Report - aslottonownext.line.pm/

Report Overview

Submitted URL
aslottonownext.line.pm/
IP
45.42.203.197
ASN
#40676 AS40676
Submitted
2023-02-01 09:04:55
Access
Website Title
Final URL
Tags
dyndns
urlquery detections
Suspicious - DynDNS domain

Detections

urlquery
19
Network Intrusion Detection
2
Threat Detection Systems
108

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	3.4 kB	8.9 kB	23.36.77.32
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
aslottonownext.line.pm	unknown	2023-01-31T20:42:53Z	2023-03-03T11:12:18Z	7.5 kB	23 kB	45.42.203.197
ocsp.entrust.net	1208	2014-01-10T03:18:45Z	2023-03-13T05:09:58Z	2.4 kB	14 kB	104.110.10.32
asset.mtb.com	246397	2017-02-13T05:24:51Z	2023-03-13T01:40:13Z	412 B	16 kB	54.230.111.59
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	35.163.168.122
resources.mtb.com	144011	2014-11-08T15:57:30Z	2023-03-13T01:25:18Z	3.5 kB	286 kB	192.216.61.78
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	63 kB	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-02-01 09:05:05	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.line .pm Domain
2023-02-01 09:05:05	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.line .pm Domain

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-01-31	medium	aslottonownext.line.pm/	M & T Bank Coporation
2023-01-31	medium	aslottonownext.line.pm/	M & T Bank Coporation
2023-01-31	medium	aslottonownext.line.pm/	M & T Bank Coporation
2023-01-31	medium	aslottonownext.line.pm/	M & T Bank Coporation
2023-01-31	medium	aslottonownext.line.pm/	M & T Bank Coporation
2023-01-31	medium	aslottonownext.line.pm/	M & T Bank Coporation
2023-01-31	medium	aslottonownext.line.pm/	M & T Bank Coporation
2023-01-31	medium	aslottonownext.line.pm/	M & T Bank Coporation
2023-01-31	medium	aslottonownext.line.pm/	M & T Bank Coporation
2023-01-31	medium	aslottonownext.line.pm/	M & T Bank Coporation
2023-01-31	medium	aslottonownext.line.pm/	M & T Bank Coporation
2023-01-31	medium	aslottonownext.line.pm/	M & T Bank Coporation
2023-01-31	medium	aslottonownext.line.pm/	M & T Bank Coporation
2023-01-31	medium	aslottonownext.line.pm/	M & T Bank Coporation
2023-01-31	medium	aslottonownext.line.pm/	M & T Bank Coporation
2023-01-31	medium	aslottonownext.line.pm/	M & T Bank Coporation
2023-01-31	medium	aslottonownext.line.pm/	M & T Bank Coporation
2023-01-31	medium	aslottonownext.line.pm/	M & T Bank Coporation

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-01	medium	aslottonownext.line.pm/	Phishing
2023-02-01	medium	aslottonownext.line.pm/TSPD/0856addebbab2000240df4b85f20ab5ae11296b2f080cbf7c90f0c4887955ec2ea382b5f255479e3?type=9	Phishing
2023-02-01	medium	aslottonownext.line.pm/TSPD/0856addebbab2000240df4b85f20ab5ae11296b2f080cbf7c90f0c4887955ec2ea382b5f255479e3?type=17	Phishing
2023-02-01	medium	aslottonownext.line.pm/TSPD/0856addebbab2000240df4b85f20ab5ae11296b2f080cbf7c90f0c4887955ec2ea382b5f255479e3?type=17	Phishing
2023-02-01	medium	aslottonownext.line.pm/TSPD/0856addebbab2000240df4b85f20ab5ae11296b2f080cbf7c90f0c4887955ec2ea382b5f255479e3?type=9	Phishing
2023-02-01	medium	aslottonownext.line.pm/Assets/js/mtb_app_wbk.js	Phishing
2023-02-01	medium	aslottonownext.line.pm/Assets/js/tealium_prod.js	Phishing
2023-02-01	medium	aslottonownext.line.pm/TSPD/0856addebbab2000240df4b85f20ab5ae11296b2f080cbf7c90f0c4887955ec2ea382b5f255479e3?type=17	Phishing
2023-02-01	medium	aslottonownext.line.pm/ruxitagentjs_ICA2NVfghjqrux_10255221104040649.js	Phishing
2023-02-01	medium	aslottonownext.line.pm/Assets/js/kessel-client-prod.js	Phishing
2023-02-01	medium	aslottonownext.line.pm/Assets/scripts/kessel-help.js	Phishing
2023-02-01	medium	aslottonownext.line.pm/Assets/scripts/Login/Index.js	Phishing
2023-02-01	medium	aslottonownext.line.pm/Assets/js/mtb_app_wbk.js	Phishing
2023-02-01	medium	aslottonownext.line.pm/ruxitagentjs_ICA2NVfghjqrux_10255221104040649.js	Phishing
2023-02-01	medium	aslottonownext.line.pm/Assets/js/tealium_prod.js	Phishing
2023-02-01	medium	aslottonownext.line.pm/Assets/js/kessel-client-prod.js	Phishing
2023-02-01	medium	aslottonownext.line.pm/Assets/scripts/kessel-help.js	Phishing
2023-02-01	medium	aslottonownext.line.pm/Assets/scripts/Login/Index.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-02-01	medium	line.pm	Sinkholed
2023-02-01	medium	line.pm	Sinkholed
2023-02-01	medium	line.pm	Sinkholed
2023-02-01	medium	line.pm	Sinkholed
2023-02-01	medium	line.pm	Sinkholed
2023-02-01	medium	line.pm	Sinkholed
2023-02-01	medium	line.pm	Sinkholed
2023-02-01	medium	line.pm	Sinkholed
2023-02-01	medium	line.pm	Sinkholed
2023-02-01	medium	line.pm	Sinkholed
2023-02-01	medium	line.pm	Sinkholed
2023-02-01	medium	line.pm	Sinkholed
2023-02-01	medium	line.pm	Sinkholed
2023-02-01	medium	line.pm	Sinkholed
2023-02-01	medium	line.pm	Sinkholed
2023-02-01	medium	line.pm	Sinkholed
2023-02-01	medium	line.pm	Sinkholed
2023-02-01	medium	line.pm	Sinkholed

