Report - gentle-haze-2898.mbtcom.workers.dev/assets/scripts/

Report Overview

Submitted URL
gentle-haze-2898.mbtcom.workers.dev/assets/scripts/
IP
104.21.38.40
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-17 17:48:31
Access
public
Website Title
Welcome to Online Banking | M&T Bank
Final URL
gentle-haze-2898.mbtcom.workers.dev/assets/scripts/
Tags
suspicious
urlquery detections
Suspicious - Suspicious Javascript code

Detections

urlquery
4
Network Intrusion Detection
0
Threat Detection Systems
18

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
resources.mtb.com	144011	2000-11-13	2014-11-08	2024-04-14	2.3 kB	0 B	0.0.0.0
asset.mtb.com	246397	2000-11-13	2017-02-13	2024-04-13	466 B	0 B	0.0.0.0
gentle-haze-2898.mbtcom.workers.dev	unknown	2019-02-08	2022-03-23	2024-03-28	4.5 kB	573 kB	104.21.38.40

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-03-21	medium	gentle-haze-2898.mbtcom.workers.dev/	M & T Bank Coporation
2024-03-21	medium	gentle-haze-2898.mbtcom.workers.dev/	M & T Bank Coporation
2024-03-21	medium	gentle-haze-2898.mbtcom.workers.dev/	M & T Bank Coporation
2024-04-17	medium	gentle-haze-2898.mbtcom.workers.dev/assets/scripts/	M & T Bank Coporation
2024-03-24	medium	gentle-haze-2898.mbtcom.workers.dev/TSPD/0856addebbab20004666d7ee90a9c1cc91098e9a327422308cb14c168b5247d9da57f332fcae7aa2?type=17	M & T Bank Coporation
2024-03-21	medium	gentle-haze-2898.mbtcom.workers.dev/	M & T Bank Coporation
2024-03-21	medium	gentle-haze-2898.mbtcom.workers.dev/	M & T Bank Coporation
2024-03-21	medium	gentle-haze-2898.mbtcom.workers.dev/	M & T Bank Coporation
2024-03-21	medium	gentle-haze-2898.mbtcom.workers.dev/	M & T Bank Coporation

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (5)

	URL	Size	First Seen	Last Seen
	gentle-haze-2898.mbtcom.workers.dev/assets/scripts/	68 kB	2024-03-25	2024-04-17
Pretty URL gentle-haze-2898.mbtcom.workers.dev/assets/scripts/ IP 104.21.38.40 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-25 06:22:52 Last Seen2024-04-17 21:55:55 Times Seen5 Hash 9aecd57569fcd9bb189dd80bce952ca9 af137f4d7140300b1f180a3b5d9068eb854d91d8 62ec709bcf1f3c0fdfacb995d99645dcff3cddecaa1007b075de8d20f430684e Loading...

	unknown	699 B	2024-02-24	2024-04-17
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-24 11:01:33 Last Seen2024-04-17 21:55:55 Times Seen13 Hash 8eeab968d3a7346290f3f964497f0bcc 05e6ca945167bb9dc4c02e7ecfc0fe37ed55899d c3aa0efdd49e0fce52ab67e97469b9a12ff00bfc648417273920b153a320eb53 Loading...

	unknown	4.8 kB	2023-09-09	2024-04-26
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-09 15:02:54 Last Seen2024-04-26 17:43:05 Times Seen49 Hash 872d21991bdabcc7fc40aef8d74450d4 bc066badc5c264f236f8a3c5c45441b2152f6947 dd46bfce04d865fb97fcf3636a49463d79a3767c2308e041ad5fb1f984f6c95a Loading...

	unknown	4.6 kB	2024-02-24	2024-04-17
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-24 11:01:33 Last Seen2024-04-17 21:55:55 Times Seen13 Hash 89db8319238b4869b522d52b14def439 4e784303938669abad60eb2dfe5aefa86a88e939 6bc12b4be059d0f002736212ca6afef5d9f62a4b1450698dfced2fea3613c56c Loading...

