r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash bea3185dd820a31c1981317f37c3456d
1a548a5d27270fc11df9011837a7149571cedd78
469b97bf9f57401b3c9571039483589f2815f4794212b75c7c85cfefe0ae71e9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "469B97BF9F57401B3C9571039483589F2815F4794212B75C7C85CFEFE0AE71E9"
Last-Modified: Wed, 22 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15220
Expires: Thu, 23 Mar 2023 15:24:13 GMT
Date: Thu, 23 Mar 2023 11:10:33 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 65fc860bc043f3fb83bdc3debdcd322d
418010755deae099ef1284e402813c5837a10f42
d93d50c523c7f735987aba09db628259441eb75efe713a2df3c214e1fb8b5171
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D93D50C523C7F735987ABA09DB628259441EB75EFE713A2DF3C214E1FB8B5171"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3328
Expires: Thu, 23 Mar 2023 12:06:01 GMT
Date: Thu, 23 Mar 2023 11:10:33 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 84db75194692d4afe13196bda6f22da8
4c1f49bc973a4917f146d93c8d598344edc021f6
a3bec66f95b3bdf1d310c726e8ed05f7b06c1901c62381a94582d581844d2c23
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Alert, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 23 Mar 2023 10:15:05 GMT
content-type: application/json
age: 3328
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 51a5d4696a6090c295850554508b51ce
c44e143c2223546e64b19f543b8101aaf3b11e97
8794223d5e8d4d276c35e2fdcc24bf99694240634dd749cd9b5bf874dec055cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8794223D5E8D4D276C35E2FDCC24BF99694240634DD749CD9B5BF874DEC055CF"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20773
Expires: Thu, 23 Mar 2023 16:56:46 GMT
Date: Thu, 23 Mar 2023 11:10:33 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: zKXPJl60t2Qkgft5P+24AplJh6HSufJFJkvpPp2sGq1ntf76wNsFnWymPcSHuY6mH+wMJUuRIwM=
x-amz-request-id: 6GQAFJR9Q1MXK6RA
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 23 Mar 2023 10:54:01 GMT
age: 992
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
mbtinfor.cloud/41730a87be0d0f08af566c147ee4ae6a/?token=7feb7124f07a1bfa6fcabd5c1e10ff3cbd07223dc514645bd5d741d5ab62cad77bd857afb9a1ec8df0a8ce84578fcadc85d574c54c93fc705991dd6c5f671dbe
302 Moved Temporarily 0 B URL HTTP/1.1 mbtinfor.cloud/41730a87be0d0f08af566c147ee4ae6a/?token=7feb7124f07a1bfa6fcabd5c1e10ff3cbd07223dc514645bd5d741d5ab62cad77bd857afb9a1ec8df0a8ce84578fcadc85d574c54c93fc705991dd6c5f671dbe
IP
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
NIDS Severity Alert suricata high ETPRO HUNTING Suspicious Redirect to Recursive PHP - Possible Phishing
GET /41730a87be0d0f08af566c147ee4ae6a/?token=7feb7124f07a1bfa6fcabd5c1e10ff3cbd07223dc514645bd5d741d5ab62cad77bd857afb9a1ec8df0a8ce84578fcadc85d574c54c93fc705991dd6c5f671dbe HTTP/1.1
Host: mbtinfor.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 11:10:33 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=8be499b8dab2f2d0a5f755f868ec5f7d; path=/
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Location: ../index.php
Content-Length: 0
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 11:10:33 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Last-Modified, Retry-After, Content-Length, Alert, Cache-Control, Expires, Content-Type, Backoff, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 23 Mar 2023 10:17:23 GMT
age: 3191
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 050ca4dc2182e0a27573b0d9f32b7834
bec14dc5af0d0b32210470673511acd8db404308
b6129b9d1848f75265dca4446c5399927bdaf15c7b49c083765847b0fe276eaf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B6129B9D1848F75265DCA4446C5399927BDAF15C7B49C083765847B0FE276EAF"
Last-Modified: Wed, 22 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17016
Expires: Thu, 23 Mar 2023 15:54:10 GMT
Date: Thu, 23 Mar 2023 11:10:34 GMT
Connection: keep-alive
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Rt8y8kCRMP/egm3t3tq7Fg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: vQsOplbJHPv0N8B+iPxn5QHY1e8=
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15734
Expires: Thu, 23 Mar 2023 15:32:49 GMT
Date: Thu, 23 Mar 2023 11:10:35 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15734
Expires: Thu, 23 Mar 2023 15:32:49 GMT
Date: Thu, 23 Mar 2023 11:10:35 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15734
Expires: Thu, 23 Mar 2023 15:32:49 GMT
Date: Thu, 23 Mar 2023 11:10:35 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
200 OK 4.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 85351059b67b0a42eda7e69a31b3b4b4
b798268806dc2f79f033e5872676019faf0e0cc1
