Report - syntirogroup.com/MT/mt/login.php?online_id=19a544188c35a04cb80e87d24&country={{country}}&iso=

Report Overview

URL

syntirogroup.com/MT/mt/login.php?online_id=19a544188c35a04cb80e87d24&country={{country}}&iso=
IP

162.241.115.202

ASN

#46606 UNIFIEDLAYER-AS-1
Submitted

2023-01-22T21:09:41Z

Access
Tags

mt_bank financial phishing
urlquery detections

Phishing - M&T Bank

Detections

urlquery

6
Network Intrusion Detection

0
Threat Detection Systems

0

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
content-signature-2.cdn.mozilla.net (1)	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413	5844	34.160.144.191
contile.services.mozilla.com (1)	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333	391	34.117.237.239
nexus.ensighten.com (1)	2786	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	301	639	54.230.111.14
push.services.mozilla.com (1)	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606	127	52.41.18.18
img-getpocket.cdn.mozilla.net (6)	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3246	54721	34.120.237.76
r3.o.lencr.org (8)	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2704	7088	23.33.119.27
firefox.settings.services.mozilla.com (2)	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782	2374	35.241.9.150
ocsp.entrust.net (8)	1208	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2720	15656	104.110.10.32
resources.mtb.com (8)	144011	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3448	285999	192.216.61.78
asset.mtb.com (1)	246397	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	405	15624	143.204.55.52
syntirogroup.com (6)	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2449	17400	162.241.115.202
ocsp.digicert.com (1)	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	341	797	93.184.220.29

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

HTTP Transactions (44)

URL IP Response Size

r3.o.lencr.org/

23.33.119.27

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.33.119.27:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

20d267853e48ef7d476459ed67da5d97

06d1bd08efd69c0e93486d3c423fa2640f372d29

24323cd45ca2ed01c63f908233d9b2ad5bb6f63394884c45bf6abb0221d0edd6

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "24323CD45CA2ED01C63F908233D9B2AD5BB6F63394884C45BF6ABB0221D0EDD6"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3251
Expires: Sun, 22 Jan 2023 22:03:41 GMT
Date: Sun, 22 Jan 2023 21:09:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.33.119.27:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

4714c95a0c854e38f9be444f9343bf14

07ce5eb635448f2b3bafbe51e4dfeef47cdf4f7b

4d47e08c9afb704096e93a51f6e95c0dc7c7bc31e67ded39998ff37ed56e0965

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4D47E08C9AFB704096E93A51F6E95C0DC7C7BC31E67DED39998FF37ED56E0965"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6831
Expires: Sun, 22 Jan 2023 23:03:21 GMT
Date: Sun, 22 Jan 2023 21:09:30 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939

URL HTTP/2

firefox.settings.services.mozilla.com/v1/
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (939), with no line terminators

Size

939
Hash

ff250d3ef3fa45322bf05039a0122a9f

b3e7a2c383bce1bab807dbe1a03c375258b51f1d

d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba

HTTP Headers

                                        GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 22 Jan 2023 20:42:33 GMT
content-type: application/json
age: 1617
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.33.119.27:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

38c102db4bcfb9c4fb19174986950fd3

51c2cc8a3aca4da5c9ab3438467c29203fc0b0c3

dad6b64bc9f4dd827471ccc2e5273fceee574685376083aaa80f9d2f918037f2

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DAD6B64BC9F4DD827471CCC2E5273FCEEE574685376083AAA80F9D2F918037F2"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2963
Expires: Sun, 22 Jan 2023 21:58:53 GMT
Date: Sun, 22 Jan 2023 21:09:30 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5348

URL HTTP/2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP

34.160.144.191:0
ASN

#15169 GOOGLE

Magic

PEM certificate\012- , ASCII text

Size

5348
Hash

7b922915ebf1fa3639b333f994c74f24

144a3f80b98fd0652d4614f24cf6cbbee40f8938

adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

                                        GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
x-amz-id-2: tWme/L9B61CkueERoTBj5m5JcoqNTh/QXi+to5IudGhRU5gStwRn4lEQD0/oq+yY1ttRkQrBGIw=
x-amz-request-id: WZTQCF1W1TR7JYT1
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 22 Jan 2023 20:47:26 GMT
age: 1324
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

syntirogroup.com/MT/mt/login.php?online_id=19a544188c35a04cb80e87d24&country={{country}}&iso=

162.241.115.202

200 OK

14639

URL HTTP/1.1

syntirogroup.com/MT/mt/login.php?online_id=19a544188c35a04cb80e87d24&country={{country}}&iso=
IP

162.241.115.202:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (960), with CRLF line terminators

Size

14639
Hash

081bdda16bbdeca91f420f7898d60f08

cb837a7c87fbd60615fb9453ca1c939a34f4e840

179f859e76864bbb7c6e4ca09d6b5f51f760679f8f3798edb2375244fa63a0a5

HTTP Headers

                                        GET /MT/mt/login.php?online_id=19a544188c35a04cb80e87d24&country={{country}}&iso= HTTP/1.1
Host: syntirogroup.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                        HTTP/1.1 200 OK
Date: Sun, 22 Jan 2023 21:09:29 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

URL HTTP/2

contile.services.mozilla.com/v1/tiles
IP

34.117.237.239:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with no line terminators