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	aslottonownext.line.pm/	4.6 kB	2023-03-12	2023-03-26
Pretty URL aslottonownext.line.pm/ IP 45.42.203.197 ASN #40676 AS40676 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 08:07:12 Last Seen2023-03-26 01:30:34 Times Seen6 Hash beb85037b4ee378d39c9c7436b678ea3 a088af0397b6c7f1d0dc20c1fe9c944a02673bc4 396a33c0f8594a6892aab62c3541d923ed88a79de7262b7b00d079a0addf233f Loading...

	aslottonownext.line.pm/	4.4 kB	2023-03-12	2023-03-26
Pretty URL aslottonownext.line.pm/ IP 45.42.203.197 ASN #40676 AS40676 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 08:07:12 Last Seen2023-03-26 01:30:34 Times Seen6 Hash 1bc3dbf12cc3d5320eb85ac0a65326d0 854d93526cce7134668c36ce6a8ed6da53513e5b 0538049e0bc080e97ad2758f2875cc7ce1adfa8257e67758728a356aee769943 Loading...

	resources.mtb.com/r/simple-layout-responsive/js.mtb?v=12082022125000	322 kB	2023-03-07	2024-04-14
Pretty URL resources.mtb.com/r/simple-layout-responsive/js.mtb?v=12082022125000 IP 192.216.61.78 ASN #12134 MTB Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:36 Last Seen2024-04-14 19:38:09 Times Seen2461 Hash 9c5a48bd789473f18b8bf7bd777371f9 f84d9237854640f2b0cc554b816c17d11376af5a 6ef98ef294d03000d904d5f868598dc98667a0d00338cee40b3080a9d725d1cd Loading...

HTTP Transactions (55)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7e05c8461bd2dc5a149f71e2c465ea29
705983959c887e243cb55a8a1796757b579ee977
4d9ea085d5dda9dabed11af9847c2b0aa6182358673b356a4e2bd631e22a9922

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4D9EA085D5DDA9DABED11AF9847C2B0AA6182358673B356A4E2BD631E22A9922"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13853
Expires: Wed, 01 Feb 2023 12:55:37 GMT
Date: Wed, 01 Feb 2023 09:04:44 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
62de35a6c8e4efd7633fc5236b5b086f
6a92912a86dfcd0330d040cef06bef36889c76ab
ebb8ca05df5ba73b92174105d54d192a8d9e3e10fba48bf96161b0cb759220ec

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EBB8CA05DF5BA73B92174105D54D192A8D9E3E10FBA48BF96161B0CB759220EC"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4892
Expires: Wed, 01 Feb 2023 10:26:16 GMT
Date: Wed, 01 Feb 2023 09:04:44 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 01 Feb 2023 08:36:00 GMT
content-type: application/json
age: 1724
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
09ee4b0fe6cf4ca5ed31b24452338d00
7e62b6e20f0d4737f4a8d94f9818a0883027839e
56da08e18a408d7313de4e598984a251a0ecf85bbba98b421be9aebeb98835af