86e163b7159b197d6358ab01333ac6da221de0ebe1c5da8d5cef2977d38625fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4000
x-amzn-requestid: 68dc01d7-3eed-48f6-8532-8efaa96cc1ec
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJpraEqyoAMFgNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a2315-3852cc8961365a560d1fa02f;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:17 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: k6VaCG5oTQnKOvKJnleVqxIIc9yOgdOL0oPcL0ZSVw7DZQ8_GzFoZQ==
via: 1.1 288c777a01e22425da9494dad7a69734.cloudfront.net (CloudFront), 1.1 4d8620b80ebe37d366388e117039aa8e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 21:47:43 GMT
age: 48172
etag: "b798268806dc2f79f033e5872676019faf0e0cc1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a816157-9568-4e7f-a034-14b2f1982949.jpeg
200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a816157-9568-4e7f-a034-14b2f1982949.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f4a771935927950222124e14b56046df
d07fe53e4ac41048497b2732c017f6666c3eda9e
4e8388626074646c2336711be0a170ceab367c343648a32d2389dd87640251d0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a816157-9568-4e7f-a034-14b2f1982949.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4912
x-amzn-requestid: d8fcf495-12af-42ae-ad69-0ea07b1a8669
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM8H3Fl1IAMFYgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b73cb-01cbd1981a57e53b3d3cde93;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:31:55 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: soxgrR0B6Rz79QysB7qbMTsNYmkYfG8doOMPpTEd9uLlrE6WTcDKdw==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 995664ee945c06fc706b5cb8e0e650dc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 21:47:44 GMT
age: 48171
etag: "d07fe53e4ac41048497b2732c017f6666c3eda9e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fea5d4e17-e42c-49fb-a54b-d7d97ad50ba4.jpeg
200 OK 7.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fea5d4e17-e42c-49fb-a54b-d7d97ad50ba4.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 40d24dfcd9f0afe0e4077384f16cc494
76213c7d5c759471ed3823888860f918ac7e8f13
fbbbef0498ddf14bc9b204273a3cd416c357dceed20339c3e8c64a16b0be3caf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fea5d4e17-e42c-49fb-a54b-d7d97ad50ba4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7083
x-amzn-requestid: 52c38747-4a30-4831-87ca-7e72e5602ed0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CHY_gFu8IAMFh9g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64193b96-49c53b7c2e5ed4fc0217e357;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 05:07:34 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: XUrSSF8TgZSClR4MqJ0kuXGO-8KIguNmGe5lmVwzKXZO6CN0F9mimg==
via: 1.1 f3802d173009698413044360f84de06c.cloudfront.net (CloudFront), 1.1 f313d3df80c4dab8f5399614116801cc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 21:51:03 GMT
age: 47972
etag: "76213c7d5c759471ed3823888860f918ac7e8f13"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93c300c4-e707-428c-9ae5-d4699c20a7ef.jpeg
200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93c300c4-e707-428c-9ae5-d4699c20a7ef.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 800c2662fd6ab8829a02b7d63084c38d
0917d2c376f8d2af2a436a33ce2bfe1cbdb8b239
76545e9f75dc558fdb7b54550934c7775318fb4150a9309f60e65d982d2e576e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93c300c4-e707-428c-9ae5-d4699c20a7ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5950
x-amzn-requestid: ce85112e-428d-4ca1-9dac-1d6c8c6dc74a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CKyF9EI3oAMFtyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a96f2-05c5948d6f74948b1c67d68c;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 05:49:38 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: tu0ENc_6tfykYc23nLfwYEMsi5HIfaDWF6dvzVTfX5rfjr3JrmMrCA==
via: 1.1 59456abf79b201034ab5c9cfef7355e2.cloudfront.net (CloudFront), 1.1 aabd01c4a20dae837d162bd972422efc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 22:02:44 GMT
age: 57605
etag: "0917d2c376f8d2af2a436a33ce2bfe1cbdb8b239"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5be1b286-007a-44a5-a6fd-872190ecfa0b.jpeg
200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5be1b286-007a-44a5-a6fd-872190ecfa0b.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c05bfdf1411a931d8ea9adc64b07bc74
156ef59e53564a4f2b27002b2695fafecd578d82
15d17c0df2d2b0625ecf5f576a7ff630ae8b923b28be354ad23aec6a284a801a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5be1b286-007a-44a5-a6fd-872190ecfa0b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6692