Size

12
Hash

23e88fb7b99543fb33315b29b1fad9d6

a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce

7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

                                        GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 21:09:30 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

syntirogroup.com/TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=9

162.241.115.202

404 Not Found

315

URL HTTP/1.1

syntirogroup.com/TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=9
IP

162.241.115.202:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text

Size

315
Hash

a34ac19f4afae63adc5d2f7bc970c07f

a82190fc530c265aa40a045c21770d967f4767b8

d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

                                        GET /TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=9 HTTP/1.1
Host: syntirogroup.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://syntirogroup.com/MT/mt/login.php?online_id=19a544188c35a04cb80e87d24&country={{country}}&iso=

                                        HTTP/1.1 404 Not Found
Date: Sun, 22 Jan 2023 21:09:29 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

syntirogroup.com/TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=17

162.241.115.202

404 Not Found

315

URL HTTP/1.1

syntirogroup.com/TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=17
IP

162.241.115.202:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text

Size

315
Hash

a34ac19f4afae63adc5d2f7bc970c07f

a82190fc530c265aa40a045c21770d967f4767b8

d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

                                        GET /TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=17 HTTP/1.1
Host: syntirogroup.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://syntirogroup.com/MT/mt/login.php?online_id=19a544188c35a04cb80e87d24&country={{country}}&iso=

                                        HTTP/1.1 404 Not Found
Date: Sun, 22 Jan 2023 21:09:29 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

syntirogroup.com/Assets/scripts/Login/Index.js

162.241.115.202

404 Not Found

315

URL HTTP/1.1

syntirogroup.com/Assets/scripts/Login/Index.js
IP

162.241.115.202:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text

Size

315
Hash

a34ac19f4afae63adc5d2f7bc970c07f

a82190fc530c265aa40a045c21770d967f4767b8

d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

                                        GET /Assets/scripts/Login/Index.js HTTP/1.1
Host: syntirogroup.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://syntirogroup.com/MT/mt/login.php?online_id=19a544188c35a04cb80e87d24&country={{country}}&iso=

                                        HTTP/1.1 404 Not Found
Date: Sun, 22 Jan 2023 21:09:29 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

syntirogroup.com/ruxitagentjs_ICA2SVfhjqrux_10205201218101503.js

162.241.115.202

404 Not Found

315

URL HTTP/1.1

syntirogroup.com/ruxitagentjs_ICA2SVfhjqrux_10205201218101503.js
IP

162.241.115.202:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text

Size

315
Hash

a34ac19f4afae63adc5d2f7bc970c07f

a82190fc530c265aa40a045c21770d967f4767b8

d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

                                        GET /ruxitagentjs_ICA2SVfhjqrux_10205201218101503.js HTTP/1.1
Host: syntirogroup.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://syntirogroup.com/MT/mt/login.php?online_id=19a544188c35a04cb80e87d24&country={{country}}&iso=

                                        HTTP/1.1 404 Not Found
Date: Sun, 22 Jan 2023 21:09:29 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329

URL HTTP/2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP

35.241.9.150:0
ASN

#15169 GOOGLE

Magic

JSON data\012- , ASCII text, with very long lines (329), with no line terminators

Size

329
Hash

0333b0655111aa68de771adfcc4db243

63f295a144ac87a7c8e23417626724eeca68a7eb

60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

                                        GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Expires, Pragma, Content-Type, Backoff, Last-Modified, Cache-Control, ETag
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 22 Jan 2023 20:17:30 GMT
age: 3121
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471

URL HTTP/1.1

ocsp.digicert.com/
IP

93.184.220.29:0
ASN

#15133 EDGECAST

Magic

data

Size

471
Hash

0c74880fa99032b5c3831c179d702419

0020b368309735c94d8053d3781a7efb7283cfc5

437e2d4e2bbfb33b0ff696172378ce55a0a5ed005a1b8c4005eab4a6995a3042

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6284
Cache-Control: max-age=135720
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 21:09:31 GMT
Etag: "63ccfca7-1d7"
Expires: Tue, 24 Jan 2023 10:51:31 GMT
Last-Modified: Sun, 22 Jan 2023 09:06:47 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

ocsp.entrust.net/

104.110.10.32

200 OK

1588

URL HTTP/1.1

ocsp.entrust.net/
IP

104.110.10.32:0
ASN

#16625 AKAMAI-AS

Magic

data

Size

1588
Hash

aed82c6cb8e24a80a0168c66813ab8d3

abbce34c51ae33033199f960c5e7fe1a94147f1c

1597d778060316739f0b805dd0d2c10a782b99cac644ee6173f5157686645dab

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "1597D778060316739F0B805DD0D2C10A782B99CAC644EE6173F5157686645DAB"
Last-Modified: Sun, 22 Jan 2023 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=1153
Expires: Sun, 22 Jan 2023 21:28:44 GMT
Date: Sun, 22 Jan 2023 21:09:31 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1588

URL HTTP/1.1

ocsp.entrust.net/
IP

104.110.10.32:0
ASN

#16625 AKAMAI-AS

Magic

data

Size

1588
Hash

aed82c6cb8e24a80a0168c66813ab8d3

abbce34c51ae33033199f960c5e7fe1a94147f1c

1597d778060316739f0b805dd0d2c10a782b99cac644ee6173f5157686645dab

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "1597D778060316739F0B805DD0D2C10A782B99CAC644EE6173F5157686645DAB"
Last-Modified: Sun, 22 Jan 2023 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=1153
Expires: Sun, 22 Jan 2023 21:28:44 GMT
Date: Sun, 22 Jan 2023 21:09:31 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1588

