ref273.com
Open in
urlscan Pro
162.0.215.181
Malicious Activity!
Public Scan
URL:
https://ref273.com/govuk-apply/banks/online.citi.eu/Login.php?sslchannel=true&sessionid=wA2mwjK57OXI93tyBsQoh69Wdj6...
Submission: On January 14 via automatic, source phishtank
Submission: On January 14 via automatic, source phishtank
Summary
This website contacted 3 IPs
in 2 countries
across 3 domains to perform 48 HTTP transactions.
The main IP is 162.0.215.181, located in
Canada and
belongs to NAMECHEAP-NET, US.
The main domain is ref273.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on January 13th 2021. Valid for: a year.
This is the only time ref273.com was scanned on urlscan.io!
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on January 13th 2021. Valid for: a year.
This is the only time ref273.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Citibank (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 44 | 162.0.215.181 162.0.215.181 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
| 1 2 | 15.237.136.106 15.237.136.106 | 16509 (AMAZON-02) (AMAZON-02) | |
| 48 | 3 |
44
162.0.215.181
(Canada)
ASN22612 (NAMECHEAP-NET, US)
PTR: business110-4.web-hosting.com
ASN22612 (NAMECHEAP-NET, US)
PTR: business110-4.web-hosting.com
| ref273.com |
2
15.237.136.106
(Paris, France)
ASN16509 (AMAZON-02, US)
PTR: ec2-15-237-136-106.eu-west-3.compute.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: ec2-15-237-136-106.eu-west-3.compute.amazonaws.com
| citiintl.122.2o7.net |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 44 |
ref273.com
ref273.com |
1 MB |
| 2 |
2o7.net
1 redirects
citiintl.122.2o7.net |
2 KB |
| 0 |
citi.eu
Failed
rail.citi.eu Failed bottle.citi.eu Failed online.citi.eu Failed |
|
| 48 | 3 |
| Domain | Requested by | |
|---|---|---|
| 44 | ref273.com |
ref273.com
|
| 2 | citiintl.122.2o7.net |
1 redirects
ref273.com
|
| 0 | online.citi.eu Failed |
ref273.com
|
| 0 | bottle.citi.eu Failed |
ref273.com
|
| 0 | rail.citi.eu Failed |
ref273.com
|
| 48 | 5 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| ref273.com Sectigo RSA Domain Validation Secure Server CA |
2021-01-13 - 2022-01-13 |
a year | crt.sh |
| *.122.2o7.net DigiCert SHA2 High Assurance Server CA |
2019-04-23 - 2021-04-27 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://ref273.com/govuk-apply/banks/online.citi.eu/Login.php?sslchannel=true&sessionid=wA2mwjK57OXI93tyBsQoh69Wdj6w32We6ALoHUL7jsXQLewdBzlf1X4D8IHH1RbxSuMbxUsdDFnJBvYCObwIld38DfA3W9sI8VfpZ2I2i5kNuKFfa7uV1RZO2DaERSEqNm
Frame ID: DB9160020EC6D6F27BCA89FACA787EDE
Requests: 48 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 39- https://citiintl.122.2o7.net/b/ss/citiintlipb/1/H.25/s89454524424219?AQB=1&ndh=1&t=14%2F0%2F2021%203%3A50%3A5%204%20-60&ce=UTF-8&ns=citi&cdp=2&pageName=GBIPB%7CRAU%7CFirst%20Signon%20page%20-UK&g=https%3A%2F%2Fref273.com%2Fgovuk-apply%2Fbanks%2Fonline.citi.eu%2FLogin.php%3Fsslchannel%3Dtrue%26sessionid%3DwA2mwjK57OXI93tyBsQoh69Wdj6w32We6ALoHUL7jsXQLewdBzlf1X4D8IHH1RbxSuMbxUsdDFnJBvYCObwIld38DfA3W9sI8VfpZ2I2i5kNuKFfa7uV1RZO2DaERSEqNm&cc=EUR&ch=GBIPB%7CSignon&server=GBIPB%20Online&events=event16&c1=UK%20Signon%20page&v1=GBIPB%7CRAU%7CFirst%20Signon%20page%20-UK&c2=UK%20Signon%20page&c3=UK%20Signon%20page&c5=anon&v5=anon&c6=3&v6=3&c7=3%3A30AM&v7=3%3A30AM&c8=Thursday&v8=Thursday&c9=IPB&c10=EN&c11=Signon%20page&v11=New&c12=Citibank%20IPB&v13=1&v16=EN&c17=New&c18=1&c23=EN%3EGBIPB%7CRAU%7CFirst%20Signon%20page%20-UK&c38=jSignon_200&c49=https%3A%2F%2Fref273.com%2Fgovuk-apply%2Fbanks%2Fonline.citi.eu%2FLogin.php%3Fsslchannel%3Dtrue%26sessionid%3DwA2mwjK57OXI93tyBsQoh69Wdj6w32We6ALoHUL7jsXQLewdBzlf1X4D8IHH1RbxSuMbxUsdDFnJBvYCObwIld38DfA3W9sI8VfpZ2I2i5kNuKFfa7uV1RZO2DaERSEqNm&c50=Citi%20Intl%20s_code%20v2.3%20-%2020120817%7C%20SiteCatalyst%20Base%20Code%20H25&h1=Online%20Banking%20Signon%20-%20UK&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1 HTTP 302