x-amzn-requestid: 3a0f6a8d-89b1-43f4-8a15-8749bdbc047b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM9d9FcOoAMFaFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b75f2-3540256d6be3d4f85bba65ea;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:41:06 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: Jj5lAwItWYm45j5kLqQnd3fhsiGsiuSiSVtrBUOolyHvPAmCc0S71A==
via: 1.1 e92cc925fc8895560cd0628c67f58828.cloudfront.net (CloudFront), 1.1 b23fb37cd7fff033ab21e3284f558a28.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Mar 2023 07:54:24 GMT
age: 11771
etag: "156ef59e53564a4f2b27002b2695fafecd578d82"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a7546f8-3d34-4fb4-b63f-8e8098b48c30.jpeg
200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a7546f8-3d34-4fb4-b63f-8e8098b48c30.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f777f840a3fc7e500c57a7cbdf88f26d
3518e8a18807209e94011806a96492e0d86ee9c9
44aa32fa1bf15785a4dd8cd6184772fb268113cbf459f5f30a70ff5ca66c9e05
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a7546f8-3d34-4fb4-b63f-8e8098b48c30.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7419
x-amzn-requestid: bc02abbe-706d-42af-b963-0163b07b87c9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: B9xbnE7OIAMFW2g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641562b0-247606a3713a20d25cf83763;Sampled=0
x-amzn-remapped-date: Sat, 18 Mar 2023 07:05:20 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: W_FZ-TYlfmS1JSvZVG4v_4Iag3ssm5J2oYgk0LBdKqv-Q0KST6FkDQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 618052a0d9c86c1a3bf663f82d041d1c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 20:21:35 GMT
age: 53340
etag: "3518e8a18807209e94011806a96492e0d86ee9c9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
mbtinfor.cloud/index.php
302 Moved Temporarily 22 B IP
ASN #46606 UNIFIEDLAYER-AS-1
Hash 463423f62d72f0be0533a6b7f210fb35
af361bf21971a8a9f15d8146e05ac69c5a30834f
4dc8d44ac335e82b032a385918448022803a1f313fa4e866a08ecb3a6233c90f
GET /index.php HTTP/1.1
Host: mbtinfor.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: PHPSESSID=8be499b8dab2f2d0a5f755f868ec5f7d
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 11:10:33 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Location: e466b573c500586ae938ab38b00f5fa8?token=770e2c9e4c67f29e2dff7f94d01a45fae5226e56bef6eea7f32d97fee83ab9cbf496e64d1df3c613829c532afd37bdeb6b8eb15edba64beee16472bbdbf8d82e
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 22
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8
mbtinfor.cloud/e466b573c500586ae938ab38b00f5fa8?token=770e2c9e4c67f29e2dff7f94d01a45fae5226e56bef6eea7f32d97fee83ab9cbf496e64d1df3c613829c532afd37bdeb6b8eb15edba64beee16472bbdbf8d82e
301 Moved Permanently 398 B URL HTTP/1.1 mbtinfor.cloud/e466b573c500586ae938ab38b00f5fa8?token=770e2c9e4c67f29e2dff7f94d01a45fae5226e56bef6eea7f32d97fee83ab9cbf496e64d1df3c613829c532afd37bdeb6b8eb15edba64beee16472bbdbf8d82e
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 14fab6c60871c3ab3f255dae91c7a852
48826d6bf6aa6ef6eaccbac4a31729d96ae787d5
b41865edd9339127bb45707bf0db53c7f0068a4bd461136869125b9e5de02e9f
GET /e466b573c500586ae938ab38b00f5fa8?token=770e2c9e4c67f29e2dff7f94d01a45fae5226e56bef6eea7f32d97fee83ab9cbf496e64d1df3c613829c532afd37bdeb6b8eb15edba64beee16472bbdbf8d82e HTTP/1.1
Host: mbtinfor.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: PHPSESSID=8be499b8dab2f2d0a5f755f868ec5f7d
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 23 Mar 2023 11:10:36 GMT
Server: Apache
Location: http://mbtinfor.cloud/e466b573c500586ae938ab38b00f5fa8/?token=770e2c9e4c67f29e2dff7f94d01a45fae5226e56bef6eea7f32d97fee83ab9cbf496e64d1df3c613829c532afd37bdeb6b8eb15edba64beee16472bbdbf8d82e
Content-Length: 398
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
mbtinfor.cloud/e466b573c500586ae938ab38b00f5fa8/?token=770e2c9e4c67f29e2dff7f94d01a45fae5226e56bef6eea7f32d97fee83ab9cbf496e64d1df3c613829c532afd37bdeb6b8eb15edba64beee16472bbdbf8d82e
200 OK 3.0 kB URL HTTP/1.1 mbtinfor.cloud/e466b573c500586ae938ab38b00f5fa8/?token=770e2c9e4c67f29e2dff7f94d01a45fae5226e56bef6eea7f32d97fee83ab9cbf496e64d1df3c613829c532afd37bdeb6b8eb15edba64beee16472bbdbf8d82e
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (717), with CRLF line terminators
Hash 48c5084a1b54fe3fe46b288bfa700cb6
9f62c6d3458b25542e29abc464f02c62ac8999bb
7b4f7b8e13218a628503ddf9ca8c1016ce07a9c01e93403724af8047f6f34393