URL HTTP/1.1

ocsp.entrust.net/
IP

104.110.10.32:0
ASN

#16625 AKAMAI-AS

Magic

data

Size

1588
Hash

aed82c6cb8e24a80a0168c66813ab8d3

abbce34c51ae33033199f960c5e7fe1a94147f1c

1597d778060316739f0b805dd0d2c10a782b99cac644ee6173f5157686645dab

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "1597D778060316739F0B805DD0D2C10A782B99CAC644EE6173F5157686645DAB"
Last-Modified: Sun, 22 Jan 2023 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=1202
Expires: Sun, 22 Jan 2023 21:29:33 GMT
Date: Sun, 22 Jan 2023 21:09:31 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1588

URL HTTP/1.1

ocsp.entrust.net/
IP

104.110.10.32:0
ASN

#16625 AKAMAI-AS

Magic

data

Size

1588
Hash

aed82c6cb8e24a80a0168c66813ab8d3

abbce34c51ae33033199f960c5e7fe1a94147f1c

1597d778060316739f0b805dd0d2c10a782b99cac644ee6173f5157686645dab

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "1597D778060316739F0B805DD0D2C10A782B99CAC644EE6173F5157686645DAB"
Last-Modified: Sun, 22 Jan 2023 11:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=1202
Expires: Sun, 22 Jan 2023 21:29:33 GMT
Date: Sun, 22 Jan 2023 21:09:31 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1588

URL HTTP/1.1

ocsp.entrust.net/
IP

104.110.10.32:0
ASN

#16625 AKAMAI-AS

Magic

data

Size

1588
Hash

ce646c49696d1b1dd592cfc8ea254ace

f421080c0889be97f91cb6293b5cbe2cceb9e874

7df99791141c1953ec85fc28d1d5985fc272502fc94c20dfa693e9a4d1968425

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "7DF99791141C1953EC85FC28D1D5985FC272502FC94C20DFA693E9A4D1968425"
Last-Modified: Sun, 22 Jan 2023 09:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=1818
Expires: Sun, 22 Jan 2023 21:39:49 GMT
Date: Sun, 22 Jan 2023 21:09:31 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1588

URL HTTP/1.1

ocsp.entrust.net/
IP

104.110.10.32:0
ASN

#16625 AKAMAI-AS

Magic

data

Size

1588
Hash

ce646c49696d1b1dd592cfc8ea254ace

f421080c0889be97f91cb6293b5cbe2cceb9e874

7df99791141c1953ec85fc28d1d5985fc272502fc94c20dfa693e9a4d1968425

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "7DF99791141C1953EC85FC28D1D5985FC272502FC94C20DFA693E9A4D1968425"
Last-Modified: Sun, 22 Jan 2023 09:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=1818
Expires: Sun, 22 Jan 2023 21:39:49 GMT
Date: Sun, 22 Jan 2023 21:09:31 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1588

URL HTTP/1.1

ocsp.entrust.net/
IP

104.110.10.32:0
ASN

#16625 AKAMAI-AS

Magic

data

Size

1588
Hash

ce646c49696d1b1dd592cfc8ea254ace

f421080c0889be97f91cb6293b5cbe2cceb9e874

7df99791141c1953ec85fc28d1d5985fc272502fc94c20dfa693e9a4d1968425

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "7DF99791141C1953EC85FC28D1D5985FC272502FC94C20DFA693E9A4D1968425"
Last-Modified: Sun, 22 Jan 2023 09:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=1716
Expires: Sun, 22 Jan 2023 21:38:07 GMT
Date: Sun, 22 Jan 2023 21:09:31 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1588

URL HTTP/1.1

ocsp.entrust.net/
IP

104.110.10.32:0
ASN

#16625 AKAMAI-AS

Magic

data

Size

1588
Hash

ce646c49696d1b1dd592cfc8ea254ace

f421080c0889be97f91cb6293b5cbe2cceb9e874

7df99791141c1953ec85fc28d1d5985fc272502fc94c20dfa693e9a4d1968425

HTTP Headers

                                        POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "7DF99791141C1953EC85FC28D1D5985FC272502FC94C20DFA693E9A4D1968425"
Last-Modified: Sun, 22 Jan 2023 09:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=1716
Expires: Sun, 22 Jan 2023 21:38:07 GMT
Date: Sun, 22 Jan 2023 21:09:31 GMT
Connection: keep-alive

nexus.ensighten.com/mtbank/OE-Prod/Bootstrap.js

54.230.111.14

200 OK

URL HTTP/1.1

nexus.ensighten.com/mtbank/OE-Prod/Bootstrap.js
IP

54.230.111.14:0
ASN

#16509 AMAZON-02

Magic

ASCII text

Size

15
Hash

ffe905f50d9b47e6353b68513c4d48ac

d2c2ee4201cca3be67abf771ed1f1922fa94d083

c0d8671e209f009f9c1ad8153222f942087ec193b7e87f856e60971bd5424633

HTTP Headers

                                        GET /mtbank/OE-Prod/Bootstrap.js HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://syntirogroup.com/

