citibnkr1.s3.amazonaws.com Open in urlscan Pro
52.216.142.12  Malicious Activity! Public Scan

3 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
19 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request index.html citibnkr1.s3.amazonaws.com/	8 MB 8 MB	485ms 175ms	Document text/html	52.216.142.12 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://citibnkr1.s3.amazonaws.com/index.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.216.142.12 Ashburn, United States, ASN16509 (AMAZON-02, US), Reverse DNS s3-1-w.amazonaws.com Software AmazonS3 / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers x-amz-id-2 aH4GNkfiJ1hBHv+jwUaxKNKkayGK32z4DMcDh71453hJIfooO/6kZkRsNZcCfeY0szHMAh4a3M0= x-amz-request-id 76N3E8J18CEHMMAS Date Tue, 23 Nov 2021 12:46:34 GMT Last-Modified Sat, 20 Nov 2021 23:39:08 GMT ETag "6afe321ddc66c08354c0d19c03f5a1f3" Accept-Ranges bytes Content-Type text/html Server AmazonS3 Content-Length 8227271
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	2 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	3 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	10 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 5df469ee4da2bc124065cb8df0e24173c5cbc8b9e0c807960fc39c93ffb640c8 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	741 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash dc876f814074650acde84db7a7f34c583f043b83130e5de49de65f18d1ee2683 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash a9a43473908fb995ecdc6bd80d80fd42d3e43bf31687aff0978d7389de2573aa Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash e5c725c5a6510cd7323ff66fa032e69cfe7aec1dd042911cae0607d071670eec Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	27 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	74 KB 74 KB		Font font/woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296 Request headers Referer Origin https://citibnkr1.s3.amazonaws.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type font/woff
GET DATA	200 OK	truncated /	70 KB 70 KB		Font font/woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7 Request headers Referer Origin https://citibnkr1.s3.amazonaws.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type font/woff
GET H2	200	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/3.2.1/	85 KB 30 KB	38ms 7ms	Script text/javascript	2a00:1450:4001:812::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js Requested by Host: citibnkr1.s3.amazonaws.com URL: https://citibnkr1.s3.amazonaws.com/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://citibnkr1.s3.amazonaws.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Sun, 21 Nov 2021 10:14:04 GMT content-encoding gzip x-content-type-options nosniff age 181950 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 30306 x-xss-protection 0 last-modified Tue, 03 Mar 2020 19:15:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="hosted-libraries-pushers" vary Accept-Encoding report-to {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Mon, 21 Nov 2022 10:14:04 GMT
GET DATA	200 OK	truncated / Frame B6F0	81 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated / Frame 90F0	81 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/png
GET H/1.1	200 OK	/ Show response api.ipify.org/	22 B 265 B	312ms 103ms	XHR application/json	54.91.59.199 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api.ipify.org/?format=json Requested by Host: ajax.googleapis.com URL: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 54.91.59.199 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-91-59-199.compute-1.amazonaws.com Software Cowboy / Resource Hash d2d67457ca4464c328094d85acf586c87ef2adce0fdf446941f4c6a466da9b85 Request headers Accept application/json, text/javascript, */*; q=0.01 Referer https://citibnkr1.s3.amazonaws.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Tue, 23 Nov 2021 12:46:34 GMT Via 1.1 vegur Server Cowboy Vary Origin Content-Type application/json Access-Control-Allow-Origin https://citibnkr1.s3.amazonaws.com Connection keep-alive Content-Length 22
GET DATA	200 OK	truncated / Frame E9DF	81 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/png
GET H/1.1	200 OK	/ Show response api.ipify.org/	22 B 265 B	306ms 99ms	XHR application/json	54.91.59.199 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://api.ipify.org/?format=json Requested by Host: ajax.googleapis.com URL: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 54.91.59.199 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-54-91-59-199.compute-1.amazonaws.com Software Cowboy / Resource Hash d2d67457ca4464c328094d85acf586c87ef2adce0fdf446941f4c6a466da9b85 Request headers Accept application/json, text/javascript, */*; q=0.01 Referer https://citibnkr1.s3.amazonaws.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Tue, 23 Nov 2021 12:46:34 GMT Via 1.1 vegur Server Cowboy Vary Origin Content-Type application/json Access-Control-Allow-Origin https://citibnkr1.s3.amazonaws.com Connection keep-alive Content-Length 22
GET DATA	200 OK	truncated / Frame 13FE	81 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated / Frame 76F9	81 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated / Frame 6D78	81 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/png
GET H2	200	icone-de-tique-ronde-bleue.png icones.pro/wp-content/uploads/2021/02/	18 KB 18 KB	186ms 152ms	Image image/png	192.0.78.148 AUTOMATTIC
General Check archive.org Show headers Download Go to Show image Full URL https://icones.pro/wp-content/uploads/2021/02/icone-de-tique-ronde-bleue.png Requested by Host: citibnkr1.s3.amazonaws.com URL: https://citibnkr1.s3.amazonaws.com/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.148 San Francisco, United States, ASN2635 (AUTOMATTIC, US), Reverse DNS Software nginx / Resource Hash 79aed7aa42690104012e9aa44148e0a6aa391aa9a70ca50fa11a3debb7298379 Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Accept-Language de-DE,de;q=0.9 Referer https://citibnkr1.s3.amazonaws.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 23 Nov 2021 12:46:34 GMT x-ac 2.hhn _atomic_ams last-modified Tue, 13 Jul 2021 19:03:09 GMT server nginx etag "60ede36d-47d8" strict-transport-security max-age=31536000 access-control-allow-methods GET, HEAD content-type image/png access-control-allow-origin * cache-control max-age=604800 accept-ranges bytes content-length 18392 expires Tue, 30 Nov 2021 12:46:34 GMT
GET DATA	200 OK	truncated / Frame EBE2	81 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated / Frame 557E	81 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated / Frame 6A4C	81 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743 Request headers Accept-Language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Content-Type image/png