GET /e466b573c500586ae938ab38b00f5fa8/?token=770e2c9e4c67f29e2dff7f94d01a45fae5226e56bef6eea7f32d97fee83ab9cbf496e64d1df3c613829c532afd37bdeb6b8eb15edba64beee16472bbdbf8d82e HTTP/1.1
Host: mbtinfor.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: PHPSESSID=8be499b8dab2f2d0a5f755f868ec5f7d
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 11:10:36 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2954
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mbtinfor.cloud/TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=9
404 Not Found 355 B URL HTTP/1.1 mbtinfor.cloud/TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=9
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash cb50b952a1a41c3358018129e081d511
9b3ce22f173597240fd0c22ff649f3ffb9c6ea99
791b5cb893932898c350d1ec9888ee9c2feaea002431d12e9a1ba29331813be0
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=9 HTTP/1.1
Host: mbtinfor.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mbtinfor.cloud/e466b573c500586ae938ab38b00f5fa8/?token=770e2c9e4c67f29e2dff7f94d01a45fae5226e56bef6eea7f32d97fee83ab9cbf496e64d1df3c613829c532afd37bdeb6b8eb15edba64beee16472bbdbf8d82e
Cookie: PHPSESSID=8be499b8dab2f2d0a5f755f868ec5f7d
HTTP/1.1 404 Not Found
Date: Thu, 23 Mar 2023 11:10:38 GMT
Server: Apache
Last-Modified: Fri, 12 Aug 2022 05:28:09 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 355
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/html
mbtinfor.cloud/TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=17
404 Not Found 355 B URL HTTP/1.1 mbtinfor.cloud/TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=17
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash cb50b952a1a41c3358018129e081d511
9b3ce22f173597240fd0c22ff649f3ffb9c6ea99
791b5cb893932898c350d1ec9888ee9c2feaea002431d12e9a1ba29331813be0
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=17 HTTP/1.1
Host: mbtinfor.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mbtinfor.cloud/e466b573c500586ae938ab38b00f5fa8/?token=770e2c9e4c67f29e2dff7f94d01a45fae5226e56bef6eea7f32d97fee83ab9cbf496e64d1df3c613829c532afd37bdeb6b8eb15edba64beee16472bbdbf8d82e
Cookie: PHPSESSID=8be499b8dab2f2d0a5f755f868ec5f7d
HTTP/1.1 404 Not Found
Date: Thu, 23 Mar 2023 11:10:38 GMT
Server: Apache
Last-Modified: Fri, 12 Aug 2022 05:28:09 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 355
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html
mbtinfor.cloud/Assets/scripts/Login/Index.js
404 Not Found 355 B URL HTTP/1.1 mbtinfor.cloud/Assets/scripts/Login/Index.js
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash cb50b952a1a41c3358018129e081d511
9b3ce22f173597240fd0c22ff649f3ffb9c6ea99
791b5cb893932898c350d1ec9888ee9c2feaea002431d12e9a1ba29331813be0
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
NIDS Severity Alert suricata medium ET INFO 404 Response with Javascript Variable in Page
GET /Assets/scripts/Login/Index.js HTTP/1.1
Host: mbtinfor.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mbtinfor.cloud/e466b573c500586ae938ab38b00f5fa8/?token=770e2c9e4c67f29e2dff7f94d01a45fae5226e56bef6eea7f32d97fee83ab9cbf496e64d1df3c613829c532afd37bdeb6b8eb15edba64beee16472bbdbf8d82e
Cookie: PHPSESSID=8be499b8dab2f2d0a5f755f868ec5f7d
HTTP/1.1 404 Not Found
Date: Thu, 23 Mar 2023 11:10:38 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 12 Aug 2022 05:28:09 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 355
Keep-Alive: timeout=5, max=75
Content-Type: text/html
mbtinfor.cloud/ruxitagentjs_ICA2SVfhjqrux_10205201218101503.js
404 Not Found 355 B URL HTTP/1.1 mbtinfor.cloud/ruxitagentjs_ICA2SVfhjqrux_10205201218101503.js
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash cb50b952a1a41c3358018129e081d511
9b3ce22f173597240fd0c22ff649f3ffb9c6ea99
791b5cb893932898c350d1ec9888ee9c2feaea002431d12e9a1ba29331813be0
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /ruxitagentjs_ICA2SVfhjqrux_10205201218101503.js HTTP/1.1
Host: mbtinfor.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mbtinfor.cloud/e466b573c500586ae938ab38b00f5fa8/?token=770e2c9e4c67f29e2dff7f94d01a45fae5226e56bef6eea7f32d97fee83ab9cbf496e64d1df3c613829c532afd37bdeb6b8eb15edba64beee16472bbdbf8d82e
Cookie: PHPSESSID=8be499b8dab2f2d0a5f755f868ec5f7d
HTTP/1.1 404 Not Found
Date: Thu, 23 Mar 2023 11:10:38 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 12 Aug 2022 05:28:09 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 355
Keep-Alive: timeout=5, max=75
Content-Type: text/html
nexus.ensighten.com/mtbank/OE-Prod/Bootstrap.js
200 OK 15 B URL HTTP/1.1 nexus.ensighten.com/mtbank/OE-Prod/Bootstrap.js