                                        HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 15
Connection: keep-alive
Date: Sun, 22 Jan 2023 21:09:32 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Fri, 22 Jul 2022 23:48:01 GMT
ETag: "ffe905f50d9b47e6353b68513c4d48ac"
x-amz-server-side-encryption: AES256
Cache-Control: no-cache, no-store
x-amz-version-id: aoJA4xuOoFemAhjg4lZAdeni.2iMq5FL
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Error from cloudfront
Via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: cDYTxSuIU6Z_5y3oA_LGTtH2G6adI4CykAiAxqVnc89u5Anxe3dNpg==

resources.mtb.com/r/simple-layout-responsive/css.mtb?v=08132020140516

192.216.61.78

200 OK

34712

URL HTTP/1.1

resources.mtb.com/r/simple-layout-responsive/css.mtb?v=08132020140516
IP

192.216.61.78:0
ASN

#12134 MTB

Magic

Unicode text, UTF-8 text, with very long lines (65534), with no line terminators

Size

34712
Hash

da035f53931c132155280b9c00893409

94ae91f42af9f8af8eed42934ea710bd409fdee8

2269c7300f76270849225e1b1f045bf65e36ea325d5fed63ffb55f3a5758195a

HTTP Headers

                                        GET /r/simple-layout-responsive/css.mtb?v=08132020140516 HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://syntirogroup.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Expires: Mon, 22 Jan 2024 21:09:31 GMT
Last-Modified: Sun, 22 Jan 2023 21:09:30 GMT
ETag: "1674421771:dtagent10255221104040649ShC2"
Vary: User-Agent
X-Srv: M-SC-02
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="808536280"
Date: Sun, 22 Jan 2023 21:09:30 GMT
ntCoent-Length: 258715
Cache-Control: private
Content-Encoding: gzip
Set-Cookie: dtCookie=v_4_srv_4_sn_0C0FCA2A80502C6117A487529BBC69C1_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com
TS019299a7=019f8203fddaf4d4d8ceb5c52af0d96f77275dc73c9553473ca89984fbcdb208f3fef4ccff8fe4b218371fd14f204e4d96c947a5b4; Path=/
TS0128739d=019f8203fd83eed6a283fcc8e133dab1dc9d598b889553473ca89984fbcdb208f3fef4ccff52c4d7eef6104b8a6b7b8857039cdbd4d3a2f54f2b2902efd19b40038ffcd0d7; path=/; domain=.mtb.com
TSf60233d5027=08affc4e07ab2000115b6f68950af3df399351bfb31cac2a5de4b8a05a2a383c58536bdaba2401050837adde8a113000bb60a4e5501347a1fd04330dd0a361215e381b29b788daeee1ad85327743798a0145c0e377960be533aae791e9ac6f43; Path=/
Transfer-Encoding: chunked

push.services.mozilla.com/

52.41.18.18

101 Switching Protocols

URL HTTP/1.1

push.services.mozilla.com/
IP

52.41.18.18:0
ASN

#16509 AMAZON-02

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: yVFlQOZk36LqJhhTszZqgQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                        HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: H2ZfCWK0+3/oaJx0VFTZjh3trsc=

resources.mtb.com/Assets/img/mtb-entrust.svg

192.216.61.78

200 OK

1349

URL HTTP/1.1

resources.mtb.com/Assets/img/mtb-entrust.svg
IP

192.216.61.78:0
ASN

#12134 MTB

Magic

SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1349), with no line terminators

Size

1349
Hash

9a569ad20708d7453d89fe6c72e7fcdc

60b6a41620583484642f7c826faf8e3c879a6374

b2ef3bd17aa6bc2daa7b1209f7848b30c64f3068e43162b09a216639ab430ce5

HTTP Headers

                                        GET /Assets/img/mtb-entrust.svg HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://syntirogroup.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
Content-Type: image/svg+xml
Last-Modified: Fri, 16 Dec 2022 06:42:46 GMT
Accept-Ranges: bytes
ETag: "0f7359b1911d91:0"
X-Srv: M-SC-02
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-200480893"
Date: Sun, 22 Jan 2023 21:09:31 GMT
Content-Length: 1349
Set-Cookie: TSf60233d5027=08affc4e07ab2000498d9feb66d597cd790696b21f6f992636eb36cd767d4ae142b8f44ed9c7a44c087764f9e9113000e35b5b7e86a61af7fd04330dd0a361218ab98a2a03f08d56f2ce31868ac752d759f8e1f00d27db01d7ce85bde50ae52b; Path=/

resources.mtb.com/Assets/img/mtb-equalhousinglender.svg

192.216.61.78

200 OK

230

URL HTTP/1.1

resources.mtb.com/Assets/img/mtb-equalhousinglender.svg
IP

192.216.61.78:0
ASN

#12134 MTB

Magic

SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators

Size

230
Hash

916635d10512ae6a1840614a895dcd38

db175de4c42281bb4d239c57d1b95b8e75c529ec

d58eb2802f72d0c6b1d944a1335e8fb914af44b51fe16097aad994c15b8cfbad

HTTP Headers

                                        GET /Assets/img/mtb-equalhousinglender.svg HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://syntirogroup.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
Content-Type: image/svg+xml
Last-Modified: Fri, 16 Dec 2022 06:42:46 GMT
Accept-Ranges: bytes
ETag: "0f7359b1911d91:0"
X-Srv: M-SC-02
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-1408559680"
Date: Sun, 22 Jan 2023 21:09:31 GMT
Content-Length: 230
Set-Cookie: TSf60233d5027=08affc4e07ab20006f071c77acfd31cd2807b7a263038efcabeb4bf140c8d58c8ba23887466ccd1d0824f830b3113000b71f9d9b2145a77cfd04330dd0a36121029a675d1946e7e08215c87dc8b868fd81cf0777e3b96b0c0178dc99c50e92fd; Path=/

resources.mtb.com/Assets/img/mtb-logo.svg

192.216.61.78

200 OK

2039

URL HTTP/1.1

resources.mtb.com/Assets/img/mtb-logo.svg
IP

192.216.61.78:0
ASN

#12134 MTB

Magic

SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2039), with no line terminators