		Size	First Seen	Last Seen
	#1 Write - a5daefef5c4d435d5aade23e371daac3	23 kB	2024-03-25	2024-04-17
Pretty Observations First Seen2024-03-25 06:22:52 Last Seen2024-04-17 21:55:55 Times Seen5 Hash a5daefef5c4d435d5aade23e371daac3 05a025e633ea4b47725b0d898cb7e0fc0a948e9c 46e2497bdc1b3465baf015828155612e4d7837210c412dfc25439ef22b4a7505 Loading...

HTTP Transactions (15)

URL IP Response Size

gentle-haze-2898.mbtcom.workers.dev/Assets/scripts/Login/Index.js

104.21.38.40

200 OK

19 kB

URL GET HTTP/3
gentle-haze-2898.mbtcom.workers.dev/Assets/scripts/Login/Index.js
IP
104.21.38.40:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gentle-haze-2898.mbtcom.workers.dev/assets/scripts/
Certificate
IssuerGoogle Trust Services LLC
Subjectmbtcom.workers.dev
FingerprintEB:79:D0:27:C0:E9:62:F3:00:AE:D4:6A:32:FE:2A:7D:CD:4C:72:83
ValidityWed, 10 Apr 2024 19:00:51 GMT - Tue, 09 Jul 2024 19:00:50 GMT

File type
HTML document, ASCII text, with very long lines (65443)
Size
19 kB (19146 bytes)
Hash
fd30b9e568ff4b7e255d100cc5499b21
e77b14c34891cd8c54f580132fb9c43e837c08a9
df1f3429433dbc07cf2b671c263c5039fc3e1d216b25a7b8b16a74ee745f7f74

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	M & T Bank Coporation

HTTP Headers

GET /Assets/scripts/Login/Index.js HTTP/1.1
Host: gentle-haze-2898.mbtcom.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gentle-haze-2898.mbtcom.workers.dev/assets/scripts/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:48:06 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kOg8n5C9uThZQcDUB7XBt%2FO49wfweCh2%2FPUonzOB3s6u656UE8GoldMzbmBNPR9sOnftj0RufiszSqfrI2U%2BchfynPZw%2FX2i%2FG%2F6aoubNxZivy6WlZ8SBG%2Bb%2B7kw21hooPtUaP2Bfb0QRVr%2FcAisdTnKhMQ2xw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875e3e7d08fe9298-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

gentle-haze-2898.mbtcom.workers.dev/TSPD/0856addebbab20004666d7ee90a9c1cc91098e9a327422308cb14c168b5247d9da57f332fcae7aa2?type=9

104.21.38.40

200 OK

69 kB

URL GET HTTP/3
gentle-haze-2898.mbtcom.workers.dev/TSPD/0856addebbab20004666d7ee90a9c1cc91098e9a327422308cb14c168b5247d9da57f332fcae7aa2?type=9
IP
104.21.38.40:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gentle-haze-2898.mbtcom.workers.dev/assets/scripts/
Certificate
IssuerGoogle Trust Services LLC
Subjectmbtcom.workers.dev
FingerprintEB:79:D0:27:C0:E9:62:F3:00:AE:D4:6A:32:FE:2A:7D:CD:4C:72:83
ValidityWed, 10 Apr 2024 19:00:51 GMT - Tue, 09 Jul 2024 19:00:50 GMT

File type
HTML document, ASCII text, with very long lines (65443)
Size
69 kB (68587 bytes)
Hash
fd30b9e568ff4b7e255d100cc5499b21
e77b14c34891cd8c54f580132fb9c43e837c08a9
df1f3429433dbc07cf2b671c263c5039fc3e1d216b25a7b8b16a74ee745f7f74

