securmtbagnt.xyz Open in urlscan Pro
2606:4700:3030::ac43:cd7c  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response securmtbagnt.xyz/app/	11 KB 3 KB	100ms 67ms	Document text/html	2606:4700:3030::ac43:cd7c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://securmtbagnt.xyz/app/ Protocol HTTP/1.1 Server 2606:4700:3030::ac43:cd7c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b45c276566dda1b2ddf5abd3593fad2f481d9493148392e83217109c33edc7c9 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers CF-Cache-Status DYNAMIC CF-RAY 7da0e2d92ea99b86-FRA Cache-Control no-store, no-cache, must-revalidate Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Tue, 20 Jun 2023 03:22:13 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Pragma no-cache Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iHPpMZ2P5HP9A9kEgbvqQ0Z1XUZTLFREJ33ZlwnNzgenJPKkZITkvJqITuDE34Ebx2TNIpUaf91RbYn%2FfWRQ7bR%2BN2yaZNPiOFb3Q3JppqJwqeRmXlALZgZAA5BANPi%2BMkEZ3yHaQT00B5QYLFkv"}],"group":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked alt-svc h3=":443"; ma=86400
GET H/1.1	200 OK	mtb.css securmtbagnt.xyz/libraries/css/	252 KB 30 KB	38ms 38ms	Stylesheet text/css	2606:4700:3030::ac43:cd7c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://securmtbagnt.xyz/libraries/css/mtb.css Requested by Host: securmtbagnt.xyz URL: http://securmtbagnt.xyz/app/ Protocol HTTP/1.1 Server 2606:4700:3030::ac43:cd7c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d18b82a04723d0bdf0124a010cdc5c916fa42efd52309d49838255a483f35146 Request headers accept-language de-DE,de;q=0.9 Referer http://securmtbagnt.xyz/app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers Date Tue, 20 Jun 2023 03:22:13 GMT Content-Encoding gzip CF-Cache-Status REVALIDATED Last-Modified Sat, 13 Feb 2021 19:38:44 GMT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=al4Hq90jtKXzS7VLHh%2FXeleRLGb1VO6xhVAU759%2F8NUexrLZMJHeeSi%2BPdb11sNVWxEMFVkqdsYrnKg%2BpVnvU9Cgmlg4h%2FW%2BPQ8d60zY46K4hSI5gT7pB1ko%2BiC6gq4MnP6K"}],"group":"cf-nel","max_age":604800} Content-Type text/css Vary Accept-Encoding Cache-Control max-age=14400 Connection keep-alive CF-RAY 7da0e2d9af169b86-FRA alt-svc h3=":443"; ma=86400
GET H/1.1	200 OK	Bootstrap.js Show response securmtbagnt.xyz/libraries/js/	52 KB 16 KB	63ms 56ms	Script application/javascript	2606:4700:3030::ac43:cd7c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://securmtbagnt.xyz/libraries/js/Bootstrap.js Requested by Host: securmtbagnt.xyz URL: http://securmtbagnt.xyz/app/ Protocol HTTP/1.1 Server 2606:4700:3030::ac43:cd7c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b080e4b98b9a6a6a8a95a0034c7aa46fd054f5a67873912ff6107f934b7553f4 Request headers accept-language de-DE,de;q=0.9 Referer http://securmtbagnt.xyz/app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers Date Tue, 20 Jun 2023 03:22:13 GMT Content-Encoding gzip CF-Cache-Status REVALIDATED Last-Modified Sat, 13 Feb 2021 18:41:02 GMT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B47zrgAhEXCJPlizaL7EWuB4pWGrcNRuq5lwGxXeSvIsgmR4gPvPgeQUCx2vA4mdvWpBav0rs9EkizGSWECGSX4H51ym25TXAyT3ngEqjd7BoBqgJ81J4Ly1VaCU2V%2BlrywAqAWbjqpRhM%2FaIkwo"}],"group":"cf-nel","max_age":604800} Content-Type application/javascript Vary Accept-Encoding Cache-Control max-age=14400 Connection keep-alive CF-RAY 7da0e2d9a91f3630-FRA alt-svc h3=":443"; ma=86400
