New Registrations

Citrix phishing domains

Newly registered lookalikes - tracked daily


Citrix phishing domains

Newly registered lookalikes - tracked daily


Tracked (7d)
2
New (24h)
0
vs avg
About
AIEnterprise VDI / Workspace target. A successful Citrix phish hands attackers internal apps and is a frequent precursor to ransomware deployment.
TLDs
.com (2)
Countries
United StatesUnited States (1) · IrelandIreland (1)

Recently registered domains — may be used for phishing. Screenshots show parking pages while domains warm up. Use for Threat Hunting or watchlists.

Last check (UTC) First seen (UTC) URL Screenshot Flags Details
2026-07-01 01:16 2026-07-01 01:16
https://citrixportal.com
Screenshot of citrixportal.com Details
2026-06-30 01:19 2026-06-30 01:19
https://citrixonlinetraining.com
Screenshot of citrixonlinetraining.com Details

Recently registered domains — may be used for phishing. Screenshots show parking pages while domains warm up. Use for Threat Hunting or watchlists.

URL Screenshot Details
https://citrixportal.com
Screenshot of citrixportal.com Details
https://citrixonlinetraining.…
Screenshot of citrixonlinetraining.com Details

AIHow to verify a real Citrix URL

  • Legitimate Citrix URLs always end in citrix.com (e.g. www.citrix.com, account.citrix.com). Anything else — including look-alike typosquats, hyphenated variations, or unfamiliar TLDs like .xyz / .top / .vip — is not Citrix.
  • The domains listed above were registered within the last 7 days. New-domain age is itself a signal — Citrix has owned citrix.com for years; brand-new look-alikes are almost never legitimate.
  • If you got the link from email, SMS, or social media, do not click it. Open citrix.com from your browser bookmark or type the domain manually.
  • Real Citrix pages almost never ask for credentials immediately after clicking from a message — treat any such redirect as a phishing attempt until the domain is verified.