- https://citiintl.122.2o7.net/b/ss/citiintlipb/1/H.25/s89454524424219?AQB=1&pccr=true&vidn=2FFFD8AEC55352E5-60001603C07E6F0C&ndh=1&t=14%2F0%2F2021%203%3A50%3A5%204%20-60&ce=UTF-8&ns=citi&cdp=2&pageName=GBIPB%7CRAU%7CFirst%20Signon%20page%20-UK&g=https%3A%2F%2Fref273.com%2Fgovuk-apply%2Fbanks%2Fonline.citi.eu%2FLogin.php%3Fsslchannel%3Dtrue%26sessionid%3DwA2mwjK57OXI93tyBsQoh69Wdj6w32We6ALoHUL7jsXQLewdBzlf1X4D8IHH1RbxSuMbxUsdDFnJBvYCObwIld38DfA3W9sI8VfpZ2I2i5kNuKFfa7uV1RZO2DaERSEqNm&cc=EUR&ch=GBIPB%7CSignon&server=GBIPB%20Online&events=event16&c1=UK%20Signon%20page&v1=GBIPB%7CRAU%7CFirst%20Signon%20page%20-UK&c2=UK%20Signon%20page&c3=UK%20Signon%20page&c5=anon&v5=anon&c6=3&v6=3&c7=3%3A30AM&v7=3%3A30AM&c8=Thursday&v8=Thursday&c9=IPB&c10=EN&c11=Signon%20page&v11=New&c12=Citibank%20IPB&v13=1&v16=EN&c17=New&c18=1&c23=EN%3EGBIPB%7CRAU%7CFirst%20Signon%20page%20-UK&c38=jSignon_200&c49=https%3A%2F%2Fref273.com%2Fgovuk-apply%2Fbanks%2Fonline.citi.eu%2FLogin.php%3Fsslchannel%3Dtrue%26sessionid%3DwA2mwjK57OXI93tyBsQoh69Wdj6w32We6ALoHUL7jsXQLewdBzlf1X4D8IHH1RbxSuMbxUsdDFnJBvYCObwIld38DfA3W9sI8VfpZ2I2i5kNuKFfa7uV1RZO2DaERSEqNm&c50=Citi%20Intl%20s_code%20v2.3%20-%2020120817%7C%20SiteCatalyst%20Base%20Code%20H25&h1=Online%20Banking%20Signon%20-%20UK&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
48 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
Login.php
ref273.com/govuk-apply/banks/online.citi.eu/ |
73 KB 16 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
main.css
ref273.com/govuk-apply/banks/online.citi.eu/COA/portal/themes/css/avatar1.4/ |
90 B 454 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
amw.js
ref273.com/govuk-apply/banks/online.citi.eu/JFP/amw/ |
1 KB 1014 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.combined.ddl.js
ref273.com/govuk-apply/banks/online.citi.eu/JFP/js/common/ |
327 KB 94 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
JFPNav.js
ref273.com/govuk-apply/banks/online.citi.eu/JPS/portal/js/ |
23 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
fp_AA.js
ref273.com/govuk-apply/banks/online.citi.eu/CMAMT/js/ |
15 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
dp.js
ref273.com/govuk-apply/banks/online.citi.eu/COA/iovation/js/ |
13 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jfpm.autocomplete.off.js
ref273.com/govuk-apply/banks/online.citi.eu/JFP/js/modules/ |
1 KB 723 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
includes.js
ref273.com/govuk-apply/banks/online.citi.eu/COA/portal/themes/js/ |
99 B 485 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jfp.combined.js
ref273.com/govuk-apply/banks/online.citi.eu/JFP/js/common/ |
435 KB 112 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jfp.datagrid.js
ref273.com/govuk-apply/banks/online.citi.eu/JFP/js/widgets/ |
249 KB 68 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
common.js
ref273.com/govuk-apply/banks/online.citi.eu/COA/common/js/ |
53 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
mySecgat.js
ref273.com/govuk-apply/banks/online.citi.eu/COA/portal/themes/js/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
selectbox-widget.js
ref273.com/govuk-apply/banks/online.citi.eu/COA/portal/reskin/js/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
blue-banner-header.jpg
ref273.com/govuk-apply/banks/online.citi.eu/COA/portal/themes/images/avatar1.4/ |
13 KB 14 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
login.gif
ref273.com/govuk-apply/banks/online.citi.eu/COA/portal/themes/images/avatar1.4/ |
1 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
registratione138.js
ref273.com/govuk-apply/banks/online.citi.eu/JSO/js/ |
37 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bg_signon_top.gif
ref273.com/govuk-apply/banks/online.citi.eu/JSO/signon/images/ |
