New Registrations

Citigroup phishing domains

Newly registered lookalikes - tracked daily


Citigroup phishing domains

Newly registered lookalikes - tracked daily


Tracked (7d)
1
New (24h)
0
vs avg
About
AIGlobal retail and business banking phishing. Credentials, OTP capture, and second-factor-bypass pages are the recurring pattern.
TLDs
.com (1)
Hosts
netcup GmbH (1)
Countries
AustriaAustria (1)

Recently registered domains — may be used for phishing. Screenshots show parking pages while domains warm up. Use for Threat Hunting or watchlists.

Last check (UTC) First seen (UTC) URL Screenshot Flags Details
2026-07-02 02:09 2026-07-02 02:09
https://citigroup-pw.com
Screenshot of citigroup-pw.com Details

Recently registered domains — may be used for phishing. Screenshots show parking pages while domains warm up. Use for Threat Hunting or watchlists.

URL Screenshot Details
https://citigroup-pw.com
Screenshot of citigroup-pw.com Details

AIHow to verify a real Citigroup URL

  • Legitimate Citigroup URLs always end in citigroup.com (e.g. www.citigroup.com, account.citigroup.com). Anything else — including look-alike typosquats, hyphenated variations, or unfamiliar TLDs like .xyz / .top / .vip — is not Citigroup.
  • The domains listed above were registered within the last 7 days. New-domain age is itself a signal — Citigroup has owned citigroup.com for years; brand-new look-alikes are almost never legitimate.
  • If you got the link from email, SMS, or social media, do not click it. Open citigroup.com from your browser bookmark or type the domain manually.
  • Real Citigroup pages almost never ask for credentials immediately after clicking from a message — treat any such redirect as a phishing attempt until the domain is verified.