www.cemefes.com
Open in
urlscan Pro
72.52.225.22
Malicious Activity!
Public Scan
Effective URL: https://www.cemefes.com/css/citibank.com.hk/security%20upgrade/2018/index.html
Submission: On March 12 via manual from IN
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on March 11th 2018. Valid for: 3 months.
This is the only time www.cemefes.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Citibank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 72.52.225.22 72.52.225.22 | 32244 (LIQUIDWEB) (LIQUIDWEB - Liquid Web) | |
30 | 104.109.69.151 104.109.69.151 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
3 | 54.251.98.0 54.251.98.0 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 | 122.248.242.116 122.248.242.116 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 8 | 172.217.22.68 172.217.22.68 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
3 | 172.217.22.78 172.217.22.78 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 2 | 172.82.228.21 172.82.228.21 | 15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.) | |
1 | 216.58.208.42 216.58.208.42 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
48 | 8 |
ASN32244 (LIQUIDWEB - Liquid Web, L.L.C, US)
PTR: host.alojate3.com
www.cemefes.com |
ASN20940 (AKAMAI-ASN1, US)
PTR: a104-109-69-151.deploy.static.akamaitechnologies.com
www.citibank.com.hk |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-251-98-0.ap-southeast-1.compute.amazonaws.com
step.citibank.com.hk |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-122-248-242-116.ap-southeast-1.compute.amazonaws.com
cold.citibank.com.hk |
ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s17-in-f68.1e100.net
www.google.com |
ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s17-in-f78.1e100.net
cse.google.com | |
clients1.google.com |
ASN15224 (OMNITURE - Adobe Systems Inc., US)
PTR: *.122.2O7.net
citiintl.122.2o7.net |
ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s12-in-f10.1e100.net
www.googleapis.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
34 |
citibank.com.hk
www.citibank.com.hk step.citibank.com.hk cold.citibank.com.hk |
1 MB |
11 |
google.com
1 redirects
www.google.com cse.google.com clients1.google.com |
183 KB |
2 |
2o7.net
1 redirects
citiintl.122.2o7.net |
2 KB |
2 |
cemefes.com
www.cemefes.com |
41 KB |
1 |
googleapis.com
www.googleapis.com |
133 B |
48 | 5 |
Domain | Requested by | |
---|---|---|
30 | www.citibank.com.hk |
www.cemefes.com
www.citibank.com.hk |
8 | www.google.com |
1 redirects
cse.google.com
www.google.com |
3 | step.citibank.com.hk |
www.citibank.com.hk
step.citibank.com.hk |
2 | citiintl.122.2o7.net |
1 redirects
www.cemefes.com
|
2 | cse.google.com |
www.cemefes.com
www.google.com |
2 | www.cemefes.com |
www.cemefes.com
|
1 | clients1.google.com | |
1 | www.googleapis.com |
www.cemefes.com
|
1 | cold.citibank.com.hk |
www.cemefes.com
|
48 | 9 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.citibank.com.hk |
citibank.hk |
www.citigroup.com |
careers.citigroup.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
cemefes.com cPanel, Inc. Certification Authority |
2018-03-11 - 2018-06-09 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.cemefes.com/css/citibank.com.hk/security%20upgrade/2018/index.html
Frame ID: 1D16829B365510FBE7FFACE249487A44
Requests: 48 HTTP requests in this frame
Screenshot
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
List.js (JavaScript Libraries) Expand
Detected patterns
- env /^List$/i
SiteCatalyst (Analytics) Expand
Detected patterns
- env /^s_(?:account|objectID|code|INST)$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- env /^jQuery$/i
Page Statistics
29 Outgoing links
These are links going to different origins than the main page.
Title: English
Search URL Search Domain Scan URL
Title: 主頁
Search URL Search Domain Scan URL
Title: 銀行服務
Search URL Search Domain Scan URL
Title: 信用卡
Search URL Search Domain Scan URL
Title: 按揭
Search URL Search Domain Scan URL
Title: 私人貸款
Search URL Search Domain Scan URL
Title: 保險
Search URL Search Domain Scan URL
Title: 財富管理
Search URL Search Domain Scan URL
Title: 電子服務
Search URL Search Domain Scan URL
Title: CitiBusiness 中小企服務
Search URL Search Domain Scan URL
Title: 登入 ...