IP
Hash ffe905f50d9b47e6353b68513c4d48ac
d2c2ee4201cca3be67abf771ed1f1922fa94d083
c0d8671e209f009f9c1ad8153222f942087ec193b7e87f856e60971bd5424633
GET /mtbank/OE-Prod/Bootstrap.js HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mbtinfor.cloud/
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 15
Connection: keep-alive
Date: Thu, 23 Mar 2023 11:10:40 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Fri, 03 Feb 2023 08:06:57 GMT
ETag: "ffe905f50d9b47e6353b68513c4d48ac"
x-amz-server-side-encryption: AES256
Cache-Control: no-cache, no-store
x-amz-version-id: wavO2l7VyxB9HskbZfGyDtMNoZwuEJgp
Accept-Ranges: bytes
Server: CloudFront
X-Cache: Error from cloudfront
Via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Ks0_K3PUJLuOEjtVobunfstR4Kvd9mJ5KtX9H502r1lWVGiWy9Llcg==
ocsp.entrust.net/
200 OK 1.6 kB IP
Hash ed02e401fd9d42fbd4d9d0f7734e50b4
9d7c3db352a040065330f2780a2ed308a42d926a
47753dea34aa4f2f64b316028adb92402d02ab053b291aec7b66ac6e8fc0cfcd
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "47753DEA34AA4F2F64B316028ADB92402D02AB053B291AEC7B66AC6E8FC0CFCD"
Last-Modified: Wed, 22 Mar 2023 23:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=1157
Expires: Thu, 23 Mar 2023 11:29:56 GMT
Date: Thu, 23 Mar 2023 11:10:39 GMT
Connection: keep-alive
ocsp.entrust.net/
200 OK 1.6 kB IP
Hash ed02e401fd9d42fbd4d9d0f7734e50b4
9d7c3db352a040065330f2780a2ed308a42d926a
47753dea34aa4f2f64b316028adb92402d02ab053b291aec7b66ac6e8fc0cfcd
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "47753DEA34AA4F2F64B316028ADB92402D02AB053B291AEC7B66AC6E8FC0CFCD"
Last-Modified: Wed, 22 Mar 2023 23:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=1157
Expires: Thu, 23 Mar 2023 11:29:56 GMT
Date: Thu, 23 Mar 2023 11:10:39 GMT
Connection: keep-alive
ocsp.entrust.net/
200 OK 1.6 kB IP
Hash ed02e401fd9d42fbd4d9d0f7734e50b4
9d7c3db352a040065330f2780a2ed308a42d926a
47753dea34aa4f2f64b316028adb92402d02ab053b291aec7b66ac6e8fc0cfcd
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "47753DEA34AA4F2F64B316028ADB92402D02AB053B291AEC7B66AC6E8FC0CFCD"
Last-Modified: Wed, 22 Mar 2023 23:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=1157
Expires: Thu, 23 Mar 2023 11:29:56 GMT
Date: Thu, 23 Mar 2023 11:10:39 GMT
Connection: keep-alive
ocsp.entrust.net/
200 OK 1.6 kB IP
Hash ed02e401fd9d42fbd4d9d0f7734e50b4
9d7c3db352a040065330f2780a2ed308a42d926a
47753dea34aa4f2f64b316028adb92402d02ab053b291aec7b66ac6e8fc0cfcd
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "47753DEA34AA4F2F64B316028ADB92402D02AB053B291AEC7B66AC6E8FC0CFCD"
Last-Modified: Wed, 22 Mar 2023 23:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=1157
Expires: Thu, 23 Mar 2023 11:29:56 GMT
Date: Thu, 23 Mar 2023 11:10:39 GMT
Connection: keep-alive
ocsp.entrust.net/
200 OK 1.6 kB IP
Hash dddcc9b15d08f61a046a43eaf5f02135
ae09ab36525b50a240cba40c3b80ac1524bf80ff
f827f74d922f7313ff66ef06192edc7c472d2aedc9c889dac341152ae71593e4
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "F827F74D922F7313FF66EF06192EDC7C472D2AEDC9C889DAC341152AE71593E4"
Last-Modified: Thu, 23 Mar 2023 09:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3570
Expires: Thu, 23 Mar 2023 12:10:09 GMT
Date: Thu, 23 Mar 2023 11:10:39 GMT
Connection: keep-alive
ocsp.entrust.net/
200 OK 1.6 kB IP
Hash dddcc9b15d08f61a046a43eaf5f02135
ae09ab36525b50a240cba40c3b80ac1524bf80ff
f827f74d922f7313ff66ef06192edc7c472d2aedc9c889dac341152ae71593e4
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "F827F74D922F7313FF66EF06192EDC7C472D2AEDC9C889DAC341152AE71593E4"
Last-Modified: Thu, 23 Mar 2023 09:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3546
Expires: Thu, 23 Mar 2023 12:09:45 GMT
Date: Thu, 23 Mar 2023 11:10:39 GMT
Connection: keep-alive
ocsp.entrust.net/
200 OK 1.6 kB IP
Hash dddcc9b15d08f61a046a43eaf5f02135
ae09ab36525b50a240cba40c3b80ac1524bf80ff
f827f74d922f7313ff66ef06192edc7c472d2aedc9c889dac341152ae71593e4
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "F827F74D922F7313FF66EF06192EDC7C472D2AEDC9C889DAC341152AE71593E4"
Last-Modified: Thu, 23 Mar 2023 09:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3520
Expires: Thu, 23 Mar 2023 12:09:19 GMT
Date: Thu, 23 Mar 2023 11:10:39 GMT
Connection: keep-alive
ocsp.entrust.net/
200 OK 1.6 kB IP
Hash dddcc9b15d08f61a046a43eaf5f02135
ae09ab36525b50a240cba40c3b80ac1524bf80ff
f827f74d922f7313ff66ef06192edc7c472d2aedc9c889dac341152ae71593e4
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "F827F74D922F7313FF66EF06192EDC7C472D2AEDC9C889DAC341152AE71593E4"