232 B 553 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
sign_on.jpg
ref273.com/govuk-apply/banks/online.citi.eu/JSO/signon/images/ |
839 B 1 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
avatar1.4_override_regional.css
ref273.com/govuk-apply/banks/online.citi.eu/COA/portal/themes/css/avatar1.4/ |
17 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
xss.js
ref273.com/govuk-apply/banks/online.citi.eu/gcb/js/ |
2 KB 980 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
xfs.js
ref273.com/govuk-apply/banks/online.citi.eu/gcb/js/ |
2 B 334 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
footer_logo.gif
ref273.com/govuk-apply/banks/online.citi.eu/COA/portal/themes/images/avatar1.4/ |
708 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ovrl-post.min.js
ref273.com/govuk-apply/banks/online.citi.eu/JPS/portal/js/ |
88 KB 53 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
s_code.js
ref273.com/govuk-apply/banks/online.citi.eu/JPC/portal/js/ |
44 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
JPPTemp.css
ref273.com/govuk-apply/banks/online.citi.eu/JFP/css/common/ |
245 KB 35 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
avatar1.4_override.css
ref273.com/govuk-apply/banks/online.citi.eu/COA/portal/themes/css/avatar1.4/ |
250 KB 46 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
common.js
rail.citi.eu/track/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
avatar.js
bottle.citi.eu/50102/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
JPCNav.js
ref273.com/COA/common/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
snare.js
ref273.com/govuk-apply/banks/mpsnare.iesnare.com/ |
315 B 622 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
static_wdp.js
ref273.com/govuk-apply/banks/online.citi.eu/wdp-service/latest/ |
29 KB 12 KB |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
background.jpg
ref273.com/govuk-apply/banks/online.citi.eu/COA/portal/themes/images/avatar1.4/ |
562 B 884 B |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
main_nav_bg.gif
ref273.com/govuk-apply/banks/online.citi.eu/COA/portal/themes/images/avatar1.4/ |
45 B 365 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
signoff_bg.gif
ref273.com/govuk-apply/banks/online.citi.eu/COA/portal/themes/images/avatar1.4/ |
153 B 474 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bottom-shade.png
ref273.com/govuk-apply/banks/online.citi.eu/COA/portal/themes/images/avatar1.4/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bg_grad_01.gif
ref273.com/govuk-apply/banks/online.citi.eu/JSO/signon/images/ |
177 B 498 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
pic_lock_small.gif
ref273.com/govuk-apply/banks/online.citi.eu/JSO/signon/images/ |
286 B 607 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
arr_right_small.gif
ref273.com/govuk-apply/banks/online.citi.eu/JSO/signon/images/ |
57 B 377 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
dyn_wdp.js
ref273.com/govuk-apply/banks/online.citi.eu/wdp-service/latest/ |
2 KB 2 KB |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
s89454524424219
citiintl.122.2o7.net/b/ss/citiintlipb/1/H.25/ Redirect Chain
|
43 B 292 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jfpw-megamenu-bg-citi.png
ref273.com/govuk-apply/banks/online.citi.eu/JFP/images/widgets/ |
47 KB 47 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
LargeWhiteCarat.png
ref273.com/govuk-apply/banks/online.citi.eu/COA/portal/themes/images/avatar1.4/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
HomePage_Endless.jpg
ref273.com/govuk-apply/banks/online.citi.eu/COA/portal/themes/images/avatar1.4/ |
156 KB 156 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
logo.js
online.citi.eu/wdp-service/4.1.6/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
HomePage_Wheely.jpg
ref273.com/govuk-apply/banks/online.citi.eu/COA/portal/themes/images/avatar1.4/ |