Search URL Search Domain Scan URL
Title: 詳情
Search URL Search Domain Scan URL
Title: 更多詳情
Search URL Search Domain Scan URL
Title: 更多詳情
Search URL Search Domain Scan URL
Title: 更多詳情
Search URL Search Domain Scan URL
Title: 登記賬號
Search URL Search Domain Scan URL
Title: 忘記登入賬號/重設密碼
Search URL Search Domain Scan URL
Title: 確認新卡
Search URL Search Domain Scan URL
Title: 按此
Search URL Search Domain Scan URL
Title: 有關提升網上/流動理財股票戶口保安水平的重要提示
Search URL Search Domain Scan URL
Title: CITIGROUP.COM
Search URL Search Domain Scan URL
Title: 關於CITI
Search URL Search Domain Scan URL
Title: 監管披露
Search URL Search Domain Scan URL
Title: 重要提示
Search URL Search Domain Scan URL
Title: 理財途徑
Search URL Search Domain Scan URL
Title: 條款及細則
Search URL Search Domain Scan URL
Title: 私隱條款
Search URL Search Domain Scan URL
Title: 就業指南
Search URL Search Domain Scan URL
Title: 網站地圖
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 19- https://www.google.com/cse/cse.js?cx=000760143552763601331:snikialfvce HTTP 302
- https://cse.google.com/cse/cse.js?cx=000760143552763601331:snikialfvce
- https://citiintl.122.2o7.net/b/ss/citiintlhongkongdev/1/H.27.5/s68677209590530?AQB=1&ndh=1&t=12%2F2%2F2018%202%3A20%3A2%201%200&fid=0518F6930FF8C5B6-226D584433AD0BE3&ce=UTF-8&ns=citiintl&cdp=3&pageName=HKGCB%7CJSO%7CSign%20On%7CSign%20On%20Screen%7CScreen%201&g=https%3A%2F%2Fwww.cemefes.com%2Fcss%2Fcitibank.com.hk%2Fsecurity%2520upgrade%2F2018%2Findex.html&cc=HKD&server=cemefes.com&v1=D%3DpageName&c5=anon&v5=D%3Dc5&c6=anon&v6=D%3Dc6&c7=D%3Dv7&v7=11%3A00AM&c8=D%3Dv8&v8=Monday&c9=HK&c10=HKGCB&c11=zh_HK&v11=New&c12=Citibank%20Hong%20Kong&v13=1&v16=D%3Dc10&c17=D%3Dv11&c18=D%3Dv13&c23=HKGCB%3EHKGCB%7CJSO%7CSign%20On%7CSign%20On%20Screen%7CScreen%201&c49=D%3Dv49&v49=https%3A%2F%2Fwww.cemefes.com%2Fcss%2Fcitibank.com.hk%2Fsecurity%2520upgrade%2F2018%2Findex.html&c50=Citi%20Intl%20s_code%20v2.7%20-%2020151013%20%7C%20SiteCatalyst%20Base%20Code%20H27.5&h1=HKGCB%7CJSO%7CSign%20On%7CSign%20On%20Screen%7C&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1 HTTP 302
- https://citiintl.122.2o7.net/b/ss/citiintlhongkongdev/1/H.27.5/s68677209590530?AQB=1&pccr=true&vidn=2D52F1E90531046E-600001098013C270&&ndh=1&t=12%2F2%2F2018%202%3A20%3A2%201%200&fid=0518F6930FF8C5B6-226D584433AD0BE3&ce=UTF-8&ns=citiintl&cdp=3&pageName=HKGCB%7CJSO%7CSign%20On%7CSign%20On%20Screen%7CScreen%201&g=https%3A%2F%2Fwww.cemefes.com%2Fcss%2Fcitibank.com.hk%2Fsecurity%2520upgrade%2F2018%2Findex.html&cc=HKD&server=cemefes.com&v1=D%3DpageName&c5=anon&v5=D%3Dc5&c6=anon&v6=D%3Dc6&c7=D%3Dv7&v7=11%3A00AM&c8=D%3Dv8&v8=Monday&c9=HK&c10=HKGCB&c11=zh_HK&v11=New&c12=Citibank%20Hong%20Kong&v13=1&v16=D%3Dc10&c17=D%3Dv11&c18=D%3Dv13&c23=HKGCB%3EHKGCB%7CJSO%7CSign%20On%7CSign%20On%20Screen%7CScreen%201&c49=D%3Dv49&v49=https%3A%2F%2Fwww.cemefes.com%2Fcss%2Fcitibank.com.hk%2Fsecurity%2520upgrade%2F2018%2Findex.html&c50=Citi%20Intl%20s_code%20v2.7%20-%2020151013%20%7C%20SiteCatalyst%20Base%20Code%20H27.5&h1=HKGCB%7CJSO%7CSign%20On%7CSign%20On%20Screen%7C&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
48 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.html
www.cemefes.com/css/citibank.com.hk/security%20upgrade/2018/ |
41 KB 41 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
amw.js
www.citibank.com.hk/JFP/amw/ |
1 KB 944 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
JPPWidget.css
www.citibank.com.hk/JFP/css/common/ |
192 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
JPPApps.css
www.citibank.com.hk/JFP/css/common/ |
54 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
main_zh.css
www.citibank.com.hk/COA/portal/themes/css/avatar1.4/ |
242 KB 46 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
main.js
www.citibank.com.hk/COA/portal/themes/js/ |
838 KB 223 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
citi_s_code.js
www.citibank.com.hk/JRS/js/ |
48 KB 18 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
space.gif
www.citibank.com.hk/JPC/gsearch/images/ |
43 B 308 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
logoBlueBackground.png