Size

2039
Hash

f2b901cf895852a0866fe4a16c7f1730

c4240af1ec798477b4e65a185ddbb1b038817da4

5f5b0d9f678fe446631a33a4cbbe891a01b0ed972143702e67ae6617367096ac

HTTP Headers

                                        GET /Assets/img/mtb-logo.svg HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://syntirogroup.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
Content-Type: image/svg+xml
Last-Modified: Fri, 16 Dec 2022 06:42:46 GMT
Accept-Ranges: bytes
ETag: "0f7359b1911d91:0"
X-Srv: M-SC-02
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-919619016"
Date: Sun, 22 Jan 2023 21:09:31 GMT
Content-Length: 2039
Set-Cookie: TSf60233d5027=08affc4e07ab200011b670e472e45f219b81c8ed4119ba07bb48735647e8536464f148380f8f4bbd0803ee9e621130007310c8caaa216314fd04330dd0a361212d4044345c2d2d09572e4711241af5f98c068656f2c111e1017bc38c883609d4; Path=/

resources.mtb.com/r/simple-layout-responsive/js.mtb?v=08132020140516

192.216.61.78

200 OK

103533

URL HTTP/1.1

resources.mtb.com/r/simple-layout-responsive/js.mtb?v=08132020140516
IP

192.216.61.78:0
ASN

#12134 MTB

Magic

ASCII text, with CRLF line terminators

Size

103533
Hash

08b250830e37bab4db49f49dcfa521aa

196ea486f29834f4f74c9415c3952b725055c866

9b41dafbfb1b1f1d091bcb7593dbdae2d91dddb1c00bbb00eea511b7c9c92443

HTTP Headers

                                        GET /r/simple-layout-responsive/js.mtb?v=08132020140516 HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://syntirogroup.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Expires: Mon, 22 Jan 2024 21:09:31 GMT
Last-Modified: Sun, 22 Jan 2023 21:09:30 GMT
ETag: "1674421771:dtagent10255221104040649ShC2"
Vary: User-Agent
X-Srv: M-SC-02
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-2141200468"
Date: Sun, 22 Jan 2023 21:09:30 GMT
Cteonnt-Length: 322405
Cache-Control: private
Content-Encoding: gzip
Set-Cookie: dtCookie=v_4_srv_9_sn_FA6AF805FAC01F93871C14B14684CF66_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_1; Path=/; Domain=.mtb.com
TS019299a7=019f8203fd9f073666f18b83395566ae48b87a2216738857d0879b493cff833c74ad63a41bbfddc51230bac6a3f4b649984d352356; Path=/
TS0128739d=019f8203fd642fd8cf9b8b15db66596dcda46c98a1738857d0879b493cff833c74ad63a41b97cf2d8eb71526fb37e61c0696a49d3a598ecba8e5e14b0f5586ad2a9ad743c7; path=/; domain=.mtb.com
TSf60233d5027=08affc4e07ab2000f9eb4588a534728b72f174272d7c5ed020fc2b04a18d6dd5437422b9467f7f480894ba13771130002c76a7e2b28ab3f0fd04330dd0a361213f58fef91c4eaca2ccce4131b91cdbd65f5424e0263dd6ee11b2372707a68961; Path=/
Transfer-Encoding: chunked

resources.mtb.com/assets/fonts/mandtpg-iconfont.woff

192.216.61.78

200 OK

4776

URL HTTP/1.1

resources.mtb.com/assets/fonts/mandtpg-iconfont.woff
IP

192.216.61.78:0
ASN

#12134 MTB

Magic

Web Open Font Format, TrueType, length 4776, version 1.0\012- data

Size

4776
Hash

ac13691b89191d11d0e5577eb3cf3d53

0126fa82c0ab022e61b5de74f1fe3e204a905a7b

108d16421ae2ff7fc5157d507dc5b1bf7f62140ba58cf3c723b1f2b7e74c21df

HTTP Headers

                                        GET /assets/fonts/mandtpg-iconfont.woff HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://syntirogroup.com
Connection: keep-alive
Referer: https://resources.mtb.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
Content-Type: APPLICATION/X-WOFF
Last-Modified: Fri, 16 Dec 2022 06:42:45 GMT
Accept-Ranges: bytes
ETag: "0f7359b1911d91:0:dtagent10255221104040649ShC2"
X-Srv: M-SC-02
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Timing-Allow-Origin: *
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-1157304422", dtTao;desc="1"
Date: Sun, 22 Jan 2023 21:09:31 GMT
Content-Length: 4776
Set-Cookie: dtCookie=v_4_srv_11_sn_24E77A3F79C7F08BE6B0DFC059F103E9_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com
TS019299a7=019f8203fde9de928d816195e57286a50f90218916d3a3a65370c4e6a26f669bbaa7f86c94cdc96f1287acdc737f3e1a0fe329beb4; Path=/
TS0128739d=019f8203fd5f73409ae0b85de5e0670cc5bf637c33d3a3a65370c4e6a26f669bbaa7f86c94b998241ef47fef9f45be8679c31626ebf102a9f179790c16f9f46698b69f313f; path=/; domain=.mtb.com
TSf60233d5027=08affc4e07ab200070e67457a03b3ee2d34058e8aba4c967df39760c3c6a48bd397cb080a259f21a083c2f2b6911300072d25053f72093d4ca2c4e77260595da704937eb540909abaaca84f0c0b8dee907b38ac94b6461acf8e3c62a3c98aae1; Path=/

