citisecure.co Open in urlscan Pro
2a06:98c1:3120::3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://citisecure.co/
Effective URL:
https://citisecure.co/SHNHTJMF519CRVYIBD8E3EQHEI/login
Submission: On July 14 via api (July 14th 2022, 11:55:38 am UTC) from GB — Scanned from NL

Summary HTTP 21 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 21 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is citisecure.co.
TLS certificate: Issued by E1 on July 11th 2022. Valid for: 3 months.

This is the only time citisecure.co was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Citibank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 19	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:3b	20446 (STACKPATH...) (STACKPATH-CDN)
1	76.76.21.93 76.76.21.93	16509 (AMAZON-02) (AMAZON-02)
1	104.92.75.138 104.92.75.138	16625 (AKAMAI-AS) (AKAMAI-AS)
21	4

19 2a06:98c1:3120::3 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

citisecure.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:3b (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 76.76.21.93 (United States)

ASN16509 (AMAZON-02, US)

geoip-lite.vercel.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.92.75.138 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-92-75-138.deploy.static.akamaitechnologies.com

online.citi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	citisecure.co 1 redirects citisecure.co	420 KB
1	citi.com online.citi.com — Cisco Umbrella Rank: 19995	106 KB
1	vercel.app geoip-lite.vercel.app	520 B
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 695	30 KB
21	4

	Domain	Requested by
19	citisecure.co	1 redirects code.jquery.com citisecure.co
1	online.citi.com	citisecure.co
1	geoip-lite.vercel.app	code.jquery.com
1	code.jquery.com	citisecure.co
21	4

This site contains links to these domains. Also see Links.

Domain
online.citi.com

Subject Issuer	Validity	Valid
*.citisecure.co E1	`2022-07-11` - `2022-10-09`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
*.vercel.app R3	`2022-07-12` - `2022-10-10`	3 months	crt.sh
online.citibank.com DigiCert SHA2 Extended Validation Server CA	`2022-05-03` - `2023-05-16`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://citisecure.co/SHNHTJMF519CRVYIBD8E3EQHEI/login
Frame ID: 097D98D7C68D43BDF492F9A49F0304C5
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign On

Page URL History Show full URLs

http://citisecure.co/ HTTP 301
https://citisecure.co/ Page URL
https://citisecure.co/SHNHTJMF519CRVYIBD8E3EQHEI/login Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

21
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

556 kB
Transfer

2824 kB
Size

3
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://online.citi.com/US/ag/supportedbrowsers/index
Title: here

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://citisecure.co/ HTTP 301
https://citisecure.co/ Page URL
https://citisecure.co/SHNHTJMF519CRVYIBD8E3EQHEI/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://citisecure.co/ HTTP 301
https://citisecure.co/

21 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/ Show response
citisecure.co/
Redirect Chain

http://citisecure.co/
https://citisecure.co/

777 B
1 KB

135ms
85ms

Document
text/html

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://citisecure.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 1db826af0c89670ad98c8d15c75ba7e3190fb0048d95160065d629683550ae91

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 72aa11f0b98a5caa-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Thu, 14 Jul 2022 11:55:33 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MW8AhqNVQC%2B6RwwOrt9vDsIoADxZCLDgL6b8t3vpvh8FwLot6S%2FgkWwSWplrTQ%2BtZEYXH%2BdSu8kQSZdSd4UJ6uWeObCC%2Fc6ryCw1Weu8NjZJdd7nsJXzZHUN0T4bVfu9tnMELCXgxBO%2FyvoY"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-powered-by: Express

