citibnkr1.s3.amazonaws.com
Open in
urlscan Pro
52.216.142.12
Malicious Activity!
Public Scan
Submission: On November 23 via manual from IE — Scanned from DE
Summary
TLS certificate: Issued by DigiCert Baltimore CA-2 G2 on January 11th 2021. Valid for: a year.
This is the only time citibnkr1.s3.amazonaws.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Citibank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 52.216.142.12 52.216.142.12 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2a00:1450:400... 2a00:1450:4001:812::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 54.91.59.199 54.91.59.199 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 | 192.0.78.148 192.0.78.148 | 2635 (AUTOMATTIC) (AUTOMATTIC) | |
5 | 5 |
ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com
citibnkr1.s3.amazonaws.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-54-91-59-199.compute-1.amazonaws.com
api.ipify.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
ipify.org
api.ipify.org |
530 B |
1 |
icones.pro
icones.pro |
18 KB |
1 |
googleapis.com
ajax.googleapis.com |
30 KB |
1 |
amazonaws.com
citibnkr1.s3.amazonaws.com |
8 MB |
5 | 4 |
Domain | Requested by | |
---|---|---|
2 | api.ipify.org |
ajax.googleapis.com
|
1 | icones.pro |
citibnkr1.s3.amazonaws.com
|
1 | ajax.googleapis.com |
citibnkr1.s3.amazonaws.com
|
1 | citibnkr1.s3.amazonaws.com | |
5 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.citi.com |
online.citi.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.s3.amazonaws.com DigiCert Baltimore CA-2 G2 |
2021-01-11 - 2022-02-11 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2021-11-01 - 2022-01-24 |
3 months | crt.sh |
*.ipify.org Sectigo RSA Domain Validation Secure Server CA |
2021-01-19 - 2022-02-19 |
a year | crt.sh |
tls.automattic.com R3 |
2021-11-14 - 2022-02-12 |
3 months | crt.sh |
This page contains 10 frames:
Primary Page:
https://citibnkr1.s3.amazonaws.com/index.html
Frame ID: 9DADDBE02DC8F29182C56E40D8E95AC3
Requests: 15 HTTP requests in this frame
Frame:
data://truncated
Frame ID: B6F046C8F978B3AD9B1CDA1CD3ED798A
Requests: 1 HTTP requests in this frame
Frame:
data://truncated
Frame ID: 90F096C0301C55537788EFC95243DA26
Requests: 1 HTTP requests in this frame
Frame:
data://truncated
Frame ID: E9DF16AF3CAC207831E083A6CEC6D212
Requests: 1 HTTP requests in this frame
Frame:
data://truncated
Frame ID: 13FE61BCCAF0071D84330734E34D0385
Requests: 1 HTTP requests in this frame
Frame:
data://truncated
Frame ID: 76F90D22AB044E43C1091AAE792F42A4
Requests: 1 HTTP requests in this frame
Frame:
data://truncated
Frame ID: 6D7846AD3EEA7F4D327CCCEADB1EC6A9
Requests: 1 HTTP requests in this frame
Frame:
data://truncated
Frame ID: EBE2D43DB91CDB9A279AA8C11542BEC1
Requests: 1 HTTP requests in this frame
Frame:
data://truncated
Frame ID: 557EBF87450173BEC97B4DF8817F97D6
Requests: 1 HTTP requests in this frame
Frame:
data://truncated
Frame ID: 6A4C5BF2E4526CCC3F34CC3DBE4B773F
Requests: 1 HTTP requests in this frame
3 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: ATM / BRANCH
Search URL Search Domain Scan URL
Title: Continuar
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
5 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.html
citibnkr1.s3.amazonaws.com/ |
8 MB 8 MB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
10 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
741 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
27 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
74 KB 74 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
70 KB 70 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.2.1/ |
85 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame B6F0 |
81 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 90F0 |
81 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
api.ipify.org/ |
22 B 265 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame E9DF |
81 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
api.ipify.org/ |
22 B 265 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 13FE |
81 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 76F9 |
81 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 6D78 |
81 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icone-de-tique-ronde-bleue.png
icones.pro/wp-content/uploads/2021/02/ |
18 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame EBE2 |
81 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 557E |
81 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 6A4C |
81 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Citibank (Banking)23 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| show function| savepage_ShadowLoader function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
9 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
api.ipify.org
citibnkr1.s3.amazonaws.com
icones.pro
192.0.78.148
2a00:1450:4001:812::200a
52.216.142.12
54.91.59.199
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed
5df469ee4da2bc124065cb8df0e24173c5cbc8b9e0c807960fc39c93ffb640c8
6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452
79aed7aa42690104012e9aa44148e0a6aa391aa9a70ca50fa11a3debb7298379
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f
a9a43473908fb995ecdc6bd80d80fd42d3e43bf31687aff0978d7389de2573aa
d2d67457ca4464c328094d85acf586c87ef2adce0fdf446941f4c6a466da9b85
dc876f814074650acde84db7a7f34c583f043b83130e5de49de65f18d1ee2683
e5c725c5a6510cd7323ff66fa032e69cfe7aec1dd042911cae0607d071670eec
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296