121 KB 122 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
HomePage_West.jpg
ref273.com/govuk-apply/banks/online.citi.eu/COA/portal/themes/images/avatar1.4/ |
257 KB 257 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
HomePage_Hotel.jpg
ref273.com/govuk-apply/banks/online.citi.eu/COA/portal/themes/images/avatar1.4/ |
111 KB 111 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- rail.citi.eu
- URL
- https://rail.citi.eu/track/common.js
- Domain
- bottle.citi.eu
- URL
- https://bottle.citi.eu/50102/avatar.js
- Domain
- online.citi.eu
- URL
- http://online.citi.eu/wdp-service/4.1.6/logo.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Citibank (Banking)616 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated string| data2 function| getData2 string| HOST string| PATH_FOLDERNAME string| PAGE_NAME undefined| hpToken undefined| hpTokenLite string| customerType undefined| __delayWidgetIns__disable function| $ function| jQuery function| DP_jQuery_1610592605212 function| isSubappBusy string| warnType string| lockType string| displayType string| displayPhrase string| displayPhrase2 string| LOCK string| WARN string| logOffWhenCancelled string| suppressWarn string| suppressLock boolean| isE2e object| openWins number| openWinsCount string| execFuncName function| addWinToList function| closeOpenWins function| confirmGo function| ConfirmGo function| setSubappBusy function| setSubappBusy2 function| ConfirmGo2 function| submitLinkPostForm function| submitLinkPostForm2 function| encryptE2e function| validateToken function| validateCredential function| validateCredentialOnClient function| validateRequired function| validateRequired2 function| validateMaxLength function| validateInputText function| getCookie function| setCookie function| isEmpty function| isWhitespace function| displayHelp function| OnClickHandler function| NS6OnClickHandler object| _evt function| winMouseDown function| winSize function| popupWinSize function| getClickPos function| showPopup_W_XY function| showPopup_L_XY function| showPopup function| doPopup function| linkParentAndCloseSelf function| trim function| openPrintWin function| openPopupWin string| navClass undefined| L1 undefined| L2 undefined| L3 undefined| L4 function| hlMenu number| TimerId number| NumExt boolean| bTimerId number| ExpireId boolean| bExpireId function| TimeStamp function| clrScrTOwinp function| setScrTO function| TerminateTO function| GetTimeDiff function| getmoretime function| clrExpireId function| checkTimeOverlay function| extendServerClientTimeOut function| doOnload function| doUnload function| setBrowserAndDeviceWNName function| checkMyPFM function| mypfmCallback function| loadCSS function| createCookie function| readCookie function| loadPrefCSS function| showPrefCSS function| loadCookie function| unloadCookie function| getObjAttr function| isString undefined| resDate undefined| oldScreenID string| sCodeForVerify function| copySCAttr function| activeXDetect function| stripIllegalChars function| stripFullPath object| BrowserDetect function| Hashtable function| IE_FingerPrint function| Mozilla_FingerPrint function| Opera_FingerPrint function| detectFields string| SEP string| PAIR string| DEV function| FingerPrint function| urlEncode function| encode_deviceprint function| decode_deviceprint function| post_deviceprint function| post_fingerprints function| add_deviceprint function| form_add_data function| form_add_deviceprint function| asyncpost_deviceprint object| dp function| fp_bb_callback function| io_bb_callback function| urlencodeDP function| $autocomplete function| disableAutocomplete string| iOvation_URL_List boolean| devicePrintEnabled boolean| io_install_stm number| io_exclude_stm boolean| io_install_flash boolean| io_enable_rip string| thirdPartyURL string| firstPartyURL_Static