Last-Modified: Thu, 23 Mar 2023 09:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3600
Expires: Thu, 23 Mar 2023 12:10:39 GMT
Date: Thu, 23 Mar 2023 11:10:39 GMT
Connection: keep-alive
resources.mtb.com/r/simple-layout-responsive/css.mtb?v=08132020140516
200 OK 35 kB URL HTTP/1.1 resources.mtb.com/r/simple-layout-responsive/css.mtb?v=08132020140516
IP
File type Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Hash a09551203c370fcc0c14eee4d7af4fac
6fcd08a7f0871a33ded481a49023de7c42bcdbf0
59df120e12a64898104a890d8a3d976a0c9ef2e31c0741215106fd1edfa172d9
GET /r/simple-layout-responsive/css.mtb?v=08132020140516 HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mbtinfor.cloud/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Expires: Fri, 22 Mar 2024 11:10:39 GMT
Last-Modified: Thu, 23 Mar 2023 11:10:38 GMT
ETag: "1679569839:dtagent10259230221142207SN+M"
Vary: User-Agent
X-Srv: M-SC-03
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-445968265"
Date: Thu, 23 Mar 2023 11:10:38 GMT
Cteonnt-Length: 258715
Cache-Control: private
Content-Encoding: gzip
Set-Cookie: dtCookie=v_4_srv_6_sn_7418076105ABA267EB0E50BB94C07B3A_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com
TS019299a7=019f8203fd89437e11f1de10fd6eda014fd8a821cb01238f521139c44413de2ff2d99e1b5a3f561746f5d0330c322cc0b8c2aa2895; Path=/
TS0128739d=019f8203fdea74c77cf112fb73652809e62e133a0b01238f521139c44413de2ff2d99e1b5aecf84f21582606417dafd02ac0d75976565f234cd1598e67ee9a1ab4b7ab11ae; path=/; domain=.mtb.com
TSf60233d5027=08affc4e07ab2000018df0342858f1c877c1dec2b62b359ba64d79c79da734a3369f1b6f6a2bc2e7088c488fad113000b32cb19bce6ae34eed6d0574d4a56a0b24871dfd8b6755607c1c433a4f481bd489e4404073e278d625c8302eca29125f; Path=/
Transfer-Encoding: chunked
resources.mtb.com/Assets/img/mtb-equalhousinglender.svg
200 OK 230 B URL HTTP/1.1 resources.mtb.com/Assets/img/mtb-equalhousinglender.svg
IP
File type SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Hash 916635d10512ae6a1840614a895dcd38
db175de4c42281bb4d239c57d1b95b8e75c529ec
d58eb2802f72d0c6b1d944a1335e8fb914af44b51fe16097aad994c15b8cfbad
GET /Assets/img/mtb-equalhousinglender.svg HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mbtinfor.cloud/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/svg+xml
Last-Modified: Fri, 10 Mar 2023 07:32:38 GMT
Accept-Ranges: bytes
ETag: "0ef477d2253d91:0"
X-Srv: M-SC-03
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-1694137347"
Date: Thu, 23 Mar 2023 11:10:38 GMT
Content-Length: 230
Set-Cookie: TSf60233d5027=08affc4e07ab2000030f77c4c69f52abd8481f6bb49e041f5aa3aaa4330f1664b8d7ae57c88acc24089966cdde1130001c00a85e184b583fed6d0574d4a56a0b58b1cc9c830f4e895229af9f35048a468f20c1feb62ec20605b653cc1b1ff3b8; Path=/
resources.mtb.com/Assets/img/mtb-entrust.svg
200 OK 1.3 kB URL HTTP/1.1 resources.mtb.com/Assets/img/mtb-entrust.svg
IP
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1349), with no line terminators
Hash 9a569ad20708d7453d89fe6c72e7fcdc
60b6a41620583484642f7c826faf8e3c879a6374
b2ef3bd17aa6bc2daa7b1209f7848b30c64f3068e43162b09a216639ab430ce5
GET /Assets/img/mtb-entrust.svg HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mbtinfor.cloud/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/svg+xml
Last-Modified: Fri, 10 Mar 2023 07:32:38 GMT
Accept-Ranges: bytes
ETag: "0ef477d2253d91:0"
X-Srv: M-SC-03
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="353578619"
Date: Thu, 23 Mar 2023 11:10:38 GMT
Content-Length: 1349
Set-Cookie: TSf60233d5027=08affc4e07ab2000197850a807ccfee90017cc6b4a44e46443ebc45c143c6b45b88b27cf9d336f19087b0e787b113000cb6c8d1abd5dbd3ced6d0574d4a56a0b77f4eb4bc8a113310fe6b160d09b46202719093cfd519b3a88ee1e293458071f; Path=/
resources.mtb.com/Assets/img/mtb-logo.svg
200 OK 2.0 kB URL HTTP/1.1 resources.mtb.com/Assets/img/mtb-logo.svg
IP
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2039), with no line terminators
Hash f2b901cf895852a0866fe4a16c7f1730
c4240af1ec798477b4e65a185ddbb1b038817da4
5f5b0d9f678fe446631a33a4cbbe891a01b0ed972143702e67ae6617367096ac
GET /Assets/img/mtb-logo.svg HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mbtinfor.cloud/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/svg+xml
Last-Modified: Fri, 10 Mar 2023 07:32:38 GMT
Accept-Ranges: bytes
ETag: "0ef477d2253d91:0"
X-Srv: M-SC-03
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="2119463982"
Date: Thu, 23 Mar 2023 11:10:38 GMT
Content-Length: 2039
Set-Cookie: TSf60233d5027=08affc4e07ab20000d2d04813fdf691a1442eb4f66a41dc89388be4979b766b991191aa032b504b40888b40ad71130007c6b115c1d25aefced6d0574d4a56a0b1556b79c523354f56c748b43f428b400dcb866687ceeac9185b0854cad822fc7; Path=/