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	M & T Bank Coporation

HTTP Headers

GET /TSPD/0856addebbab20004666d7ee90a9c1cc91098e9a327422308cb14c168b5247d9da57f332fcae7aa2?type=9 HTTP/1.1
Host: gentle-haze-2898.mbtcom.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gentle-haze-2898.mbtcom.workers.dev/assets/scripts/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:48:06 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mEev9OfIpS2h2Xc3eE%2B2xR%2BvkGCRGqaDqHCCaTBoA0hVWBNzMFDGnO08s8ZUGIBm6N7qhHhyqZe3qn9tau8Y3voAfTsv1Q9ToWgVaj9y9VU2UN743xDp8HRM%2BdDCeLrWbdLLfdy0SUsuAYfq4iJJTSzaPqpZnA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875e3e7ce8ca9298-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

gentle-haze-2898.mbtcom.workers.dev/Assets/js/tealium_prod.js

104.21.38.40

200 OK

69 kB

URL GET HTTP/3
gentle-haze-2898.mbtcom.workers.dev/Assets/js/tealium_prod.js
IP
104.21.38.40:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gentle-haze-2898.mbtcom.workers.dev/assets/scripts/
Certificate
IssuerGoogle Trust Services LLC
Subjectmbtcom.workers.dev
FingerprintEB:79:D0:27:C0:E9:62:F3:00:AE:D4:6A:32:FE:2A:7D:CD:4C:72:83
ValidityWed, 10 Apr 2024 19:00:51 GMT - Tue, 09 Jul 2024 19:00:50 GMT

File type
HTML document, ASCII text, with very long lines (65443)
Size
69 kB (68587 bytes)
Hash
fd30b9e568ff4b7e255d100cc5499b21
e77b14c34891cd8c54f580132fb9c43e837c08a9
df1f3429433dbc07cf2b671c263c5039fc3e1d216b25a7b8b16a74ee745f7f74

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	M & T Bank Coporation

HTTP Headers

GET /Assets/js/tealium_prod.js HTTP/1.1
Host: gentle-haze-2898.mbtcom.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gentle-haze-2898.mbtcom.workers.dev/assets/scripts/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:48:06 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MhMB2RIiPZNMVHa5xg6WpK60WSYlaI5ET8V2a7Bf8YcUJqz1IY04g8TiWcp9Hk057HTG6P3qrDq8e%2BpgRkEhAeNNv7h%2B4a%2F67nfNfnXMktwYfcr%2B5bhI08MTcIVF5Kn3NRO9MzCMmv3%2FHrW8oh%2BERaDrYKBgbA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875e3e7ce8de9298-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

resources.mtb.com/Assets/img/mtb-entrust.svg

0.0.0.0

0 B

URL GET
resources.mtb.com/Assets/img/mtb-entrust.svg
IP
0.0.0.0:0
ASN
#0

Requested by
https://gentle-haze-2898.mbtcom.workers.dev/assets/scripts/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /Assets/img/mtb-entrust.svg HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gentle-haze-2898.mbtcom.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

gentle-haze-2898.mbtcom.workers.dev/assets/scripts/

104.21.38.40

200 OK

69 kB

URL User Request GET HTTP/2
gentle-haze-2898.mbtcom.workers.dev/assets/scripts/
IP
104.21.38.40:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectmbtcom.workers.dev
FingerprintEB:79:D0:27:C0:E9:62:F3:00:AE:D4:6A:32:FE:2A:7D:CD:4C:72:83
ValidityWed, 10 Apr 2024 19:00:51 GMT - Tue, 09 Jul 2024 19:00:50 GMT

File type
HTML document, ASCII text, with very long lines (65443)
Size
69 kB (68587 bytes)
Hash
fd30b9e568ff4b7e255d100cc5499b21
e77b14c34891cd8c54f580132fb9c43e837c08a9
df1f3429433dbc07cf2b671c263c5039fc3e1d216b25a7b8b16a74ee745f7f74

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Suspicious Javascript code
OpenPhish	phishing	M & T Bank Coporation