syntirogroup.com/Assets/scripts/Login/Index.js

162.241.115.202

404 Not Found

315

URL HTTP/1.1

syntirogroup.com/Assets/scripts/Login/Index.js
IP

162.241.115.202:0
ASN

#46606 UNIFIEDLAYER-AS-1

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text

Size

315
Hash

a34ac19f4afae63adc5d2f7bc970c07f

a82190fc530c265aa40a045c21770d967f4767b8

d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

                                        GET /Assets/scripts/Login/Index.js HTTP/1.1
Host: syntirogroup.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://syntirogroup.com/MT/mt/login.php?online_id=19a544188c35a04cb80e87d24&country={{country}}&iso=

                                        HTTP/1.1 404 Not Found
Date: Sun, 22 Jan 2023 21:09:30 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

resources.mtb.com/assets/fonts/mandtbaltoweb-book.woff

192.216.61.78

200 OK

67671

URL HTTP/1.1

resources.mtb.com/assets/fonts/mandtbaltoweb-book.woff
IP

192.216.61.78:0
ASN

#12134 MTB

Magic

Web Open Font Format, TrueType, length 67671, version 1.0\012- data

Size

67671
Hash

6cd469e8613d82d4d07834a5ca7745f0

95347ba0a03d27e1aa91bc17c937d8aefe53e6ff

4029a5a081992259f4e529190b49dbba893931da4e843dd203449f1b9a4509d2

HTTP Headers

                                        GET /assets/fonts/mandtbaltoweb-book.woff HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://syntirogroup.com
Connection: keep-alive
Referer: https://resources.mtb.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
Content-Type: APPLICATION/X-WOFF
Last-Modified: Fri, 16 Dec 2022 06:42:45 GMT
Accept-Ranges: bytes
ETag: "0f7359b1911d91:0:dtagent10255221104040649ShC2"
X-Srv: M-SC-02
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Timing-Allow-Origin: *
Server-Timing: dtSInfo;desc="0", dtRpid;desc="665330754", dtTao;desc="1"
Date: Sun, 22 Jan 2023 21:09:31 GMT
Content-Length: 67671
Set-Cookie: dtCookie=v_4_srv_6_sn_28C4D22DFC9DC75BA913D2A164390762_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com
TS019299a7=019f8203fde7bb7f9807513d7eb3c4f08200a0f46d283677aa911b82284dfc9602386f93ec54237101ebacd9aab8a9f25d683bd6b7; Path=/
TS0128739d=019f8203fd8adf70d7b823e379b1d66de5f693b1e9283677aa911b82284dfc9602386f93ec23e38b9242c6943c6f622368fe6ef87ee28d954e245451a2adc8602c51fb255a; path=/; domain=.mtb.com
TSf60233d5027=08affc4e07ab2000506be612439fced1d7300dedc0e60f5f7507151e53f67114b1adcd451a28ee8708b08f1b40113000704bc4ab9a48ca85ca2c4e77260595da75869b6eeedf5a972e071e1aa4ede87a7c4a6007b8535c4bf3f674ecc80cfe00; Path=/

resources.mtb.com/assets/fonts/mandtbaltoweb-medium.woff

192.216.61.78

200 OK

64318

URL HTTP/1.1

resources.mtb.com/assets/fonts/mandtbaltoweb-medium.woff
IP

192.216.61.78:0
ASN

#12134 MTB

Magic

Web Open Font Format, TrueType, length 64318, version 1.0\012- data

Size

64318
Hash

b245a55f7e33e1cf4d2477570936ef84

12bf1c1eda6db246778f7c343acebbaad8fa36f4

b391b55f950528937beee7687717a4aef81196817834f1c93b099713ff738fbc

HTTP Headers

                                        GET /assets/fonts/mandtbaltoweb-medium.woff HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://syntirogroup.com
Connection: keep-alive
Referer: https://resources.mtb.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/1.1 200 OK
Content-Type: APPLICATION/X-WOFF
Last-Modified: Fri, 16 Dec 2022 06:42:45 GMT
Accept-Ranges: bytes
ETag: "0f7359b1911d91:0:dtagent10255221104040649ShC2"
X-Srv: M-SC-02
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Timing-Allow-Origin: *
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-920215613", dtTao;desc="1"
Date: Sun, 22 Jan 2023 21:09:31 GMT
Content-Length: 64318
Set-Cookie: dtCookie=v_4_srv_9_sn_7780232A206A9AAB3D43DBE885777F91_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com
TS019299a7=019f8203fdb9ebcee599af33f38db8af28e8cbeabb0b3da4fead41af11022eb132d7b7fbbbaddcacf591d1ff2d72926af539320185; Path=/
TS0128739d=019f8203fd8131f02e3da665eb347d992116fcd8950b3da4fead41af11022eb132d7b7fbbbcfdfa9b6aaa9e0ea442d0f073a0495977ffb09cb9a0b8f5949117f73fa4601f7; path=/; domain=.mtb.com
TSf60233d5027=08affc4e07ab200092b2d0ea533e84f08da30c0b10e3d12feabbb1c87dd0ec77bfde4ee3cd2bab9908eb6992b8113000839b1e7309487a43ca2c4e77260595da06c82e691adce460bf4ced4aab135106af1a37343bf3ee80823afe0e510baf59; Path=/

