www.citibank.addc.ir Open in urlscan Pro
136.243.102.120 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.citibank.addc.ir/Login.php?sslchannel=true&sessionid=5PpkFpUBUG4Vonb9zSC3KRfLQEeknBjHjjdYfRKKL6Np943Fr9fAKdhOB4pP...
Submission: On June 10 via automatic, source openphish (June 10th 2022, 1:26:18 am UTC) — Scanned from DE

Summary HTTP 17 Redirects Links 34 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 17 HTTP transactions. The main IP is 136.243.102.120, located in Germany and belongs to HETZNER-AS, DE. The main domain is www.citibank.addc.ir.
TLS certificate: Issued by R3 on June 9th 2022. Valid for: 3 months.

This is the only time www.citibank.addc.ir was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citibank (Banking)

Domain & IP information

	IP Address		AS Autonomous System
17	136.243.102.120 136.243.102.120		24940 (HETZNER-AS) (HETZNER-AS)
17	1

17 136.243.102.120 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.120.102.243.136.clients.your-server.de

www.citibank.addc.ir	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	addc.ir www.citibank.addc.ir	630 KB
17	1

	Domain	Requested by
17	www.citibank.addc.ir	www.citibank.addc.ir
17	1

This site contains links to these domains. Also see Links.

Domain
www.citi.com
online.citi.com
www.citigroup.com
citieasydeals.com
www.citiprivatepass.com
www.privatebank.citibank.com
play.google.com
itunes.apple.com
www.jdpower.com
www.facebook.com
twitter.com
www.youtube.com

Subject Issuer	Validity	Valid
citibank.addc.ir R3	`2022-06-09` - `2022-09-07`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.citibank.addc.ir/Login.php?sslchannel=true&sessionid=5PpkFpUBUG4Vonb9zSC3KRfLQEeknBjHjjdYfRKKL6Np943Fr9fAKdhOB4pP88QSreu90p8h2To4r4AuhemTLtkjvfa7gtIO2XGVhPMNTHVM8IkSqqxDfh3CS0nH9H2kc9
Frame ID: BB29422637760EA54E5279CBDFCD2E31
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign On to Your Citi Account - Citibank

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

630 kB
Transfer

2393 kB
Size

1
Cookies

34 Outgoing links

These are links going to different origins than the main page.

URL: https://www.citi.com/

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/citibank-location-finder
Title: ATM / BRANCH

Search URL Search Domain Scan URL

URL: https://www.citi.com/login
Title: Continuar

Search URL Search Domain Scan URL

URL: http://www.citigroup.com/citi/
Title: Our Story

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=ServicesOverview
Title: Benefits and Services

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=Rewards
Title: Rewards

Search URL Search Domain Scan URL

URL: https://citieasydeals.com/
Title: Citi Easy DealsSM

Search URL Search Domain Scan URL

URL: http://www.citiprivatepass.com/
Title: Citi EntertainmentSM

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=SpecialOffers
Title: Special Offers

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/citigold-private-client
Title: Citigold® Private Client

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=CitigoldOverview
Title: Citigold®

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=CitiPriorityOverview
Title: Citi Priority

Search URL Search Domain Scan URL

URL: https://www.privatebank.citibank.com/
Title: Citi Private Bank

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/small-business-banking
Title: Small Business Accounts

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/pands/detail.do?ID=CitiCommercialBanking
Title: Commercial Accounts

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/current-interest-rates/checking-saving-accounts
Title: Personal Banking

Search URL Search Domain Scan URL

URL: https://www.citi.com/credit-cards/compare-credit-cards/citi.action?ID=view-all-credit-cards
Title: Credit Cards

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=todays_mortgage_rates&type=buy
Title: Mortgage

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=home_equity_rates
Title: Home Equity

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/current-interest-rates/personal-loans-and-lines-of-credit
Title: Lending

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/contactus
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/helptopic
Title: Help & FAQs

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/security-center
Title: Security Center

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.citi.citimobile
Title: Continue

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/app/citi-mobile-sm/id301724680?mt=8
Title: Continue