resources.mtb.com/r/simple-layout-responsive/js.mtb?v=08132020140516
200 OK 104 kB URL HTTP/1.1 resources.mtb.com/r/simple-layout-responsive/js.mtb?v=08132020140516
IP
File type ASCII text, with CRLF line terminators
Size 104 kB (103531 bytes)
Hash 727a0de3144aa33cd4534796486e2363
86ed4f75d976f4f5974724a6a19723798f29386e
4944e8c395c12a394fb7be2e85d249d24381a5848f743a5d63bf2b0edda3bcdc
GET /r/simple-layout-responsive/js.mtb?v=08132020140516 HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mbtinfor.cloud/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Expires: Fri, 22 Mar 2024 11:10:39 GMT
Last-Modified: Thu, 23 Mar 2023 11:10:38 GMT
ETag: "1679569839:dtagent10259230221142207SN+M"
Vary: User-Agent
X-Srv: M-SC-03
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-54327783"
Date: Thu, 23 Mar 2023 11:10:38 GMT
Cteonnt-Length: 322405
Cache-Control: private
Content-Encoding: gzip
Set-Cookie: dtCookie=v_4_srv_2_sn_B487D96BC606C708E62236190C869940_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_1; Path=/; Domain=.mtb.com
TS019299a7=019f8203fd3f3ef4b72d961461f03b517a11b0599d2319a4c65b350756804b887d900d69bee0dce0a3d2a7a50f5e249798f6c9c501; Path=/
TS0128739d=019f8203fd42e17648e220875ec8b8c4c74fd2e1da2319a4c65b350756804b887d900d69be849f05857fa6f9aaeb6fc54bd8906ed4b6bcfc5a2968ae4664d3823ed1b18cd3; path=/; domain=.mtb.com
TSf60233d5027=08affc4e07ab200099041493f4da1cf8ec7e79bd6971ff071f48cec9919b48e578c2c47f541bba6a081db20dee113000a1a5d84e7657a76ced6d0574d4a56a0bf563d8b523e79aef3627c1592defa882d9d36c55126d5617edaf9a4c61efe8de; Path=/
Transfer-Encoding: chunked
resources.mtb.com/assets/fonts/mandtpg-iconfont.woff
200 OK 4.8 kB URL HTTP/1.1 resources.mtb.com/assets/fonts/mandtpg-iconfont.woff
IP
File type Web Open Font Format, TrueType, length 4776, version 1.0\012- data
Hash ac13691b89191d11d0e5577eb3cf3d53
0126fa82c0ab022e61b5de74f1fe3e204a905a7b
108d16421ae2ff7fc5157d507dc5b1bf7f62140ba58cf3c723b1f2b7e74c21df
GET /assets/fonts/mandtpg-iconfont.woff HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://mbtinfor.cloud
Connection: keep-alive
Referer: https://resources.mtb.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: APPLICATION/X-WOFF
Last-Modified: Fri, 10 Mar 2023 07:32:37 GMT
Accept-Ranges: bytes
ETag: "0ef477d2253d91:0:dtagent10259230221142207SN+M"
X-Srv: M-SC-03
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Timing-Allow-Origin: *
Server-Timing: dtSInfo;desc="0", dtRpid;desc="1808387092", dtTao;desc="1"
Date: Thu, 23 Mar 2023 11:10:39 GMT
Content-Length: 4776
Set-Cookie: dtCookie=v_4_srv_6_sn_D28DF1EEF32E01488F9B458A1DDA1092_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com
TS019299a7=019f8203fdb7500fce0d5bac4a72bc52bf0c14af6ce3011f31b2c90e661b1985878adb2e95531d1760a10248c3ab78316f58913d59; Path=/
TS0128739d=019f8203fd419f4e79faf03af7a002ccb29ab9ec70e3011f31b2c90e661b1985878adb2e954443653799b5c2343733b9b10526926ff748241af939a347f1b6167421dca81d; path=/; domain=.mtb.com
TSf60233d5027=08affc4e07ab2000295c1dd12f5a997a168f00c9e84472f9c755c40e3961dd0ee904b7c5f1a01e2508c9d272ee113000f8fbabe250aa998e20897ae8a0ef0f323256a6e1490532937acffa8126bae1d9439ba0d70d5c0e6a2dff909d591adcf0; Path=/
mbtinfor.cloud/Assets/scripts/Login/Index.js
404 Not Found 355 B URL HTTP/1.1 mbtinfor.cloud/Assets/scripts/Login/Index.js
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash cb50b952a1a41c3358018129e081d511
9b3ce22f173597240fd0c22ff649f3ffb9c6ea99
791b5cb893932898c350d1ec9888ee9c2feaea002431d12e9a1ba29331813be0
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
NIDS Severity Alert suricata medium ET INFO 404 Response with Javascript Variable in Page
GET /Assets/scripts/Login/Index.js HTTP/1.1
Host: mbtinfor.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mbtinfor.cloud/e466b573c500586ae938ab38b00f5fa8/?token=770e2c9e4c67f29e2dff7f94d01a45fae5226e56bef6eea7f32d97fee83ab9cbf496e64d1df3c613829c532afd37bdeb6b8eb15edba64beee16472bbdbf8d82e
Cookie: PHPSESSID=8be499b8dab2f2d0a5f755f868ec5f7d
HTTP/1.1 404 Not Found
Date: Thu, 23 Mar 2023 11:10:40 GMT
Server: Apache
Last-Modified: Fri, 12 Aug 2022 05:28:09 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 355
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html
resources.mtb.com/assets/fonts/mandtbaltoweb-medium.woff
200 OK 64 kB URL HTTP/1.1 resources.mtb.com/assets/fonts/mandtbaltoweb-medium.woff
IP
File type Web Open Font Format, TrueType, length 64318, version 1.0\012- data
Hash b245a55f7e33e1cf4d2477570936ef84
12bf1c1eda6db246778f7c343acebbaad8fa36f4