Redirect headers

CF-RAY: 72aa11f03f838fc5-FRA
Cache-Control: max-age=3600
Connection: keep-alive
Date: Thu, 14 Jul 2022 11:55:33 GMT
Expires: Thu, 14 Jul 2022 12:55:33 GMT
Location: https://citisecure.co/
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nk0u0rLgtPACO3WA%2FHO79l%2Bf0HSrwexxxvY8kp7GyKdhSToeXz%2BB%2FZPQDJxI47xhBFOf2ixr%2F41BPMPJ%2BmCWlaE90AiUyZ%2B6hV70lHJFo2tLDuAi%2B327ST9eJqRBGT6QPAPCzYmh2jObRZCN"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
30 KB 61ms
17ms Script
application/javascript 2001:4de0:ac18::1:a:3b
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: citisecure.co
URL: https://citisecure.co/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:3b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Referer: https://citisecure.co/
Origin: https://citisecure.co
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Thu, 14 Jul 2022 11:55:34 GMT
content-encoding: gzip
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
etag: W/"28feccc0-15d9d"
vary: Accept-Encoding
x-hw: 1657799734.dop005.am5.t,1657799734.cds316.am5.hn,1657799734.cds210.am5.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30875

GET
H2 200 / Show response
geoip-lite.vercel.app/ 173 B
520 B 328ms
273ms XHR
application/json 76.76.21.93
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://geoip-lite.vercel.app/

Requested by

Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.6.0.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

76.76.21.93 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Vercel /

Resource Hash

0b11b7364bd342a28f3cba9f13af179508a714850d810198be7c6b7d660d5a00

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept: */*
Referer: https://citisecure.co/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Thu, 14 Jul 2022 11:55:34 GMT
server: Vercel
age: 0
x-vercel-id: fra1::sfo1::9gv2b-1657799734113-e030fb4d810e
x-vercel-cache: MISS
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
access-control-allow-headers: Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With
content-length: 173

GET
H2 200 SHNHTJMF519CRVYIBD8E3EQHEI.html
citisecure.co/ 80 B
528 B 67ms
67ms XHR
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://citisecure.co/SHNHTJMF519CRVYIBD8E3EQHEI.html?ip=95.211.95.246&loc=NL&city=&reg=
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.6.0.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Referer: https://citisecure.co/
X-Requested-With: XMLHttpRequest
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Thu, 14 Jul 2022 11:55:34 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2wxc35HeLjgfD7ZyZF4Cu1EAbviXPJW0zReU1vWZEoUB5ppu9k%2B86TShVD0oiDfvg9trjyYFJ0bx1LQ9y3364xOaXGiLE3QLIa2Hla%2FDvWPtGxz4z6mC61yAuL181BLDV5%2Fqbwe4rEUAuwuE"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
cf-ray: 72aa11f49fce5caa-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 Primary Request login Show response
citisecure.co/SHNHTJMF519CRVYIBD8E3EQHEI/ 338 KB
47 KB 149ms
149ms Document
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://citisecure.co/SHNHTJMF519CRVYIBD8E3EQHEI/login
Requested by: Host: citisecure.co
URL: https://citisecure.co/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 0797751b389cf4865fc0dc20b234f78fe7c783cea52141c835e3a8f1803aa3a7

Request headers

Referer: https://citisecure.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 72aa11f4f8775b68-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Thu, 14 Jul 2022 11:55:34 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R1H0sH4OG%2BtnrsG7Qj2s9oilULCfWRWNmwRDQK5p%2B6wwWid0104g5%2F4WgLAAF7wjM314ONqhpOfeyccirnhk4FmNmuId52zLvuuqM7I69j%2BRg8FVpbnn7VngTDgE53f%2B%2Bv1uUru4inYxbnrD"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-powered-by: Express

GET
H3 200 styles.3eadecd0fb91b7b52ecc.css
citisecure.co/cbol-pre-login-static-assets/ 2 MB
176 KB 148ms
147ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://citisecure.co/cbol-pre-login-static-assets/styles.3eadecd0fb91b7b52ecc.css
Requested by: Host: citisecure.co
URL: https://citisecure.co/SHNHTJMF519CRVYIBD8E3EQHEI/login
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 1bbf3ec4625ce1e3def1d9cc45b32a9dfbfb40ce0a1c5a6f72f445e2415de502