Search URL Search Domain Scan URL

URL: http://www.jdpower.com/awards
Title: Continue

Search URL Search Domain Scan URL

URL: https://www.facebook.com/citibank
Title: Continue

Search URL Search Domain Scan URL

URL: https://twitter.com/Citibank/
Title: Continue

Search URL Search Domain Scan URL

URL: https://www.youtube.com/citi
Title: Continue

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/termsdisclaimer/termsdisclaimerhome
Title: Terms & Conditions

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=Privacy
Title: Privacy

Search URL Search Domain Scan URL

URL: https://online.citi.com/JRS/portal/template.do?ID=Privacy#notice-at-collection
Title: Notice at Collection

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/ag/dataprivacyhub
Title: CA Privacy Hub

Search URL Search Domain Scan URL

URL: https://online.citi.com/US/JRS/portal/template.do?ID=Accessibility
Title: Accessibility

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request Login.php Show response www.citibank.addc.ir/	163 KB 12 KB	393ms 36ms	Document text/html	136.243.102.120 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://www.citibank.addc.ir/Login.php?sslchannel=true&sessionid=5PpkFpUBUG4Vonb9zSC3KRfLQEeknBjHjjdYfRKKL6Np943Fr9fAKdhOB4pP88QSreu90p8h2To4r4AuhemTLtkjvfa7gtIO2XGVhPMNTHVM8IkSqqxDfh3CS0nH9H2kc9 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 136.243.102.120 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.120.102.243.136.clients.your-server.de Software / PHP/7.4.24 Resource Hash `673d617af44cae4f2e95b04b526eafd3dbba50b186c0e62264978fdc557bd039` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000 cache-control no-store, no-cache, must-revalidate content-encoding br content-type text/html; charset=UTF-8 date Fri, 10 Jun 2022 01:26:12 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache vary Accept-Encoding x-powered-by PHP/7.4.24
GET H2	200	styles.css www.citibank.addc.ir/si_assetz/css/	1 MB 136 KB	565ms 564ms	Stylesheet text/css	136.243.102.120 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://www.citibank.addc.ir/si_assetz/css/styles.css Requested by Host: www.citibank.addc.ir URL: https://www.citibank.addc.ir/Login.php?sslchannel=true&sessionid=5PpkFpUBUG4Vonb9zSC3KRfLQEeknBjHjjdYfRKKL6Np943Fr9fAKdhOB4pP88QSreu90p8h2To4r4AuhemTLtkjvfa7gtIO2XGVhPMNTHVM8IkSqqxDfh3CS0nH9H2kc9 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 136.243.102.120 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.120.102.243.136.clients.your-server.de Software / Resource Hash `e082d79918d0ffbf647dc9fcc34607a1dbfddeb17c7028c4999a9a77d5d134da` Request headers accept-language de-DE,de;q=0.9 Referer https://www.citibank.addc.ir/Login.php?sslchannel=true&sessionid=5PpkFpUBUG4Vonb9zSC3KRfLQEeknBjHjjdYfRKKL6Np943Fr9fAKdhOB4pP88QSreu90p8h2To4r4AuhemTLtkjvfa7gtIO2XGVhPMNTHVM8IkSqqxDfh3CS0nH9H2kc9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Fri, 10 Jun 2022 01:26:12 GMT content-encoding br last-modified Sat, 18 Sep 2021 17:02:40 GMT vary Accept-Encoding content-type text/css cache-control public, max-age=604800 accept-ranges bytes content-length 139571 expires Fri, 17 Jun 2022 01:26:12 GMT
GET H2	200	login.css www.citibank.addc.ir/si_assetz/css/	347 KB 39 KB	565ms 564ms	Stylesheet text/css	136.243.102.120 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://www.citibank.addc.ir/si_assetz/css/login.css Requested by Host: www.citibank.addc.ir URL: https://www.citibank.addc.ir/Login.php?sslchannel=true&sessionid=5PpkFpUBUG4Vonb9zSC3KRfLQEeknBjHjjdYfRKKL6Np943Fr9fAKdhOB4pP88QSreu90p8h2To4r4AuhemTLtkjvfa7gtIO2XGVhPMNTHVM8IkSqqxDfh3CS0nH9H2kc9 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 136.243.102.120 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.120.102.243.136.clients.your-server.de Software / Resource Hash `84c41acc75f9b8fd185f3f0b98e9ed16c34879d48795c6fbe47ea5ca7033beee` Request headers accept-language de-DE,de;q=0.9 Referer https://www.citibank.addc.ir/Login.php?sslchannel=true&sessionid=5PpkFpUBUG4Vonb9zSC3KRfLQEeknBjHjjdYfRKKL6Np943Fr9fAKdhOB4pP88QSreu90p8h2To4r4AuhemTLtkjvfa7gtIO2XGVhPMNTHVM8IkSqqxDfh3CS0nH9H2kc9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Fri, 10 Jun 2022 01:26:12 GMT content-encoding br last-modified Sat, 18 Sep 2021 14:32:08 GMT vary Accept-Encoding content-type text/css cache-control public, max-age=604800 accept-ranges bytes content-length 39524 expires Fri, 17 Jun 2022 01:26:12 GMT