b391b55f950528937beee7687717a4aef81196817834f1c93b099713ff738fbc
GET /assets/fonts/mandtbaltoweb-medium.woff HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://mbtinfor.cloud
Connection: keep-alive
Referer: https://resources.mtb.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: APPLICATION/X-WOFF
Last-Modified: Fri, 10 Mar 2023 07:32:37 GMT
Accept-Ranges: bytes
ETag: "0ef477d2253d91:0:dtagent10259230221142207SN+M"
X-Srv: M-SC-03
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Timing-Allow-Origin: *
Server-Timing: dtSInfo;desc="0", dtRpid;desc="1043275337", dtTao;desc="1"
Date: Thu, 23 Mar 2023 11:10:39 GMT
Content-Length: 64318
Set-Cookie: dtCookie=v_4_srv_9_sn_2454678B2F3EC7421FFB904228FE5C2C_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com
TS019299a7=019f8203fdedd58a3a0352846ce2ddc5243e4f0c8d0d8bc4c579f3871b6be9f6acfb2a302b503eabcb505bdc32d82b54a76ffb645b; Path=/
TS0128739d=019f8203fd1b8c754eb4d31d5c0c6318138f6270750d8bc4c579f3871b6be9f6acfb2a302bdcb10a0123f9dcde4437affcf5c0c75c27a3d6c7b29da40ab6e47818bba0fb1f; path=/; domain=.mtb.com
TSf60233d5027=08affc4e07ab200014de59840308d51247c1a68c3413deaa375b6d73507199f837bcf9127651d38d0881a5f929113000bd2e7dda63e1dc1120897ae8a0ef0f3252d23b108e0d33a6513d6d0954a62ce63403ef21bba86a2c232f8d1a225f00ff; Path=/
resources.mtb.com/assets/fonts/mandtbaltoweb-book.woff
200 OK 68 kB URL HTTP/1.1 resources.mtb.com/assets/fonts/mandtbaltoweb-book.woff
IP
File type Web Open Font Format, TrueType, length 67671, version 1.0\012- data
Hash 6cd469e8613d82d4d07834a5ca7745f0
95347ba0a03d27e1aa91bc17c937d8aefe53e6ff
4029a5a081992259f4e529190b49dbba893931da4e843dd203449f1b9a4509d2
GET /assets/fonts/mandtbaltoweb-book.woff HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://mbtinfor.cloud
Connection: keep-alive
Referer: https://resources.mtb.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: APPLICATION/X-WOFF
Last-Modified: Fri, 10 Mar 2023 07:32:37 GMT
Accept-Ranges: bytes
ETag: "0ef477d2253d91:0:dtagent10259230221142207SN+M"
X-Srv: M-SC-03
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Timing-Allow-Origin: *
Server-Timing: dtSInfo;desc="0", dtRpid;desc="1418514029", dtTao;desc="1"
Date: Thu, 23 Mar 2023 11:10:39 GMT
Content-Length: 67671
Set-Cookie: dtCookie=v_4_srv_2_sn_EEF864CC55DA5AC4722C137A352EA3A0_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com
TS019299a7=019f8203fdb9b182c80701c4f4fe3c5195461bef5ea21560bd33c8c51332f734e0930985efe3c70a9d794c3f7515f0e1b11e505d8a; Path=/
TS0128739d=019f8203fdc2cee44ca1ac80bb8ae2e4dcc21ef154a21560bd33c8c51332f734e0930985ef0010d1b6d668236cb362f473053dbb55142fdc161b1bfbf5df9dc31e5384c138; path=/; domain=.mtb.com
TSf60233d5027=08affc4e07ab200072d185c02de4097e908b0a785f5cb308585a71854aa62056dcec00e7ce03abab0855fb8c5d113000185a0721afb2098520897ae8a0ef0f321160f6be1bc5ea8c20077d645208fbf27b97058e5885f5203e622092e5d52d6e; Path=/
ocsp.entrust.net/
200 OK 1.6 kB IP
Hash 64bbcaf8aa4aa14e359541e907a1fc7a
05561a4cad7263861af68921b4689de7dd758fd8
752075998100a9878d438f79e9bfea5e559841ebf6f26bcf9769f1dfc7413d15
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "752075998100A9878D438F79E9BFEA5E559841EBF6F26BCF9769F1DFC7413D15"
Last-Modified: Thu, 23 Mar 2023 03:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3600
Expires: Thu, 23 Mar 2023 12:10:41 GMT
Date: Thu, 23 Mar 2023 11:10:41 GMT
Connection: keep-alive
asset.mtb.com/Documents/html/homepage/favicon.ico
200 OK 15 kB URL HTTP/2 asset.mtb.com/Documents/html/homepage/favicon.ico
IP
File type PNG image data, 300 x 300, 8-bit/color RGB, non-interlaced\012- data
Hash e82f458a5c1c5353a97401eccc925613
949d6c8d06ca14b52f496c20f63fae269b6708c2
cd320f6e4a5ccfb2d08a5aca1d42dc606530d63e3d779038c41865c85568cbf3
GET /Documents/html/homepage/favicon.ico HTTP/1.1
Host: asset.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mbtinfor.cloud/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/x-icon
content-length: 14862
accept-ranges: bytes
content-disposition: inline
content-encoding: gzip
last-modified: Wed, 04 May 2022 18:18:59 GMT
server: Apache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
x-dispatcher: dispatcher1useast1
x-frame-options: SAMEORIGIN
x-vhost: publish
date: Thu, 23 Mar 2023 11:03:44 GMT
cache-control: max-age=3600, no-cache="set-cookie"
etag: "3dce-5de33a8b9cac0-gzip"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 19d1514f5f81da4dca6349d0f75a352c.cloudfront.net (CloudFront)
x-amz-cf-pop: YUL62-C2
x-amz-cf-id: bbxs6oRbWpOlta4OpGHVgbR4NqaJx9VqEf3hJjZI8YSyva_BY7vIFg==
age: 420
X-Firefox-Spdy: h2
2.57.90.16
54.230.111.35
104.110.10.32