ScanMalware.com

Security Scan Report: secure.citbk.com

Submitted: Jan 13, 2026, 1:15:56 PMCompleted: Jan 13, 2026, 1:18:44 PMpubliccompleted
Loading additional data...

Summary

This website contacted 6 IPs in 2 countries across 6 domains to perform 1 HTTP transaction. The main domain is secure.citbk.com and was registered NaN years ago.

Submitted URL: https://secure.citbk.com

AI Security Verdict

Confirmed Scam

Confidence: 95%

10
Risk Score

New, unranked domain impersonating Citizens Bank – confirmed scam.

Risk Factors
Brand impersonation on a newly registered, unranked domain
Domain age <90 days (high‑risk for phishing)
UNRANKED domain claiming to be a major financial institution
Domain age information unavailable

Details

Page Title

Citizens Bank

Scan Type

public

Language

🇺🇸

English

(50% confidence)

Category

finance banking

(52%)

Domain Information

Domain 'secure.citbk.com' uses the commercial generic top-level domain (.com) and includes subdomain 'secure'. The second-level label 'citbk' is 5 characters long with one vowel and 4 consonants. It segments into 3 words: c, it, bk. Median word length is two characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://secure.citbk.com

Page Load Overview

90.10s
Total Load Time
25
HTTP Requests
4
Domains
24 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:50%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:50%
Script Type:Latin
Text Length:4,934 chars
Detector Agreement:100%

Website Classification

Primary Category

finance banking52% confidence
Type: dynamic
Method: ml+structural

All Detected Categories

finance banking
52%

Detected Features

No structural features detected

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
5172.217.18.3Luxembourg
AS15169
4142.250.184.238United States
AS15169GOOGLE
4142.250.184.227United States
AS15169GOOGLE
4142.251.141.74LuxembourgUnknown
4198.251.88.188Luxembourg, Luxembourg, Luxembourg
AS53667PONYNET
4216.58.206.68LuxembourgUnknown
256--

Detected Technologies4

JQueryv2.1.3
100%
LiteSpeed
40%
HTTP/3
40%
Google Maps
20%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T193E22E016D4CCD1A42DF0AC868B6622801BF4B61D22209D9FEB78BF5579FD9DCE3B056

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

768:pg28/306f/FjtyFPB/ob/bvR/D7bNnioOffk2zUR7lij:p/8/305i/D7bNnioOffk2e7lij

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:34192:APdIgCJeAAagICuFEoG4RFAJFCABmNDEQgZ8kKjCE5sAgacCFEw71ujFo9EiHEIIEAiQKSSBBgDkkxJFnEQAQGFEAoHAMYGg

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:0000e0c4c1e9ffff
Perceptual Hash:fa628d0d12966b6b
Difference Hash:ea95098d090bd2d3
Wavelet Hash:0000e0c4c5f9ffff
Color Hash:#87bbc5

Other Hashes

Crop Resistant:ea95098d090bd2d3,00030b0b0b0b0300,9509090d0d8d090b

Scan History

Scan history not available

Unable to load historical scan data