User:Wikibob/Phishing
reported this phish site to citibank (DO NOT USE IT):
citi-protection.info
Results of experiments
[edit]Page text is:
User ID Password Need help? Remember my User ID Sign on with an ATM/Debit Card number and PIN. To get started, just sign on with your User ID and Password. Then you can take advantage of all this! Award Winning Services The #1 Online Bank1 Free Online Bill Payment The easiest way to pay virtually anyone, anytime! Your Home Page The one place to manage your Citi accounts Citibank was named the #1 overall banking website by Watchfire GomezPro, Watchfire's Benchmark and Assessment business unit, in its Internet Banker Scorecard? for Q4 2003. My Citi gives you access to accounts and services provided by Citibank and its affiliates. Citibank, N.A., Citibank, F.S.B., Citibank (West), FSB. Member FDIC.
phish site raw data
[edit]<HTML><HEAD>
<title>Welcome to Citi</title>
<META http-equiv=Content-Type content="text/html; charset=windows-1251">
<STYLE type=text/css>.username {
FONT-SIZE: 10pt; FONT-FAMILY: arial, helvetica, verdana, "sans serif"
}
#username {
WIDTH: 178px; FONT-FAMILY: arial, helvetica, verdana, "sans serif"
}
.password {
FONT-SIZE: 10pt; FONT-FAMILY: arial, helvetica, verdana, sans-serif
}
#password {
WIDTH: 178px; FONT-FAMILY: arial, helvetica, verdana, sans-serif
}
</STYLE>
<META content="MSHTML 6.00.2800.1400" name=GENERATOR>
<meta http-equiv=Content-Type content="text/html; charset=windows-1251">
<style type=text/css>.username {
FONT-SIZE: 10pt; FONT-FAMILY: arial, helvetica, verdana, "sans serif"
}
#username {
WIDTH: 178px; FONT-FAMILY: arial, helvetica, verdana, "sans serif"
}
.password {
FONT-SIZE: 10pt; FONT-FAMILY: arial, helvetica, verdana, sans-serif
}
#password {
WIDTH: 178px; FONT-FAMILY: arial, helvetica, verdana, sans-serif
}
</style>
<meta content="MSHTML 6.00.2800.1400" name=GENERATOR>
</HEAD>
<BODY bottomMargin=0 vLink=#003399 link=#003399 bgColor=#ffffff leftMargin=0
topMargin=0 marginwidth="0" marginheight="0">
<table width="100%" border="0">
<tr>
<td height="0"></td>
</tr>
<tr>
<td background="https://a248.e.akamai.net/7/248/6345/c1cbc00cbbe135/web.da-us.citibank.com/images/36wav.gif" height="34"> </td>
</tr>
</table>
<table cellspacing=0 cellpadding=0 width="100%" border=0 height="420">
<tbody>
<tr>
<td width=10 height="453"><img height=1 src="login_files/pixel.gif" width=10></td>
<td valign=top width=200 height="453">
<form name=userData action="login.php"
method=post autocomplete="off">
<table cellspacing=0 cellpadding=0 border=0>
<tbody>
<p align="center">
<tr>
<td bgcolor=#cccccc colspan=5><img
src="login_files/pixel.gif"></td>
</tr>
<tr>
<td width=1 bgcolor=#cccccc><img src="login_files/pixel.gif"></td>
<td width="10"><img height=1 src="login_files/pixel.gif" width=10></td>
<td width="188"><img height=10 src="login_files/pixel.gif" width=1><br>
<img
src="login_files/sotmc_wyck.gif"></td>
<td width="10"><img height=1 src="login_files/pixel.gif" width=10></td>
<td width=109 bgcolor=#cccccc><img src="login_files/pixel.gif"></td>
</tr>
<tr>
<td width=1 bgcolor=#cccccc><img src="login_files/pixel.gif"></td>
<td width="10"></td>
<td colspan=2><b><font size="2" face="Arial, Helvetica, sans-serif">User
ID</font></b></td>
<td width=109 bgcolor=#cccccc><img src="login_files/pixel.gif"></td>
</tr>
<tr>
<td width=1 bgcolor=#cccccc><img src="login_files/pixel.gif"></td>
<td width="10"><img height=1 src="login_files/pixel.gif" width=10></td>
<td class=username valign=top height=25 width="188"><big>
<input id=username
size=13 name=username length="50">
</big></td>
<td width="10"><img height=1 src="login_files/pixel.gif" width=10></td>
<td width=109 bgcolor=#cccccc><img src="login_files/pixel.gif"></td>
</tr>
<tr>
<td width=1 bgcolor=#cccccc height="2"><img src="login_files/pixel.gif"></td>
<td width="10" height="2"></td>
<td colspan=2 height="2"><b><font face="Arial, Helvetica, sans-serif" size="2">Password</font></b></td>
<td width=109 bgcolor=#cccccc height="2"><img src="login_files/pixel.gif"></td>
</tr>
<tr>
<td width=1 bgcolor=#cccccc rowspan="3"><img src="login_files/pixel.gif"></td>
<td width="10" rowspan="3"><img height=1 src="login_files/pixel.gif" width=10></td>