asset.mtb.com/Documents/html/homepage/favicon.ico

143.204.55.52

200 OK

14862

URL HTTP/2

asset.mtb.com/Documents/html/homepage/favicon.ico
IP

143.204.55.52:0
ASN

#16509 AMAZON-02

Magic

PNG image data, 300 x 300, 8-bit/color RGB, non-interlaced\012- data

Size

14862
Hash

e82f458a5c1c5353a97401eccc925613

949d6c8d06ca14b52f496c20f63fae269b6708c2

cd320f6e4a5ccfb2d08a5aca1d42dc606530d63e3d779038c41865c85568cbf3

HTTP Headers

                                        GET /Documents/html/homepage/favicon.ico HTTP/1.1
Host: asset.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://syntirogroup.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
content-type: image/x-icon
content-length: 14862
accept-ranges: bytes
cache-control: max-age=3600, no-cache="set-cookie"
content-disposition: inline
content-encoding: gzip
date: Sun, 22 Jan 2023 20:39:50 GMT
last-modified: Wed, 04 May 2022 18:18:59 GMT
server: Apache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
x-dispatcher: dispatcher1useast1
x-frame-options: SAMEORIGIN
x-vhost: publish
etag: "3dce-5de33a8b9cac0-gzip"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: UOLj2fpIcQ1rojhEhg3H5liTYc88tPZ7CxMRj9jgdRghcK2sPH0n3w==
age: 1782
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.33.119.27:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

a618971ebc90b5698ddbabc4637e3345

f920b73a7c9b57d77194ba8ba406664d8469b6b6

f7c66c647552a10c53d758e1eedd450226c969b0001a25a616773d57f10e16bf

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F7C66C647552A10C53D758E1EEDD450226C969B0001A25A616773D57F10E16BF"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3260
Expires: Sun, 22 Jan 2023 22:03:52 GMT
Date: Sun, 22 Jan 2023 21:09:32 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.33.119.27:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

a618971ebc90b5698ddbabc4637e3345

f920b73a7c9b57d77194ba8ba406664d8469b6b6

f7c66c647552a10c53d758e1eedd450226c969b0001a25a616773d57f10e16bf

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F7C66C647552A10C53D758E1EEDD450226C969B0001A25A616773D57F10E16BF"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3260
Expires: Sun, 22 Jan 2023 22:03:52 GMT
Date: Sun, 22 Jan 2023 21:09:32 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.33.119.27:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

a618971ebc90b5698ddbabc4637e3345

f920b73a7c9b57d77194ba8ba406664d8469b6b6

f7c66c647552a10c53d758e1eedd450226c969b0001a25a616773d57f10e16bf

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F7C66C647552A10C53D758E1EEDD450226C969B0001A25A616773D57F10E16BF"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3260
Expires: Sun, 22 Jan 2023 22:03:52 GMT
Date: Sun, 22 Jan 2023 21:09:32 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.33.119.27:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

a618971ebc90b5698ddbabc4637e3345

f920b73a7c9b57d77194ba8ba406664d8469b6b6

f7c66c647552a10c53d758e1eedd450226c969b0001a25a616773d57f10e16bf

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F7C66C647552A10C53D758E1EEDD450226C969B0001A25A616773D57F10E16BF"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3260
Expires: Sun, 22 Jan 2023 22:03:52 GMT
Date: Sun, 22 Jan 2023 21:09:32 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503

URL HTTP/1.1

r3.o.lencr.org/
IP

23.33.119.27:0
ASN

#20940 Akamai International B.V.

Magic

data

Size

503
Hash

a618971ebc90b5698ddbabc4637e3345

f920b73a7c9b57d77194ba8ba406664d8469b6b6

f7c66c647552a10c53d758e1eedd450226c969b0001a25a616773d57f10e16bf

HTTP Headers

                                        POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F7C66C647552A10C53D758E1EEDD450226C969B0001A25A616773D57F10E16BF"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3260
Expires: Sun, 22 Jan 2023 22:03:52 GMT
Date: Sun, 22 Jan 2023 21:09:32 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc284e6ec-6c43-4a8d-a291-83519d5a4d4c.jpeg

34.120.237.76

200 OK

8221

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc284e6ec-6c43-4a8d-a291-83519d5a4d4c.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