HTTP Headers

GET /assets/scripts/ HTTP/1.1
Host: gentle-haze-2898.mbtcom.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 17 Apr 2024 17:48:06 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CVSvGcUzmRS7oRNoh8aA%2FUA6G67u7I7jI2m6yssx6xsYtfqfWBadQJPBI1o7ehX7u8vFigv671%2F4Q2QgpRlC17JJTbPlvTMS8UEPbMyJoT7xqB0Y%2Btf5EI2EkGhdUwAznGdvkKuuib8Qs%2Fx5WTEJimxaL5dZaA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875e3e7b2a8a92e6-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

gentle-haze-2898.mbtcom.workers.dev/TSPD/0856addebbab20004666d7ee90a9c1cc91098e9a327422308cb14c168b5247d9da57f332fcae7aa2?type=17

104.21.38.40

200 OK

69 kB

URL GET HTTP/3
gentle-haze-2898.mbtcom.workers.dev/TSPD/0856addebbab20004666d7ee90a9c1cc91098e9a327422308cb14c168b5247d9da57f332fcae7aa2?type=17
IP
104.21.38.40:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gentle-haze-2898.mbtcom.workers.dev/assets/scripts/
Certificate
IssuerGoogle Trust Services LLC
Subjectmbtcom.workers.dev
FingerprintEB:79:D0:27:C0:E9:62:F3:00:AE:D4:6A:32:FE:2A:7D:CD:4C:72:83
ValidityWed, 10 Apr 2024 19:00:51 GMT - Tue, 09 Jul 2024 19:00:50 GMT

File type
HTML document, ASCII text, with very long lines (65443)
Size
69 kB (68587 bytes)
Hash
fd30b9e568ff4b7e255d100cc5499b21
e77b14c34891cd8c54f580132fb9c43e837c08a9
df1f3429433dbc07cf2b671c263c5039fc3e1d216b25a7b8b16a74ee745f7f74

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	M & T Bank Coporation

HTTP Headers

GET /TSPD/0856addebbab20004666d7ee90a9c1cc91098e9a327422308cb14c168b5247d9da57f332fcae7aa2?type=17 HTTP/1.1
Host: gentle-haze-2898.mbtcom.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gentle-haze-2898.mbtcom.workers.dev/assets/scripts/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:48:06 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rDCWaZyKjwh0dwTm1daOZBgBgnO1kmgVhdVv7pfWtBkSvNG%2FWmnt1k8Tj%2FyfUzybaYzOS%2Bqo9VZvvzjUt%2Fx%2BCVfTVJqy1AxPVa1gOfigLlVyU7v54kjSWaFIyBZ5VFduLW%2Bex6XkO4OOJLfEpF0K5RSfkuvEcA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875e3e7ce8cd9298-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

gentle-haze-2898.mbtcom.workers.dev/ruxitagentjs_ICA2Vfhjqrux_10233220201140653.js

104.21.38.40

200 OK

69 kB

URL GET HTTP/3
gentle-haze-2898.mbtcom.workers.dev/ruxitagentjs_ICA2Vfhjqrux_10233220201140653.js
IP
104.21.38.40:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gentle-haze-2898.mbtcom.workers.dev/assets/scripts/
Certificate
IssuerGoogle Trust Services LLC
Subjectmbtcom.workers.dev
FingerprintEB:79:D0:27:C0:E9:62:F3:00:AE:D4:6A:32:FE:2A:7D:CD:4C:72:83
ValidityWed, 10 Apr 2024 19:00:51 GMT - Tue, 09 Jul 2024 19:00:50 GMT

File type
HTML document, ASCII text, with very long lines (65443)
Size
69 kB (68587 bytes)
Hash
fd30b9e568ff4b7e255d100cc5499b21
e77b14c34891cd8c54f580132fb9c43e837c08a9
df1f3429433dbc07cf2b671c263c5039fc3e1d216b25a7b8b16a74ee745f7f74