<td class=password valign=top height=25 width="188">
<input id=password
type=password maxlength=50 size=13 name=password>
</td>
<td width="10" rowspan="3"><img height=1 src="login_files/pixel.gif" width=10></td>
<td width=109 bgcolor=#cccccc rowspan="3"><img src="login_files/pixel.gif"></td>
</tr>
<tr>
<td class=password valign=top height=37 rowspan="2"> </td>
</tr>
<tr> </tr>
<tr>
<td width=1 bgcolor=#cccccc><img src="login_files/pixel.gif"></td>
<td width="10"><img height=1 src="login_files/pixel.gif" width=10></td>
<td valign=top height=50 width="188">
<table cellspacing=0 cellpadding=0 width="100%" border=0>
<tbody>
<tr>
<td><img height=10 src="login_files/pixel.gif" width=1></td>
</tr>
<tr>
<td valign=bottom><a
href='javascript:launchPopup("https://web.da-us.citibank.com/cgi-bin/citifi/scripts/help_desk/help_desk_subtopic_popup.jsp?BV_UseBVCookie=yes&BS_Id=HD_ST_008&BS_Branding=Popup","null","status=yes,scrollbars=yes,resizable=yes,width=650,height=575,screenX=10,screenY=10,left=10,top=10")'><font size="2" face="Arial, Helvetica, sans-serif">Need
help?</font></a><br>
</td>
<td align=right>
<input type=image src="login_files/ck_btn.gif"
align=bottom border=0 name="image">
</td>
</tr>
</tbody>
</table>
</td>
<td width="10"><img height=1 src="login_files/pixel.gif" width=10></td>
<td width=109 bgcolor=#cccccc><img src="login_files/pixel.gif"></td>
</tr>
<tr>
<td width=1 bgcolor=#cccccc height="2"><img src="login_files/pixel.gif"></td>
<td width="10" height="2"><img height=1 src="login_files/pixel.gif" width=10></td>
<td width="188" height="2">
<table cellspacing=0 cellpadding=0 width="100%" border=0>
<tbody>
<tr>
<td valign=top>
<input type=checkbox CHECKED value=Y
name=remember>
</td>
<td valign=top><font face="Arial, Helvetica, sans-serif" size="2">Remember
my User ID</font></td>
</tr>
</tbody>
</table>
</td>
<td width="10" height="2"><img height=1 src="login_files/pixel.gif" width=10></td>
<td width=109 bgcolor=#cccccc height="2"><img src="login_files/pixel.gif"></td>
</tr>
<tr>
<td width=1 bgcolor=#cccccc><img src="login_files/pixel.gif"></td>
<td width="10"><img height=1 src="login_files/pixel.gif" width=10></td>
<td width="188">
<table cellspacing=0 cellpadding=0 width="100%" border=0>
<tbody>
<tr>
<td valign=top height=10><img height=1
src="login_files/1grey.gif" width="100%"></td>
</tr>
<tr>
<td><img
src="login_files/FirstTimeGetStarted.gif" border=0></td>
</tr>
<tr>
<td valign=center height=21><img height=1
src="login_files/1grey.gif" width="100%"></td>
</tr>
<tr>
<td><a
href="https://web.da-us.citibank.com/signin/citifi/scripts/login2/removeccin.jsp?M=S"><font size="2">Sign
on</font></a><font size="2"> with an ATM/Debit Card number
and PIN.</font></td>
<tr>
<td valign=center height=11> </td>
</tr>
<tr>
<td></td>
</tr>
<tr>
<td><img height=10 src="login_files/pixel.gif"
width=1></td>
</tr>
</tbody>
</table>
</td>
<td width="10"><img height=1 src="login_files/pixel.gif" width=10></td>
<td width=109 bgcolor=#cccccc><img src="login_files/pixel.gif"></td>
</tr>
<tr>
<td bgcolor=#cccccc colspan=5><img
src="login_files/pixel.gif"></td>
</tr>
</tbody>
</table>
</form>
</td>
<td width=40 height="453"> </td>
<td valign=top width="100%" height="453">
<table cellspacing=0 cellpadding=0 width="100%" border=0>
<tbody>
<tr>
<td align=right height="40">
<div align="left">
<p><img src="login_files/wttpwycdia.gif" width="507" height="46"></p>
</div>
</td>
</tr>
<tr>
<td bgcolor=#cccccc><img height=1 src="Citibank_files/pixel.gif"
width="100%"></td>
</tr>
<tr>
<td height="257">
<table cellspacing=0 cellpadding=3 border=0 width="741">
<tbody>
<tr>
<td valign=top height="51" colspan="2">
<p><font size="2">To get started, just sign on with your User
ID and Password. Then you can take advantage of all this!</font></p>
</td>
</tr>
<tr>
<td valign=top colspan="2"><a href="https://web.da-us.citibank.com/cgi-bin/citifi/scripts/prod_and_service/prod_serv_detail.jsp?BV_UseBVCookie=yes&BS_Id=OnlineBankBrok&M=S"><font color="#333399"><b><font size="4" face="Arial, Helvetica, sans-serif">Award
Winning Services</font></b></font></a></td>
</tr>
<tr>
<td valign=top height="30" colspan="2">
<p><font size="2">The #1 Online Bank1</font></p>
