URL: http://naphotography.co.za/83d2/journal/citi/
Submission: On October 03 via manual from ZA

Summary

This website contacted 3 IPs in 3 countries across 5 domains to perform 17 HTTP transactions.
The main IP is 196.25.211.127, located in South Africa and belongs to SAIX-NET, ZA. The main domain is naphotography.co.za.
This is the first time this domain was scanned on urlscan.io!

Verdict: Malicious (Score: 100/100) Show Details

  • urlscan - Score: 100
    phishing
    Phishing against Citibank (Banking)
  • googlesafebrowsing - Score: 100 (1 resources matched) -
    social_engineering

Domain & IP information

IP Address AS Autonomous System
1 196.25.211.127 5713 (SAIX-NET)
16 31 104.111.235.119 16625 (AKAMAI-AS)
1 1 104.109.65.248 20940 (AKAMAI-ASN1)
1 2.16.123.117 20940 (AKAMAI-ASN1)
17 3
Domain
Subdomains
Transfer
16 citibank.com
2 KB
15 citi.com
174 KB
1 bridgetrack.com
12 KB
1 abmr.net
694 B
1 co.za
208 KB
17 5
Domain Requested by
16 online.citibank.com 16 redirects
15 online.citi.com naphotography.co.za
1 sec-citi.bridgetrack.com naphotography.co.za
1 ak1s.abmr.net 1 redirects
1 naphotography.co.za
17 5
Subject / Issuer Validity Valid
online.citibank.com
DigiCert SHA2 Extended Validation Server CA
2018-03-14 -
2020-05-14
2 years
*.bridgetrack.com
DigiCert SHA2 Secure Server CA
2018-11-19 -
2020-02-18
a year

Screenshot


Detected technologies

Web
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i


Stats

0
Requests

0
Ad-blocked

0
Malicious

0 %
HTTPS

0 %
IPv6

0
Domains

0
Subdomains

0
IPs

0
Countries

0 kB
Transfer

0 kB
Size

0
Cookies

17 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
/83d2/journal/citi
207 KB
208 KB
Document
General
Full URL
http://naphotography.co.za/83d2/journal/citi/
Protocol
HTTP/1.1
Server
196.25.211.127 , South Africa, ASN5713 (SAIX-NET, ZA),
Reverse DNS
Software
Apache / PleskLin
Resource Hash
627479d52cffabd6804db919203d6917e4b4589f69d5ba20105d944cf8773c85

Request headers

Host
naphotography.co.za
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 03 Oct 2019 18:02:56 GMT
Server
Apache
Last-Modified
Thu, 14 Feb 2019 00:54:50 GMT
ETag
"162798f-33dfb-581d01b044a80"
Accept-Ranges
bytes
Content-Length
212475
X-Powered-By
PleskLin
Connection
close
Content-Type
text/html
bg-marketing-banner.jpg
online.citi.com/GFC/branding/img
Redirect Chain
  • https://online.citibank.com/GFC/branding/img/bg-marketing-banner.jpg
  • https://online.citi.com/GFC/branding/img/bg-marketing-banner.jpg
5 KB
5 KB
Image
General
Full URL
https://online.citi.com/GFC/branding/img/bg-marketing-banner.jpg
Requested by
Host: naphotography.co.za
URL: http://naphotography.co.za/83d2/journal/citi/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
b47060147f820f4721134724e1a38cab5fcc6960091389f6b4587769c4d2c313
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://naphotography.co.za/83d2/journal/citi/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=300
last-modified
Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite
SWDC
date
Thu, 03 Oct 2019 18:03:42 GMT
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
accept-ranges
bytes
content-type
image/jpeg
content-length
4857

Redirect headers

status
301
date
Thu, 03 Oct 2019 18:03:42 GMT
server
AkamaiGHost
content-length
0
location
https://online.citi.com/GFC/branding/img/bg-marketing-banner.jpg
horizontal_sprite.png
online.citi.com/JRS/images/sprites
Redirect Chain
  • https://online.citibank.com/JRS/images/sprites/horizontal_sprite.png
  • https://online.citi.com/JRS/images/sprites/horizontal_sprite.png
2 KB
2 KB
Image
General
Full URL
https://online.citi.com/JRS/images/sprites/horizontal_sprite.png
Requested by
Host: naphotography.co.za
URL: http://naphotography.co.za/83d2/journal/citi/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
ebfc2c05f2e7ed45312d73e19ac568bb5644196bf592af3a54ac7a8d26d7d012
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://naphotography.co.za/83d2/journal/citi/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=300
last-modified
Tue, 12 Sep 2017 17:16:57 GMT
x-akamai-citisite
GTDC
date
Thu, 03 Oct 2019 18:03:42 GMT
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
accept-ranges
bytes
content-type
image/png
content-length
1544

Redirect headers

status
301
date
Thu, 03 Oct 2019 18:03:42 GMT
server
AkamaiGHost
content-length
0
location
https://online.citi.com/JRS/images/sprites/horizontal_sprite.png
global_sprite.png
online.citi.com/JFP/images
Redirect Chain
  • https://online.citibank.com/JFP/images/global_sprite.png
  • https://online.citi.com/JFP/images/global_sprite.png
6 KB
6 KB
Image
General
Full URL
https://online.citi.com/JFP/images/global_sprite.png
Requested by
Host: naphotography.co.za
URL: http://naphotography.co.za/83d2/journal/citi/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
5afcdfea737deff383e30811d357bf0a93c818b0495cb0e3194b5b87bfda0cb4
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://naphotography.co.za/83d2/journal/citi/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=300
last-modified
Wed, 14 Jun 2017 18:32:08 GMT
x-akamai-citisite
GTDC
date
Thu, 03 Oct 2019 18:03:42 GMT
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
accept-ranges
bytes
content-type
image/png
content-length
5751

Redirect headers

status
301
date
Thu, 03 Oct 2019 18:03:42 GMT
server
AkamaiGHost
content-length
0
location
https://online.citi.com/JFP/images/global_sprite.png
citilogo_branding_60x35.png
online.citi.com/GFC/branding/img
Redirect Chain
  • https://online.citibank.com/GFC/branding/img/citilogo_branding_60x35.png
  • https://online.citi.com/GFC/branding/img/citilogo_branding_60x35.png
3 KB
3 KB
Image
General
Full URL
https://online.citi.com/GFC/branding/img/citilogo_branding_60x35.png
Requested by
Host: naphotography.co.za
URL: http://naphotography.co.za/83d2/journal/citi/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
f1c635c4782fce1eef7290194a81f790b0dc0655c6eafdc43eb1498fd6b10295
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://naphotography.co.za/83d2/journal/citi/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=300
last-modified
Tue, 12 Sep 2017 17:16:57 GMT
x-akamai-citisite
GTDC
date
Thu, 03 Oct 2019 18:03:42 GMT
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
accept-ranges
bytes
content-type
image/png
content-length
2618

Redirect headers

status
301
date
Thu, 03 Oct 2019 18:03:42 GMT
server
AkamaiGHost
content-length
0
location
https://online.citi.com/GFC/branding/img/citilogo_branding_60x35.png
megamenu_v.png
online.citi.com/GFC/branding/img
Redirect Chain
  • https://online.citibank.com/GFC/branding/img/megamenu_v.png
  • https://online.citi.com/GFC/branding/img/megamenu_v.png
311 B
520 B
Image
General
Full URL
https://online.citi.com/GFC/branding/img/megamenu_v.png
Requested by
Host: naphotography.co.za
URL: http://naphotography.co.za/83d2/journal/citi/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
63db960cff2adb16c9e8b460d6b0c359e0d304ec94009e5b250bc2d00179d97e
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://naphotography.co.za/83d2/journal/citi/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=300
last-modified
Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite
GTDC
date
Thu, 03 Oct 2019 18:03:43 GMT
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
accept-ranges
bytes
content-type
image/png
content-length
311

Redirect headers

status
301
date
Thu, 03 Oct 2019 18:03:43 GMT
server
AkamaiGHost
content-length
0
location
https://online.citi.com/GFC/branding/img/megamenu_v.png
megamenu_tile.gif
online.citi.com/GFC/branding/img
Redirect Chain
  • https://online.citibank.com/GFC/branding/img/megamenu_tile.gif
  • https://online.citi.com/GFC/branding/img/megamenu_tile.gif
99 B
308 B
Image
General
Full URL
https://online.citi.com/GFC/branding/img/megamenu_tile.gif
Requested by
Host: naphotography.co.za
URL: http://naphotography.co.za/83d2/journal/citi/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
d3d0d1cacd6a06a79de03d0697bb8c1f253a72f1d5bd4d87b998e86d8a4323f8
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://naphotography.co.za/83d2/journal/citi/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=300
last-modified
Tue, 12 Sep 2017 17:12:07 GMT
x-akamai-citisite
GTDC
date
Thu, 03 Oct 2019 18:03:44 GMT
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
accept-ranges
bytes
content-type
image/gif
content-length
99

Redirect headers

status
301
date
Thu, 03 Oct 2019 18:03:44 GMT
server
AkamaiGHost
content-length
0
location
https://online.citi.com/GFC/branding/img/megamenu_tile.gif
megamenu_h.png
online.citi.com/GFC/branding/img
Redirect Chain
  • https://online.citibank.com/GFC/branding/img/megamenu_h.png
  • https://online.citi.com/GFC/branding/img/megamenu_h.png
2 KB
2 KB
Image
General
Full URL
https://online.citi.com/GFC/branding/img/megamenu_h.png
Requested by
Host: naphotography.co.za
URL: http://naphotography.co.za/83d2/journal/citi/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
087f1162917d4e7e37ba1b30bed04dde0a358309932ca4519c26b57f14c9afbb
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://naphotography.co.za/83d2/journal/citi/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=300
last-modified
Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite
SWDC
date
Thu, 03 Oct 2019 18:03:44 GMT
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
accept-ranges
bytes
content-type
image/png
content-length
1805

Redirect headers

status
301
date
Thu, 03 Oct 2019 18:03:44 GMT
server
AkamaiGHost
content-length
0
location
https://online.citi.com/GFC/branding/img/megamenu_h.png
bottom-shade.png
online.citi.com/JRS/images
Redirect Chain
  • https://online.citibank.com/JRS/images/bottom-shade.png
  • https://online.citi.com/JRS/images/bottom-shade.png
1 KB
1 KB
Image
General
Full URL
https://online.citi.com/JRS/images/bottom-shade.png
Requested by
Host: naphotography.co.za
URL: http://naphotography.co.za/83d2/journal/citi/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e7e2072bba9c55af8da06e0205da3c83d79f14999215b35ecbe374661bbce0a9
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://naphotography.co.za/83d2/journal/citi/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=300
last-modified
Tue, 12 Sep 2017 17:12:06 GMT
x-akamai-citisite
GTDC
date
Thu, 03 Oct 2019 18:03:44 GMT
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
accept-ranges
bytes
content-type
image/png
content-length
1210

Redirect headers

status
301
date
Thu, 03 Oct 2019 18:03:44 GMT
server
AkamaiGHost
content-length
0
location
https://online.citi.com/JRS/images/bottom-shade.png
LargeWhiteCarat.png?01AD=3pBYTYXmoMk8HIggYu9eTTuRuH7e6N2BbHYA9-K8uE4aEZjPy4UmNhQ&01RI=929AC263336A9F1&01NA=na
online.citi.com/JRS/images
Redirect Chain
  • https://online.citibank.com/JRS/images/LargeWhiteCarat.png
  • https://ak1s.abmr.net/is/online.citibank.com?U=/JRS/images/LargeWhiteCarat.png&V=3-HKOSkVl0k+iA01yGv47Oey9Zyx5frhqKzlotlD5X8+Kr%2fTn%2fYjqqEg%3d%3d&I=929AC263336A9F1&D=citibank.com&01AD=1&
  • https://online.citibank.com/JRS/images/LargeWhiteCarat.png?01AD=3pBYTYXmoMk8HIggYu9eTTuRuH7e6N2BbHYA9-K8uE4aEZjPy4UmNhQ&01RI=929AC263336A9F1&01NA=na
  • https://online.citi.com/JRS/images/LargeWhiteCarat.png?01AD=3pBYTYXmoMk8HIggYu9eTTuRuH7e6N2BbHYA9-K8uE4aEZjPy4UmNhQ&01RI=929AC263336A9F1&01NA=na
1 KB
1 KB
Image
General
Full URL
https://online.citi.com/JRS/images/LargeWhiteCarat.png?01AD=3pBYTYXmoMk8HIggYu9eTTuRuH7e6N2BbHYA9-K8uE4aEZjPy4UmNhQ&01RI=929AC263336A9F1&01NA=na
Requested by
Host: naphotography.co.za
URL: http://naphotography.co.za/83d2/journal/citi/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fa6ab1707c10bef9b88e40f1393c30ff825b712e9ab7894aa6436f3a6bca15f8
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://naphotography.co.za/83d2/journal/citi/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=300
last-modified
Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite
SWDC
date
Thu, 03 Oct 2019 18:03:44 GMT
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
accept-ranges
bytes
content-type
image/png
content-length
1131