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "56DA08E18A408D7313DE4E598984A251A0ECF85BBBA98B421BE9AEBEB98835AF"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9684
Expires: Wed, 01 Feb 2023 11:46:08 GMT
Date: Wed, 01 Feb 2023 09:04:44 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 0jGVYuyQmit4bHB18iA+UOvk6UC7882GWINyzqEjaMGiQHuZ8/jxkLLTEiyn4Zetk9KR/wdyYvc=
x-amz-request-id: SGTCA25FV9G9CNFX
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 01 Feb 2023 08:22:35 GMT
age: 2529
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
03edbbad8337653f36564223d82a66a1
9f3bc6fdbf5bbfd8de978f9324a102c8439a6d70
6388413192b2bd6e688990ce5b34a8ad8cc92cc8c7339910638ea3367e45554c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6388413192B2BD6E688990CE5B34A8AD8CC92CC8C7339910638EA3367E45554C"
Last-Modified: Tue, 31 Jan 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21586
Expires: Wed, 01 Feb 2023 15:04:30 GMT
Date: Wed, 01 Feb 2023 09:04:44 GMT
Connection: keep-alive

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 09:04:44 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

aslottonownext.line.pm/

45.42.203.197

200 OK

6.1 kB

URL HTTP/1.1
aslottonownext.line.pm/
IP
45.42.203.197:0
ASN
#40676 AS40676

File type
PHP script text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7660)
Size
6.1 kB (6051 bytes)
Hash
d46d50e6391d76823d3249377a9cc7aa
8b8911080e44915c2c197646c4d909bd292c916e
8f18e2464c582dc359245beffc3ff716d20a399cd07b1bf2ab070f07e6ca1d81

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	M & T Bank Coporation
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: aslottonownext.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 09:04:44 GMT
Content-Type: text/html
Content-Length: 6051
Connection: keep-alive
Last-Modified: Tue, 31 Jan 2023 19:43:54 GMT
ETag: "437b-5f3948d454384-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip

aslottonownext.line.pm/TSPD/0856addebbab2000240df4b85f20ab5ae11296b2f080cbf7c90f0c4887955ec2ea382b5f255479e3?type=9

45.42.203.197

404 Not Found

726 B

URL HTTP/1.1
aslottonownext.line.pm/TSPD/0856addebbab2000240df4b85f20ab5ae11296b2f080cbf7c90f0c4887955ec2ea382b5f255479e3?type=9
IP
45.42.203.197:0
ASN
#40676 AS40676

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
726 B (726 bytes)
Hash
e06f441a0f085d26416faed7afa09ad0
9256a85ef9301c0cd0d33cd846b5b40afcba5b41
bf63f6856a4afa5d8fb50c018cd84488661dac9c9983be7005dea1b97dd13cc1

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	M & T Bank Coporation
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /TSPD/0856addebbab2000240df4b85f20ab5ae11296b2f080cbf7c90f0c4887955ec2ea382b5f255479e3?type=9 HTTP/1.1
Host: aslottonownext.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aslottonownext.line.pm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 01 Feb 2023 09:04:45 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 31 Jan 2023 19:41:56 GMT
ETag: W/"5a1-5f394863827eb"
Content-Encoding: gzip

aslottonownext.line.pm/TSPD/0856addebbab2000240df4b85f20ab5ae11296b2f080cbf7c90f0c4887955ec2ea382b5f255479e3?type=17

45.42.203.197

404 Not Found

726 B

URL HTTP/1.1
aslottonownext.line.pm/TSPD/0856addebbab2000240df4b85f20ab5ae11296b2f080cbf7c90f0c4887955ec2ea382b5f255479e3?type=17
IP
45.42.203.197:0
ASN
#40676 AS40676

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
726 B (726 bytes)
Hash
e06f441a0f085d26416faed7afa09ad0
9256a85ef9301c0cd0d33cd846b5b40afcba5b41
bf63f6856a4afa5d8fb50c018cd84488661dac9c9983be7005dea1b97dd13cc1

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	M & T Bank Coporation
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /TSPD/0856addebbab2000240df4b85f20ab5ae11296b2f080cbf7c90f0c4887955ec2ea382b5f255479e3?type=17 HTTP/1.1
Host: aslottonownext.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aslottonownext.line.pm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 01 Feb 2023 09:04:45 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 31 Jan 2023 19:41:56 GMT
ETag: W/"5a1-5f394863827eb"
Content-Encoding: gzip

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 01 Feb 2023 08:41:42 GMT
age: 1383
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
22b9916fc1fafc9bdc9bb37f9eac8a9a
86f640e134a741a0f906a8e3a0f5c6659dd0e394
a29ee843c8a39551a1507cc6ad949ad509e33aaae8b72c58ac4884bad8b0b38e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A29EE843C8A39551A1507CC6AD949AD509E33AAAE8B72C58AC4884BAD8B0B38E"
Last-Modified: Sun, 29 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7076
Expires: Wed, 01 Feb 2023 11:02:41 GMT
Date: Wed, 01 Feb 2023 09:04:45 GMT
Connection: keep-alive

aslottonownext.line.pm/TSPD/0856addebbab2000240df4b85f20ab5ae11296b2f080cbf7c90f0c4887955ec2ea382b5f255479e3?type=17

45.42.203.197

404 Not Found

726 B

URL HTTP/1.1
aslottonownext.line.pm/TSPD/0856addebbab2000240df4b85f20ab5ae11296b2f080cbf7c90f0c4887955ec2ea382b5f255479e3?type=17
IP
45.42.203.197:0
ASN
#40676 AS40676

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
726 B (726 bytes)
Hash
e06f441a0f085d26416faed7afa09ad0
9256a85ef9301c0cd0d33cd846b5b40afcba5b41
bf63f6856a4afa5d8fb50c018cd84488661dac9c9983be7005dea1b97dd13cc1

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	M & T Bank Coporation
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /TSPD/0856addebbab2000240df4b85f20ab5ae11296b2f080cbf7c90f0c4887955ec2ea382b5f255479e3?type=17 HTTP/1.1
Host: aslottonownext.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aslottonownext.line.pm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 01 Feb 2023 09:04:45 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 31 Jan 2023 19:41:56 GMT
ETag: W/"5a1-5f394863827eb"
Content-Encoding: gzip

aslottonownext.line.pm/TSPD/0856addebbab2000240df4b85f20ab5ae11296b2f080cbf7c90f0c4887955ec2ea382b5f255479e3?type=9

45.42.203.197

404 Not Found

726 B

URL HTTP/1.1
aslottonownext.line.pm/TSPD/0856addebbab2000240df4b85f20ab5ae11296b2f080cbf7c90f0c4887955ec2ea382b5f255479e3?type=9
IP
45.42.203.197:0
ASN
#40676 AS40676

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
726 B (726 bytes)
Hash
e06f441a0f085d26416faed7afa09ad0
9256a85ef9301c0cd0d33cd846b5b40afcba5b41
bf63f6856a4afa5d8fb50c018cd84488661dac9c9983be7005dea1b97dd13cc1

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	M & T Bank Coporation
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /TSPD/0856addebbab2000240df4b85f20ab5ae11296b2f080cbf7c90f0c4887955ec2ea382b5f255479e3?type=9 HTTP/1.1
Host: aslottonownext.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aslottonownext.line.pm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 01 Feb 2023 09:04:45 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 31 Jan 2023 19:41:56 GMT
ETag: W/"5a1-5f394863827eb"
Content-Encoding: gzip

aslottonownext.line.pm/Assets/js/mtb_app_wbk.js

45.42.203.197

404 Not Found

726 B

URL HTTP/1.1
aslottonownext.line.pm/Assets/js/mtb_app_wbk.js
IP
45.42.203.197:0
ASN
#40676 AS40676

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
726 B (726 bytes)
Hash
e06f441a0f085d26416faed7afa09ad0
9256a85ef9301c0cd0d33cd846b5b40afcba5b41
bf63f6856a4afa5d8fb50c018cd84488661dac9c9983be7005dea1b97dd13cc1

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	M & T Bank Coporation
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /Assets/js/mtb_app_wbk.js HTTP/1.1
Host: aslottonownext.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aslottonownext.line.pm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 01 Feb 2023 09:04:45 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 31 Jan 2023 19:41:56 GMT
ETag: W/"5a1-5f394863827eb"
Content-Encoding: gzip

aslottonownext.line.pm/Assets/js/tealium_prod.js

45.42.203.197

404 Not Found

726 B

URL HTTP/1.1
aslottonownext.line.pm/Assets/js/tealium_prod.js
IP
45.42.203.197:0
ASN
#40676 AS40676

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
726 B (726 bytes)
Hash
e06f441a0f085d26416faed7afa09ad0
9256a85ef9301c0cd0d33cd846b5b40afcba5b41
bf63f6856a4afa5d8fb50c018cd84488661dac9c9983be7005dea1b97dd13cc1

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	M & T Bank Coporation
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /Assets/js/tealium_prod.js HTTP/1.1
Host: aslottonownext.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aslottonownext.line.pm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 01 Feb 2023 09:04:45 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 31 Jan 2023 19:41:56 GMT
ETag: W/"5a1-5f394863827eb"
Content-Encoding: gzip

aslottonownext.line.pm/TSPD/0856addebbab2000240df4b85f20ab5ae11296b2f080cbf7c90f0c4887955ec2ea382b5f255479e3?type=17

45.42.203.197

404 Not Found

726 B

URL HTTP/1.1
aslottonownext.line.pm/TSPD/0856addebbab2000240df4b85f20ab5ae11296b2f080cbf7c90f0c4887955ec2ea382b5f255479e3?type=17
IP
45.42.203.197:0
ASN
#40676 AS40676

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
726 B (726 bytes)
Hash
e06f441a0f085d26416faed7afa09ad0
9256a85ef9301c0cd0d33cd846b5b40afcba5b41
bf63f6856a4afa5d8fb50c018cd84488661dac9c9983be7005dea1b97dd13cc1

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	M & T Bank Coporation
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /TSPD/0856addebbab2000240df4b85f20ab5ae11296b2f080cbf7c90f0c4887955ec2ea382b5f255479e3?type=17 HTTP/1.1
Host: aslottonownext.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aslottonownext.line.pm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 01 Feb 2023 09:04:45 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 31 Jan 2023 19:41:56 GMT
ETag: W/"5a1-5f394863827eb"
Content-Encoding: gzip

aslottonownext.line.pm/ruxitagentjs_ICA2NVfghjqrux_10255221104040649.js

45.42.203.197

404 Not Found

726 B

URL HTTP/1.1
aslottonownext.line.pm/ruxitagentjs_ICA2NVfghjqrux_10255221104040649.js
IP
45.42.203.197:0
ASN
#40676 AS40676

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
726 B (726 bytes)
Hash
e06f441a0f085d26416faed7afa09ad0
9256a85ef9301c0cd0d33cd846b5b40afcba5b41
bf63f6856a4afa5d8fb50c018cd84488661dac9c9983be7005dea1b97dd13cc1

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	M & T Bank Coporation
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /ruxitagentjs_ICA2NVfghjqrux_10255221104040649.js HTTP/1.1
Host: aslottonownext.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aslottonownext.line.pm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 01 Feb 2023 09:04:45 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 31 Jan 2023 19:41:56 GMT
ETag: W/"5a1-5f394863827eb"
Content-Encoding: gzip

aslottonownext.line.pm/Assets/js/kessel-client-prod.js

45.42.203.197

404 Not Found

726 B

URL HTTP/1.1
aslottonownext.line.pm/Assets/js/kessel-client-prod.js
IP
45.42.203.197:0
ASN
#40676 AS40676

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
726 B (726 bytes)
Hash
e06f441a0f085d26416faed7afa09ad0
9256a85ef9301c0cd0d33cd846b5b40afcba5b41
bf63f6856a4afa5d8fb50c018cd84488661dac9c9983be7005dea1b97dd13cc1

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	M & T Bank Coporation
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /Assets/js/kessel-client-prod.js HTTP/1.1
Host: aslottonownext.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aslottonownext.line.pm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 01 Feb 2023 09:04:45 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 31 Jan 2023 19:41:56 GMT
ETag: W/"5a1-5f394863827eb"
Content-Encoding: gzip

aslottonownext.line.pm/Assets/scripts/kessel-help.js

45.42.203.197

404 Not Found

726 B

URL HTTP/1.1
aslottonownext.line.pm/Assets/scripts/kessel-help.js
IP
45.42.203.197:0
ASN
#40676 AS40676

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
726 B (726 bytes)
Hash
e06f441a0f085d26416faed7afa09ad0
9256a85ef9301c0cd0d33cd846b5b40afcba5b41
bf63f6856a4afa5d8fb50c018cd84488661dac9c9983be7005dea1b97dd13cc1

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	M & T Bank Coporation
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /Assets/scripts/kessel-help.js HTTP/1.1
Host: aslottonownext.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aslottonownext.line.pm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 01 Feb 2023 09:04:45 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 31 Jan 2023 19:41:56 GMT
ETag: W/"5a1-5f394863827eb"
Content-Encoding: gzip

aslottonownext.line.pm/Assets/scripts/Login/Index.js

45.42.203.197

404 Not Found

726 B

URL HTTP/1.1
aslottonownext.line.pm/Assets/scripts/Login/Index.js
IP
45.42.203.197:0
ASN
#40676 AS40676

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
726 B (726 bytes)
Hash
e06f441a0f085d26416faed7afa09ad0
9256a85ef9301c0cd0d33cd846b5b40afcba5b41
bf63f6856a4afa5d8fb50c018cd84488661dac9c9983be7005dea1b97dd13cc1

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	M & T Bank Coporation
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /Assets/scripts/Login/Index.js HTTP/1.1
Host: aslottonownext.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aslottonownext.line.pm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 01 Feb 2023 09:04:45 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 31 Jan 2023 19:41:56 GMT
ETag: W/"5a1-5f394863827eb"
Content-Encoding: gzip

push.services.mozilla.com/

35.163.168.122

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.163.168.122:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: w6pFzmU10+QQQG/mER3AqA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: BK6oz9331t0ZbEou8lJmBdprKYk=

aslottonownext.line.pm/Assets/js/mtb_app_wbk.js

45.42.203.197

404 Not Found

726 B

URL HTTP/1.1
aslottonownext.line.pm/Assets/js/mtb_app_wbk.js
IP
45.42.203.197:0
ASN
#40676 AS40676