string| firstPartyURL_Dyn string| blackboxNotAvailable string| firstPartyBlackboxId_param string| thirdPartyBlackboxId_param object| options string| domainName string| JFP_CSRF_TOKEN object| OBJ_JFP_CSRF_TOKEN boolean| isCSRFAutomationEnabled function| isValidDomain function| isValidUrl function| addExtraField function| iScv4MB5C2H2g function| XuGvCYNQKYAqnyX function| XpTN5JH8QJryamT object| JFPWClass object| JFPAJAXCSRF string| normalDomain object| CJW function| doNothing function| mustOverrideMe object| JFP function| JFPObject boolean| foundFirstErrorTooltip object| firstErrorTooltipId boolean| firstFieldHasCSError object| _subscribe_topics object| _subscribe_handlers function| _subscribe_getDocumentWindow undefined| mixin function| $jq object| jQuery19106427851119523462 function| DP_jQuery_1610592605397 object| xmlJsonClass function| tableToGrid function| f1 function| callAjax function| callAjaxWithPostData function| callAjaxWithPostDataforHp function| callAjaxWithMenuHL function| confirmGoWHL function| normalCall function| callOverLay function| overLayClose function| panelWidgetLoop function| panelHeaderColorIconChange function| subscribePanelEvent function| tabWidgetLoop function| subscribeTabEvent function| tabVerticalWidgetLoop function| overLayWidgetLoop function| changeTabConfirm function| show_help function| hide_help function| submitFormInSubappByAjax function| submitFormNormal function| sublaybuttonWidgetLoop function| createSpinner function| spinnerBlock function| spinnerUnblock function| spinnerUnBlock number| DIALOG_TYPE_GENERAL number| DIALOG_TYPE_ALERT number| DIALOG_TYPE_INFO number| DIALOG_TYPE_CONFIRM number| CONFIRM_TYPE_1 number| CONFIRM_TYPE_2 string| DEFAULT_BUTTON_LABEL_OK string| DEFAULT_BUTTON_LABEL_CANCEL string| DEFAULT_BUTTON_LABEL_YES string| DEFAULT_BUTTON_LABEL_NO string| DIALOG_ALERT_TITLE string| DIALOG_INFO_TITLE string| DIALOG_CONFIRM_TITLE string| DEFAULT_SPINNER_TEXT string| BUTTON_STYLE_BLUE string| BUTTON_STYLE_WHITE string| BUTTON_ALIGN_LEFT string| BUTTON_ALIGN_RIGHT number| DEFAULT_OVERLAY_WIDTH number| DEFAULT_OVERLAY_HEIGHT number| DEFAULT_DIALOG_WIDTH number| DEFAULT_DIALOG_HEIGHT number| POPUPDIALOG_COUNT number| FIXED_WIDTH_SPACING number| FIXED_HEIGHT_SPACING number| MAX_HEIGHT number| MAX_WIDTH number| MIN_HEIGHT_WITH_FOOTER number| MIN_HEIGHT_WITHOUT_FOOTER number| MIN_WIDTH_WITH_FOOTER number| MIN_WIDTH_WITHOUT_FOOTER number| GENERAL_PADDING_BOTTOM_SPACING number| HEIGHT_OF_FOOTER object| ALERT_BUTTONS object| INFO_BUTTON_LABLES object| CONFIRM_1_BUTTONS object| CONFIRM_2_BUTTONS string| __GPVersion function| initOverlay function| closeAllTooltip function| initButton function| getButtonsHtml function| getButtonDivHtml function| createButtons function| initializeCommonComponents function| createCommonDialogSlider function| initializeCommonComponentsOverlayFooter function| measureSize function| resize function| call_ajax_for_commonOverlay function| closeCommonOverlay function| closeOverlayNoDes function| cancelFormNormal function| createPrintAreaDiv function| widgetForExport function| validateformatSelectForExport function| signOffPopupWin function| signOffXsellOK string| COMMON_ERROR_TOOLTIP_POSITION string| COMMON_ERROR_TOOLTIP_POSITION_JBA string| COMMON_ERROR_TOOLTIP_FUNCTION_JBA object| errorToolTipErrorMessage object| errorToolTipFocusID boolean| CSValidationForFocus string| errorToolTipform function| validateFormForToolTipError function| generateCSValidation function| generateCSValidationForField function| validateFieldForToolTipDP4 function| errorTooltipHandlingForMSG function| validateFieldForToolTipDP4ForFun boolean| validateClientFirstError object| validateClientFirstField object| validateClientFirstErrorFunction object| validateClientFirstErrorPosition function| validateFieldForToolTip function| validateFormForToolTip