Redirect headers

status
301
date
Thu, 03 Oct 2019 18:03:44 GMT
server
AkamaiGHost
content-length
0
location
https://online.citi.com/JRS/images/LargeWhiteCarat.png?01AD=3pBYTYXmoMk8HIggYu9eTTuRuH7e6N2BbHYA9-K8uE4aEZjPy4UmNhQ&01RI=929AC263336A9F1&01NA=na
p3p
CP="NON DSP ADM DEV PSD OUR IND STP PHY PRE NAV UNI"
mktbgEN9.jpg
online.citi.com/JRS/images
Redirect Chain
  • https://online.citibank.com/JRS/images/mktbgEN9.jpg
  • https://online.citi.com/JRS/images/mktbgEN9.jpg
107 KB
107 KB
Image
General
Full URL
https://online.citi.com/JRS/images/mktbgEN9.jpg
Requested by
Host: naphotography.co.za
URL: http://naphotography.co.za/83d2/journal/citi/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e77d37ad2371f1b1c13192c69c795d3b8b2e0a9b463b6e465cfa39aed4933d56
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://naphotography.co.za/83d2/journal/citi/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=300
last-modified
Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite
SWDC
date
Thu, 03 Oct 2019 18:03:44 GMT
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
accept-ranges
bytes
content-type
image/jpeg
content-length
109332

Redirect headers

status
301
date
Thu, 03 Oct 2019 18:03:44 GMT
server
AkamaiGHost
content-length
0
location
https://online.citi.com/JRS/images/mktbgEN9.jpg
content_sprite.png
online.citi.com/JRS/images/sprites
Redirect Chain
  • https://online.citibank.com/JRS/images/sprites/content_sprite.png
  • https://online.citi.com/JRS/images/sprites/content_sprite.png
37 KB
37 KB
Image
General
Full URL
https://online.citi.com/JRS/images/sprites/content_sprite.png
Requested by
Host: naphotography.co.za
URL: http://naphotography.co.za/83d2/journal/citi/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
74fa5e6ba7f191dc66a0144588974664da9e45733b48b3181494ce5c9b0089a3
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://naphotography.co.za/83d2/journal/citi/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=300
last-modified
Tue, 12 Sep 2017 17:16:57 GMT
x-akamai-citisite
GTDC
date
Thu, 03 Oct 2019 18:03:44 GMT
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
accept-ranges
bytes
content-type
image/png
content-length
38017

Redirect headers

status
301
date
Thu, 03 Oct 2019 18:03:44 GMT
server
AkamaiGHost
content-length
0
location
https://online.citi.com/JRS/images/sprites/content_sprite.png
sign-on-bg.png
online.citi.com/JRS/images
Redirect Chain
  • https://online.citibank.com/JRS/images/sign-on-bg.png
  • https://online.citi.com/JRS/images/sign-on-bg.png
118 B
327 B
Image
General
Full URL
https://online.citi.com/JRS/images/sign-on-bg.png
Requested by
Host: naphotography.co.za
URL: http://naphotography.co.za/83d2/journal/citi/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
44b3ecb9ceeb9a3a4b278f24dacee0a27028004cb22edd57a890ea671ba2d9e7
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://naphotography.co.za/83d2/journal/citi/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=300
last-modified
Tue, 12 Sep 2017 17:20:58 GMT
x-akamai-citisite
GTDC
date
Thu, 03 Oct 2019 18:03:44 GMT
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
accept-ranges
bytes
content-type
image/png
content-length
118

