mtcarpg.com
Open in
urlscan Pro
2606:4700:20::ac43:4b38
Malicious Activity!
Public Scan
Effective URL: https://mtcarpg.com/CITIZEN/login/ses/index
Submission: On May 24 via api from US — Scanned from DE
Summary
TLS certificate: Issued by E1 on May 16th 2022. Valid for: 3 months.
This is the only time mtcarpg.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Citizens Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 2 | 2606:4700:303... 2606:4700:3033::ac43:cdb0 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
28 | 2606:4700:20:... 2606:4700:20::ac43:4b38 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
28 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
28 |
mtcarpg.com
mtcarpg.com |
185 KB |
2 |
mub.li
2 redirects
www.mub.li |
2 KB |
28 | 2 |
Domain | Requested by | |
---|---|---|
28 | mtcarpg.com |
mtcarpg.com
|
2 | www.mub.li | 2 redirects |
28 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
investor.citizensbank.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.mtcarpg.com E1 |
2022-05-16 - 2022-08-14 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://mtcarpg.com/CITIZEN/login/ses/index
Frame ID: 77E852CDDAF22378544DDDE0EA68F224
Requests: 28 HTTP requests in this frame
Screenshot
Page Title
Online Login | CitizensPage URL History Show full URLs
-
http://www.mub.li/fML6s/
HTTP 301
http://www.mub.li/fML6s HTTP 301
https://mtcarpg.com/CITIZEN/login/ses/index Page URL
Detected technologies
Mautic (Marketing Automation) ExpandDetected patterns
- [^a-z]mtc.*\.js
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: About Citizens
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://www.mub.li/fML6s/
HTTP 301
http://www.mub.li/fML6s HTTP 301
https://mtcarpg.com/CITIZEN/login/ses/index Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
28 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
index
mtcarpg.com/CITIZEN/login/ses/ Redirect Chain
|
24 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-ui-1.10.3.custom.min.css
mtcarpg.com/CITIZEN/login/ses/files/ |
19 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
normalize.css
mtcarpg.com/CITIZEN/login/ses/files/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.css
mtcarpg.com/CITIZEN/login/ses/files/ |
39 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
flows.css
mtcarpg.com/CITIZEN/login/ses/files/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ad-containers.css
mtcarpg.com/CITIZEN/login/ses/files/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
citizensns.min.45702.css
mtcarpg.com/CITIZEN/login/ses/files/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
CTZ_Green-01.png
mtcarpg.com/CITIZEN/login/ses/files/ |
2 KB 3 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
feedback.png
mtcarpg.com/CITIZEN/login/ses/files/ |
344 B 698 B |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
equal-housing.gif
mtcarpg.com/CITIZEN/login/ses/files/ |
96 B 450 B |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
footer-follow-facebook.png
mtcarpg.com/CITIZEN/login/ses/files/ |
322 B 688 B |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
footer-follow-twitter.png
mtcarpg.com/CITIZEN/login/ses/files/ |
388 B 961 B |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
footer-follow-linkedin.png
mtcarpg.com/CITIZEN/login/ses/files/ |
374 B 738 B |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
footer-follow-youtube.png
mtcarpg.com/CITIZEN/login/ses/files/ |
394 B 962 B |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
elh.gif
mtcarpg.com/CITIZEN/login/ses/files/ |
724 B 1 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fdicFooter.gif
mtcarpg.com/CITIZEN/login/ses/files/ |
2 KB 2 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sec-3-6.css
mtcarpg.com/CITIZEN/login/ses/files/ |
2 KB 888 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rocket-loader.min.js
mtcarpg.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ |
12 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
icon-secure.png
mtcarpg.com/CITIZEN/login/ses/files/ |