GET H/1.1	200 OK	mtb-logo.svg securmtbagnt.xyz/libraries/img/	2 KB 2 KB	55ms 48ms	Image image/svg+xml	2606:4700:3030::ac43:cd7c CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL http://securmtbagnt.xyz/libraries/img/mtb-logo.svg Requested by Host: securmtbagnt.xyz URL: http://securmtbagnt.xyz/app/ Protocol HTTP/1.1 Server 2606:4700:3030::ac43:cd7c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5f5b0d9f678fe446631a33a4cbbe891a01b0ed972143702e67ae6617367096ac Request headers accept-language de-DE,de;q=0.9 Referer http://securmtbagnt.xyz/app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers Date Tue, 20 Jun 2023 03:22:13 GMT Content-Encoding gzip CF-Cache-Status REVALIDATED Last-Modified Sat, 13 Feb 2021 18:41:02 GMT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xr1W7r0qHakpEt8LETu68Z8CbxIunaiE5RKyLWbiTBMsNK0%2BaYuRiyUC1LLbKTyQGztC8ZjbkjAYnIRhy97B7voQPMNIMLVNMAhYq85zPPmj%2BxRdqCF%2FikVAz95L%2BPkbBcQHjU9MQgaxPIlTFtoN"}],"group":"cf-nel","max_age":604800} Content-Type image/svg+xml Vary Accept-Encoding Cache-Control max-age=14400 Connection keep-alive CF-RAY 7da0e2d9ac079b74-FRA alt-svc h3=":443"; ma=86400
GET H/1.1	200 OK	mtb-equalhousinglender.svg securmtbagnt.xyz/libraries/img/	230 B 904 B	66ms 59ms	Image image/svg+xml	2606:4700:3030::ac43:cd7c CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL http://securmtbagnt.xyz/libraries/img/mtb-equalhousinglender.svg Requested by Host: securmtbagnt.xyz URL: http://securmtbagnt.xyz/app/ Protocol HTTP/1.1 Server 2606:4700:3030::ac43:cd7c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d58eb2802f72d0c6b1d944a1335e8fb914af44b51fe16097aad994c15b8cfbad Request headers accept-language de-DE,de;q=0.9 Referer http://securmtbagnt.xyz/app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers Date Tue, 20 Jun 2023 03:22:13 GMT Content-Encoding gzip CF-Cache-Status MISS Last-Modified Sat, 13 Feb 2021 18:41:02 GMT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=noobr9lgrpE%2Fz4czYaXCubzVE3SE74GByZzRUiwrkhK6UemvGqJmp7AwDJwXja3dBylrLloNYYFFmcZ4wwHbXpQtlSq2vnZhOZmsLP6s1Zg4olpyPk8f7twmFw%2F1wJTaFRsHwekEGt0HMyQjmYiy"}],"group":"cf-nel","max_age":604800} Content-Type image/svg+xml Vary Accept-Encoding Cache-Control max-age=14400 Connection keep-alive CF-RAY 7da0e2d9ab579b49-FRA alt-svc h3=":443"; ma=86400
GET H/1.1	200 OK	mtb-entrust.svg securmtbagnt.xyz/libraries/img/	1 KB 1 KB	24ms 17ms	Image image/svg+xml	2606:4700:3030::ac43:cd7c CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL http://securmtbagnt.xyz/libraries/img/mtb-entrust.svg Requested by Host: securmtbagnt.xyz URL: http://securmtbagnt.xyz/app/ Protocol HTTP/1.1 Server 2606:4700:3030::ac43:cd7c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b2ef3bd17aa6bc2daa7b1209f7848b30c64f3068e43162b09a216639ab430ce5 Request headers accept-language de-DE,de;q=0.9 Referer http://securmtbagnt.xyz/app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers Date Tue, 20 Jun 2023 03:22:13 GMT Content-Encoding gzip CF-Cache-Status HIT Last-Modified Sat, 13 Feb 2021 18:41:02 GMT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare Age 8679 Transfer-Encoding chunked Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h%2Fz5F1bdqe0p7a02N3sV7eWmE7sBDoT5XIgIKg6VmIXyDmTSCW5WlHz3c7NXZF4lJveJkuncruvmqaldElVohJJMF9HvSkJ%2FSMXm2Wb8vfykWy8qfAk3oJ8SBM1YCsmFltE7bRfmntKG%2BHz5wR4k"}],"group":"cf-nel","max_age":604800} Content-Type image/svg+xml Vary Accept-Encoding Cache-Control max-age=14400 Connection keep-alive CF-RAY 7da0e2d9a91a91dd-FRA alt-svc h3=":443"; ma=86400