Redirect headers

status
301
date
Thu, 03 Oct 2019 18:03:44 GMT
server
AkamaiGHost
content-length
0
location
https://online.citi.com/JRS/images/sign-on-bg.png
bb129_uso.png
sec-citi.bridgetrack.com/assets/107091
11 KB
12 KB
Image
General
Full URL
https://sec-citi.bridgetrack.com/assets/107091/bb129_uso.png
Requested by
Host: naphotography.co.za
URL: http://naphotography.co.za/83d2/journal/citi/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2.16.123.117 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-16-123-117.deploy.static.akamaitechnologies.com
Software
Microsoft-IIS/7.0 / ASP.NET
Resource Hash
51251ff12b276b9033f70b6fbcd0623f7f67e964a5ea370dd1d65a2dce82a365

Request headers

Sec-Fetch-Mode
no-cors
Referer
http://naphotography.co.za/83d2/journal/citi/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 03 Oct 2019 18:03:45 GMT
Last-Modified
Thu, 03 Oct 2019 18:03:45 GMT
Server
Microsoft-IIS/7.0
X-Powered-By
ASP.NET
ETag
W/"2ebcfae5147ad51:0"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
11749
footer.png
online.citi.com/JRS/images/marketing
Redirect Chain
  • https://online.citibank.com/JRS/images/marketing/footer.png
  • https://online.citi.com/JRS/images/marketing/footer.png
4 KB
4 KB
Image
General
Full URL
https://online.citi.com/JRS/images/marketing/footer.png
Requested by
Host: naphotography.co.za
URL: http://naphotography.co.za/83d2/journal/citi/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
5529dc48664e9bf8d2cd8abbcff523eae17440bdcee950a34925bfcc5ceb65b6
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://naphotography.co.za/83d2/journal/citi/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=300
last-modified
Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite
SWDC
date
Thu, 03 Oct 2019 18:03:44 GMT
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
accept-ranges
bytes
content-type
image/png
content-length
4136

Redirect headers

status
301
date
Thu, 03 Oct 2019 18:03:44 GMT
server
AkamaiGHost
content-length
0
location
https://online.citi.com/JRS/images/marketing/footer.png
footer-citi-logo-small.gif
online.citi.com/GFC/branding/img
Redirect Chain
  • https://online.citibank.com/GFC/branding/img/footer-citi-logo-small.gif
  • https://online.citi.com/GFC/branding/img/footer-citi-logo-small.gif
1 KB
2 KB
Image
General
Full URL
https://online.citi.com/GFC/branding/img/footer-citi-logo-small.gif
Requested by
Host: naphotography.co.za
URL: http://naphotography.co.za/83d2/journal/citi/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
ffb533352662a614319789060b946a791fb986232f9bd17c9f9576cda55f08ab
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://naphotography.co.za/83d2/journal/citi/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=300
last-modified
Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite
SWDC
date
Thu, 03 Oct 2019 18:03:44 GMT
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
accept-ranges
bytes
content-type
image/gif
content-length
1470

Redirect headers

status
301
date
Thu, 03 Oct 2019 18:03:44 GMT
server
AkamaiGHost
content-length
0
location
https://online.citi.com/GFC/branding/img/footer-citi-logo-small.gif
nortonseal.png
online.citi.com/JRS/images
Redirect Chain
  • https://online.citibank.com/JRS/images/nortonseal.png
  • https://online.citi.com/JRS/images/nortonseal.png
2 KB
2 KB
Image
General
Full URL
https://online.citi.com/JRS/images/nortonseal.png
Requested by
Host: naphotography.co.za
URL: http://naphotography.co.za/83d2/journal/citi/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.235.119 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-235-119.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
c4e15b8a2632924767d35c75b0569d791266275d1d118d12ade0eadd3c3e04d3
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
http://naphotography.co.za/83d2/journal/citi/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=300
last-modified
Tue, 12 Sep 2017 16:59:12 GMT
x-akamai-citisite
SWDC
date
Thu, 03 Oct 2019 18:03:44 GMT
p3p
policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
status
200
accept-ranges
bytes
content-type
image/png
content-length
1686

