urlscan.io logo urlscan.io
SecurityTrails logo

wealthplannerondevices8.citigroup.com Open in urlscan Pro
192.193.157.64  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://wealthplannerondevices8.citigroup.com/
Effective URL: https://wealthplannerondevices8.citigroup.com/sminfoagent/forms/login.fcc?TYPE=33554432&REALMOID=06-fb0d7092-3cf3-10a6-882f-83f956b10000&GUID=...
Submission Tags: @phishunt_io
Submission: On June 13 via api from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 3 HTTP transactions. The main IP is 192.193.157.64, located in United States and belongs to CITI5, US. The main domain is wealthplannerondevices8.citigroup.com.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on August 6th 2022. Valid for: a year.
This is the only time wealthplannerondevices8.citigroup.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 4 192.193.157.64 2912 (CITI5)
3 1
Apex Domain
Subdomains		 Transfer
4 citigroup.com
wealthplannerondevices8.citigroup.com
426 KB
3 1
Domain Requested by
4 wealthplannerondevices8.citigroup.com 1 redirects wealthplannerondevices8.citigroup.com
3 1

This site contains no links.

Subject Issuer Validity Valid
wealthplannerondevices8.citigroup.com
DigiCert SHA2 Extended Validation Server CA		 2022-08-06 -
2023-08-08		 a year crt.sh

This page contains 1 frames:

Primary Page: https://wealthplannerondevices8.citigroup.com/sminfoagent/forms/login.fcc?TYPE=33554432&REALMOID=06-fb0d7092-3cf3-10a6-882f-83f956b10000&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=dqITo5IQooVoozD205Hrihuo0FZu09kCDCFaWyW63yBZP8pq4OYTQ6rjebNjQRubcyt3h1Q3Jd39uaPGIMgzThpPlem2RRPx&TARGET=-SM-%2f
Frame ID: 773BA389608769C95949698F32E8008A
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Citiplanner Remarkable

Page URL History Show full URLs

  1. https://wealthplannerondevices8.citigroup.com/ HTTP 302
    https://wealthplannerondevices8.citigroup.com/sminfoagent/forms/login.fcc?TYPE=33554432&REALMOID=06-fb0d7092-3cf3-10a6-882... Page URL

Page Statistics

3
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

426 kB
Transfer

428 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://wealthplannerondevices8.citigroup.com/ HTTP 302
    https://wealthplannerondevices8.citigroup.com/sminfoagent/forms/login.fcc?TYPE=33554432&REALMOID=06-fb0d7092-3cf3-10a6-882f-83f956b10000&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=dqITo5IQooVoozD205Hrihuo0FZu09kCDCFaWyW63yBZP8pq4OYTQ6rjebNjQRubcyt3h1Q3Jd39uaPGIMgzThpPlem2RRPx&TARGET=-SM-%2f Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login.fcc
wealthplannerondevices8.citigroup.com/sminfoagent/forms/
Redirect Chain
  • https://wealthplannerondevices8.citigroup.com/
  • https://wealthplannerondevices8.citigroup.com/sminfoagent/forms/login.fcc?TYPE=33554432&REALMOID=06-fb0d7092-3cf3-10a6-882f-83f956b10000&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=dqITo5IQooVoozD2...
12 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://wealthplannerondevices8.citigroup.com/sminfoagent/forms/login.fcc?TYPE=33554432&REALMOID=06-fb0d7092-3cf3-10a6-882f-83f956b10000&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=dqITo5IQooVoozD205Hrihuo0FZu09kCDCFaWyW63yBZP8pq4OYTQ6rjebNjQRubcyt3h1Q3Jd39uaPGIMgzThpPlem2RRPx&TARGET=-SM-%2f
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.193.157.64 , United States, ASN2912 (CITI5, US),
Reverse DNS
Software
/
Resource Hash
e18e338ed120cc167cc6c9a49483e9c338057204a14ba04733836a5dfa35b9ec

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store
Connection
Keep-Alive
Content-Type
text/html; charset=iso-8859-1
Date
Tue, 13 Jun 2023 18:02:30 GMT
Keep-Alive
timeout=5, max=499
Transfer-Encoding
chunked