GET H/1.1	200 OK	serverComponent.php Show response nexus.ensighten.com/mtbank/OE-Prod/	60 B 609 B	67ms 13ms	Script application/javascript	65.9.66.24 AMAZON-02
General Check archive.org Show headers Download Go to Full URL http://nexus.ensighten.com/mtbank/OE-Prod/serverComponent.php?r=582.1089774275337&namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/mtbank/OE-Prod/code/&publishedOn=Wed%20Feb%2003%2022:07:37%20GMT%202021&ClientID=1512&PageID=http%3A%2F%2Fsecurmtbagnt.xyz%2Fapp%2F Requested by Host: securmtbagnt.xyz URL: http://securmtbagnt.xyz/libraries/js/Bootstrap.js Protocol HTTP/1.1 Server 65.9.66.24 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-65-9-66-24.fra56.r.cloudfront.net Software CloudFront / Resource Hash ad68c8c7e80948313b864c7f1f78556234fe7d5fc778337a7bf0db2efd0c7468 Request headers accept-language de-DE,de;q=0.9 Referer http://securmtbagnt.xyz/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers Date Tue, 20 Jun 2023 03:22:13 GMT Via 1.1 14b10bd09a0531ef477d0a404ca26900.cloudfront.net (CloudFront) Last-Modified Thu, 08 Sep 2022 01:40:18 GMT Server CloudFront X-Amz-Cf-Pop FRA56-C1 ETag "63194802-3c" X-Cache Miss from cloudfront Content-Type application/javascript; charset=utf-8 Cache-Control no-cache, no-store Connection keep-alive Accept-Ranges bytes Content-Length 60 X-Amz-Cf-Id j0PCxolHiuFvN1fuF68vTNQiDVR1VKNmqXB0w0MQZ-DGwHwyGc662w== Expires Tue, 20 Jun 2023 03:22:12 GMT
GET H/1.1	200 OK	mandtbaltoweb-book.woff securmtbagnt.xyz/libraries/fonts/	66 KB 67 KB	12ms 12ms	Font font/woff	2606:4700:3030::ac43:cd7c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://securmtbagnt.xyz/libraries/fonts/mandtbaltoweb-book.woff Requested by Host: securmtbagnt.xyz URL: http://securmtbagnt.xyz/libraries/css/mtb.css Protocol HTTP/1.1 Server 2606:4700:3030::ac43:cd7c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4029a5a081992259f4e529190b49dbba893931da4e843dd203449f1b9a4509d2 Request headers Referer http://securmtbagnt.xyz/libraries/css/mtb.css Origin http://securmtbagnt.xyz accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers Date Tue, 20 Jun 2023 03:22:13 GMT CF-Cache-Status HIT Last-Modified Sat, 13 Feb 2021 19:24:34 GMT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare Age 10 Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k6hNZrl1gHIQk97VMMeSWqAJ2r%2FeNu8KmDle5XuvCsAP%2BZUo2iFNKi19VXPaUuq7eU%2F0riKIUQ6eM0GMjpbAeOjGfJCpZo5w6kr3agGU2%2Bp0zQ4%2FdKstG65BkLhZ59RtMcn%2BcS9uXD%2ByTGWUxBQc"}],"group":"cf-nel","max_age":604800} Content-Type font/woff Cache-Control max-age=14400 Connection keep-alive Accept-Ranges bytes CF-RAY 7da0e2da3bc59b49-FRA alt-svc h3=":443"; ma=86400 Content-Length 67671