GET H2	200	jquery.js Show response www.citibank.addc.ir/si_assetz/js/	292 KB 81 KB	565ms 565ms	Script application/javascript	136.243.102.120 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://www.citibank.addc.ir/si_assetz/js/jquery.js Requested by Host: www.citibank.addc.ir URL: https://www.citibank.addc.ir/Login.php?sslchannel=true&sessionid=5PpkFpUBUG4Vonb9zSC3KRfLQEeknBjHjjdYfRKKL6Np943Fr9fAKdhOB4pP88QSreu90p8h2To4r4AuhemTLtkjvfa7gtIO2XGVhPMNTHVM8IkSqqxDfh3CS0nH9H2kc9 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 136.243.102.120 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.120.102.243.136.clients.your-server.de Software / Resource Hash `29223fdf1c42ac27b10aea5dcd02513f507a22a83ed8d03e5f6bb7f1c41daaaf` Request headers accept-language de-DE,de;q=0.9 Referer https://www.citibank.addc.ir/Login.php?sslchannel=true&sessionid=5PpkFpUBUG4Vonb9zSC3KRfLQEeknBjHjjdYfRKKL6Np943Fr9fAKdhOB4pP88QSreu90p8h2To4r4AuhemTLtkjvfa7gtIO2XGVhPMNTHVM8IkSqqxDfh3CS0nH9H2kc9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Fri, 10 Jun 2022 01:26:12 GMT content-encoding br last-modified Mon, 13 Sep 2021 19:16:16 GMT vary Accept-Encoding content-type application/javascript cache-control public, max-age=604800 accept-ranges bytes content-length 83225 expires Fri, 17 Jun 2022 01:26:12 GMT
GET H2	200	citilogoredesign.png www.citibank.addc.ir/si_assetz/img/	2 KB 2 KB	221ms 221ms	Image image/png	136.243.102.120 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.citibank.addc.ir/si_assetz/img/citilogoredesign.png Requested by Host: www.citibank.addc.ir URL: https://www.citibank.addc.ir/Login.php?sslchannel=true&sessionid=5PpkFpUBUG4Vonb9zSC3KRfLQEeknBjHjjdYfRKKL6Np943Fr9fAKdhOB4pP88QSreu90p8h2To4r4AuhemTLtkjvfa7gtIO2XGVhPMNTHVM8IkSqqxDfh3CS0nH9H2kc9 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 136.243.102.120 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.120.102.243.136.clients.your-server.de Software / Resource Hash `102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed` Request headers accept-language de-DE,de;q=0.9 Referer https://www.citibank.addc.ir/Login.php?sslchannel=true&sessionid=5PpkFpUBUG4Vonb9zSC3KRfLQEeknBjHjjdYfRKKL6Np943Fr9fAKdhOB4pP88QSreu90p8h2To4r4AuhemTLtkjvfa7gtIO2XGVhPMNTHVM8IkSqqxDfh3CS0nH9H2kc9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Fri, 10 Jun 2022 01:26:13 GMT cache-control public, max-age=604800 last-modified Sat, 18 Sep 2021 14:04:14 GMT accept-ranges bytes content-type image/png content-length 1799 expires Fri, 17 Jun 2022 01:26:13 GMT
GET H2	200	050-location2x.svg www.citibank.addc.ir/si_assetz/img/	2 KB 815 B	222ms 221ms	Image image/svg+xml	136.243.102.120 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.citibank.addc.ir/si_assetz/img/050-location2x.svg Requested by Host: www.citibank.addc.ir URL: https://www.citibank.addc.ir/Login.php?sslchannel=true&sessionid=5PpkFpUBUG4Vonb9zSC3KRfLQEeknBjHjjdYfRKKL6Np943Fr9fAKdhOB4pP88QSreu90p8h2To4r4AuhemTLtkjvfa7gtIO2XGVhPMNTHVM8IkSqqxDfh3CS0nH9H2kc9 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 136.243.102.120 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.120.102.243.136.clients.your-server.de Software / Resource Hash `6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b` Request headers accept-language de-DE,de;q=0.9 Referer https://www.citibank.addc.ir/Login.php?sslchannel=true&sessionid=5PpkFpUBUG4Vonb9zSC3KRfLQEeknBjHjjdYfRKKL6Np943Fr9fAKdhOB4pP88QSreu90p8h2To4r4AuhemTLtkjvfa7gtIO2XGVhPMNTHVM8IkSqqxDfh3CS0nH9H2kc9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Fri, 10 Jun 2022 01:26:13 GMT content-encoding br last-modified Sat, 18 Sep 2021 14:04:14 GMT vary Accept-Encoding content-type image/svg+xml cache-control public, max-age=604800 accept-ranges bytes content-length 701 expires Fri, 17 Jun 2022 01:26:13 GMT
GET H2	200	icon_globe_med-grey2x.svg www.citibank.addc.ir/si_assetz/img/	3 KB 1 KB	327ms 327ms	Image image/svg+xml	136.243.102.120 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.citibank.addc.ir/si_assetz/img/icon_globe_med-grey2x.svg Requested by Host: www.citibank.addc.ir URL: https://www.citibank.addc.ir/Login.php?sslchannel=true&sessionid=5PpkFpUBUG4Vonb9zSC3KRfLQEeknBjHjjdYfRKKL6Np943Fr9fAKdhOB4pP88QSreu90p8h2To4r4AuhemTLtkjvfa7gtIO2XGVhPMNTHVM8IkSqqxDfh3CS0nH9H2kc9 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 136.243.102.120 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.120.102.243.136.clients.your-server.de Software / Resource Hash `a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f` Request headers accept-language de-DE,de;q=0.9 Referer https://www.citibank.addc.ir/Login.php?sslchannel=true&sessionid=5PpkFpUBUG4Vonb9zSC3KRfLQEeknBjHjjdYfRKKL6Np943Fr9fAKdhOB4pP88QSreu90p8h2To4r4AuhemTLtkjvfa7gtIO2XGVhPMNTHVM8IkSqqxDfh3CS0nH9H2kc9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Fri, 10 Jun 2022 01:26:13 GMT content-encoding br last-modified Sat, 18 Sep 2021 14:04:14 GMT vary Accept-Encoding content-type image/svg+xml cache-control public, max-age=604800 accept-ranges bytes content-length 1371 expires Fri, 17 Jun 2022 01:26:13 GMT
GET H2	200	320_Citi-PLT3x.png www.citibank.addc.ir/si_assetz/img/	11 KB 11 KB	347ms 346ms	Image image/png	136.243.102.120 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.citibank.addc.ir/si_assetz/img/320_Citi-PLT3x.png Requested by Host: www.citibank.addc.ir URL: https://www.citibank.addc.ir/Login.php?sslchannel=true&sessionid=5PpkFpUBUG4Vonb9zSC3KRfLQEeknBjHjjdYfRKKL6Np943Fr9fAKdhOB4pP88QSreu90p8h2To4r4AuhemTLtkjvfa7gtIO2XGVhPMNTHVM8IkSqqxDfh3CS0nH9H2kc9 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 136.243.102.120 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.120.102.243.136.clients.your-server.de Software / Resource Hash `f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631` Request headers accept-language de-DE,de;q=0.9 Referer https://www.citibank.addc.ir/Login.php?sslchannel=true&sessionid=5PpkFpUBUG4Vonb9zSC3KRfLQEeknBjHjjdYfRKKL6Np943Fr9fAKdhOB4pP88QSreu90p8h2To4r4AuhemTLtkjvfa7gtIO2XGVhPMNTHVM8IkSqqxDfh3CS0nH9H2kc9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Fri, 10 Jun 2022 01:26:13 GMT cache-control public, max-age=604800 last-modified Sat, 18 Sep 2021 14:04:14 GMT accept-ranges bytes content-type image/png content-length 11562 expires Fri, 17 Jun 2022 01:26:13 GMT
GET H2	200	1440_Citi-PLT3x.png www.citibank.addc.ir/si_assetz/img/	27 KB 28 KB	348ms 347ms	Image image/png	136.243.102.120 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.citibank.addc.ir/si_assetz/img/1440_Citi-PLT3x.png Requested by Host: www.citibank.addc.ir URL: https://www.citibank.addc.ir/Login.php?sslchannel=true&sessionid=5PpkFpUBUG4Vonb9zSC3KRfLQEeknBjHjjdYfRKKL6Np943Fr9fAKdhOB4pP88QSreu90p8h2To4r4AuhemTLtkjvfa7gtIO2XGVhPMNTHVM8IkSqqxDfh3CS0nH9H2kc9 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 136.243.102.120 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.120.102.243.136.clients.your-server.de Software / Resource Hash `6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452` Request headers accept-language de-DE,de;q=0.9 Referer https://www.citibank.addc.ir/Login.php?sslchannel=true&sessionid=5PpkFpUBUG4Vonb9zSC3KRfLQEeknBjHjjdYfRKKL6Np943Fr9fAKdhOB4pP88QSreu90p8h2To4r4AuhemTLtkjvfa7gtIO2XGVhPMNTHVM8IkSqqxDfh3CS0nH9H2kc9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Fri, 10 Jun 2022 01:26:13 GMT cache-control public, max-age=604800 last-modified Sat, 18 Sep 2021 14:04:14 GMT accept-ranges bytes content-type image/png content-length 28149 expires Fri, 17 Jun 2022 01:26:13 GMT
GET H2	200	Interstate-Light.woff www.citibank.addc.ir/si_assetz/fonts/	74 KB 74 KB	202ms 202ms	Font font/woff	136.243.102.120 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://www.citibank.addc.ir/si_assetz/fonts/Interstate-Light.woff Requested by Host: www.citibank.addc.ir URL: https://www.citibank.addc.ir/si_assetz/css/login.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 136.243.102.120 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.120.102.243.136.clients.your-server.de Software / Resource Hash `f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296` Request headers Referer https://www.citibank.addc.ir/si_assetz/css/login.css Origin https://www.citibank.addc.ir accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Fri, 10 Jun 2022 01:26:13 GMT cache-control public, max-age=604800 last-modified Sat, 18 Sep 2021 14:19:46 GMT accept-ranges bytes content-type font/woff content-length 75538 expires Fri, 17 Jun 2022 01:26:13 GMT
GET H2	200	LSO_4959.jpg www.citibank.addc.ir/si_assetz/img/	171 KB 171 KB	283ms 282ms	Image image/jpeg	136.243.102.120 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.citibank.addc.ir/si_assetz/img/LSO_4959.jpg Requested by Host: www.citibank.addc.ir URL: https://www.citibank.addc.ir/Login.php?sslchannel=true&sessionid=5PpkFpUBUG4Vonb9zSC3KRfLQEeknBjHjjdYfRKKL6Np943Fr9fAKdhOB4pP88QSreu90p8h2To4r4AuhemTLtkjvfa7gtIO2XGVhPMNTHVM8IkSqqxDfh3CS0nH9H2kc9 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 136.243.102.120 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.120.102.243.136.clients.your-server.de Software / Resource Hash `48e89b7e40e096b89d864a5c8ee340ce44ca60fe9675310ef2f3f40a53a7d593` Request headers accept-language de-DE,de;q=0.9 Referer https://www.citibank.addc.ir/Login.php?sslchannel=true&sessionid=5PpkFpUBUG4Vonb9zSC3KRfLQEeknBjHjjdYfRKKL6Np943Fr9fAKdhOB4pP88QSreu90p8h2To4r4AuhemTLtkjvfa7gtIO2XGVhPMNTHVM8IkSqqxDfh3CS0nH9H2kc9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Fri, 10 Jun 2022 01:26:13 GMT cache-control public, max-age=604800 last-modified Sat, 18 Sep 2021 14:19:56 GMT accept-ranges bytes content-type image/jpeg content-length 174933 expires Fri, 17 Jun 2022 01:26:13 GMT
GET H2	200	Interstate-Bold.woff www.citibank.addc.ir/si_assetz/fonts/	70 KB 70 KB	176ms 176ms	Font font/woff	136.243.102.120 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://www.citibank.addc.ir/si_assetz/fonts/Interstate-Bold.woff Requested by Host: www.citibank.addc.ir URL: https://www.citibank.addc.ir/si_assetz/css/login.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 136.243.102.120 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.120.102.243.136.clients.your-server.de Software / Resource Hash `e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7` Request headers Referer https://www.citibank.addc.ir/si_assetz/css/login.css Origin https://www.citibank.addc.ir accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers date Fri, 10 Jun 2022 01:26:13 GMT cache-control public, max-age=604800 last-modified Sat, 18 Sep 2021 14:19:40 GMT accept-ranges bytes content-type font/woff content-length 71874 expires Fri, 17 Jun 2022 01:26:13 GMT
GET H2	404	Citi-Branding-Sprite.png www.citibank.addc.ir/si_assetz/css/cbol-pre-login-static-assets/citi-branding-assets/images/	708 B 708 B	273ms 272ms	Image text/html	136.243.102.120 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.citibank.addc.ir/si_assetz/css/cbol-pre-login-static-assets/citi-branding-assets/images/Citi-Branding-Sprite.png Requested by Host: www.citibank.addc.ir URL: https://www.citibank.addc.ir/si_assetz/css/login.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 136.243.102.120 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.120.102.243.136.clients.your-server.de Software / Resource Hash `37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa` Request headers accept-language de-DE,de;q=0.9 Referer https://www.citibank.addc.ir/si_assetz/css/login.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers pragma no-cache date Fri, 10 Jun 2022 01:26:13 GMT cache-control private, no-cache, no-store, must-revalidate, max-age=0 content-length 708 content-type text/html
GET H2	404	Appstore-Googleplay-JDPower-Sprite.png www.citibank.addc.ir/si_assetz/css/cbol-pre-login-static-assets/citi-branding-assets/images/	708 B 708 B	272ms 272ms	Image text/html	136.243.102.120 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.citibank.addc.ir/si_assetz/css/cbol-pre-login-static-assets/citi-branding-assets/images/Appstore-Googleplay-JDPower-Sprite.png Requested by Host: www.citibank.addc.ir URL: https://www.citibank.addc.ir/si_assetz/css/login.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 136.243.102.120 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.120.102.243.136.clients.your-server.de Software / Resource Hash `37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa` Request headers accept-language de-DE,de;q=0.9 Referer https://www.citibank.addc.ir/si_assetz/css/login.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers pragma no-cache date Fri, 10 Jun 2022 01:26:13 GMT cache-control private, no-cache, no-store, must-revalidate, max-age=0 content-length 708 content-type text/html
GET H2	404	social-media_facebook@3x.png www.citibank.addc.ir/si_assetz/css/cbol-pre-login-static-assets/citi-branding-assets/images/	708 B 708 B	274ms 273ms	Image text/html	136.243.102.120 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.citibank.addc.ir/si_assetz/css/cbol-pre-login-static-assets/citi-branding-assets/images/social-media_facebook@3x.png Requested by Host: www.citibank.addc.ir URL: https://www.citibank.addc.ir/si_assetz/css/login.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 136.243.102.120 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.120.102.243.136.clients.your-server.de Software / Resource Hash `37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa` Request headers accept-language de-DE,de;q=0.9 Referer https://www.citibank.addc.ir/si_assetz/css/login.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers pragma no-cache date Fri, 10 Jun 2022 01:26:13 GMT cache-control private, no-cache, no-store, must-revalidate, max-age=0 content-length 708 content-type text/html
GET H2	404	social-media_twitter@3x.png www.citibank.addc.ir/si_assetz/css/cbol-pre-login-static-assets/citi-branding-assets/images/	708 B 708 B	274ms 274ms	Image text/html	136.243.102.120 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.citibank.addc.ir/si_assetz/css/cbol-pre-login-static-assets/citi-branding-assets/images/social-media_twitter@3x.png Requested by Host: www.citibank.addc.ir URL: https://www.citibank.addc.ir/si_assetz/css/login.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 136.243.102.120 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.120.102.243.136.clients.your-server.de Software / Resource Hash `37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa` Request headers accept-language de-DE,de;q=0.9 Referer https://www.citibank.addc.ir/si_assetz/css/login.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers pragma no-cache date Fri, 10 Jun 2022 01:26:13 GMT cache-control private, no-cache, no-store, must-revalidate, max-age=0 content-length 708 content-type text/html
GET H2	404	social-media_youtube@3x.png www.citibank.addc.ir/si_assetz/css/cbol-pre-login-static-assets/citi-branding-assets/images/	708 B 708 B	273ms 272ms	Image text/html	136.243.102.120 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.citibank.addc.ir/si_assetz/css/cbol-pre-login-static-assets/citi-branding-assets/images/social-media_youtube@3x.png Requested by Host: www.citibank.addc.ir URL: https://www.citibank.addc.ir/si_assetz/css/login.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 136.243.102.120 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.120.102.243.136.clients.your-server.de Software / Resource Hash `37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa` Request headers accept-language de-DE,de;q=0.9 Referer https://www.citibank.addc.ir/si_assetz/css/login.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36 Response headers pragma no-cache date Fri, 10 Jun 2022 01:26:13 GMT cache-control private, no-cache, no-store, must-revalidate, max-age=0 content-length 708 content-type text/html

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citibank (Banking)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.citibank.addc.ir/	1969-12-31 23:59:59	Name: PHPSESSID Value: e287b5413e8b8824b338e7e5d0a5fe09

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.citibank.addc.ir/si_assetz/css/cbol-pre-login-static-assets/citi-branding-assets/images/Appstore-Googleplay-JDPower-Sprite.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.citibank.addc.ir/si_assetz/css/cbol-pre-login-static-assets/citi-branding-assets/images/Citi-Branding-Sprite.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.citibank.addc.ir/si_assetz/css/cbol-pre-login-static-assets/citi-branding-assets/images/social-media_youtube@3x.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.citibank.addc.ir/si_assetz/css/cbol-pre-login-static-assets/citi-branding-assets/images/social-media_facebook@3x.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.citibank.addc.ir/si_assetz/css/cbol-pre-login-static-assets/citi-branding-assets/images/social-media_twitter@3x.png Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.citibank.addc.ir
136.243.102.120
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed
29223fdf1c42ac27b10aea5dcd02513f507a22a83ed8d03e5f6bb7f1c41daaaf
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
48e89b7e40e096b89d864a5c8ee340ce44ca60fe9675310ef2f3f40a53a7d593
6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b
673d617af44cae4f2e95b04b526eafd3dbba50b186c0e62264978fdc557bd039
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452
84c41acc75f9b8fd185f3f0b98e9ed16c34879d48795c6fbe47ea5ca7033beee
a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f
e082d79918d0ffbf647dc9fcc34607a1dbfddeb17c7028c4999a9a77d5d134da
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296
f378974fe6a831ae2f48d9191ea74eb21877d4964d5eedbc2810d8756ed13631

www.citibank.addc.ir Open in urlscan Pro 136.243.102.120 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

630 kBTransfer

2393 kBSize

1 Cookies

34 Outgoing links

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

1 Cookies

5 Console Messages

Indicators

www.citibank.addc.ir Open in urlscan Pro
136.243.102.120 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

630 kB
Transfer

2393 kB
Size

1
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!