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
726 B (726 bytes)
Hash
e06f441a0f085d26416faed7afa09ad0
9256a85ef9301c0cd0d33cd846b5b40afcba5b41
bf63f6856a4afa5d8fb50c018cd84488661dac9c9983be7005dea1b97dd13cc1

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	M & T Bank Coporation
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /Assets/js/mtb_app_wbk.js HTTP/1.1
Host: aslottonownext.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aslottonownext.line.pm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 01 Feb 2023 09:04:46 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 31 Jan 2023 19:41:56 GMT
ETag: W/"5a1-5f394863827eb"
Content-Encoding: gzip

aslottonownext.line.pm/ruxitagentjs_ICA2NVfghjqrux_10255221104040649.js

45.42.203.197

404 Not Found

726 B

URL HTTP/1.1
aslottonownext.line.pm/ruxitagentjs_ICA2NVfghjqrux_10255221104040649.js
IP
45.42.203.197:0
ASN
#40676 AS40676

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
726 B (726 bytes)
Hash
e06f441a0f085d26416faed7afa09ad0
9256a85ef9301c0cd0d33cd846b5b40afcba5b41
bf63f6856a4afa5d8fb50c018cd84488661dac9c9983be7005dea1b97dd13cc1

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	M & T Bank Coporation
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /ruxitagentjs_ICA2NVfghjqrux_10255221104040649.js HTTP/1.1
Host: aslottonownext.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aslottonownext.line.pm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 01 Feb 2023 09:04:46 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 31 Jan 2023 19:41:56 GMT
ETag: W/"5a1-5f394863827eb"
Content-Encoding: gzip

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
e03a5c475ae20dee22b8fc035845b2c1
c6df138d4c357704d88f103c8f4ec3f614d7b51f
a5ccee90cb2d16c26a6c6d6c1d0d2c4e53ba409b88feab5a626623bbaac3de12

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "A5CCEE90CB2D16C26A6C6D6C1D0D2C4E53BA409B88FEAB5A626623BBAAC3DE12"
Last-Modified: Tue, 31 Jan 2023 23:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3563
Expires: Wed, 01 Feb 2023 10:04:09 GMT
Date: Wed, 01 Feb 2023 09:04:46 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
e03a5c475ae20dee22b8fc035845b2c1
c6df138d4c357704d88f103c8f4ec3f614d7b51f
a5ccee90cb2d16c26a6c6d6c1d0d2c4e53ba409b88feab5a626623bbaac3de12

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "A5CCEE90CB2D16C26A6C6D6C1D0D2C4E53BA409B88FEAB5A626623BBAAC3DE12"
Last-Modified: Tue, 31 Jan 2023 23:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3600
Expires: Wed, 01 Feb 2023 10:04:46 GMT
Date: Wed, 01 Feb 2023 09:04:46 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
e03a5c475ae20dee22b8fc035845b2c1
c6df138d4c357704d88f103c8f4ec3f614d7b51f
a5ccee90cb2d16c26a6c6d6c1d0d2c4e53ba409b88feab5a626623bbaac3de12

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "A5CCEE90CB2D16C26A6C6D6C1D0D2C4E53BA409B88FEAB5A626623BBAAC3DE12"
Last-Modified: Tue, 31 Jan 2023 23:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3582
Expires: Wed, 01 Feb 2023 10:04:28 GMT
Date: Wed, 01 Feb 2023 09:04:46 GMT
Connection: keep-alive

aslottonownext.line.pm/Assets/js/tealium_prod.js

45.42.203.197

404 Not Found

726 B

URL HTTP/1.1
aslottonownext.line.pm/Assets/js/tealium_prod.js
IP
45.42.203.197:0
ASN
#40676 AS40676

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
726 B (726 bytes)
Hash
e06f441a0f085d26416faed7afa09ad0
9256a85ef9301c0cd0d33cd846b5b40afcba5b41
bf63f6856a4afa5d8fb50c018cd84488661dac9c9983be7005dea1b97dd13cc1

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	M & T Bank Coporation
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /Assets/js/tealium_prod.js HTTP/1.1
Host: aslottonownext.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aslottonownext.line.pm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 01 Feb 2023 09:04:46 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 31 Jan 2023 19:41:56 GMT
ETag: W/"5a1-5f394863827eb"
Content-Encoding: gzip