GET H/1.1	200 OK	mandtpg-iconfont.woff securmtbagnt.xyz/libraries/fonts/	5 KB 5 KB	29ms 29ms	Font font/woff	2606:4700:3030::ac43:cd7c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://securmtbagnt.xyz/libraries/fonts/mandtpg-iconfont.woff Requested by Host: securmtbagnt.xyz URL: http://securmtbagnt.xyz/libraries/css/mtb.css Protocol HTTP/1.1 Server 2606:4700:3030::ac43:cd7c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 108d16421ae2ff7fc5157d507dc5b1bf7f62140ba58cf3c723b1f2b7e74c21df Request headers Referer http://securmtbagnt.xyz/libraries/css/mtb.css Origin http://securmtbagnt.xyz accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers Date Tue, 20 Jun 2023 03:22:13 GMT CF-Cache-Status MISS Last-Modified Sat, 13 Feb 2021 19:25:06 GMT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zBOSJpmMbrf4lFGUB0S24jyoNM3ekrxJ6%2F%2B%2BADbGcE5AbgGBA15%2Fdkzc5DsWduqzA59jJT%2BA%2Bhwh1MVieFCH1GZZF8UDCRyRirqc0cd7UsQL61e3OdqoL8ps2E6xqG9jI0qcXSXTaKiQ08ILYa9X"}],"group":"cf-nel","max_age":604800} Content-Type font/woff Cache-Control max-age=14400 Connection keep-alive Accept-Ranges bytes CF-RAY 7da0e2da397c3630-FRA alt-svc h3=":443"; ma=86400 Content-Length 4776
GET H/1.1	200 OK	mandtbaltoweb-medium.woff securmtbagnt.xyz/libraries/fonts/	63 KB 64 KB	38ms 37ms	Font font/woff	2606:4700:3030::ac43:cd7c CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://securmtbagnt.xyz/libraries/fonts/mandtbaltoweb-medium.woff Requested by Host: securmtbagnt.xyz URL: http://securmtbagnt.xyz/libraries/css/mtb.css Protocol HTTP/1.1 Server 2606:4700:3030::ac43:cd7c , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b391b55f950528937beee7687717a4aef81196817834f1c93b099713ff738fbc Request headers Referer http://securmtbagnt.xyz/libraries/css/mtb.css Origin http://securmtbagnt.xyz accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36 Response headers Date Tue, 20 Jun 2023 03:22:13 GMT CF-Cache-Status REVALIDATED Last-Modified Sat, 13 Feb 2021 19:24:48 GMT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare Vary Accept-Encoding Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QjoG7WeE3s%2BCAYQ1SPjQLLXzIRyhJh%2FQNo%2F2UwpqHJm7253gXYY3LZ4LBYBG25VPP5%2BZpUyjd9wsvGlv%2BC8m9XoMBX11HK%2BJHqRz6m04AzqNrKGTo5yZXSzpL1q4l68vzj01%2Fsfxqlj29dbl7Nn5"}],"group":"cf-nel","max_age":604800} Content-Type font/woff Cache-Control max-age=14400 Connection keep-alive Accept-Ranges bytes CF-RAY 7da0e2da3c789b74-FRA alt-svc h3=":443"; ma=86400 Content-Length 64318

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: M&T Bank (Banking)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend object| ensBootstraps object| Bootstrapper

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			securmtbagnt.xyz/	1969-12-31 23:59:59	Name: PHPSESSID Value: e22bea61aa28522375011f91acb6df6e

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

nexus.ensighten.com
securmtbagnt.xyz
2606:4700:3030::ac43:cd7c
65.9.66.24
108d16421ae2ff7fc5157d507dc5b1bf7f62140ba58cf3c723b1f2b7e74c21df
4029a5a081992259f4e529190b49dbba893931da4e843dd203449f1b9a4509d2
5f5b0d9f678fe446631a33a4cbbe891a01b0ed972143702e67ae6617367096ac
ad68c8c7e80948313b864c7f1f78556234fe7d5fc778337a7bf0db2efd0c7468
b080e4b98b9a6a6a8a95a0034c7aa46fd054f5a67873912ff6107f934b7553f4
b2ef3bd17aa6bc2daa7b1209f7848b30c64f3068e43162b09a216639ab430ce5
b391b55f950528937beee7687717a4aef81196817834f1c93b099713ff738fbc
b45c276566dda1b2ddf5abd3593fad2f481d9493148392e83217109c33edc7c9
d18b82a04723d0bdf0124a010cdc5c916fa42efd52309d49838255a483f35146
d58eb2802f72d0c6b1d944a1335e8fb914af44b51fe16097aad994c15b8cfbad