www.citigold.global-bonds.com Open in urlscan Pro
162.0.215.181  Malicious Activity! Public Scan

2 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response www.citigold.global-bonds.com/	78 KB 15 KB	953ms 627ms	Document text/html	162.0.215.181 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://www.citigold.global-bonds.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.0.215.181 , Canada, ASN22612 (NAMECHEAP-NET, US), Reverse DNS business110-4.web-hosting.com Software Apache / PHP/7.2.34 Resource Hash 0906c2ce4e4e41ebd3f2fc385178a710549a5855e60c35143e1e7d2c1f1fc47e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload; X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers :method GET :authority www.citigold.global-bonds.com :scheme https :path / pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 13 Jan 2021 12:03:37 GMT server Apache x-powered-by PHP/7.2.34 expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate pragma no-cache set-cookie PHPSESSID=598ea4dec7c56d364f57b4292002f9c9; path=/ vary Accept-Encoding content-encoding gzip x-content-type-options nosniff x-xss-protection 1; mode=block content-type text/html; charset=UTF-8 x-frame-options SAMEORIGIN strict-transport-security max-age=31536000; includeSubDomains; preload; referrer-policy no-referrer-when-downgrade
GET H2	200	index5.png i.postimg.cc/3whzypvf/	5 KB 5 KB	49ms 15ms	Image image/png	51.91.224.95 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://i.postimg.cc/3whzypvf/index5.png Requested by Host: www.citigold.global-bonds.com URL: https://www.citigold.global-bonds.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 51.91.224.95 , France, ASN16276 (OVH, FR), Reverse DNS i.postimg.cc Software nginx / Resource Hash 5db4ff0a9f269db161364dbd614db5af97f85193ad8836f9e10c3fdf54586f27 Request headers Referer https://www.citigold.global-bonds.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 13 Jan 2021 12:03:38 GMT last-modified Wed, 06 Jan 2021 18:15:10 GMT server nginx access-control-allow-methods GET, OPTIONS content-type image/png access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 5039 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	index4.png i.postimg.cc/85mpJNcM/	1 KB 2 KB	49ms 15ms	Image image/png	51.91.224.95 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://i.postimg.cc/85mpJNcM/index4.png Requested by Host: www.citigold.global-bonds.com URL: https://www.citigold.global-bonds.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 51.91.224.95 , France, ASN16276 (OVH, FR), Reverse DNS i.postimg.cc Software nginx / Resource Hash 547015b82c1e6cdb4fb4a2f65e91b88388a932f8d1de10ad53ffb24275b4bb47 Request headers Referer https://www.citigold.global-bonds.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 13 Jan 2021 12:03:38 GMT last-modified Wed, 06 Jan 2021 18:13:38 GMT server nginx access-control-allow-methods GET, OPTIONS content-type image/png access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 1332 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	maceuticalcorporation.png i.postimg.cc/CxPCqKrh/	630 KB 631 KB	44ms 16ms	Image image/png	51.91.224.95 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://i.postimg.cc/CxPCqKrh/maceuticalcorporation.png Requested by Host: www.citigold.global-bonds.com URL: https://www.citigold.global-bonds.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 51.91.224.95 , France, ASN16276 (OVH, FR), Reverse DNS i.postimg.cc Software nginx / Resource Hash 4c732f29cb8cf5345d99d585eb5867d1126d29087ec1af877a2b05d2a3e8cf92 Request headers Referer https://www.citigold.global-bonds.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 13 Jan 2021 12:03:38 GMT last-modified Mon, 11 Jan 2021 05:35:29 GMT server nginx access-control-allow-methods GET, OPTIONS content-type image/png access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 645375 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	index2.png i.postimg.cc/RVVrdwsk/	399 B 641 B	50ms 21ms	Image image/png	51.91.224.95 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://i.postimg.cc/RVVrdwsk/index2.png Requested by Host: www.citigold.global-bonds.com URL: https://www.citigold.global-bonds.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 51.91.224.95 , France, ASN16276 (OVH, FR), Reverse DNS i.postimg.cc Software nginx / Resource Hash eb44f5396b69cab316cebba7f7d33be24333b6f52aec66037800c5b4d34f04c4 Request headers Referer https://www.citigold.global-bonds.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 13 Jan 2021 12:03:38 GMT last-modified Wed, 06 Jan 2021 18:10:52 GMT server nginx access-control-allow-methods GET, OPTIONS content-type image/png access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 399 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	index3.png i.postimg.cc/65d08Pfw/	439 B 681 B	44ms 15ms	Image image/png	51.91.224.95 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://i.postimg.cc/65d08Pfw/index3.png Requested by Host: www.citigold.global-bonds.com URL: https://www.citigold.global-bonds.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 51.91.224.95 , France, ASN16276 (OVH, FR), Reverse DNS i.postimg.cc Software nginx / Resource Hash dc2c0b3f9d341d3af08476a245df986ba841cdceacc328e8c18a711f37b94d3a Request headers Referer https://www.citigold.global-bonds.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 13 Jan 2021 12:03:38 GMT last-modified Wed, 06 Jan 2021 18:12:27 GMT server nginx access-control-allow-methods GET, OPTIONS content-type image/png access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 439 expires Thu, 31 Dec 2037 23:55:55 GMT
GET		interstate-light.woff global-bonds.com/userApplication/fonts/	0 0
GET		interstate-bold.woff global-bonds.com/userApplication/fonts/	0 0