Redirect headers

status
301
date
Thu, 03 Oct 2019 18:03:44 GMT
server
AkamaiGHost
content-length
0
location
https://online.citi.com/JRS/images/nortonseal.png

Redirect requests

There were HTTP redirects (301, 302) for the following requests:

Request 1
  • https://online.citibank.com/GFC/branding/img/bg-marketing-banner.jpg
  • https://online.citi.com/GFC/branding/img/bg-marketing-banner.jpg
Request 2
  • https://online.citibank.com/JRS/images/sprites/horizontal_sprite.png
  • https://online.citi.com/JRS/images/sprites/horizontal_sprite.png
Request 3
  • https://online.citibank.com/JFP/images/global_sprite.png
  • https://online.citi.com/JFP/images/global_sprite.png
Request 4
  • https://online.citibank.com/GFC/branding/img/citilogo_branding_60x35.png
  • https://online.citi.com/GFC/branding/img/citilogo_branding_60x35.png
Request 5
  • https://online.citibank.com/GFC/branding/img/megamenu_v.png
  • https://online.citi.com/GFC/branding/img/megamenu_v.png
Request 6
  • https://online.citibank.com/GFC/branding/img/megamenu_tile.gif
  • https://online.citi.com/GFC/branding/img/megamenu_tile.gif
Request 7
  • https://online.citibank.com/GFC/branding/img/megamenu_h.png
  • https://online.citi.com/GFC/branding/img/megamenu_h.png
Request 8
  • https://online.citibank.com/JRS/images/bottom-shade.png
  • https://online.citi.com/JRS/images/bottom-shade.png
Request 9
  • https://online.citibank.com/JRS/images/LargeWhiteCarat.png
  • https://ak1s.abmr.net/is/online.citibank.com?U=/JRS/images/LargeWhiteCarat.png&V=3-HKOSkVl0k+iA01yGv47Oey9Zyx5frhqKzlotlD5X8+Kr%2fTn%2fYjqqEg%3d%3d&I=929AC263336A9F1&D=citibank.com&01AD=1&
  • https://online.citibank.com/JRS/images/LargeWhiteCarat.png?01AD=3pBYTYXmoMk8HIggYu9eTTuRuH7e6N2BbHYA9-K8uE4aEZjPy4UmNhQ&01RI=929AC263336A9F1&01NA=na
  • https://online.citi.com/JRS/images/LargeWhiteCarat.png?01AD=3pBYTYXmoMk8HIggYu9eTTuRuH7e6N2BbHYA9-K8uE4aEZjPy4UmNhQ&01RI=929AC263336A9F1&01NA=na
Request 10
  • https://online.citibank.com/JRS/images/mktbgEN9.jpg
  • https://online.citi.com/JRS/images/mktbgEN9.jpg
Request 11
  • https://online.citibank.com/JRS/images/sprites/content_sprite.png
  • https://online.citi.com/JRS/images/sprites/content_sprite.png
Request 12
  • https://online.citibank.com/JRS/images/sign-on-bg.png
  • https://online.citi.com/JRS/images/sign-on-bg.png
Request 14
  • https://online.citibank.com/JRS/images/marketing/footer.png
  • https://online.citi.com/JRS/images/marketing/footer.png
Request 15
  • https://online.citibank.com/GFC/branding/img/footer-citi-logo-small.gif
  • https://online.citi.com/GFC/branding/img/footer-citi-logo-small.gif
Request 16
  • https://online.citibank.com/JRS/images/nortonseal.png
  • https://online.citi.com/JRS/images/nortonseal.png

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan - Score: 100

Categories:
phishing

Tags:
phishing

Phishing against: Citibank (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| signIn

0 Cookies