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://citisecure.co/SHNHTJMF519CRVYIBD8E3EQHEI/login
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Thu, 14 Jul 2022 11:55:34 GMT
content-encoding: br
etag: W/"1ff262-181e9f85ce8"
cf-cache-status: MISS
last-modified: Sun, 10 Jul 2022 21:16:17 GMT
server: cloudflare
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GBcDLPENpE7W17EIWUabB%2Baah4%2BSkv5mFyr38FSXFtT2pDmaiQFm66lCMM%2BEviH8wIl1QwtC%2F6uq4cchQ402YwGt%2FD2D0tkjQelFGikvO6IEx%2BssnhPm%2FH4kWoTjKvn9ay6zri%2B9JQWS2EJP"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
cache-control: public, max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 72aa11f5f94c5b68-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 citilogoredesign.png
citisecure.co/CBOL/IA/Angular/assets/ 2 KB
2 KB 98ms
97ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citisecure.co/CBOL/IA/Angular/assets/citilogoredesign.png
Requested by: Host: citisecure.co
URL: https://citisecure.co/SHNHTJMF519CRVYIBD8E3EQHEI/login
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://citisecure.co/SHNHTJMF519CRVYIBD8E3EQHEI/login
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Thu, 14 Jul 2022 11:55:34 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1799
last-modified: Sun, 10 Jul 2022 21:17:54 GMT
server: cloudflare
etag: W/"707-181e9f9d7d0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4m0SlKZKXGm2mr0hWAbwGXI91tONI2q9Vdt8HhNJ43YcCmZHW8IeaRQdQcDa%2BGUZcv8B%2FuUjVqx6PPLYieWylQnna0PtV5mUr0zSSPWoU%2FZGE1uomwZl91av5jJt0GYiS%2B732NvkU4zUxZzo"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 72aa11f6398b5b68-FRA

GET
H3 200 050-location2x.svg
citisecure.co/CBOL/IA/Angular/assets/ 2 KB
1 KB 118ms
117ms Image
image/svg+xml 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citisecure.co/CBOL/IA/Angular/assets/050-location2x.svg
Requested by: Host: citisecure.co
URL: https://citisecure.co/SHNHTJMF519CRVYIBD8E3EQHEI/login
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://citisecure.co/SHNHTJMF519CRVYIBD8E3EQHEI/login
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Thu, 14 Jul 2022 11:55:34 GMT
content-encoding: br
etag: W/"6d8-181ea0512d0"
cf-cache-status: MISS
last-modified: Sun, 10 Jul 2022 21:30:10 GMT
server: cloudflare
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=34%2FB4cmBzTJj43%2BTkS0l6UkeLG4jo%2B0mvtXr2Qk91CPsMJyfF3Ra%2BakqM7tCm7bluWlj%2BqYaQEfTkR7%2Bm85AeBhhB0AT3FZ6ipsog2p42jzrcWhP%2FP8NHGmkvdMdyPhUKJ1aGL3AJW7dk0wM"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 72aa11f6398c5b68-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 icon_globe_med-grey2x.svg
citisecure.co/CBOL/IA/Angular/assets/ 3 KB
2 KB 87ms
87ms Image
image/svg+xml 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citisecure.co/CBOL/IA/Angular/assets/icon_globe_med-grey2x.svg
Requested by: Host: citisecure.co
URL: https://citisecure.co/SHNHTJMF519CRVYIBD8E3EQHEI/login
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://citisecure.co/SHNHTJMF519CRVYIBD8E3EQHEI/login
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Thu, 14 Jul 2022 11:55:34 GMT
content-encoding: br
etag: W/"dc3-181ea0541b0"
cf-cache-status: MISS
last-modified: Sun, 10 Jul 2022 21:30:22 GMT
server: cloudflare
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fhZcMEVIc%2FJkzajaLbcjrfZ2Csi21936qJbmws7UglY0uxFpcePSwiKo5q24oF6PWrQ%2FrCtFRa5ONCMEixhXE4J1uSrvVVY1b0yCtQEx8ygrZz5HhB%2BqY4%2BvB5KmdJ2oGibNL0SVsu8Uwi%2BY"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 72aa11f6398d5b68-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 IE_warning.png
citisecure.co/CBOL/IA/Angular/assets/ 9 KB
10 KB 100ms
100ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citisecure.co/CBOL/IA/Angular/assets/IE_warning.png
Requested by: Host: citisecure.co
URL: https://citisecure.co/SHNHTJMF519CRVYIBD8E3EQHEI/login
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 56a8588a55f9dfb0f9a2b30f06551d02e1ee21bff94b7166e881aab313b226cb