www.citibank.com.hk/COA/portal/themes/images/avatar1.4/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
landingnavbar.js
www.citibank.com.hk/COA/portal/themes/js/ |
2 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
registration.js
www.citibank.com.hk/JSO/js/ |
46 KB 10 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
jfpm.autocomplete.off.js
www.citibank.com.hk/JFP/js/modules/ |
1 KB 656 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
fp.js
www.citibank.com.hk/JSO/js/ |
15 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s_locale.js
step.citibank.com.hk/hk/ |
34 KB 15 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
banking.js
cold.citibank.com.hk/19237/ |
25 KB 12 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
CitiE2E.js
www.citibank.com.hk/JSO/js/ |
23 KB 8 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
jbaCommon.js
www.citibank.com.hk/JBA/common/js/ |
7 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
xfs.js
www.citibank.com.hk/views/js/ |
384 B 504 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
xss.js
www.citibank.com.hk/views/templates/ch/ |
872 B 663 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
logo_footer.gif
www.citibank.com.hk/chinese/images/ |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
cse.js
cse.google.com/cse/ Redirect Chain
|
5 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cse.css
www.cemefes.com/JPC/gsearch/css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
coa_sprite_1px.png
www.citibank.com.hk/COA/portal/themes/images/avatar1.4/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
global_sprite.png
www.citibank.com.hk/JFP/images/ |
69 KB 69 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
coa_sprite.png
www.citibank.com.hk/COA/portal/themes/images/avatar1.4/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
blackmenu_dd_bg.png
www.citibank.com.hk/COA/portal/themes/images/avatar1.4/needhelp/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
cross_line.gif
www.citibank.com.hk/COA/portal/themes/images/avatar1.4/needhelp/ |
67 B 331 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
branding_main.png
www.citibank.com.hk/COA/portal/themes/images/avatar1.4/needhelp/ |
12 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
bg_grad_01.gif
www.citibank.com.hk/JSO/signon/images/ |
177 B 442 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
signon_sprite.png
www.citibank.com.hk/JSO/signon/images/ |
610 B 876 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
citipriority.gif
www.citibank.com.hk/COA/portal/themes/images/avatar1.4/ |
362 KB 363 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s68677209590530
citiintl.122.2o7.net/b/ss/citiintlhongkongdev/1/H.27.5/ Redirect Chain
|
43 B 647 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
jfpw-megamenu-bg-citi.png
www.citibank.com.hk/JFP/images/widgets/ |
47 KB 48 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
jsapi
www.google.com/ |
26 KB 6 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
default+zh_CN.css
www.google.com/uds/api/search/1.0/45e50696e04f15ce6310843f10a3a8fb/ |
45 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
default.css
www.google.com/cse/static/style/look/v2/ |
14 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
default+zh_CN.I.js
www.google.com/uds/api/search/1.0/45e50696e04f15ce6310843f10a3a8fb/ |
300 KB 88 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
generate_204
www.googleapis.com/ |
0 133 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
dtpBg1_31.jpg
www.citibank.com.hk/COA/portal/themes/images/avatar1.4/chi/ |
178 KB 179 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
citi_MGM_logon_background-ch.jpg
www.citibank.com.hk/COA/portal/themes/images/avatar1.4/ |
51 KB 51 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
dac_logonbanner_ch.jpg
www.citibank.com.hk/COA/portal/themes/images/avatar1.4/ |
289 KB 290 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
async-ads.js
cse.google.com/adsense/search/ |
216 KB 69 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
clear.png
www.google.com/uds/css/v2/ |
1018 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