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	M & T Bank Coporation

HTTP Headers

GET /ruxitagentjs_ICA2Vfhjqrux_10233220201140653.js HTTP/1.1
Host: gentle-haze-2898.mbtcom.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gentle-haze-2898.mbtcom.workers.dev/assets/scripts/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:48:06 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IZon7NTcRyYTSRIKEvwueCMCbmteN5XJ1zkh9dy%2FZqmGSHsJBB2gAWXl4m85pIAZ%2B9Oe1tAjVH5CZVv7OOp2bl6UlhTVgOFT3QzXJioWvOahHHvggRLFpQLX%2BBDJv%2Fz7Qj%2FFkqbn4NFXGrPQHE6dLRFIKHupCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875e3e7ce8d69298-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

gentle-haze-2898.mbtcom.workers.dev/Assets/js/mtb_app_wbk.js

104.21.38.40

200 OK

69 kB

URL GET HTTP/3
gentle-haze-2898.mbtcom.workers.dev/Assets/js/mtb_app_wbk.js
IP
104.21.38.40:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gentle-haze-2898.mbtcom.workers.dev/assets/scripts/
Certificate
IssuerGoogle Trust Services LLC
Subjectmbtcom.workers.dev
FingerprintEB:79:D0:27:C0:E9:62:F3:00:AE:D4:6A:32:FE:2A:7D:CD:4C:72:83
ValidityWed, 10 Apr 2024 19:00:51 GMT - Tue, 09 Jul 2024 19:00:50 GMT

File type
HTML document, ASCII text, with very long lines (65443)
Size
69 kB (68587 bytes)
Hash
fd30b9e568ff4b7e255d100cc5499b21
e77b14c34891cd8c54f580132fb9c43e837c08a9
df1f3429433dbc07cf2b671c263c5039fc3e1d216b25a7b8b16a74ee745f7f74

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	M & T Bank Coporation

HTTP Headers

GET /Assets/js/mtb_app_wbk.js HTTP/1.1
Host: gentle-haze-2898.mbtcom.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gentle-haze-2898.mbtcom.workers.dev/assets/scripts/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:48:06 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n3A1kycElYCOXG5ZyBKKJQEA2VsGUnGefYoGuc2E3MYcAGvErFZi4Rs%2BEJMTDrX8Yb4GODOtO4GTRLf%2FD9ijALurBh1nAZ7XOm3qbvDsM5oQRV2uLkkp2S6cHzNjVXCSr04xH3NU9h3xtZojHhv3UAOYpAs67g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875e3e7ce8d19298-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

resources.mtb.com/Assets/img/mtb-logo.svg

0.0.0.0

0 B

URL GET
resources.mtb.com/Assets/img/mtb-logo.svg
IP
0.0.0.0:0
ASN
#0

Requested by
https://gentle-haze-2898.mbtcom.workers.dev/assets/scripts/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /Assets/img/mtb-logo.svg HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gentle-haze-2898.mbtcom.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

resources.mtb.com/Assets/img/mtb-equalhousinglender.svg

0.0.0.0

0 B

URL GET
resources.mtb.com/Assets/img/mtb-equalhousinglender.svg
IP
0.0.0.0:0
ASN
#0

Requested by
https://gentle-haze-2898.mbtcom.workers.dev/assets/scripts/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /Assets/img/mtb-equalhousinglender.svg HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gentle-haze-2898.mbtcom.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

resources.mtb.com/r/simple-layout-responsive/js.mtb?v=11242021100000

0.0.0.0

0 B

URL GET
resources.mtb.com/r/simple-layout-responsive/js.mtb?v=11242021100000
IP
0.0.0.0:0
ASN
#0

Requested by
https://gentle-haze-2898.mbtcom.workers.dev/assets/scripts/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /r/simple-layout-responsive/js.mtb?v=11242021100000 HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gentle-haze-2898.mbtcom.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

gentle-haze-2898.mbtcom.workers.dev/Assets/scripts/kessel-help.js

104.21.38.40

200 OK

69 kB

URL GET HTTP/3
gentle-haze-2898.mbtcom.workers.dev/Assets/scripts/kessel-help.js
IP
104.21.38.40:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gentle-haze-2898.mbtcom.workers.dev/assets/scripts/
Certificate
IssuerGoogle Trust Services LLC
Subjectmbtcom.workers.dev
FingerprintEB:79:D0:27:C0:E9:62:F3:00:AE:D4:6A:32:FE:2A:7D:CD:4C:72:83
ValidityWed, 10 Apr 2024 19:00:51 GMT - Tue, 09 Jul 2024 19:00:50 GMT

