cityloan90.com

February 24, 2026

What you actually see when you visit cityloan90.com

Cityloan90.com doesn’t present like a normal public-facing lender website. The main pages that load without an account are a login screen, a registration screen, and a password reset screen—all in Bangla. The login asks for a mobile number and password, registration asks for name + mobile number + password, and password reset accepts “mobile number or email” to send a reset link.

What’s missing (at least publicly) is the stuff legitimate financial services usually put up front: company identity, product explanations (loan size, APR/fees, repayment schedule), eligibility rules, compliance disclosures, physical address, customer-support channels, privacy policy, and terms. Some real lenders do keep things inside a logged-in area, but they typically still publish the basics publicly because they need trust to acquire customers.

Domain age, hosting footprint, and why that matters

Several independent scanners and WHOIS summaries show the domain is very new. The domain registration date repeatedly shows December 10, 2025, with expiration around December 10, 2026, and the registrar as GoDaddy.

New isn’t automatically bad. But for anything involving money, a new domain removes a lot of the “reputation trail” you’d want to rely on: older customer complaints, regulatory actions, longstanding reviews, and stable brand history. A new domain plus minimal public information is basically a “proceed slowly” combination.

On the infrastructure side, one analysis lists hosting on OVH with a server location in Quebec, Canada, plus a visible IP address. That doesn’t prove anything on its own—many services host internationally—but it can be a mismatch if the service is marketing itself as a local lender in South Asia while operating with an anonymous setup abroad.

“Trust scores” are mixed, and the details matter more than the number

You’ll see mixed ratings across automated tools:

  • Scamadviser reports a 61% trust score and calls it “probably not a scam,” while still flagging that the site is young.
  • Gridinsoft shows 58/100 and labels it “moderate,” also emphasizing young domain and noting index disabled (more on that below).
  • Scamdoc shows a poor trust score (25%), and highlights that the owner is hidden in WHOIS.

This difference is normal because they weigh signals differently. The useful part is the underlying signals they agree on: new domain, limited visibility, and limited public-facing content.

The “noindex” point is a quiet but important signal

Gridinsoft notes that the site is configured with noindex, nofollow, meaning search engines are instructed not to index it.

There are legitimate reasons to do this (staging environments, private portals, early product rollout). But when the business is consumer lending, “noindex” tends to work against transparency. If you’re trying to be found by borrowers, you usually want search visibility, not the opposite. Also, it can reduce the chance that third-party watchdog pages, archived copies, and public discussions show up quickly in search, which makes independent verification harder.

What user reports are saying about money requests and withdrawal problems

One of the most practical things you can look at is whether complaints match common patterns. Gridinsoft includes user reviews that claim the site took an upfront payment (examples mention 1000 rupees, then additional amounts) and then blocked withdrawal or asked for more money.

You don’t have to assume every review is accurate. But the pattern—pay a fee first, then “unlock” funds by paying more—is a well-known scam shape in financial fraud. Even legit lenders typically deduct fees from disbursed amounts or clearly disclose processing fees with formal receipts and a verifiable legal entity. When the interaction becomes “send another payment to withdraw,” that’s a major red flag.

Practical verification checks you can do before entering any personal data

If you’re evaluating cityloan90.com (or any similar loan portal), focus on verification that’s hard to fake:

  1. Find the legal entity name (company name) and check if it’s consistent across the site, emails, and any payment instructions. If you can’t find a legal entity name publicly, treat that as a serious risk.
  2. Look for clear loan terms: APR/interest, fees, tenure, total repayment amount, late-fee policy. If it’s only revealed after signup, that’s backwards for a lender.
  3. Confirm support channels: a working phone number, business email on the same domain, office address, and response history. A single web form isn’t enough for a financial service.
  4. Check for licensing/registration in the country where they claim to operate. Real lenders and loan brokers usually have some regulator-facing footprint.
  5. Watch for “advance fee” behavior: any requirement to pay before you receive funds, especially via person-to-person transfer methods, vouchers, crypto, or “development/verification charges.”
  6. Minimize what you submit: if you still choose to proceed, do not upload ID documents or bank details until you’ve verified the entity and terms.

If you already registered or paid, do this next

If you’ve already interacted with the site and money is involved, the priority is damage control:

  • Do not send more money just to “unlock” a withdrawal. Escalating payments usually increases losses.
  • Collect evidence: screenshots, transaction IDs, chat logs, emails, phone numbers, and timestamps.
  • Contact your bank or payment provider immediately to ask about chargebacks, disputes, or transfer recalls (options depend on payment type and speed).
  • Change reused passwords if you used the same password anywhere else (the site is a login portal, so credential risk is real).
  • Monitor accounts for unusual activity if you shared personal data.

Key takeaways

  • Cityloan90.com is mostly a login/registration portal in Bangla, with little public information about who operates it or what the loan terms are.
  • Multiple tools confirm the domain is very new (registered Dec 10, 2025), which makes reputation verification harder.
  • Automated trust scores are mixed, but they consistently flag youth, limited transparency, and hidden ownership signals.
  • User reports referenced by scanners describe upfront payments and withdrawal blocks, which matches a high-risk pattern.
  • If money has already been sent, focus on stopping further payments, preserving evidence, and contacting your payment provider fast.

FAQ

Is cityloan90.com a legitimate lender?

Publicly available signals are not strong enough to confidently say it’s a legitimate lender. The site is a young domain with minimal public disclosures, and there are user reports of payment-and-withdrawal issues.

Why do scam-check sites disagree on the score?

They use different scoring models. The number matters less than the shared signals underneath: domain age, ownership transparency, public terms, complaint patterns, and technical footprint.

Is a valid SSL certificate proof it’s safe?

No. SSL only means the connection is encrypted. Many scam sites have SSL because it’s cheap and easy to obtain. Scamadviser and Gridinsoft both note SSL, but still flag other risks.

What’s the biggest red flag to watch for?

Any request to pay money upfront (or pay more money) to withdraw or “activate” a loan. User reports referenced in analysis pages describe exactly that pattern.

What’s a safer way to get a loan online?

Use lenders or bank programs that publish full terms, legal entity details, and regulated contact info before signup. If you can’t verify who is behind a platform and what the total repayment cost is, skip it and use a provider with a clear compliance footprint.