8221
Hash

6f86ec004a2042b4030cd2cce2bf1e1d

e3c00dcc55f095f03a6f4505960ac1cee0b3877c

64b5084d4145d5931af05c335d21e31e75db30b1f9e8a2efd92fc4cd0aa7ac07

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc284e6ec-6c43-4a8d-a291-83519d5a4d4c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 8221
x-amzn-requestid: 02db02af-4f05-450d-9370-0e7a9dda6948
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHOEWGUMoAMF2QQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5d4e-050e7cdf21878aa159f36d0b;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:46:54 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2bxIP5fBGoswPsQAvhRGhNlrHNQtiCpgWFr_S3fjQuyEXPW8amllzw==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 981753271eb5b6d11bc29d52f173a5da.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 21:58:50 GMT
age: 83442
etag: "e3c00dcc55f095f03a6f4505960ac1cee0b3877c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10988

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F831c16ae-85e5-4da2-b22e-f840afcd3678.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

10988
Hash

5a7ab95a69ddfa5014258076e66a6e19

1a54cca86788536002d6d18c5180ccf265ba1169

09348afd6055b26b5dba6f8f6ef763d52e6e040c039c6f763d64f71b8ca08d51

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F831c16ae-85e5-4da2-b22e-f840afcd3678.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 10988
x-amzn-requestid: 67c03c6c-3896-4890-a75b-ecd7c1c1a4e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3foHG8tIAMF3XQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c61300-2de17e5b0225f9427c197bc5;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 03:16:16 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tYwSI7_1wwDixmup43f8j54sJ541GjyzB2rboENRXfSpuwPKImlNjA==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Sun, 22 Jan 2023 01:38:03 GMT
age: 70289
etag: "1a54cca86788536002d6d18c5180ccf265ba1169"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6102

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F612dbd3f-3cd3-44bd-8729-b4d4aa118f87.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

6102
Hash

5b7dac109bc648666356225a0d21ed17

f07e82cffe064c296cb1b2c80f7b09feb7552bbe

cc8997d71cd85021addccb0f6a0f00edf95f9747333ff0a436581db4ede78f51

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F612dbd3f-3cd3-44bd-8729-b4d4aa118f87.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 6102
x-amzn-requestid: 256e7b90-3052-41f7-abcf-43c455a2ee7c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHOFfEZtIAMFWhA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5d56-3237bb0a1f86766b5eb86e82;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:47:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PcHoBpKnLZj86KR261shofMwYYOoYLkwFHLgXS4ICo5jaySNb3f8_Q==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 22:00:49 GMT
age: 83323
etag: "f07e82cffe064c296cb1b2c80f7b09feb7552bbe"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4796

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d78dc13-3c8d-4c31-8f64-3f9de4ba79d1.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

4796
Hash

2aec02a691f126259e2a3c701e322ffe

af9161eefc1ee381a8f531c593ea7354d73493eb

e0094d54ca9bbbc4154abec2ce152453ddb1544e020b4a859e5da1f7073a26d0

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d78dc13-3c8d-4c31-8f64-3f9de4ba79d1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 4796
x-amzn-requestid: 9ad3dcbc-3d19-4619-a8cb-b316a8d51290
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e7ULpHgKIAMFmYg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c79a4a-769bcf2f4d7787d007ec30e2;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 07:05:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: cpUKWrVc9VnFVE6eDSZon8G9ZIpx11BZgd-2uthefrTP3cSet1hmXQ==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sun, 22 Jan 2023 12:57:16 GMT
age: 29536
etag: "af9161eefc1ee381a8f531c593ea7354d73493eb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8057

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd68d33e7-2d1d-4f9d-9544-28746d9156e6.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

8057
Hash

4e71636bb9a13ad7d52d253e16cd6a3f

401dd58e34982d3434739b9a2f7182487ea1cac5

1ac336df72b6eb569983e197f094378a26a175113249bedca0610cabd57e2e54

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd68d33e7-2d1d-4f9d-9544-28746d9156e6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 8057
x-amzn-requestid: 5469b005-6740-4f3d-80ca-a45fd39cae68
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHNkCFiZoAMF8oQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5c80-210da08f113a3273257b7d61;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:43:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: bvxndyaEjWVBvL2nJxC78dz74Pd-mf2NwURh-C-y548P9KfPZiWaZQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 21:54:17 GMT
age: 83715
etag: "401dd58e34982d3434739b9a2f7182487ea1cac5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10204

URL HTTP/2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0b111b9-f539-44ed-9667-4c69b6c7fc17.jpeg
IP

34.120.237.76:0
ASN

#15169 GOOGLE

Magic

JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data

Size

10204
Hash

948fa7fe4ba4b6dd0d31cbcb06fc0957

664552f4c80796a63353e62196bd6e05177e4d95

342a38f0c7e058c3e5ef402df230c656926baea5e82f912ff5f1efb1889a6150

HTTP Headers

                                        GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd0b111b9-f539-44ed-9667-4c69b6c7fc17.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                        HTTP/2 200 OK
server: nginx
content-length: 10204
x-amzn-requestid: a3fe3da3-19c8-40cc-945a-12b9985a948e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fBYXGGAZoAMF6Mw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ca0760-3b65934a7cad371d7b049ae2;Sampled=0
x-amzn-remapped-date: Fri, 20 Jan 2023 03:15:44 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: KvDIbsxcuLhmy8IkuaziGP0ABqEEf-JVOezo1vUc8mDLf2-hvF6Xwg==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 22 Jan 2023 03:46:37 GMT
age: 62575
etag: "664552f4c80796a63353e62196bd6e05177e4d95"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

#1 JS:Script (size: 4553)

#2 JS:Script (size: 15)

#3 JS:Script (size: 322405)

HTTP Transactions (44)

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

Magic

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN