ctznrest.com
Open in
urlscan Pro
2606:4700::6810:f44e
Malicious Activity!
Public Scan
Submission: On September 01 via automatic, source phishtank — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 30th 2022. Valid for: a year.
This is the only time ctznrest.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Citizens Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
10 | 2606:4700::68... 2606:4700::6810:f44e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a02:26f0:350... 2a02:26f0:3500:888::1f37 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
11 | 3 |
ASN20940 (AKAMAI-ASN1, NL)
www.citizensbank.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
ctznrest.com
ctznrest.com |
264 KB |
1 |
citizensbank.com
www.citizensbank.com — Cisco Umbrella Rank: 70090 |
1 KB |
11 | 2 |
Domain | Requested by | |
---|---|---|
10 | ctznrest.com |
ctznrest.com
|
1 | www.citizensbank.com |
ctznrest.com
|
11 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.citizensbank.com |
investor.citizensbank.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
ctznrest.com Cloudflare Inc ECC CA-3 |
2022-08-30 - 2023-08-29 |
a year | crt.sh |
www.citizensbank.com Entrust Certification Authority - L1M |
2022-07-01 - 2023-07-01 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://ctznrest.com/
Frame ID: 81DF9FA7533F84EEB153EB619C67E20B
Requests: 24 HTTP requests in this frame
48 Outgoing links
These are links going to different origins than the main page.
Title: Checking
Search URL Search Domain Scan URL
Title: Savings
Search URL Search Domain Scan URL
Title: Money Markets
Search URL Search Domain Scan URL
Title: Certificates of Deposit (CDs)®
Search URL Search Domain Scan URL
Title: IRAs
Search URL Search Domain Scan URL
Title: Programs & Services
Search URL Search Domain Scan URL
Title: Benefits & Features
Search URL Search Domain Scan URL
Title: Debit Card
Search URL Search Domain Scan URL
Title: Overdraft Choices®
Search URL Search Domain Scan URL
Title: Mortgages
Search URL Search Domain Scan URL
Title: Home Equity Loans
Search URL Search Domain Scan URL
Title: Home Equity Lines of Credit
Search URL Search Domain Scan URL
Title: Determine My Rate
Search URL Search Domain Scan URL
Title: My Mortgage Account
Search URL Search Domain Scan URL
Title: Student Loan Options
Search URL Search Domain Scan URL
Title: Refinancing Student Loans
Search URL Search Domain Scan URL
Title: The Student Loan Process
Search URL Search Domain Scan URL
Title: Undergraduate Students & Parents
Search URL Search Domain Scan URL
Title: Graduate Students
Search URL Search Domain Scan URL
Title: Tools & Information
Search URL Search Domain Scan URL
Title: Banking for Students
Search URL Search Domain Scan URL
Title: Access My Student Loan
Search URL Search Domain Scan URL
Title: Credit Cards
Search URL Search Domain Scan URL
Title: Card Agreements
Search URL Search Domain Scan URL
Title: Security Features
Search URL Search Domain Scan URL
Title: Overview
Search URL Search Domain Scan URL
Title: FAQs
Search URL Search Domain Scan URL
Title: Order Checks
Search URL Search Domain Scan URL
Title: Online & Mobile Banking
Search URL Search Domain Scan URL
Title: Customer Service
Search URL Search Domain Scan URL
Title: About Citizens Bank
Search URL Search Domain Scan URL
Title: In the Community
Search URL Search Domain Scan URL
Title: Careers
Search URL Search Domain Scan URL
Title: About Our Ads
Search URL Search Domain Scan URL
Title: Personal
Search URL Search Domain Scan URL
Title: Investing
Search URL Search Domain Scan URL
Title: Small Business
Search URL Search Domain Scan URL
Title: Commercial
Search URL Search Domain Scan URL
Title: Online Terms and Conditions
Search URL Search Domain Scan URL
Title: Electronic Notice Disclosure and Consent (Online Service)
Search URL Search Domain Scan URL
Title: Account Documents
Search URL Search Domain Scan URL
Title: Member FDIC
Search URL Search Domain Scan URL
Title: Equal Housing Lender
Search URL Search Domain Scan URL
Title: Site Map
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
ctznrest.com/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2.679831fc.chunk.css
ctznrest.com/static/css/ |
2 KB 848 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.0969232f.chunk.css
ctznrest.com/static/css/ |
108 KB 28 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2.197b63ff.chunk.js
ctznrest.com/static/js/ |
224 KB 71 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.ac3f711c.chunk.js
ctznrest.com/static/js/ |
74 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
feedback.png
www.citizensbank.com/assets/CB_media/images/ |
824 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
395 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
292 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
364 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1017 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
165 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
citiolb_icons.dca00503.woff
ctznrest.com/static/media/ |
18 KB 18 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
citizen_roman.f0380244.woff
ctznrest.com/static/media/ |
31 KB 31 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
citizen_book.1cc18080.woff
ctznrest.com/static/media/ |
31 KB 31 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
citizen_bold.f37bdbd4.woff
ctznrest.com/static/media/ |
29 KB 29 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
citizen_extrabold.51370ff5.woff
ctznrest.com/static/media/ |
27 KB 27 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Citizens Bank (Banking)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| webpackJsonpclient object| regeneratorRuntime0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ctznrest.com
www.citizensbank.com
2606:4700::6810:f44e
2a02:26f0:3500:888::1f37
0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759
2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277
319d82f567037eafefea25abbc64ea902db9255c5e7231fe9ddd462e4f5b9149
3cacf7ff16858c5e75dd964ee606f6d74df5dd9d95841033868fd4367f550fd5
425be2a320e5a741663347c04d1ae05068fdd271be949899cdfdcf92e189d6d6
455c35078b4bba1f2830a38c6556ddf500070fc65a3d2ab79eb1dbf260fc81b5
56a8532b2a60ca2ae39c213f7e1e65e47834af927e6365444457f22ed12ed79c
56c43c6f5c8209acd47f355810bca2f9b0fc86c4bbdf1361d60fb2d2e2e66f8c
5bb2d438470a02799577010a14310fa8ac3ed7ea77ca15435aaaa154e407b3e6
713f1268435943170faadadc547d8c68bb00822783e5e0c2d1129972a784f949
99cdf7734b9baec74e3c53bddfda3c002ded5fc082bf6e8851cb6261c8b8c307
9af5181113e5d0eacfc3d9c0b3ad627dc3ad50708755fbe45ab18e0cad4f3b36
9b4ffac9ea755d2aaff724fa471d90fd63ae5648e18f60a67db0a5c3bffd84e5
b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115
bbb90a8f240e6dbbda1d3da534f8848f256e623ed470d045e1d86a465e424d69
c401ce328e0383e71cd811709055aa8671cee50e355c6588bd567c1320b4e4ab
c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42
c8d87d770112e188f7b1482e9a416ffc441a9a6e08e2fc38a886fa2986efdb46
d43a06f9a5428b13aeddafca7f430f3f9efd1f6ca6e0f429e3983407e3120d75
dddb031e5144ce20d909dbf4829d637738efa477bf5ab4eab67b1990ef0efb2d
dfc042f7ff75f3c2f916bcfbff48c82834bab07b698a2c564906ca073f8286b2
eb175662762ef5f2c9011cc1c4f9d09361c50a366fad8a544bda1c439b99d3a0
fe3ddc37707c93f338a1f6359dfa03019e096df14454808aaccbb7538aa3c67b
ff327ec2a6dbd3fc76ceecf59e472d5d2f43c94dce851ced740abe5f75bb832e