citibanksupports.co.vu
Open in
urlscan Pro
34.102.28.51
Malicious Activity!
Public Scan
Effective URL: https://citibanksupports.co.vu/login.php
Submission: On January 24 via manual from PL — Scanned from PL
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on January 24th 2022. Valid for: 3 months.
This is the only time citibanksupports.co.vu was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Citibank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 10 | 34.102.28.51 34.102.28.51 | 15169 (GOOGLE) (GOOGLE) | |
1 | 142.250.186.170 142.250.186.170 | 15169 (GOOGLE) (GOOGLE) | |
1 | 104.111.238.178 104.111.238.178 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
5 | 104.117.204.150 104.117.204.150 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
19 | 5 |
ASN15169 (GOOGLE, US)
PTR: 51.28.102.34.bc.googleusercontent.com
citibanksupports.co.vu |
ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f10.1e100.net
ajax.googleapis.com |
ASN16625 (AKAMAI-AS, US)
PTR: a104-111-238-178.deploy.static.akamaitechnologies.com
online.citi.com |
ASN16625 (AKAMAI-AS, US)
PTR: a104-117-204-150.deploy.static.akamaitechnologies.com
www.citi.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
co.vu
1 redirects
citibanksupports.co.vu |
2 MB |
6 |
citi.com
www.citi.com — Cisco Umbrella Rank: 25635 Failed online.citi.com — Cisco Umbrella Rank: 22687 |
230 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 293 |
31 KB |
19 | 3 |
Domain | Requested by | |
---|---|---|
10 | citibanksupports.co.vu |
1 redirects
citibanksupports.co.vu
|
5 | www.citi.com |
citibanksupports.co.vu
|
1 | online.citi.com |
citibanksupports.co.vu
|
1 | ajax.googleapis.com |
citibanksupports.co.vu
|
19 | 4 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
citibanksupports.co.vu cPanel, Inc. Certification Authority |
2022-01-24 - 2022-04-24 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2021-12-27 - 2022-03-21 |
3 months | crt.sh |
online.citibank.com DigiCert SHA2 Extended Validation Server CA |
2020-03-13 - 2022-05-14 |
2 years | crt.sh |
www.citi.com DigiCert SHA2 Extended Validation Server CA |
2021-11-02 - 2022-12-03 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://citibanksupports.co.vu/login.php
Frame ID: CA4656CA05E6C7DB17DBC2340106C722
Requests: 19 HTTP requests in this frame
Screenshot
Page Title
Sign On to Your Citi Account - CitibankPage URL History Show full URLs
-
https://citibanksupports.co.vu/
HTTP 302
https://citibanksupports.co.vu/login.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
34 Outgoing links
These are links going to different origins than the main page.
Title: Skip to Content
Search URL Search Domain Scan URL
Title: ATM / BRANCH
Search URL Search Domain Scan URL
Title: Continuar
Search URL Search Domain Scan URL
Title: Our Story
Search URL Search Domain Scan URL
Title: Benefits and Services
Search URL Search Domain Scan URL
Title: Rewards
Search URL Search Domain Scan URL
Title: Citi Easy DealsSM
Search URL Search Domain Scan URL
Title: Citi EntertainmentSM
Search URL Search Domain Scan URL
Title: Special Offers
Search URL Search Domain Scan URL
Title: CitigoldĀ® Private Client
Search URL Search Domain Scan URL
Title: CitigoldĀ®
Search URL Search Domain Scan URL
Title: Citi Priority
Search URL Search Domain Scan URL
Title: Citi Private Bank
Search URL Search Domain Scan URL
Title: Small Business Accounts
Search URL Search Domain Scan URL
Title: Commercial Accounts
Search URL Search Domain Scan URL
Title: Personal Banking
Search URL Search Domain Scan URL
Title: Credit Cards
Search URL Search Domain Scan URL
Title: Mortgage
Search URL Search Domain Scan URL
Title: Home Equity
Search URL Search Domain Scan URL
Title: Lending
Search URL Search Domain Scan URL
Title: Contact Us
Search URL Search Domain Scan URL
Title: Help & FAQs
Search URL Search Domain Scan URL
Title: Security Center
Search URL Search Domain Scan URL
Title: Continue
Search URL Search Domain Scan URL
Title: Continue
Search URL Search Domain Scan URL
Title: Continue
Search URL Search Domain Scan URL
Title: Continue
Search URL Search Domain Scan URL
Title: Continue
Search URL Search Domain Scan URL
Title: Continue
Search URL Search Domain Scan URL
Title: Terms & Conditions
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Title: Notice at Collection
Search URL Search Domain Scan URL
Title: CA Privacy Hub
Search URL Search Domain Scan URL
Title: Accessibility
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://citibanksupports.co.vu/
HTTP 302
https://citibanksupports.co.vu/login.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
login.php
citibanksupports.co.vu/ Redirect Chain
|
388 KB 389 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Interstate-Light.woff
www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Interstate-Bold.woff
www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Interstate-Regular.woff
www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.96e48ab9a5610e0bcfb4.css
citibanksupports.co.vu/assets/ |
1 MB 1 MB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
citilogoredesign.png
citibanksupports.co.vu/assets/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
050-location@2x.svg
citibanksupports.co.vu/assets/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon_globe_med-grey@2x.svg
citibanksupports.co.vu/assets/ |
3 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
320_Citi-PLT@3x.png
citibanksupports.co.vu/assets/ |
11 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1440_Citi-PLT@3x.png
citibanksupports.co.vu/assets/ |
27 KB 28 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.6.0/ |
87 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
LSO_4959.jpg
online.citi.com/nga-lite-signon/ |
171 KB 172 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Citi-Branding-Sprite.png
www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Appstore-Googleplay-JDPower-Sprite.png
www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ |
44 KB 45 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
social-media_facebook@3x.png
www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ |
445 B 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
social-media_twitter@3x.png
www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
social-media_youtube@3x.png
www.citi.com/cbol-pre-login-static-assets/citi-branding-assets/images/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Interstate-Light.woff
citibanksupports.co.vu/assets/ |
74 KB 74 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Interstate-Bold.woff
citibanksupports.co.vu/assets/ |
70 KB 70 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.citi.com
- URL
- https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff
- Domain
- www.citi.com
- URL
- https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff
- Domain
- www.citi.com
- URL
- https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Regular.woff
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Citibank (Banking)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
citibanksupports.co.vu/ | Name: PHPSESSID Value: 3004053a51c5c34249fdba0455fa4a8b |
6 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
citibanksupports.co.vu
online.citi.com
www.citi.com
www.citi.com
104.111.238.178
104.117.204.150
142.250.186.170
34.102.28.51
020f7b8c4b960aaaa22045d5574c8532ca0bc818adf616bd973d647dd5ca7d51
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed
14274e6c692a3d4609b789e9beec3219c272321b759b39cfb513f4eaf35f10bf
3fca3de24621f0f10186594054444d608016297c2e853e548710b3521e42a609
48e89b7e40e096b89d864a5c8ee340ce44ca60fe9675310ef2f3f40a53a7d593
5394d11ec8ad7a5494bcdb65cd95f885388532e14fb45a747e249112389bd837
6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b
695788dc05d94be3b32060ffea15c1a4d74897bd32e5da7811e7ca76d82fc86b
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452
a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f
b8e446605f92c29a178dd6494688103ac268004592afe06643df46f4bff68577
be9b5382b4526ffd3306d0292122ce3599123f1cd543f52f3035b4f24fbf9de8
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296
f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e