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://citisecure.co/SHNHTJMF519CRVYIBD8E3EQHEI/login
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Thu, 14 Jul 2022 11:55:34 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 9575
last-modified: Sun, 10 Jul 2022 21:30:32 GMT
server: cloudflare
etag: W/"2567-181ea0568c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oFn7EsB6yZPTuyOikjMU7U9pGpVuo3pxvf9kG37CqH5cBmWxgHETrMvtofAdfCgyR0vbssEMRv6rEDMY%2FBJg5wyRrU%2BCGMCHBAe1VbdBs09Y1HoUXXAnppv2eC1YhqpM9O1N4D%2FX5nMbtrHn"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 72aa11f6499c5b68-FRA

GET
H3 200 EqualHousing.png
citisecure.co/CBOL/IA/Angular/assets/ 2 KB
2 KB 92ms
92ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://citisecure.co/CBOL/IA/Angular/assets/EqualHousing.png
Requested by: Host: citisecure.co
URL: https://citisecure.co/SHNHTJMF519CRVYIBD8E3EQHEI/login
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: f23485e8b9c368f28f18a0bb110573df79c00ac3a2ca71d68017db100207639d

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://citisecure.co/SHNHTJMF519CRVYIBD8E3EQHEI/login
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Thu, 14 Jul 2022 11:55:34 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1606
last-modified: Sun, 10 Jul 2022 21:21:20 GMT
server: cloudflare
etag: W/"646-181e9fcfc80"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VQE2b8HQcYIhzUSyKqfEm1C5yWN5SZT2LJzuSiSFOxLqh59rmV%2BnDu5mnzXYA8SdFDKhUHabgRc635%2Buq7FiDqul0M7dtNebCmieYzfYDef2jtDwj0AQvifdhcRBQMpjDTnu266sliPRLZtc"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 72aa11f6499e5b68-FRA

GET
H3 200 jquery.min.js Show response
citisecure.co/ 85 KB
31 KB 129ms
128ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://citisecure.co/jquery.min.js
Requested by: Host: citisecure.co
URL: https://citisecure.co/SHNHTJMF519CRVYIBD8E3EQHEI/login
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 4fe68fa216176e6d1f4580e924bafecc9f519984ecc06b1a840a08b0d88c95de

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://citisecure.co/SHNHTJMF519CRVYIBD8E3EQHEI/login
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Thu, 14 Jul 2022 11:55:34 GMT
content-encoding: br
etag: W/"15391-181c4415568"
cf-cache-status: MISS
last-modified: Sun, 03 Jul 2022 13:30:25 GMT
server: cloudflare
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=De8b0JVNdVskt97O%2BkMIYqy8p3m4rmmHl299isr3F4rQ%2BekDbnBbZaurJCeH0wZg8TAtB55Etzrd9wfyFjSibYUBtdV%2Byb39P9zmfjnV%2F6VCUGJ9FACR%2BEOuYmTa5ZDx%2FOzPJLxejKOdEM1e"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 72aa11f6499f5b68-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 LSO_4959.jpg
online.citi.com/nga-lite-signon/ 106 KB
106 KB 247ms
37ms Image
image/jpeg 104.92.75.138
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://online.citi.com/nga-lite-signon/LSO_4959.jpg

Requested by

Host: citisecure.co
URL: https://citisecure.co/SHNHTJMF519CRVYIBD8E3EQHEI/login

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.92.75.138 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-92-75-138.deploy.static.akamaitechnologies.com

Software

Resource Hash

dbdebfcc2ed9932006edcfc7f8190ca5c9a04ff737e990645712ccc33e5ce070

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net
Strict-Transport-Security	max-age=300
X-Content-Security-Policy	frame-ancestors https://.citi.com https://.citigroup.net https://*.nsroot.net

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://citisecure.co/
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Thu, 14 Jul 2022 11:55:35 GMT
last-modified: Mon, 25 Apr 2022 13:54:04 GMT
x-akamai-citisite: SWDC
strict-transport-security: max-age=300
p3p: policyref="/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV OUR NOR STP UNIo NAV STA PREi TAI"
content-length: 108233
content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
accept-ranges: bytes
content-type: image/jpeg
x-webkit-csp: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net
x-content-security-policy: frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net

GET
H3 404 Interstate-Light.woff
citisecure.co/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0 62ms
62ms Font
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://citisecure.co/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff

Requested by

Host: citisecure.co
URL: https://citisecure.co/cbol-pre-login-static-assets/styles.3eadecd0fb91b7b52ecc.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
X-Content-Type-Options	nosniff

Request headers

Referer: https://citisecure.co/cbol-pre-login-static-assets/styles.3eadecd0fb91b7b52ecc.css
Origin: https://citisecure.co
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Thu, 14 Jul 2022 11:55:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ju15gQD8goXjWlRQYCrofS%2FkbSMuMTBRbK%2B4baaUm6NO7huln3voh2xFRdjNpeoz8chwjz38E4icQ6qRz3WJB8BAmJR885fAOtSjxd46TMiGhz00r%2FTl7TJjHbmNgmXQPnisfkhd7yWp0ceH"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
cache-control: max-age=14400
content-security-policy: default-src 'none'
cf-ray: 72aa11f7cb115b68-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 404 Interstate-Bold.woff
citisecure.co/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0 61ms
61ms Font
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://citisecure.co/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff

Requested by

Host: citisecure.co
URL: https://citisecure.co/cbol-pre-login-static-assets/styles.3eadecd0fb91b7b52ecc.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
X-Content-Type-Options	nosniff

Request headers

Referer: https://citisecure.co/cbol-pre-login-static-assets/styles.3eadecd0fb91b7b52ecc.css
Origin: https://citisecure.co
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Thu, 14 Jul 2022 11:55:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uHNRkJ8mfAgbZ04oMhgaBOrvQXPRRsVVGWsXmFWDAj469xQZT9Qjf1%2Bva%2B%2FPjCyhYDXjaSOdLGJb2LvaDLXDdCGUdB128cIeZI7Uc9N1u395IVT5UW2yAucGzgfWJWOAtbFQWYLUwZPHug2z"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
cache-control: max-age=14400
content-security-policy: default-src 'none'
cf-ray: 72aa11f7cb145b68-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 client Show response
citisecure.co/ 17 B
578 B 59ms
59ms XHR
application/json 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://citisecure.co/client?_=1657799735013
Requested by: Host: citisecure.co
URL: https://citisecure.co/jquery.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 06e5f7e2d702e0110271dd33c198e1f312a785bcf41ca4fbed2fa6d67722dc03

Request headers

Accept: */*
Referer: https://citisecure.co/SHNHTJMF519CRVYIBD8E3EQHEI/login
X-Requested-With: XMLHttpRequest
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Thu, 14 Jul 2022 11:55:35 GMT
etag: W/"11-UIVUdQWNarX1D9mk06okyEMbpS8"
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ASX8XvYyuQoj%2FfpjvLQLQeV62LJruzh8WzZMZRsrgwSIEP0Y0a7oiMjz3JmdXIlrl9EHtqyL%2F8hhUIEKH6BF0UuHi8sbzCuUHqZU9LW%2F0s0k2HMf7EY3qorwnZVPXR85jfNwvtNtouTtE22d"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
cf-ray: 72aa11f81b6e5b68-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 17

GET
H3 404 Interstate-Bold.ttf
citisecure.co/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0 68ms
67ms Font
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://citisecure.co/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf

Requested by

Host: citisecure.co
URL: https://citisecure.co/cbol-pre-login-static-assets/styles.3eadecd0fb91b7b52ecc.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
X-Content-Type-Options	nosniff

Request headers

Referer: https://citisecure.co/cbol-pre-login-static-assets/styles.3eadecd0fb91b7b52ecc.css
Origin: https://citisecure.co
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Thu, 14 Jul 2022 11:55:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L%2FJjwpyYMu1HgG5oA5fMPy26uRir3zAkm061rF9KRI17rsfA7LzFwmP4olunmX6lGJ6pPRKNFA42%2B5K51idbzcER9FOjrge9UTTvfFnGRN9RYoUYXVSZ020Jk8hQtGF5BUVmqFNmhQ64h28Q"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
cache-control: max-age=14400
content-security-policy: default-src 'none'
cf-ray: 72aa11f82b7b5b68-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 404 Interstate-Light.ttf
citisecure.co/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ 0
0 68ms
67ms Font
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://citisecure.co/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf

Requested by

Host: citisecure.co
URL: https://citisecure.co/cbol-pre-login-static-assets/styles.3eadecd0fb91b7b52ecc.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
X-Content-Type-Options	nosniff

Request headers

Referer: https://citisecure.co/cbol-pre-login-static-assets/styles.3eadecd0fb91b7b52ecc.css
Origin: https://citisecure.co
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Thu, 14 Jul 2022 11:55:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t6EInOvjU82knLEGd5WTf1qSLULEKskwawKz9kwyC8uswx2LXbkASdlluD8bDU8%2BRpjDqpMfjg%2FJ47391GoRZ723IumBmVE9AZC2%2BA0rqCbQkZ1rQ3MwOhiUdPHFNGvDiL5u36Pmb40hJJY8"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
cache-control: max-age=14400
content-security-policy: default-src 'none'
cf-ray: 72aa11f82b7c5b68-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 Interstate-Light.woff
citisecure.co/cbol-pre-login-static-assets/cds-assets/fonts/interstate/ 74 KB
74 KB 84ms
84ms Font
font/woff 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://citisecure.co/cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Light.woff
Requested by: Host: citisecure.co
URL: https://citisecure.co/cbol-pre-login-static-assets/styles.3eadecd0fb91b7b52ecc.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296

Request headers

Referer: https://citisecure.co/cbol-pre-login-static-assets/styles.3eadecd0fb91b7b52ecc.css
Origin: https://citisecure.co
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Thu, 14 Jul 2022 11:55:35 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 75538
last-modified: Sun, 10 Jul 2022 21:26:58 GMT
server: cloudflare
etag: W/"12712-181ea0224d0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sxivx4YqoDd2vMcrRj%2FFMLWl1NyKZ1K0OwFmuxxEc%2FQR5m31xQYz7P4VsGktrwroLxFU8OXBeyweI5Dfja6z57RvfL29MRp6%2BFW4HrLC3vKKehvIGWcgV4%2B19ib2PwjIN8RLcInQAgsJgTvP"}],"group":"cf-nel","max_age":604800}
content-type: font/woff
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 72aa11f89c025b68-FRA

GET
H3 200 Interstate-Bold.woff
citisecure.co/cbol-pre-login-static-assets/cds-assets/fonts/interstate/ 70 KB
71 KB 81ms
81ms Font
font/woff 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://citisecure.co/cbol-pre-login-static-assets/cds-assets/fonts/interstate/Interstate-Bold.woff
Requested by: Host: citisecure.co
URL: https://citisecure.co/cbol-pre-login-static-assets/styles.3eadecd0fb91b7b52ecc.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7

Request headers

Referer: https://citisecure.co/cbol-pre-login-static-assets/styles.3eadecd0fb91b7b52ecc.css
Origin: https://citisecure.co
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Thu, 14 Jul 2022 11:55:35 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by: Express
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 71874
last-modified: Sun, 10 Jul 2022 21:27:44 GMT
server: cloudflare
etag: W/"118c2-181ea02d880"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=txAZwde2yDasEkqEk8vEAXEJ4yXwX0dzO%2FnOvXK3MZWmpkGwvt9AuSKYpT8UUepd%2BaGcH2amveJ9j3nvnziG%2B%2F8eIxWY0il%2FB0SVR5t9m4iNNdlCmQPDlqJVef2cpYvX%2BsOkVXGk9YsUIGhp"}],"group":"cf-nel","max_age":604800}
content-type: font/woff
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 72aa11f89c045b68-FRA

GET
H3 200 client Show response
citisecure.co/ 17 B
579 B 57ms
57ms XHR
application/json 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://citisecure.co/client?_=1657799735014
Requested by: Host: citisecure.co
URL: https://citisecure.co/jquery.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 06e5f7e2d702e0110271dd33c198e1f312a785bcf41ca4fbed2fa6d67722dc03

Request headers

Accept: */*
Referer: https://citisecure.co/SHNHTJMF519CRVYIBD8E3EQHEI/login
X-Requested-With: XMLHttpRequest
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Linux; Android 11) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.185 Mobile Safari/537.36

Response headers

date: Thu, 14 Jul 2022 11:55:37 GMT
etag: W/"11-UIVUdQWNarX1D9mk06okyEMbpS8"
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4UbApWEo18VAUvD8vCSsjHF1F8XfNz4ot7QaCaCWkfcIQKcdOcDzB7OCxwxnYZ1gTtuIrviMVCsH330U48TBOqdJLm%2B2L42A4IM9yU28OM%2BbW7CrlmnPlD56OvFCwr%2Bw6Ph%2FaC4Ern84EgBl"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
cf-ray: 72aa1204afe25b68-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 17

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citibank (Banking)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
citisecure.co/	1970-01-20 04:45:00	Name: csrf-token Value: IEHQE3E8DBIYVRC915FMJTHNHS
citisecure.co/	1970-01-20 04:45:00	Name: visitor Value: 62d00436e61753d433981809
citisecure.co/	1970-01-20 04:45:00	Name: chave Value: VI208NAH4DMWT

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://citisecure.co/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://citisecure.co/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://citisecure.co/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Bold.ttf Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://citisecure.co/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.ttf Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

citisecure.co
code.jquery.com
geoip-lite.vercel.app
online.citi.com
104.92.75.138
2001:4de0:ac18::1:a:3b
2a06:98c1:3120::3
76.76.21.93
06e5f7e2d702e0110271dd33c198e1f312a785bcf41ca4fbed2fa6d67722dc03
0797751b389cf4865fc0dc20b234f78fe7c783cea52141c835e3a8f1803aa3a7
0b11b7364bd342a28f3cba9f13af179508a714850d810198be7c6b7d660d5a00
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed
1bbf3ec4625ce1e3def1d9cc45b32a9dfbfb40ce0a1c5a6f72f445e2415de502
1db826af0c89670ad98c8d15c75ba7e3190fb0048d95160065d629683550ae91
4fe68fa216176e6d1f4580e924bafecc9f519984ecc06b1a840a08b0d88c95de
56a8588a55f9dfb0f9a2b30f06551d02e1ee21bff94b7166e881aab313b226cb
6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b
a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f
dbdebfcc2ed9932006edcfc7f8190ca5c9a04ff737e990645712ccc33e5ce070
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7
f23485e8b9c368f28f18a0bb110573df79c00ac3a2ca71d68017db100207639d
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

citisecure.co Open in urlscan Pro 2a06:98c1:3120::3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

21 Requests

100 %HTTPS

50 %IPv6

4 Domains

4 Subdomains

4 IPs

3 Countries

556 kBTransfer

2824 kBSize

3 Cookies

1 Outgoing links

Page URL History

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

3 Cookies

4 Console Messages

Indicators

citisecure.co Open in urlscan Pro
2a06:98c1:3120::3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

556 kB
Transfer

2824 kB
Size

3
Cookies

21 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!