff
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 71874

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.citi.com
URL: https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff

Domain: www.citi.com
URL: https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff

Domain: www.citi.com
URL: https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Regular.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citibank (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			citibanksupports.co.vu/	1969-12-31 23:59:59	Name: PHPSESSID Value: 3004053a51c5c34249fdba0455fa4a8b

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://citibanksupports.co.vu/login.php Message: Access to font at 'https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff' from origin 'https://citibanksupports.co.vu' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://citimobile.citibankonline.com' that is not equal to the supplied origin.
network	error	URL: https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://citibanksupports.co.vu/login.php Message: Access to font at 'https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff' from origin 'https://citibanksupports.co.vu' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://citimobile.citibankonline.com' that is not equal to the supplied origin.
network	error	URL: https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://citibanksupports.co.vu/login.php Message: Access to font at 'https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Regular.woff' from origin 'https://citibanksupports.co.vu' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://citimobile.citibankonline.com' that is not equal to the supplied origin.
network	error	URL: https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Regular.woff Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
citibanksupports.co.vu
online.citi.com
www.citi.com
www.citi.com
104.111.238.178
104.117.204.150
142.250.186.170
34.102.28.51
020f7b8c4b960aaaa22045d5574c8532ca0bc818adf616bd973d647dd5ca7d51
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed
14274e6c692a3d4609b789e9beec3219c272321b759b39cfb513f4eaf35f10bf
3fca3de24621f0f10186594054444d608016297c2e853e548710b3521e42a609
48e89b7e40e096b89d864a5c8ee340ce44ca60fe9675310ef2f3f40a53a7d593
5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837
6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452
a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f
b8e446605f92c29a178dd6494688103ac268004592afe06643df46f4bff68577
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296
f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

citibanksupports.co.vu Open in urlscan Pro 34.102.28.51 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

19 Requests

84 %HTTPS

0 %IPv6

3 Domains

4 Subdomains

5 IPs

2 Countries

2299 kBTransfer

2346 kBSize

1 Cookies

34 Outgoing links

Page URL History

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

1 Cookies

6 Console Messages

Indicators

citibanksupports.co.vu Open in urlscan Pro
34.102.28.51 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

84 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

5
IPs

2
Countries

2299 kB
Transfer

2346 kB
Size

1
Cookies

19 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!