File type
HTML document, ASCII text, with very long lines (65443)
Size
69 kB (68587 bytes)
Hash
fd30b9e568ff4b7e255d100cc5499b21
e77b14c34891cd8c54f580132fb9c43e837c08a9
df1f3429433dbc07cf2b671c263c5039fc3e1d216b25a7b8b16a74ee745f7f74

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	M & T Bank Coporation

HTTP Headers

GET /Assets/scripts/kessel-help.js HTTP/1.1
Host: gentle-haze-2898.mbtcom.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gentle-haze-2898.mbtcom.workers.dev/assets/scripts/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:48:06 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MPVjB7j3bU3zDaD7EEEomSyCVjtd3%2B1wGPTBO63KLsDk9wi9X3Y9WnvK1PbYagglB%2B%2BkBV%2F1rwWGcc%2BlW843JHMpt9mux00yIDmGhkAR789vmuwwk6diifeSshnVTuZg2jqH04qtijY6awOGlB8VK3kW1HAMVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875e3e7d08fa9298-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

asset.mtb.com/Documents/html/homepage/favicon.ico

0.0.0.0

0 B

URL GET
asset.mtb.com/Documents/html/homepage/favicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
https://gentle-haze-2898.mbtcom.workers.dev/assets/scripts/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /Documents/html/homepage/favicon.ico HTTP/1.1
Host: asset.mtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gentle-haze-2898.mbtcom.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

resources.mtb.com/r/simple-layout-responsive/css.mtb?v=11242021100000

0.0.0.0

0 B

URL GET
resources.mtb.com/r/simple-layout-responsive/css.mtb?v=11242021100000
IP
0.0.0.0:0
ASN
#0

Requested by
https://gentle-haze-2898.mbtcom.workers.dev/assets/scripts/

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /r/simple-layout-responsive/css.mtb?v=11242021100000 HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gentle-haze-2898.mbtcom.workers.dev/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

gentle-haze-2898.mbtcom.workers.dev/Assets/js/kessel-client-prod.js

104.21.38.40

200 OK

69 kB

URL GET HTTP/3
gentle-haze-2898.mbtcom.workers.dev/Assets/js/kessel-client-prod.js
IP
104.21.38.40:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gentle-haze-2898.mbtcom.workers.dev/assets/scripts/
Certificate
IssuerGoogle Trust Services LLC
Subjectmbtcom.workers.dev
FingerprintEB:79:D0:27:C0:E9:62:F3:00:AE:D4:6A:32:FE:2A:7D:CD:4C:72:83
ValidityWed, 10 Apr 2024 19:00:51 GMT - Tue, 09 Jul 2024 19:00:50 GMT

File type
HTML document, ASCII text, with very long lines (65443)
Size
69 kB (68587 bytes)
Hash
fd30b9e568ff4b7e255d100cc5499b21
e77b14c34891cd8c54f580132fb9c43e837c08a9
df1f3429433dbc07cf2b671c263c5039fc3e1d216b25a7b8b16a74ee745f7f74

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	M & T Bank Coporation

HTTP Headers

GET /Assets/js/kessel-client-prod.js HTTP/1.1
Host: gentle-haze-2898.mbtcom.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gentle-haze-2898.mbtcom.workers.dev/assets/scripts/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Wed, 17 Apr 2024 17:48:06 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uhutzoHp%2BlBiJD3YWXAYarckq5oFk3TqYFeCiNcGt0%2F2UG5HseZIFoDQ91YicYC2vef3CIiN7338qavCQg4oDrUMhOVh9yCNIVJAu7sUNqEH44jOMxeh8OwtNw1rkm9D22UIqruLWI3zwoLCkqRi8q4q9C2zpA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 875e3e7cf8f79298-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (15)

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP