urlscan.io logo urlscan.io
SecurityTrails logo

citibanamex.ahmreg.mx Open in urlscan Pro
67.222.154.30  Public Scan

Go To Rescan Add Verdict Report
URL: https://citibanamex.ahmreg.mx/
Submission: On May 28 via automatic, source phishtank
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 3 countries across 4 domains to perform 9 HTTP transactions. The main IP is 67.222.154.30, located in Dallas, United States and belongs to ASN-DIS, US. The main domain is citibanamex.ahmreg.mx.
TLS certificate: Issued by cPanel, Inc. Certification Authority on April 13th 2020. Valid for: 3 months.
This is the only time citibanamex.ahmreg.mx was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 67.222.154.30 393398 (ASN-DIS)
1 151.101.114.90 54113 (FASTLY)
2 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 185.107.232.249 200484 (SENDINBLU...)
9 7
2    67.222.154.30 (Dallas, United States)

ASN393398 (ASN-DIS, US)
PTR: server.ahmreg.mx
citibanamex.ahmreg.mx
1    151.101.114.90 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
cdn.dribbble.com
2    2606:4700:3031::681b:94bc (United States)

ASN13335 (CLOUDFLARENET, US)
sibautomation.com
1    2606:4700::6811:a0c (United States)

ASN13335 (CLOUDFLARENET, US)
chat.sendinblue.com
2    2606:4700::6811:90c (United States)

ASN13335 (CLOUDFLARENET, US)
chat-operating-back.sendinblue.com
1    185.107.232.249 (France)

ASN200484 (SENDINBLUE-ASN, FR)
in-automate.sendinblue.com
Domain Requested by
2 chat-operating-back.sendinblue.com chat.sendinblue.com
2 sibautomation.com citibanamex.ahmreg.mx
sibautomation.com
2 citibanamex.ahmreg.mx citibanamex.ahmreg.mx
1 in-automate.sendinblue.com sibautomation.com
1 chat.sendinblue.com sibautomation.com
1 cdn.dribbble.com citibanamex.ahmreg.mx
9 6

This site contains no links.

Subject Issuer Validity Valid
citibanamex.ahmreg.mx
cPanel, Inc. Certification Authority		 2020-04-13 -
2020-07-12		 3 months crt.sh
*.dribbble.com
Sectigo RSA Domain Validation Secure Server CA		 2020-03-05 -
2021-03-05		 a year crt.sh
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2020-01-31 -
2020-10-09		 8 months crt.sh
*.sendinblue.com
COMODO RSA Domain Validation Secure Server CA		 2017-10-30 -
2020-12-12		 3 years crt.sh

This page contains 2 frames:

Primary Page: https://citibanamex.ahmreg.mx/
Frame ID: 676EFA2A9E15D65AB2021EDCF18375E9
Requests: 9 HTTP requests in this frame

Frame: https://sibautomation.com/cm.html?key=fab02j8wsca1tp7q9ld8iuvu
Frame ID: A68FFAC4282309516B12C15362B935D6
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

9
Requests

89 %
HTTPS

50 %
IPv6

4
Domains

6
Subdomains

7
IPs

3
Countries

338 kB
Transfer

966 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
citibanamex.ahmreg.mx/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://citibanamex.ahmreg.mx/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.222.154.30 Dallas, United States, ASN393398 (ASN-DIS, US),
Reverse DNS
server.ahmreg.mx
Software
Apache /
Resource Hash
846e2677731c169d3279a6dfc4143d93bb68b70be3e97dbb6bd539cce9ff1067

Request headers

Host
citibanamex.ahmreg.mx
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 28 May 2020 04:45:43 GMT
Server
Apache
Content-Length
1896
Keep-Alive
timeout=5
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
boss.png
citibanamex.ahmreg.mx/assets/img/dummy/ 		80 KB
80 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://citibanamex.ahmreg.mx/assets/img/dummy/boss.png
Requested by
Host: citibanamex.ahmreg.mx
URL: https://citibanamex.ahmreg.mx/
Protocol
HTTP/1.1
Server
67.222.154.30 Dallas, United States, ASN393398 (ASN-DIS, US),
Reverse DNS
server.ahmreg.mx
Software
Apache /
Resource Hash
e53647c353659fae26beffc40a2ceafc12b55a58c7bec721de3f6063f7214adf

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Thu, 28 May 2020 04:45:43 GMT
Last-Modified
Mon, 13 Apr 2020 18:57:45 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
82066
request-check-icon-by-sergio-voicehovich.gif
cdn.dribbble.com/users/183207/screenshots/2614645/ 		42 KB
43 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.dribbble.com/users/183207/screenshots/2614645/request-check-icon-by-sergio-voicehovich.gif
Requested by
Host: citibanamex.ahmreg.mx
URL: https://citibanamex.ahmreg.mx/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.114.90 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d4b4fb9381459ce54ed6ff064a8bf7846eb3f7add3a9b38269a87d5f870aef3f

Request headers

Referer
https://citibanamex.ahmreg.mx/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
h.1OyeMba_OWxUQ3RIs_2U7td0r0lx.H
via
1.1 e7ce333c56f455a0dae7f1f5ea5d6086.cloudfront.net (CloudFront), 1.1 varnish
etag
"eceaff53a0050079e7c214d6edbcdc75"
age
605099
x-cache
Miss from cloudfront, HIT
status
200
content-length
43329
x-served-by
cache-hhn4056-HHN
last-modified
Sun, 27 Mar 2016 10:31:23 GMT
server
AmazonS3
x-timer
S1590641143.383132,VS0,VE1
date
Thu, 28 May 2020 04:45:43 GMT
vary
Cookie
content-type
image/gif
expires
Fri, 27 Mar 2026 10:00:14 GMT
cache-control
max-age=315576000
x-amz-cf-pop
FRA54
accept-ranges
bytes
x-amz-cf-id
WU6zRcIw6xKqfKf3Eyb6RBYEAV9xqTIjtq374M3wY0rcU7DHNVA5lA==
x-cache-hits
1
sa.js
sibautomation.com/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sibautomation.com/sa.js?key=fab02j8wsca1tp7q9ld8iuvu
Requested by
Host: citibanamex.ahmreg.mx
URL: https://citibanamex.ahmreg.mx/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::681b:94bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Sails <sailsjs.com>
Resource Hash
045b8924c26c80c3e850c9790683d0422e18115a8e6a8cf90d877b0fe7ba173f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://citibanamex.ahmreg.mx/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 28 May 2020 04:45:43 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
x-powered-by
Sails <sailsjs.com>
status
200
vary
Accept-Encoding
x-xss-protection
1
x-sib-server
SENDINBLUE-web2-3
cf-bgj
minify
server
cloudflare
etag
W/"1fce-S1mk+NF8JkBkcTICmr7DVVfcrqk"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=1800
cf-polished
origSize=8142
cf-request-id
02fb32c5f40000175634919200000001
cf-ray
59a553e98fa41756-FRA
cm.html
sibautomation.com/ Frame A68F 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://sibautomation.com/cm.html?key=fab02j8wsca1tp7q9ld8iuvu
Requested by
Host: sibautomation.com
URL: https://sibautomation.com/sa.js?key=fab02j8wsca1tp7q9ld8iuvu
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::681b:94bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Sails <sailsjs.com>
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

:method
GET
:authority
sibautomation.com
:scheme
https
:path
/cm.html?key=fab02j8wsca1tp7q9ld8iuvu
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://citibanamex.ahmreg.mx/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://citibanamex.ahmreg.mx/

Response headers

status
200
date
Thu, 28 May 2020 04:45:43 GMT
content-type
text/html; charset=utf-8
set-cookie
__cfduid=d8c9049b2b65a5d995c13cc80cc849fdb1590641143; expires=Sat, 27-Jun-20 04:45:43 GMT; path=/; domain=.sibautomation.com; HttpOnly; SameSite=Lax
x-powered-by
Sails <sailsjs.com>
vary
Accept-Encoding
cf-request-id
02fb32c68d0000175634921200000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-origin
*
x-sib-server
SENDINBLUE-web2-2
x-content-type-options
nosniff
x-xss-protection
1
cache-control
max-age=7200
cf-cache-status
HIT
age
5
server
cloudflare
cf-ray
59a553ea796d1756-FRA
content-encoding
br
sib-chat.js
chat.sendinblue.com/static/js/ 		832 KB
209 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://chat.sendinblue.com/static/js/sib-chat.js
Requested by
Host: sibautomation.com
URL: https://sibautomation.com/sa.js?key=fab02j8wsca1tp7q9ld8iuvu
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:a0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a67a0c91c3669b39a256579df850291a264f39e0f85c6ac3139208deeecd70a0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Referer
https://citibanamex.ahmreg.mx/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 28 May 2020 04:45:43 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
894
cf-polished
origSize=852243
status
200
cf-request-id
02fb32c69f0000176afd1a7200000001
x-sib-server
SENDINBLUE-srv-pr-rancher-worker-2
last-modified
Fri, 22 May 2020 09:35:39 GMT
server
cloudflare
etag
W/"5ec79ceb-d0113"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
x-xss-protection
1
cf-ray
59a553ea9d0f176a-FRA
cf-bgj
minify
operators
chat-operating-back.sendinblue.com/chat/ 		221 B
393 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://chat-operating-back.sendinblue.com/chat/operators
Requested by
Host: chat.sendinblue.com
URL: https://chat.sendinblue.com/static/js/sib-chat.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:90c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.3.10
Resource Hash
8e2ce89a09e6e974611425d568d4bd851996022dfbf7b14f25cad33629c768e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Accept
application/json
Referer
https://citibanamex.ahmreg.mx/
X-auth-token
eyJhbGciOiJIUzI1NiJ9.MjAwNzIxNA.-M_zNHGfYcS_tSGJBT3DdW_n37SV8xdyJlOIEiaz5ZQ
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 28 May 2020 04:45:43 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-powered-by
PHP/7.3.10
status
200
cf-request-id
02fb32c7f300001e476fb0e200000001
x-sib-server
SENDINBLUE-srv-pr-rancher-worker-7
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
application/json
access-control-allow-origin
https://citibanamex.ahmreg.mx
x-xss-protection
1
cache-control
no-cache, private
access-control-allow-credentials
true
cf-ray
59a553ecbf221e47-FRA
p
in-automate.sendinblue.com/ 		0
253 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://in-automate.sendinblue.com/p?key=fab02j8wsca1tp7q9ld8iuvu&cuid=e7fac06b-71c9-433a-adb9-9f3168628cec&ma_url=https%3A%2F%2Fcitibanamex.ahmreg.mx%2F&sib_type=page&ma_title=Citibanamex&sib_name=Citibanamex&ma_referrer=&ma_path=%2F
Requested by
Host: sibautomation.com
URL: https://sibautomation.com/sa.js?key=fab02j8wsca1tp7q9ld8iuvu
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.107.232.249 , France, ASN200484 (SENDINBLUE-ASN, FR),
Reverse DNS
Software
openresty/1.15.8.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Referer
https://citibanamex.ahmreg.mx/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 28 May 2020 04:45:43 GMT
Cache-Control
no-cache
X-Content-Type-Options
nosniff
Server
openresty/1.15.8.1
X-XSS-Protection
1
X-Sib-Server
SENDINBLUE-srv-pr-rancher-worker-5
thread
chat-operating-back.sendinblue.com/chat/ 		200 B
288 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://chat-operating-back.sendinblue.com/chat/thread
Requested by
Host: chat.sendinblue.com
URL: https://chat.sendinblue.com/static/js/sib-chat.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:90c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.3.10
Resource Hash
11519c86b9af29f5d83f6e2b43b1f7831ff05cb81e2d5505e204f44031e3b9b0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Accept
application/json
Referer
https://citibanamex.ahmreg.mx/
X-auth-token
eyJhbGciOiJIUzI1NiJ9.MjAwNzIxNA.-M_zNHGfYcS_tSGJBT3DdW_n37SV8xdyJlOIEiaz5ZQ
X-source-url
https://citibanamex.ahmreg.mx/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/json

Response headers

date
Thu, 28 May 2020 04:45:44 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-powered-by
PHP/7.3.10
status
200
cf-request-id
02fb32c87b00001e476fb15200000001
x-sib-server
SENDINBLUE-srv-pr-rancher-worker-9
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
application/json
access-control-allow-origin
https://citibanamex.ahmreg.mx
x-xss-protection
1
cache-control
no-cache, private
access-control-allow-credentials
true
cf-ray
59a553ed98f71e47-FRA
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c7e9fae42da423a5462d0ace05843f6fc4200c59f237488a0ffe580dae288228

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| sib object| sendinblue

2 Cookies

Domain/Path Name / Value
sibautomation.com/ Name: uuid
Value: 723b7275-ee10-42d7-9e8e-82954be2250e
.citibanamex.ahmreg.mx/ Name: sib_cuid
Value: e7fac06b-71c9-433a-adb9-9f3168628cec