googlelogo_grey_46x15dp.png
www.google.com/cse/static/images/1x/ |
919 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
search_box_icon.png
www.google.com/uds/css/v2/ |
1018 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
generate_204
clients1.google.com/ |
0 42 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
l2gsY
step.citibank.com.hk/hk/ |
148 B 810 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
l2gsY
step.citibank.com.hk/hk/ |
148 B 810 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Citibank (Banking)669 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
number| data2 function| getData2 string| HOST string| PATH_FOLDERNAME string| PAGE_NAME undefined| __delayWidgetIns__disable undefined| liveBankInterval function| loadCSS function| createCookie function| readCookie function| loadPrefCSS function| showPrefCSS function| loadCookie function| unloadCookie function| getObjAttr function| isString undefined| resDate undefined| oldScreenID string| sCodeForVerify function| copySCAttr function| displayHostErrorsForJBA object| JFPWClass object| CJW function| doNothing function| mustOverrideMe object| JFP function| JFPObject boolean| isE2e object| openWins number| openWinsCount function| addWinToList function| closeOpenWins function| submitLinkPostForm function| submitLinkPostForm2 function| encryptE2e function| validateToken function| validateCredential function| validateCredentialOnClient function| validateRequired function| validateRequired2 function| validateMaxLength function| validateInputText function| isEmpty function| isWhitespace function| displayHelp object| _evt function| winMouseDown function| winSize function| popupWinSize function| getClickPos function| showPopup_W_XY function| showPopup_L_XY function| showPopup function| doPopup function| linkParentAndCloseSelf function| trim function| openPrintWin string| navClass undefined| L1 undefined| L2 undefined| L3 undefined| L4 function| hlMenu function| getCookie function| setCookie function| __closePrintWindow function| __oldOperaVersion function| isSubappBusy function| setSubappBusy function| setSubappBusy2 function| NS6OnClickHandler function| confirmGoW function| confirmGo function| requestWa function| ConfirmGo2 function| setBrowserAndDeviceWNName function| checkMyPFM function| mypfmCallback function| openPopupWin object| customer_portal_chat function| openGlobalChat boolean| foundFirstErrorTooltip object| firstErrorTooltipId boolean| firstFieldHasCSError function| callAjaxWithPostData function| callAjax function| callAjaxWithoutOTP function| callAjaxWithMenuHL function| confirmGoWHL function| normalCall function| callOverLay function| overLayClose function| panelWidgetLoop function| panelHeaderColorIconChange function| subscribePanelEvent function| tabWidgetLoop function| subscribeTabEvent function| tabVerticalWidgetLoop function| overLayWidgetLoop function| changeTabConfirm function| show_help function| hide_help function| submitFormInSubappByAjax function| submitFormNormal function| sublaybuttonWidgetLoop function| createSpinner function| spinnerBlock function| spinnerUnblock number| DIALOG_TYPE_GENERAL number| DIALOG_TYPE_ALERT number| DIALOG_TYPE_INFO number| DIALOG_TYPE_CONFIRM number| CONFIRM_TYPE_1 number| CONFIRM_TYPE_2 string| DEFAULT_BUTTON_LABEL_OK string| DEFAULT_BUTTON_LABEL_CANCEL string| DEFAULT_BUTTON_LABEL_YES string| DEFAULT_BUTTON_LABEL_NO string| DIALOG_ALERT_TITLE string| DIALOG_INFO_TITLE string| DIALOG_CONFIRM_TITLE string| BUTTON_STYLE_BLUE string| BUTTON_STYLE_WHITE string| BUTTON_ALIGN_LEFT string| BUTTON_ALIGN_RIGHT number| DEFAULT_OVERLAY_WIDTH number| DEFAULT_OVERLAY_HEIGHT number| DEFAULT_DIALOG_WIDTH number| DEFAULT_DIALOG_HEIGHT number| POPUPDIALOG_COUNT number| FIXED_WIDTH_SPACING number| FIXED_HEIGHT_SPACING number| MAX_HEIGHT number| MAX_WIDTH number| MIN_HEIGHT_WITH_FOOTER number| MIN_HEIGHT_WITHOUT_FOOTER number| MIN_WIDTH_WITH_FOOTER number| MIN_WIDTH_WITHOUT_FOOTER number| GENERAL_PADDING_BOTTOM_SPACING number| HEIGHT_OF_FOOTER object| ALERT_BUTTONS object| INFO_BUTTON_LABLES