128 B 734 B |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
flows-tooltip.png
mtcarpg.com/CITIZEN/login/ses/files/ |
150 B 797 B |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
arrow-button-white.png
mtcarpg.com/CITIZEN/login/ses/files/ |
96 B 709 B |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
arrow-down-blue.png
mtcarpg.com/CITIZEN/login/ses/files/ |
100 B 712 B |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
arrow-right-orange.png
mtcarpg.com/CITIZEN/login/ses/files/ |
76 B 689 B |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
citiolb_icons.woff
mtcarpg.com/CITIZEN/login/ses/files/ |
18 KB 19 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
citizen_roman.woff
mtcarpg.com/CITIZEN/login/ses/files/ |
31 KB 32 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
citizen_book.woff
mtcarpg.com/CITIZEN/login/ses/files/ |
31 KB 32 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
citizen_bold.woff
mtcarpg.com/CITIZEN/login/ses/files/ |
29 KB 29 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
citizen_extrabold.woff
mtcarpg.com/CITIZEN/login/ses/files/ |
27 KB 28 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Citizens Bank (Banking)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails object| __cfQR boolean| __cfRLUnblockHandlers2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.mub.li/ | Name: XSRF-TOKEN Value: eyJpdiI6IklTdG01dmRpRWZvL245cEdBSDRFK3c9PSIsInZhbHVlIjoiemZHWmlDaEFiSDA5R3d2NUwxV2RCeGg1VndxT3A4M3ZNSGNzektWZTlZZE9DeGx0cWd1R0dNTmdIczVhdUswK2JOWWVBT0xUV21RUTNhMGRuS2NaY3FFcmhldFFzQVFsa3FmTjJwODlLYVQxaFh6cVZRUWczbXZ1UGZlS2kwTWQiLCJtYWMiOiJkZjdlOWEzNTY2ZjhiYWJkNGU4OTAzZDY5Y2E1N2Y5OGM5NjJlZWRiN2Q5MDAwYmQ0YmUwMmJlMjkzNDM1MGMwIn0%3D |
|
www.mub.li/ | Name: mubli_link_shortner_session Value: eyJpdiI6IjlZOHprZ05pYkhpTlBTUEg4SHY1NEE9PSIsInZhbHVlIjoiUnZFMUMvZWMwcW1taHpzcTFmOEg3RmUxWmt0T00zcTIrZi9ZN3doNm1Qbk1SNDBtdTI4cm80TDQzc1AvWkhScDExd1AxVjA2YXY5YytVMVlqSGdkWU9kZW93TExUVExBcmRQbk1nR0h5Wnh0OXVxTkFEQnRhODVqcStZTnpPYVIiLCJtYWMiOiI5NzNjZWQ3MzQ1NDExODY0NjIwMjI2MDA0OTA3ZmIwMmM0ZmNmODgzMWMwYWQ0NjBhZTM4N2ZiMmVmOTU0ODNhIn0%3D |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
mtcarpg.com
www.mub.li
2606:4700:20::ac43:4b38
2606:4700:3033::ac43:cdb0
03d363b7a9f7aebbbfc48c251056541f239faf77b9e6a05a7c06278759ffaa70
06c150a9322ff035c0b9489d3093a7af4af2bbfe171e8dcdc00f57407cbc5f24
0e9485cdb6a684713287cb41c6e6c3e26d12280f17349f98402456ff86ec9759
1940d7c46934032d9a4a9eda49a54c7c3517b1c699a87b2b9e1ae548b02c9ecd
1fa4fc5fe2b8da6c79d87fa0439dde7b5de3bae4c7e1c29c99d16ea072bb5b02
2a0a7ee3ea564db1e157dd2202c20b8092228fea9091f5cd1e83551e170ec277
2b712cc39f8e1b51ee7166aab637459fddb41bee8241c4fda0cbefd4e0d51b41
2ca8631f2990f3d91e75611b527a695d1d0afe9748d59c4e1c620f8bcab13818
31578d5390057afea53fcf69ede0185a8e382f92fb3eb9be3e2eec0a0f7832bf
547a4de2ef052f708d6a89e73278fbf75113a660c644a5aab4d8734b70503c39
5bb2d438470a02799577010a14310fa8ac3ed7ea77ca15435aaaa154e407b3e6
5ee4bf1066a402e569e3c07d745369aaef82c73ea3895a39666469572f46e077
62b61e3d7ab8609e4f612dc03e5cd0847e107c855d847714c9c9c7d5ec219363
6e55db9999be517689f0460bee0e8f91731d2a75f20827001a5decda912955fb
7aaf6df215bb7018439342fe6bcd1058de3e7dfa2c7b4e1176c842b1a8e529ac
84858a434f7d7af069af33b37987ab6801a859520cfb29486239f0d3c77ae6b9
8b9a95c20565efe7b26cd9f86f05ab6ef675c5c0d024ed2262307bce82dc8b62
971404ae7791e52ceddfe8ce363b9ccc4308dcd89038ad884b0c1f98045e6a21
a9fc332d173735dd2b9c62efbef88dc4fbc4510443c5cff3a91dc6c6e5eef28b
b1964b54703b6c127946b79ccba37045bd217767c14284d8e040c9bed0702522
b23d0629822256b320de68cece2a79525216c20a0b040d4ee0ee6dd216b98115
bcb876bfec4928c3f25584db9439de41377e659d0d0e438c1df326205e70bc6a
c8b1f6c22756521c86a5b0053b8565b49436f7fa19d1bb7cdf00a7808df28d42
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
d3b9cb044a0a9178a5defc5c39ed5f0ff5d43650c503a07e90f2a1b2cad93635
de9f2dbc4cde03f46f030b18d76bf09c57c8967ce9d4741ebc1890eb0e555585
e127d6698ece3db37cc5d916370109d6576eca772fb065e4e29abbe174305749
e9df9fcb2236ab70643373b1d7b4c0b10cb79560ec2792a8489ee3048b8fd55c