function| repositionErrorTooltip function| confirmCancelHandler function| renderData function| blueButtonWidgetLoop function| whiteButtonWidgetLoop function| closePanel function| allOverlayClose function| showStaticContentInOverlay function| showDynamicContentInOverlay function| showDynamicContentInBigOverlay function| showAlertDialog function| showConfirmDialog function| setDynamicOverlayElements function| setOverlayHeaderElements function| setOverlayTitle function| setOverlaySubtitle function| setOverlayProgressIndicator function| setOverlayDisclaimerFooter function| setOverlayButtons function| setOverlayHeader function| realignTopMostOverlay function| commonCheckTimeOverlay function| addWarn function| doCancel function| hide_rates function| show_rates function| showStaticContentInMarketingOverlay function| showDynamicContentInMarketingOverlay undefined| req function| hideFlyout function| regAutoComplete function| accountMasking function| replaceWithMaskedCharacter function| assignToolTip function| showDynamicContentInPopupOverlay function| getJSONContent string| WARNING_MESSAGE_IN_Export_OVERLAY string| CARD_MASK_CHAR string| EMAIL_MASK_CHAR string| USERID_MASK_CHAR string| LAST_DISPLAY_LENGTH string| cardMaskChar string| emailMaskChar string| userIdMaskChar string| lastDisplaylength object| secgat object| reskin_selectbox object| imgNames object| re object| match number| selectedTab string| bgDivSelector function| initializeImages function| appendImages function| imageLoaded number| counter function| activateTabLinks object| landingNavBar function| initBanner function| slideBanner string| alphanum object| upperCase object| lowerCase object| acctPattern number| acctMinLength number| acctMaxLength object| unamePattern object| unamePattern1 object| unamePattern2 number| unameMinLength number| unameMaxLength string| polishchars string| specialchars object| pwdPattern0 object| pwdPattern1 object| pwdPattern2 number| pwdMinLength number| pwdMaxLength boolean| clientSidePwdValidation object| pwdCriteria boolean| emailRequired object| emailPattern number| minSecretLength number| maxSecretLength object| cvv2Pattern number| cvv2MinLength number| cvv2MaxLength number| creditLimitMinAmt number| creditLimitMaxAmt number| expDateMinLength number| expDateMaxLength number| dobMinLength number| dobMaxLength object| dobPattern number| postalCodeMinLength number| postalCodeMaxLength number| homeNoMinLength number| homeNoMaxLength number| officeNoMinLength number| officeNoMaxLength number| billToOptMinLength number| billToOptMaxLength number| paymentOptMinLength number| paymentOptMaxLength number| mmnMinLength number| mmnMaxLength number| CURRENCY_MAX_LENGTH number| NUM_OF_SEQ_CHARS string| CONFIRM_ANSWER_LABEL_LAYER string| CONFIRM_ANSWER_LAYER undefined| tempCA undefined| tempCCA boolean| confirmCAshown string| goodQIDs boolean| validateCAOnErrScreen string| normalizationCharSet object| cvv2Errors object| creditLimitErrors object| dateOfBirthErrors object| expiredateErrors object| homePhoneNoErrors object| primesecIndErrors object| acctNumberErrors object| nationalIDErrors object| residentCardErrors object| cfiErrors object| passportErrors object| dninifErrors object| icNumberErrors object| memberSinceErrors object| mobilePhoneNumberErrors object| cardNumberErrors boolean| signonError boolean| displaySignonError boolean| allownextpopup boolean| pwdCaseSensitive object| toolTipErrorMsg function| captchaValidation function| cinValidation function| pinValidation function| cvv2Validation function| creditLimitValidation function| accountNumberValidation function| usernameRegValidation function| usernameRegValidationInline function| checkCurrentPwd function| checkPwd function| checkCurrentPwdInline function| checkPwdInline function| checkPin function| passwordRegValidation function| passwordRegValidationInline function| currentPasswordValidation function| currentPasswordValidationInline function| validateEmail function| pwdMetCriteria function| resetPwdCriteria function| checkPwdOnline function| checkCfmPwdOnline object| chr function| alphaNumericToAscii function| validSequence function| isSimilar function| removeNCS function| checkAgreement function| setOption function| selectedDropDown function| updateLPCount number| ruleType_atLeast number| ruleType_cannotContain object| cinPattern number| cinMinLength number| cinMaxLength object| pinPattern number| pinMinLength number| pinMaxLength string| logonIDTypeName undefined| logonIDTypeParams undefined| lgonIDTypePreselected boolean| vkbSupported boolean| pinPadSupported undefined| currentForm undefined| currentSignonUI undefined| currentLogonIDType string| RANGE boolean| clearFormOnError object| alphaPattern object| alphaNumPattern object| numPattern object| expDatePattern number| ALPHA_TYPE number| ALPHANUMERIC_TYPE number| NUMERIC_TYPE number| DATE_TYPE string| FERR string| EERR string| LERR string| LRERR string| ZERR number| MMDDYYYY number| DDMMYYYY number| YYYYMMDD undefined| addlCharsAllowed string| whitespace boolean| mtSupported function| displayNickname function| accessLayer function| getLogonIDType function| initVars function| preselectItem function| onSelectLogonID function| clearForm function| selectRegForm function| clearRegForm function| closeKeyPad function| isAdditionalItemValid function| validateExpDate function| validateAlpha function| validateAlphaNumeric function| validateNumeric function| getDatePattern function| getDatePattern2 function| isValidDate function| getTimeZone function| getResolution function| getColorDepth function| populateClientData function| setPwdKeyOptions boolean| sentForm string| otpRequired function| signOnUnamePwd function| signOnUname function| signOnPwd function| signOnCap function| clearSignonScreen function| pwdValidation function| pwdValidationInline function| passwordValidation function| usernameValidation object| jso_common_tooltip_validation function| jso_common_tooltip_validation_do_check object| jso_common_dialog number| MMYY boolean| validate boolean| validatePwdLength string| signonOTPFlag boolean| captchaSupported boolean| ajaxSupported string| gpPlsMyCitiUsrId string| gpPlsMyCitiPass string| gpPlsMyCitiCap string| gpDashOnCookiedScreen string| gpErrorOnUserIDSelect string| gpEnterOTP string| lkCrossCancelOTPSTCLink string| gpMyCitiCond string| gpMyCitiPassCond string| pwdFormat string| usernameSameAsPwd string| rebandingLogo string| rebandingSubFooter string| showPositionSupported string| bizId function| submitAddProfile function| submitRemoveProfile object| unamePwd function| showPosition function| showRebandingOverlay function| createButtonStyleBlue function| jsoCallAjax function| JSOOnload boolean| callJSOOnload string| SYNC_TOKEN_VALUE undefined| localInputConfig string| url string| host1 number| value1 number| value2 string| splChars object| IGLOO string| fp_last_error function| fpGetBlackbox function| captureClick function| submitOriginalForm function| _io_ds_cb object| fedUtils function| OvrlDialog string| s_account string| locationName string| reportSuites object| s function| s_doPlugins string| s_code string| s_objectID function| s_gi function| s_giqf string| omtr_omnitureRSID string| omtr_internalDomain string| omtr_countryID string| omtr_siteID string| omtr_externalcampaignID string| omtr_internalcampaignID string| omtr_charSet string| omtr_timezone string| omtr_currency string| omtr_listofForms string| omtr_pagePrefix string| s_an function| s_sp function| s_jn function| s_rep function| s_d function| s_fe function| s_fa function| s_ft object| s_c_il number| s_c_in number| s_giq number| li string| s_prop_26 number| d object| eo number| y object| s_i_citi string| dflag function| checkDisclaimer string| dIBAQ31Z0H7F3id6Pw string| kEgdHDpk9V1PHTUqJT string| dbJfulNiczv1pvUuIcO3 string| $arrow boolean| pageLoaded7 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .ref273.com/ | Name: s_sq Value: %5B%5BB%5D%5D |