object| CONFIRM_1_BUTTONS object| CONFIRM_2_BUTTONS function| initCoaOverlay function| initOverlay function| closeAllTooltip function| initButton function| getButtonsHtml function| getButtonDivHtml function| createButtons function| initializeCommonComponents function| initializeCommonComponentsOverlayFooter function| measureSize function| resize function| call_ajax_for_commonOverlay function| closeCommonOverlay function| closeOverlayNoDes function| cancelFormNormal function| createPrintAreaDiv function| widgetForExport function| validateformatSelectForExport function| signOffPopupWin function| signOffXsellOK string| COMMON_ERROR_TOOLTIP_POSITION string| COMMON_ERROR_TOOLTIP_POSITION_JBA string| COMMON_ERROR_TOOLTIP_FUNCTION_JBA object| errorToolTipErrorMessage object| errorToolTipFocusID boolean| CSValidationForFocus string| errorToolTipform function| validateFormForToolTipError function| generateCSValidation function| generateCSValidationForField function| validateFieldForToolTipDP4 function| errorTooltipHandlingForMSG function| validateFieldForToolTipDP4ForFun boolean| validateClientFirstError object| validateClientFirstField object| validateClientFirstErrorFunction object| validateClientFirstErrorPosition function| validateFieldForToolTip function| validateFormForToolTip function| repositionErrorTooltip function| confirmCancelHandler function| renderData function| blueButtonWidgetLoop function| whiteButtonWidgetLoop function| closePanel function| allOverlayClose function| allCoaOverlayClose function| setDynamicContentFlag function| bindClearDCFlagFuncToCloseEvent object| overlayConfiguration function| configureOverlay function| showStaticContentInOverlay function| showDynamicContentInOverlay function| showAlertDialog function| showConfirmDialog function| setDynamicOverlayElements function| setOverlayHeaderElements function| setOverlayTitle function| setOverlaySubtitle function| setOverlayProgressIndicator function| setOverlayDisclaimerFooter function| setOverlayButtons function| setOverlayHeader function| realignTopMostOverlay function| $ function| jQuery function| DP_jQuery_1520821202105 object| _subscribe_topics object| _subscribe_handlers function| _subscribe_getDocumentWindow undefined| mixin function| $jq function| doOnload function| doUnload function| doBeforeUnload function| setwncookie object| jQuery19107588228418851524 function| DP_jQuery_1520821202121 string| s_account string| locationName string| reportSuites object| s function| s_doPlugins string| s_code string| s_objectID function| s_gi function| s_giqf string| omtr_omnitureRSID string| omtr_internalDomain string| omtr_countryID string| omtr_siteID string| omtr_externalcampaignID string| omtr_internalcampaignID string| omtr_charSet string| omtr_timezone string| omtr_currency string| omtr_pagePrefix string| s_an function| s_sp function| s_jn function| s_rep function| s_d function| s_fe function| s_fa function| s_ft object| s_c_il number| s_c_in number| s_giq string| spinnerDisPhrase string| DEFAULT_SPINNER_TEXT function| reqDetect boolean| isSearchResults function| gssCallback function| gsearch boolean| jpcFirstClickToSearch function| jpcClickToSearch function| renderSearchControls object| __gcse object| imgNames object| re object| match number| selectedTab string| bgDivSelector function| initializeImages function| appendImages function| imageLoaded number| counter function| activateTabLinks string| alphanum object| upperCase object| lowerCase object| acctPattern number| acctMinLength number| acctMaxLength object| unamePattern object| unamePattern1 object| unamePattern2 number| unameMinLength number| unameMaxLength string| polishchars string| specialchars object| pwdPattern0 object| pwdPattern1 object| pwdPattern2 object| pwdPattern3 number| pwdMinLength number| pwdMaxLength boolean| clientSidePwdValidation object| pwdCriteria boolean| emailRequired object| emailPattern number| minSecretLength number| maxSecretLength object| cvv2Pattern number| cvv2MinLength number| cvv2MaxLength number| creditLimitMinAmt number| creditLimitMaxAmt number| expDateMinLength number| expDateMaxLength number| dobMinLength number| dobMaxLength object| dobPattern number| postalCodeMinLength number| postalCodeMaxLength number| homeNoMinLength number| homeNoMaxLength number| officeNoMinLength number| officeNoMaxLength number| billToOptMinLength number| billToOptMaxLength number| paymentOptMinLength number| paymentOptMaxLength number| mmnMinLength number| mmnMaxLength number| CURRENCY_MAX_LENGTH number| NUM_OF_SEQ_CHARS string| CONFIRM_ANSWER_LABEL_LAYER string| CONFIRM_ANSWER_LAYER undefined| tempCA undefined| tempCCA boolean| confirmCAshown string| goodQIDs boolean| validateCAOnErrScreen string| normalizationCharSet object| cvv2Errors object| creditLimitErrors object| dateOfBirthErrors object| expiredateErrors object| homePhoneNoErrors object| primesecIndErrors object| acctNumberErrors object| nationalIDErrors object| residentCardErrors object| cfiErrors object| passportErrors object| dninifErrors object| icNumberErrors object| memberSinceErrors object| mobilePhoneNumberErrors object| cardNumberErrors boolean| signonError boolean| displaySignonError boolean| allownextpopup boolean| pwdCaseSensitive object| toolTipErrorMsg function| captchaValidation function| cinValidation function| pinValidation function| cvv2Validation function| creditLimitValidation function| accountNumberValidation function| usernameRegValidation function| usernameRegValidationInline function| checkCurrentPwd function| checkPwd function| checkCurrentPwdInline function| checkPwdInline function| checkPin function| passwordRegValidation function| passwordRegValidationUS function| passwordRegValidationInline function| currentPasswordValidation function| currentPasswordValidationInline function| validateEmail function| pwdMetCriteria function| resetPwdCriteria function| checkPwdOnline function| checkCfmPwdOnline object| chr function| alphaNumericToAscii function| validSequence function| isSimilar function| removeNCS function| checkAgreement function| setOption function| selectedDropDown function| updateLPCount number| ruleType_atLeast number| ruleType_cannotContain function| getDateFormatForTipDatepicker boolean| sentForm boolean| vkbSupported string| otpRequired function| signOnUnamePwd function| signOnUname function| signOnPwd function| signOnCap function| clearSignonScreen function| pwdValidation function| pwdValidationInline function| passwordValidation function| usernameValidation object| cinPattern number| cinMinLength number| cinMaxLength object| pinPattern number| pinMinLength number| pinMaxLength string| logonIDTypeName undefined| logonIDTypeParams undefined| lgonIDTypePreselected boolean| pinPadSupported undefined| currentForm undefined| currentSignonUI undefined| currentLogonIDType string| RANGE boolean| clearFormOnError object| alphaPattern object| alphaNumPattern object| numPattern object| expDatePattern number| ALPHA_TYPE number| ALPHANUMERIC_TYPE number| NUMERIC_TYPE number| DATE_TYPE string| FERR string| EERR string| LERR string| LRERR string| ZERR number| MMDDYYYY number| DDMMYYYY number| YYYYMMDD undefined| addlCharsAllowed string| whitespace boolean| mtSupported function| displayNickname function| accessLayer function| getLogonIDType function| initVars function| preselectItem function| onSelectLogonID function| clearForm function| selectRegForm function| clearRegForm function| closeKeyPad function| isAdditionalItemValid function| validateExpDate function| validateAlpha function| validateAlphaNumeric function| validateNumeric function| getDatePattern function| getDatePattern2 function| isValidDate string| SEP function| getTimeZone function| getResolution function| getColorDepth function| populateClientData function| setPwdKeyOptions function| isGALayout function| modifyTargetDIVObject object| jso_common_tooltip_validation function| jso_common_tooltip_validation_do_check object| jso_common_dialog number| MMYY object| JSODateTool function| $autocomplete function| disableAutocomplete function| populateClientData4RBA function| activeXDetect function| stripIllegalChars function| stripFullPath object| BrowserDetect function| Hashtable function| IE_FingerPrint function| Mozilla_FingerPrint function| Opera_FingerPrint function| detectFields string| PAIR string| DEV function| FingerPrint function| urlEncode function| encode_deviceprint function| decode_deviceprint function| post_deviceprint function| post_fingerprints function| add_deviceprint function| form_add_data function| form_add_deviceprint function| asyncpost_deviceprint string| gpPlsMyCitiUserName boolean| validate boolean| validatePwdLength boolean| captchaSupported string| gpPlsMyCitiUsrId string| gpPlsMyCitiPass string| gpPlsMyCitiCap string| gpDashOnCookiedScreen string| gpErrorOnUserIDSelect string| gpEnterOTP string| gpMyCitiCond string| gpMyCitiPassCond string| pwdFormat string| usernameSameAsPwd object| unamePwd function| jsoCallAjax function| JSOOnload boolean| callJSOOnload undefined| SYNC_TOKEN_VALUE undefined| localInputConfig function| setDefaultFocus object| list object| Mask string| isFormEncryptionSupported string| strList string| ENCRYPT_FIELD_SEP string| ENCRYPTED_STRING_SEP string| PublicKeyMo string| PublicKeyEx string| eid function| getByteArray number| dbits boolean| j_lm function| BigInteger function| nbi function| am1 function| am2 function| am3 number| BI_FP string| BI_RM object| BI_RC number| rr number| vv function| int2char function| intAt function| bnpCopyTo function| bnpFromInt function| nbv function| bnpFromString function| bnpClamp function| bnToString function| bnNegate function| bnAbs function| bnCompareTo function| nbits function| bnBitLength function| bnpDLShiftTo function| bnpDRShiftTo function| bnpLShiftTo function| bnpRShiftTo function| bnpSubTo function| bnpMultiplyTo function| bnpSquareTo function| bnpDivRemTo function| Classic function| cConvert function| cRevert function| cReduce function| cMulTo function| cSqrTo function| bnpInvDigit function| Montgomery function| montConvert function| montRevert function| montReduce function| montSqrTo function| montMulTo function| bnpIsEven function| bnpExp function| bnModPowInt function| bnpBitwiseTo function| op_xor function| bnXor function| lbit function| parseBigInt function| pkcs1pad2B function| randomBytes function| pkcs1pad2 function| RSAKey function| des function| des_createKeys function| stringToHex function| encryptPIN function| encryptData function| rsaEncryptPIN function| fromHexToString function| generateRandomString function| padClearPIN2 function| padClearPIN function| padPINField function| DES_Encrypt function| pubKeyCheck function| FormatAmt function| FormatAmtWithoutCurrCode function| appendThousandSeperator function| removeLeadingZero function| replace function| sfClearCred function| sfClearTanCred function| SubmitForm function| encryptSensitiveFields function| callEncryptionAPI function| encryptFormFields function| getEncryptionString function| createHtmlAttribute function| ltrim function| rtrim function| encryptSensitiveData function| getEncryptedData function| urlencode function| getFinalURL object| child_win function| launchPopup function| tv object| todayAd number| li string| s_prop_26 number| d object| eo number| y object| s_i_0_citiintl string| disclaimerFlag function| getParentLocation function| isSelfLoc function| isXFSWhiteListed string| parentLocation boolean| XFSWhitelisted string| $arrow number| googleLT_ object| google object| Y function| google_exportSymbol function| google_exportProperty string| UDS_ServiceBase string| UDS_ApiKey boolean| UDS_KeyVerified boolean| UDS_LoadFailure string| UDS_CurrentLocale string| UDS_ShortDatePattern string| UDS_Version string| UDS_JSHash function| GwebSearch function| GcustomwebSearch function| GbookSearch function| GblogSearch function| GvideoSearch function| GnewsSearch function| GlocalSearch function| GimageSearch function| GcustomimageSearch function| GpatentSearch function| GSearch function| GSearchControl function| GSearchForm function| GsearcherOptions function| GdrawOptions object| ___so19237 string| PSESSIONID string| SSESSIONID object| regex string| LSESSIONID object| __tp number| __gt function| _googCsa number| nextSearchboxId string| jsonpCallback function| xziduqblfqavywmd function| uhpbcnvlbfmoqwrp number| googleNDT_ number| useGwsAfdAdRequestPath_ number| _googCsaShowAfdSurvey number| _googCsaAlwaysHttps number| googleAltLoader9 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.www.cemefes.com/ | Name: s_invisit Value: true |
|
.www.cemefes.com/ | Name: s_nr Value: 1520821202186-New |
|
.www.cemefes.com/ | Name: s_vnum Value: 1522540800186%26vn%3D1 |
|
.www.cemefes.com/ | Name: s_fid Value: 0518F6930FF8C5B6-226D584433AD0BE3 |
|
.www.cemefes.com/ | Name: s_cc Value: true |
|
.www.cemefes.com/ | Name: s_gpv_products Value: no%20value |
|
.www.cemefes.com/ | Name: s_gpv_pageName Value: HKGCB%7CJSO%7CSign%20On%7CSign%20On%20Screen%7CScreen%201 |
|
.www.cemefes.com/ | Name: s_sq Value: %5B%5BB%5D%5D |
|
www.cemefes.com/ | Name: AdTrack Value: pageHistory|Signon.713.200 |
7 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
citiintl.122.2o7.net
clients1.google.com
cold.citibank.com.hk
cse.google.com
step.citibank.com.hk
www.cemefes.com
www.citibank.com.hk
www.google.com
www.googleapis.com
104.109.69.151
122.248.242.116
172.217.22.68
172.217.22.78
172.82.228.21
216.58.208.42
54.251.98.0
72.52.225.22
02e914d662a69eced4c81653e4b1b9ecb48bcd82c4993fcdb72d2b798f51c65e
075f088602d2f3b26de653c716e801cae8797ffcde77aae2205e830db4d23ed2
0d8a9bd61995a8ef16f1d02e26d05743a6eeaa1906f26078b956c8f6ec19f5ac
15a020d0ea4e347932020c2eb0ade98dd6a7b8a669535746079c0771693496e4
16b1e7fdb4b35a9a5ed992e3a985e2bcfce5279e29b5e8669df2f8912517f84c
329d1a750114920332eadc55c129957d9dbe5a1b25745e2f7e0ed4fad75e04cd
353ffb011702583f5c79b832f53300692bf3baf6e17bc100befd502213a36ab5
36a2ca5b2b63b1ae07bd94f0103d1275723de1f3fa79d32c730070d9f362e0ad
4270ce274c7567c028183ef07521758889413ebcdd7a4dc81ffc702af3f5ba28
430ebd7dc8d4b9bc0c9a008ea0b434414a0261ec6d8c16da9a81d1c7ad8f9dc6
431c61b57b273c885465d1fe5af1ec86e2c57a628e4cbe2e3b3a5317454062c1
44cc48bbfb5d35230cc092dbbec6d810ee76aa1031eb3188284316ca14f1a49d
47838fabc5d78b860b1ec7224b420092a48fcbd7350ff70234aa1adbfcaaae93
527b61fb762503e755c4acc87835804b58a85065fb8919f24a63ce139e4624aa
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
57dfac1c72c5773891bea44c528fb1f94dd18b3a649b228ef7a21cb815ba50ec
5f363048c7ccc9d479fc6649e5c5e710b0bd59472ade1a558bf4c90fc5ff9772
628d67bc7bf13859bdd5345ec7a3c5913f3f8090c5b7c14ce2ed3557ad2a717a
6d0269f7c71db6574fbc9e273873394c8ed8aacf6e790b42c65e8b28bc49efe7
6f9ac775b1217808a69b31167495923a58fc56c144b9ca238802ef9de44192bc
72d4175bacbbc61b9b282dc40b8e796bc60575e2b743a27a01968a50a7612a76
76a0d76f135419f4d00213037cda0cba949a0372e01ab6a1d70072008a56bd18
77c9db78329062d09976f16c02030ea0d62d8a2d81316f1b333a3ff1c95984e2
7992a3c9e2d1ee57b072892fd562ef5b643e24cade29eeafd7471d0534834d58
79c2fd99700ad1372b6e6b3a76ccd8badd901bd5b6701bf1fc9b9e3d3f68f830
79fb431f987bf227609aa3f2ca6d74dc9ee97f1f4634ee2893a52129219e2a73
8bdfa79965c91c60500c2b26d9eaaf6d9ec3f7de22d4e7dc4369d48d07d721ce
8c16e0065584a91793c42e061307d6f6e2e520ad8a93c089d7bc006f1d62f907
8d5a5097b232843507222b7645e795178421f1f61916f4e5ff2092539426f2f5
9b68eca05b07c307e6756024c00c8ece08558c8a63c111ead6635bfadfb62909
a1b9bff84d3e757590d4d5af6505890f2c457a20822c1bc50c8de062f6c4985e
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a545169923ae1d6a80d1bc8d2f19779349833533ed1d1cc2de6b93a6dfc526f2
a68642a2f363b5bbe08a70645d10e7a33d161236e798f2121f0e87983694d6e2
a844cdc48c7591822e45128a138f1dbba5753a3ca9992bd71c36758d51d0b68e
abbca11f3d032d1ec50aacf7afe55d65d0175c881ede4cd85e76bc1b4535e672
ad8b57f80f73fc665fb591fb09b3d8011241c2f7cdca7e95a49f5348135de532
b48d0f5642f0ba610baf58389092e75f0686934b1bbbdb587f90dc0b0a1a8abe
b7c81fca7c283cc54915d1f9486d31be31396d182fef700bc10ad530f7be8bd0
c0507271066f7888b0f7ce985b0446982a6ba005ed26be162c334b39df9acc5c
cdd4c9906ecea69d18955f755727280746ddf4a0b5c08f3d7ee028ae749ddffd
df8bf7397c743e8a8f3cb2a614f0e1598e56236da9015991d92894cc56585177
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ee2f21bbae232aa81e5013c7fd53bb4ec8abf8f80aa4d8b8b28173cce73094c2
f2ec3fcac971772fd26119bb87aff1c3043c8860280c2016de4b40a433fed28f
fcc58f7b882a3e0886f9ac3efea58ec80c795f5ca26bf5e952a573bdb0addc06