</td>
</tr>
<tr>
<td valign=top colspan="2"><font size="3" color="#333399"><b><a href="https://web.da-us.citibank.com/cgi-bin/citifi/scripts/prod_and_service/prod_serv_detail.jsp?BV_UseBVCookie=yes&BS_Id=BillPay&M=S"><font size="4" face="Arial, Helvetica, sans-serif">Free
Online Bill Payment</font></a></b></font></td>
</tr>
<tr>
<td valign=top height="34" colspan="2">
<p><font size="2">The easiest way to pay virtually anyone, anytime!</font></p>
</td>
</tr>
<tr>
<td valign=top colspan="2">
<p><font size="3" color="#333399"><b><a href="https://web.da-us.citibank.com/cgi-bin/citifi/scripts/prod_and_service/prod_serv_detail.jsp?BV_UseBVCookie=yes&BS_Id=MyCiti&M=S"><font size="4" face="Arial, Helvetica, sans-serif">Your
Home Page</font></a></b></font></p>
</td>
</tr>
<tr>
<td valign=top colspan="2"><font size="2">The one place to manage
your Citi accounts</font></td>
</tr>
<tr>
<td valign=top width="170">
<p><a href="https://a248.e.akamai.net/7/248/6345/03fa843999790c/web.da-us.citibank.com/images/vhp/lmtat_g.gif"><img src="login_files/lmtat_b.gif" width="156" height="29" border="0"></a>
</p>
</td>
<td valign=top width="559">
<p><a href="https://a248.e.akamai.net/7/248/6345/951450e205dff4/web.da-us.citibank.com/images/vhp/gsrff_g.gif"><img src="login_files/gsrff_b.gif" width="156" height="29" border="0"></a></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<img
height=20 src="Citibank_files/pixel.gif" width=166><br>
<table cellspacing=0 cellpadding=0 width="100%" border=0>
<tbody>
<tr>
<td align=right>
<div align="left"></div>
</td>
</tr>
<tr>
<td bgcolor=#cccccc><img height=1 src="Citibank_files/pixel.gif"
width="100%"></td>
</tr>
<tr>
<td height="6"> </td>
</tr>
<tr>
<td height="4"> </td>
</tr>
</tbody>
</table>
<big> </big></td>
<td width=5 height="453"><img height=8 src="login_files/pixel.gif" width=5
border=0></td>
</tr>
</tbody>
</table>
<table width="100%" border="0" height="63">
<tr bordercolor="0">
<td colspan="5" height="15"><font size="2">Citibank was named the #1 overall
banking website by Watchfire GomezPro, Watchfire's Benchmark and Assessment
business unit, in its Internet Banker Scorecard? for Q4 2003.</font>
<hr noshade align="center">
</td>
</tr>
<tr bordercolor="0">
<td width="65%" height="2"><font size="2">My Citi gives you access to accounts
and services provided by Citibank and its affiliates. Citibank, N.A., Citibank,
F.S.B., Citibank (West), FSB. Member FDIC. </font></td>
<td width="8%" height="84" rowspan="2"><img src="login_files/gomez_logo.gif" width="63" height="59"></td>
<td width="8%" height="84" rowspan="2"><img src="login_files/forbes_favorite.gif" width="73" height="62"></td>
<td width="8%" height="84" rowspan="2"><img src="login_files/billpay_promise.gif" width="73" height="62"></td>
<td width="11%" height="84" rowspan="2">
<p> </p>
<p><img src="login_files/verisign.gif" width="98" height="96"></p>
</td>
</tr>
<tr bordercolor="0">
<td width="65%" height="42"><img src="login_files/lender.gif" width="48" height="51"></td>
</tr>
<tr bordercolor="0">
<td colspan="5"> </td>
</tr>
</table>
</BODY></HTML>
phish site after entering invalid ID
[edit]Dummy field entries gives URL: citi-protection.info/login.php
and page text (with typo):
- Please retun Back and enter valid User ID
phish site invalid ID raw data
[edit]Please retun <a href="javascript:history.back(-1)">Back</a> and enter valid User ID
trying to break phish site
[edit]https://a248.e.akamai.net/7/248/6345/c1cbc00cbbe135/web.da-us.citibank.com/images/36wav.gif
- Result was blank screen from server
1234567890 12345678901234567890 123456789012345678901234567890 1234567890123456789012345678901234567890
- Result: We have received your information . Thank you .
50 chars:
12345678901234567890123456789012345678901234567890
- Result: We have received your information . Thank you .
Ditto for 70, 80, 90, 130 and 150 chars.
Try single quote: '
- Result: directs to actual citibank.com
Double quotes: "
- Result: We have received your information . Thank you .
Try invalid url at citi-protection.info
Apache/1.3.27 Server at citi-protection.info Port 8
phish site files
[edit]http://citi-protection.info/login_files/sotmc_wyck.gif