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Citibank (Banking)

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| show function| savepage_ShadowLoader function| $ function| jQuery

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://citibnkr1.s3.amazonaws.com/index.html(Line 93) Message: <link rel=preload> has an invalid `href` value
other	warning	URL: https://citibnkr1.s3.amazonaws.com/index.html(Line 94) Message: <link rel=preload> has an invalid `href` value
other	warning	URL: https://citibnkr1.s3.amazonaws.com/index.html(Line 95) Message: <link rel=preload> has an invalid `href` value
other	warning	URL: https://citibnkr1.s3.amazonaws.com/index.html(Line 412) Message: <link rel=preload> has an invalid `href` value
other	warning	URL: https://citibnkr1.s3.amazonaws.com/index.html(Line 413) Message: <link rel=preload> has an invalid `href` value
other	warning	URL: https://citibnkr1.s3.amazonaws.com/index.html(Line 414) Message: <link rel=preload> has an invalid `href` value
other	warning	URL: https://citibnkr1.s3.amazonaws.com/index.html(Line 751) Message: <link rel=preload> has an invalid `href` value
other	warning	URL: https://citibnkr1.s3.amazonaws.com/index.html(Line 752) Message: <link rel=preload> has an invalid `href` value
other	warning	URL: https://citibnkr1.s3.amazonaws.com/index.html(Line 753) Message: <link rel=preload> has an invalid `href` value

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
api.ipify.org
citibnkr1.s3.amazonaws.com
icones.pro
192.0.78.148
2a00:1450:4001:812::200a
52.216.142.12
54.91.59.199
102503acef6077fcf8e42a856fb4904fcd74224a32d5d8efcd13236ac6309fed
5df469ee4da2bc124065cb8df0e24173c5cbc8b9e0c807960fc39c93ffb640c8
6336ae7b60dff18e0a37721a3a19fd5e18568577a64faa662969d35966dbf72b
6dfa343a68ef79e83fef5f7c705119d2473352190c609cf94c67ea99a29fa452
79aed7aa42690104012e9aa44148e0a6aa391aa9a70ca50fa11a3debb7298379
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
a593628f2d5ba814f37fbcd3963162f094c2764d4b15d82464c2d1aef92f150f
a9a43473908fb995ecdc6bd80d80fd42d3e43bf31687aff0978d7389de2573aa
d2d67457ca4464c328094d85acf586c87ef2adce0fdf446941f4c6a466da9b85
dc876f814074650acde84db7a7f34c583f043b83130e5de49de65f18d1ee2683
e5c725c5a6510cd7323ff66fa032e69cfe7aec1dd042911cae0607d071670eec
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296