|
| .ref273.com/ | Name: s_pers_c6 Value: 3 |
|
| .ref273.com/ | Name: s_vnum Value: 1612134000707%26vn%3D1 |
|
| .ref273.com/ | Name: s_gpv_pageName Value: GBIPB%7CRAU%7CFirst%20Signon%20page%20-UK |
|
| .ref273.com/ | Name: s_invisit Value: true |
|
| .ref273.com/ | Name: s_nr Value: 1610592605707-New |
|
| .ref273.com/ | Name: s_cc Value: true |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| Strict-Transport-Security | max-age=31536000; includeSubDomains; preload; |
| X-Content-Type-Options | nosniff |
| X-Frame-Options | SAMEORIGIN |
| X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bottle.citi.eu
citiintl.122.2o7.net
online.citi.eu
rail.citi.eu
ref273.com
bottle.citi.eu
online.citi.eu
rail.citi.eu
15.237.136.106
162.0.215.181
0331533d2cde017aabd7691da642d7da3cd1a6e8499b70490853959ad5089eda
072d8c18e0af6eb22d5db3bde45307803ebdc914e78882097d038c2665697064
123bcff87eb7edf25e86c62b3fc6fe01dc8a975a8a682d9c6b3b20d44b92e2c4
1835424aa4f587c49a59783cbdbd1efa2b2f37fba03ea0a3d8ca39eba4a945c9
1993469c156e4aead5500e10138c64b8fb80a2f0dc518c0ec695de000b3afaa8
1f60adcbd800b121f491da88de3e7eae2396a9972dc3a202a39b228e589cceff
39ed073173d95007a43a7edc5a54cf8258043710eb4a056bc75614e7db948344
40ce617e1f300c54f1bec9ab6e3ce62fdecb03278cc2b2553a6e415815e10077
44e55bad08b1559355a348e3e66a241509be500b744e5d7e3f24771e0f578e9f
47d95d24a6f00e20b8d282b25c315740c9c65d4237ce8350910f9819f11c725c
49226987ed8d7f5164e3abd400fda130f16eee2bf062e6f066b09666371785a9
4b4f9130b5d896bdbce70656e95c084944b490eda5ecdcf6a3e3b9eb8ea2ae07
4ea372efc4377ef1d20e89830c7003e24b476e922a8c127b0ded1e7d3aff6aa8
51f73a22d7c06f9f9b2c5447c27c349a8f16b14fa92a8ea2ea3d24339859ef62
527b61fb762503e755c4acc87835804b58a85065fb8919f24a63ce139e4624aa
59fe6fbf1079f90b4e2b200186ad98d62b65142a731643532a5a24909f0372f4
603f472569376ecfb224d82457ca01e695144d7c0bb3e980e9d14a5397b9fa7f
6cbba95e90af35fc7dad61120aeb1b3b596af7f2e125b81deb1bca2beb83a656
6d04320230445421647685259bb6282e5fe8585c79f60c3cb047e2f705145b6c
7a6d5ee97d487b8ed010d9651675ae067a49fad4b16fd48126578ca991d46adb
7d0af12f4eb03ab37ef19f8d113066ac507de2feb095c9aee62a7022e701a4d5
7e7bc5897fbffb2640c5c84c46543b8451ac4eb38ac42c815d9a904ecf65c14b
7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6
907ef880fd24f6f27f2899bef442b6d27d68b7be3bb263a33738bf52a41107e2
93b9462e2ea2695464160c8b39d6f860be28eeb401758a07686d0e4fca66d55a
9d1449cd7ccdeee47a9bea6cf8a565e1a4b3a4134e687e1171a05f61b7bab100
9dad502247a8488c21ef5beb32aed1a78b17b748711bec817c472911f76b4ead
9fd8af43391204e86dbb0b006390a0424902e1e2e58e524e862a545ac8e6a86d
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a362c9352fbdb34625bd44423e947da956b98bb8b5be68421c9105c8557e1221
b7c81fca7c283cc54915d1f9486d31be31396d182fef700bc10ad530f7be8bd0
ba85e4b031ee10ed30e4d006fbf78bce336a00dcd048788e4a0cdffdc410813a
ba870a33b27ffd95354f465bbe0864b628885811eec464ab9f05db9e9577c8bb
bba9a4ace59f862a9c48549c6cce2f9aca20afa9da2245a54da13313d01e92ac
be35ee40b6310dbcc75a9df4eae76f6c20ab3da61e8ed97c13b56fc4411dc7d2
c026f06e27fa864fabab1cf16d99e53af44832a4fd13020e7eab3a362d118af5
ce3b0db6e46fe65d16ba6859086a8e65eb26a8f3db6ca67989a899472fc9855e
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
dda34b9d8c79c196cf30b9bbbd21c5246d68cdf4275b67fbbf2b86f2e8cb27e9
e7e2072bba9c55af8da06e0205da3c83d79f14999215b35ecbe374661bbce0a9
eee7de2e87efae7a4a10d8242d503c326b7f0cc80b48187ec5fa0806b0936d67
f411547705758da8b591c255aec98b6c8119fdf6d62aec5b3a5a0534da1162dc
f6df3f6c0105e184b6471620be42c2de6cc0ff2650f5fb041d153ce71fd251ac
fa6ab1707c10bef9b88e40f1393c30ff825b712e9ab7894aa6436f3a6bca15f8