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
717f883347e990456ece4f024516ed31
84a6894271a751114c65e9f397a899ab1175c9bb
d12e469fde079c37baead9eea142667d9d1d05da9e9cb5f051bb305174b2c3d2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "D12E469FDE079C37BAEAD9EEA142667D9D1D05DA9E9CB5F051BB305174B2C3D2"
Last-Modified: Wed, 01 Feb 2023 09:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3519
Expires: Wed, 01 Feb 2023 10:03:25 GMT
Date: Wed, 01 Feb 2023 09:04:46 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
717f883347e990456ece4f024516ed31
84a6894271a751114c65e9f397a899ab1175c9bb
d12e469fde079c37baead9eea142667d9d1d05da9e9cb5f051bb305174b2c3d2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "D12E469FDE079C37BAEAD9EEA142667D9D1D05DA9E9CB5F051BB305174B2C3D2"
Last-Modified: Wed, 01 Feb 2023 09:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3570
Expires: Wed, 01 Feb 2023 10:04:16 GMT
Date: Wed, 01 Feb 2023 09:04:46 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
717f883347e990456ece4f024516ed31
84a6894271a751114c65e9f397a899ab1175c9bb
d12e469fde079c37baead9eea142667d9d1d05da9e9cb5f051bb305174b2c3d2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "D12E469FDE079C37BAEAD9EEA142667D9D1D05DA9E9CB5F051BB305174B2C3D2"
Last-Modified: Wed, 01 Feb 2023 09:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3564
Expires: Wed, 01 Feb 2023 10:04:10 GMT
Date: Wed, 01 Feb 2023 09:04:46 GMT
Connection: keep-alive

resources.mtb.com/r/simple-layout-responsive/css.mtb?v=12082022125000

192.216.61.78

200 OK

35 kB

URL HTTP/1.1
resources.mtb.com/r/simple-layout-responsive/css.mtb?v=12082022125000
IP
192.216.61.78:0
ASN
#12134 MTB

File type
Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Size
35 kB (34711 bytes)
Hash
a09551203c370fcc0c14eee4d7af4fac
6fcd08a7f0871a33ded481a49023de7c42bcdbf0
59df120e12a64898104a890d8a3d976a0c9ef2e31c0741215106fd1edfa172d9

HTTP Headers

GET /r/simple-layout-responsive/css.mtb?v=12082022125000 HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aslottonownext.line.pm/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Expires: Thu, 01 Feb 2024 09:04:46 GMT
Last-Modified: Wed, 01 Feb 2023 09:04:45 GMT
ETag: "1675242286:dtagent10255221104040649ShC2"
Vary: User-Agent
X-Srv: M-SC-02
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-103103635"
Date: Wed, 01 Feb 2023 09:04:46 GMT
Cteonnt-Length: 258715
Cache-Control: private
Content-Encoding: gzip
Set-Cookie: dtCookie=v_4_srv_1_sn_CA3DF0B4C676B0683F10CBAE1CECB9CC_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com
TS019299a7=019f8203fd45c88f7b996206e80188d1d0f26815bfa071bb98edb16381ca1e3c0e0a275f69cae0b2b65411886749cac9ac0bad465b; Path=/
TS0128739d=019f8203fd2efbb0e3eaafdf74af3087f3829fccd8a071bb98edb16381ca1e3c0e0a275f6900360690839eee90e223042c0a830b455e9c899285a829a56bbd60fb38a71516; path=/; domain=.mtb.com
TSf60233d5027=08affc4e07ab20008e604926c85b2355d91a4a36cc76f9781bb4641caed5f576a75e34ae2dd60408088462fc7c1130003322ef12d0bf34dc1fb919ba3efbd8a42518042b54b50b56f7c9606e9d439421676bb49e9a2a79eac8ae385ef2e3c8f1; Path=/
Transfer-Encoding: chunked

resources.mtb.com/Assets/img/mtb-equalhousinglender.svg

192.216.61.78

200 OK

230 B

URL HTTP/1.1
resources.mtb.com/Assets/img/mtb-equalhousinglender.svg
IP
192.216.61.78:0
ASN
#12134 MTB

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Size
230 B (230 bytes)
Hash
916635d10512ae6a1840614a895dcd38
db175de4c42281bb4d239c57d1b95b8e75c529ec
d58eb2802f72d0c6b1d944a1335e8fb914af44b51fe16097aad994c15b8cfbad