GET H2	200	index6.png i.postimg.cc/HkbkDwm6/	5 KB 6 KB	20ms 16ms	Image image/png	51.91.224.95 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://i.postimg.cc/HkbkDwm6/index6.png Requested by Host: www.citigold.global-bonds.com URL: https://www.citigold.global-bonds.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 51.91.224.95 , France, ASN16276 (OVH, FR), Reverse DNS i.postimg.cc Software nginx / Resource Hash dc064085dedc0e111946d0f71004ca085d0590d3ad7010f80906a1f0a5e1c952 Request headers Referer https://www.citigold.global-bonds.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 13 Jan 2021 12:03:38 GMT last-modified Wed, 06 Jan 2021 18:17:01 GMT server nginx access-control-allow-methods GET, OPTIONS content-type image/png access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 5609 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	download2.svg www.citigold.global-bonds.com/	731 B 784 B	201ms 197ms	Image image/svg+xml	162.0.215.181 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Show image Full URL https://www.citigold.global-bonds.com/download2.svg Requested by Host: www.citigold.global-bonds.com URL: https://www.citigold.global-bonds.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.0.215.181 , Canada, ASN22612 (NAMECHEAP-NET, US), Reverse DNS business110-4.web-hosting.com Software Apache / Resource Hash 55d2b7bf274233eec01d89bc3c1cac059cd88ca8200308d925b71c339b0cc70c Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload; X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://www.citigold.global-bonds.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 13 Jan 2021 12:03:38 GMT content-encoding gzip referrer-policy no-referrer-when-downgrade last-modified Sat, 09 Jan 2021 02:20:32 GMT server Apache x-frame-options SAMEORIGIN content-type image/svg+xml x-xss-protection 1; mode=block strict-transport-security max-age=31536000; includeSubDomains; preload; accept-ranges bytes vary Accept-Encoding content-length 414 x-content-type-options nosniff
GET H2	200	download3.svg www.citigold.global-bonds.com/	1 KB 968 B	208ms 206ms	Image image/svg+xml	162.0.215.181 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Show image Full URL https://www.citigold.global-bonds.com/download3.svg Requested by Host: www.citigold.global-bonds.com URL: https://www.citigold.global-bonds.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.0.215.181 , Canada, ASN22612 (NAMECHEAP-NET, US), Reverse DNS business110-4.web-hosting.com Software Apache / Resource Hash abe00764ae71b1640e9bc70761a4a9d1a68046780fb705f59100360f02bd960f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload; X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://www.citigold.global-bonds.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 13 Jan 2021 12:03:38 GMT content-encoding gzip referrer-policy no-referrer-when-downgrade last-modified Sat, 09 Jan 2021 02:20:32 GMT server Apache x-frame-options SAMEORIGIN content-type image/svg+xml x-xss-protection 1; mode=block strict-transport-security max-age=31536000; includeSubDomains; preload; accept-ranges bytes vary Accept-Encoding content-length 598 x-content-type-options nosniff
GET H2	200	download1.svg www.citigold.global-bonds.com/	2 KB 1 KB	197ms 194ms	Image image/svg+xml	162.0.215.181 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Show image Full URL https://www.citigold.global-bonds.com/download1.svg Requested by Host: www.citigold.global-bonds.com URL: https://www.citigold.global-bonds.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.0.215.181 , Canada, ASN22612 (NAMECHEAP-NET, US), Reverse DNS business110-4.web-hosting.com Software Apache / Resource Hash cd5d2fd3a104bc603c186ce58886737eb2d9c86f523d9b5f9d8420d26bc392bc Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload; X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://www.citigold.global-bonds.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 13 Jan 2021 12:03:38 GMT content-encoding gzip referrer-policy no-referrer-when-downgrade last-modified Sat, 09 Jan 2021 02:20:32 GMT server Apache x-frame-options SAMEORIGIN content-type image/svg+xml x-xss-protection 1; mode=block strict-transport-security max-age=31536000; includeSubDomains; preload; accept-ranges bytes vary Accept-Encoding content-length 948 x-content-type-options nosniff
GET H2	200	download4.svg www.citigold.global-bonds.com/	786 B 822 B	208ms 206ms	Image image/svg+xml	162.0.215.181 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Show image Full URL https://www.citigold.global-bonds.com/download4.svg Requested by Host: www.citigold.global-bonds.com URL: https://www.citigold.global-bonds.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.0.215.181 , Canada, ASN22612 (NAMECHEAP-NET, US), Reverse DNS business110-4.web-hosting.com Software Apache / Resource Hash 7e5c9c367835717ca382d252c62a13996705e912c6bf7b444ba81f7f168773c4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload; X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://www.citigold.global-bonds.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 13 Jan 2021 12:03:38 GMT content-encoding gzip referrer-policy no-referrer-when-downgrade last-modified Sat, 09 Jan 2021 02:20:32 GMT server Apache x-frame-options SAMEORIGIN content-type image/svg+xml x-xss-protection 1; mode=block strict-transport-security max-age=31536000; includeSubDomains; preload; accept-ranges bytes vary Accept-Encoding content-length 452 x-content-type-options nosniff
GET DATA	200 OK	truncated /	93 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 4da852d2ff128000a9a301ef2cd27786b4c41f5fc2d770cd3268a75dea433ea4 Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	index.png i.postimg.cc/Yq9s2kcD/	7 KB 8 KB	36ms 36ms	Image image/png	51.91.224.95 OVH
General Check archive.org Show headers Download Go to Show image Full URL https://i.postimg.cc/Yq9s2kcD/index.png Requested by Host: www.citigold.global-bonds.com URL: https://www.citigold.global-bonds.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 51.91.224.95 , France, ASN16276 (OVH, FR), Reverse DNS i.postimg.cc Software nginx / Resource Hash 7ef138506683a53942498400c060497c15e8f425f1eb89e1784d8573f1de0d7e Request headers Referer https://www.citigold.global-bonds.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 13 Jan 2021 12:03:38 GMT last-modified Thu, 07 Jan 2021 22:04:44 GMT server nginx access-control-allow-methods GET, OPTIONS content-type image/png access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 7499 expires Thu, 31 Dec 2037 23:55:55 GMT
GET		interstate-regular.woff global-bonds.com/userApplication/fonts/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

global-bonds.com

URL

https://global-bonds.com/userApplication/fonts/interstate-light.woff

Domain

global-bonds.com

URL

https://global-bonds.com/userApplication/fonts/interstate-bold.woff

Domain

global-bonds.com

URL

https://global-bonds.com/userApplication/fonts/interstate-regular.woff

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citibank (Banking)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.citigold.global-bonds.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 598ea4dec7c56d364f57b4292002f9c9

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

global-bonds.com
i.postimg.cc
www.citigold.global-bonds.com
global-bonds.com
162.0.215.181
51.91.224.95
0906c2ce4e4e41ebd3f2fc385178a710549a5855e60c35143e1e7d2c1f1fc47e
4c732f29cb8cf5345d99d585eb5867d1126d29087ec1af877a2b05d2a3e8cf92
4da852d2ff128000a9a301ef2cd27786b4c41f5fc2d770cd3268a75dea433ea4
547015b82c1e6cdb4fb4a2f65e91b88388a932f8d1de10ad53ffb24275b4bb47
55d2b7bf274233eec01d89bc3c1cac059cd88ca8200308d925b71c339b0cc70c
5db4ff0a9f269db161364dbd614db5af97f85193ad8836f9e10c3fdf54586f27
7e5c9c367835717ca382d252c62a13996705e912c6bf7b444ba81f7f168773c4
7ef138506683a53942498400c060497c15e8f425f1eb89e1784d8573f1de0d7e
abe00764ae71b1640e9bc70761a4a9d1a68046780fb705f59100360f02bd960f
cd5d2fd3a104bc603c186ce58886737eb2d9c86f523d9b5f9d8420d26bc392bc
dc064085dedc0e111946d0f71004ca085d0590d3ad7010f80906a1f0a5e1c952
dc2c0b3f9d341d3af08476a245df986ba841cdceacc328e8c18a711f37b94d3a
eb44f5396b69cab316cebba7f7d33be24333b6f52aec66037800c5b4d34f04c4