Redirect headers

Cache-Control
no-store
Connection
Keep-Alive
Content-Length
455
Content-Type
text/html; charset=iso-8859-1
Date
Tue, 13 Jun 2023 18:02:30 GMT
Keep-Alive
timeout=5, max=500
Location
/sminfoagent/forms/login.fcc?TYPE=33554432&REALMOID=06-fb0d7092-3cf3-10a6-882f-83f956b10000&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=dqITo5IQooVoozD205Hrihuo0FZu09kCDCFaWyW63yBZP8pq4OYTQ6rjebNjQRubcyt3h1Q3Jd39uaPGIMgzThpPlem2RRPx&TARGET=-SM-%2f
login_bg.jpg
wealthplannerondevices8.citigroup.com/sminfoagent/forms/img/ 		415 KB
412 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wealthplannerondevices8.citigroup.com/sminfoagent/forms/img/login_bg.jpg
Requested by
Host: wealthplannerondevices8.citigroup.com
URL: https://wealthplannerondevices8.citigroup.com/sminfoagent/forms/login.fcc?TYPE=33554432&REALMOID=06-fb0d7092-3cf3-10a6-882f-83f956b10000&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=dqITo5IQooVoozD205Hrihuo0FZu09kCDCFaWyW63yBZP8pq4OYTQ6rjebNjQRubcyt3h1Q3Jd39uaPGIMgzThpPlem2RRPx&TARGET=-SM-%2f
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.193.157.64 , United States, ASN2912 (CITI5, US),
Reverse DNS
Software
/
Resource Hash
582ffa57bba197f40015ca1ae48495c0d0a0c03594300c2e96922703e153620e
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wealthplannerondevices8.citigroup.com/sminfoagent/forms/login.fcc?TYPE=33554432&REALMOID=06-fb0d7092-3cf3-10a6-882f-83f956b10000&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=dqITo5IQooVoozD205Hrihuo0FZu09kCDCFaWyW63yBZP8pq4OYTQ6rjebNjQRubcyt3h1Q3Jd39uaPGIMgzThpPlem2RRPx&TARGET=-SM-%2f
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Tue, 13 Jun 2023 18:02:30 GMT
Content-Encoding
gzip
Last-Modified
Sat, 21 May 2016 04:22:25 GMT
ETag
"43008-67a8b-533528dece240"
Vary
Accept-Encoding,User-Agent
X-Frame-Options
SAMEORIGIN
P3P
CP="STA NAV PRE UNI TAI ADM DEV CUR OUR NOR STP DSP CAO CONo"
Transfer-Encoding
chunked
Content-Type
image/jpeg
Cache-Control
max-age=604800 must-revalidate
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=498
X-UA-Compatible
IE=Edge
downArrow.svg
wealthplannerondevices8.citigroup.com/sminfoagent/forms/img/ 		515 B
813 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wealthplannerondevices8.citigroup.com/sminfoagent/forms/img/downArrow.svg
Requested by
Host: wealthplannerondevices8.citigroup.com
URL: https://wealthplannerondevices8.citigroup.com/sminfoagent/forms/login.fcc?TYPE=33554432&REALMOID=06-fb0d7092-3cf3-10a6-882f-83f956b10000&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=dqITo5IQooVoozD205Hrihuo0FZu09kCDCFaWyW63yBZP8pq4OYTQ6rjebNjQRubcyt3h1Q3Jd39uaPGIMgzThpPlem2RRPx&TARGET=-SM-%2f
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.193.157.64 , United States, ASN2912 (CITI5, US),
Reverse DNS
Software
/
Resource Hash
e6b7aa2e25235ffc3bb44af8d1c0914ea3b1d42405b3e4dd569c513e951dc80b
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://wealthplannerondevices8.citigroup.com/sminfoagent/forms/login.fcc?TYPE=33554432&REALMOID=06-fb0d7092-3cf3-10a6-882f-83f956b10000&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=dqITo5IQooVoozD205Hrihuo0FZu09kCDCFaWyW63yBZP8pq4OYTQ6rjebNjQRubcyt3h1Q3Jd39uaPGIMgzThpPlem2RRPx&TARGET=-SM-%2f
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Tue, 13 Jun 2023 18:02:31 GMT
Content-Encoding
gzip
Last-Modified
Sat, 21 May 2016 04:22:49 GMT
ETag
"4300a-203-533528f5b1840"
Vary
Accept-Encoding,User-Agent
X-Frame-Options
SAMEORIGIN
P3P
CP="STA NAV PRE UNI TAI ADM DEV CUR OUR NOR STP DSP CAO CONo"
Content-Type
image/svg+xml
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=500
Content-Length
369
X-UA-Compatible
IE=Edge

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend function| resetCredFields function| submitForm

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

wealthplannerondevices8.citigroup.com
192.193.157.64
582ffa57bba197f40015ca1ae48495c0d0a0c03594300c2e96922703e153620e
e18e338ed120cc167cc6c9a49483e9c338057204a14ba04733836a5dfa35b9ec
e6b7aa2e25235ffc3bb44af8d1c0914ea3b1d42405b3e4dd569c513e951dc80b