HTTP Headers

GET /Assets/img/mtb-equalhousinglender.svg HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aslottonownext.line.pm/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: image/svg+xml
Last-Modified: Wed, 01 Feb 2023 07:06:24 GMT
Accept-Ranges: bytes
ETag: "0d8d1b1b36d91:0"
X-Srv: M-SC-02
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="1604394429"
Date: Wed, 01 Feb 2023 09:04:46 GMT
Content-Length: 230
Set-Cookie: TSf60233d5027=08affc4e07ab20008483856c0dfd383a97d2c2c0d0fb963c911ceaea9d1926b60c8db512ebc504050807b0d4a0113000e11c7c85a705125b1fb919ba3efbd8a4f92bd878625d997011775544208439604bb8f187605a7678ddc72ebeec86e583; Path=/

resources.mtb.com/Assets/img/mtb-logo.svg

192.216.61.78

200 OK

2.0 kB

URL HTTP/1.1
resources.mtb.com/Assets/img/mtb-logo.svg
IP
192.216.61.78:0
ASN
#12134 MTB

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2039), with no line terminators
Size
2.0 kB (2039 bytes)
Hash
f2b901cf895852a0866fe4a16c7f1730
c4240af1ec798477b4e65a185ddbb1b038817da4
5f5b0d9f678fe446631a33a4cbbe891a01b0ed972143702e67ae6617367096ac

HTTP Headers

GET /Assets/img/mtb-logo.svg HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aslottonownext.line.pm/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: image/svg+xml
Last-Modified: Wed, 01 Feb 2023 07:06:24 GMT
Accept-Ranges: bytes
ETag: "0d8d1b1b36d91:0"
X-Srv: M-SC-02
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="72453538"
Date: Wed, 01 Feb 2023 09:04:46 GMT
Content-Length: 2039
Set-Cookie: TSf60233d5027=08affc4e07ab20003dc77064fda826dcb96798ff65e4dce942c38274c65f9e38ef2a1072b81170cb085b6b9a56113000401a8577a1f58a2d1fb919ba3efbd8a4b0a702a149d3d14eb95ecfd0ccbadb884aa12a6b4d5fea6a6803d759a0553814; Path=/

resources.mtb.com/Assets/img/mtb-entrust.svg

192.216.61.78

200 OK

1.3 kB

URL HTTP/1.1
resources.mtb.com/Assets/img/mtb-entrust.svg
IP
192.216.61.78:0
ASN
#12134 MTB

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1349), with no line terminators
Size
1.3 kB (1349 bytes)
Hash
9a569ad20708d7453d89fe6c72e7fcdc
60b6a41620583484642f7c826faf8e3c879a6374
b2ef3bd17aa6bc2daa7b1209f7848b30c64f3068e43162b09a216639ab430ce5

HTTP Headers

GET /Assets/img/mtb-entrust.svg HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aslottonownext.line.pm/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: image/svg+xml
Last-Modified: Wed, 01 Feb 2023 07:06:24 GMT
Accept-Ranges: bytes
ETag: "0d8d1b1b36d91:0"
X-Srv: M-SC-02
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-423981472"
Date: Wed, 01 Feb 2023 09:04:46 GMT
Content-Length: 1349
Set-Cookie: TSf60233d5027=08affc4e07ab200047458eeb6c4e7af5393abb574e4a8577a9c5369bda159525376fd113c5df5a5908967e25621130002c3b839fc679e6d71fb919ba3efbd8a468a9ac57adfb4595ca7f84271ec1aa94660a621549b18999b7779b706983d1e0; Path=/

resources.mtb.com/r/simple-layout-responsive/js.mtb?v=12082022125000

192.216.61.78

200 OK

104 kB

URL HTTP/1.1
resources.mtb.com/r/simple-layout-responsive/js.mtb?v=12082022125000
IP
192.216.61.78:0
ASN
#12134 MTB

File type
ASCII text, with CRLF line terminators
Size
104 kB (103531 bytes)
Hash
727a0de3144aa33cd4534796486e2363
86ed4f75d976f4f5974724a6a19723798f29386e
4944e8c395c12a394fb7be2e85d249d24381a5848f743a5d63bf2b0edda3bcdc

HTTP Headers

GET /r/simple-layout-responsive/js.mtb?v=12082022125000 HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aslottonownext.line.pm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Expires: Thu, 01 Feb 2024 09:04:46 GMT
Last-Modified: Wed, 01 Feb 2023 09:04:45 GMT
ETag: "1675242286:dtagent10255221104040649ShC2"
Vary: User-Agent
X-Srv: M-SC-02
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="405888551"
Date: Wed, 01 Feb 2023 09:04:46 GMT
Cteonnt-Length: 322405
Cache-Control: private
Content-Encoding: gzip
Set-Cookie: dtCookie=v_4_srv_2_sn_957B1BFB1EBFEB4C6F14A5D059AE08D7_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com
TS019299a7=019f8203fde25904a8b064db8b5e9facde3ae63743dcab613f4bfce46f11c2f0e0616f24d3addaeee1b3fadfcbb908460c6b883bc4; Path=/
TS0128739d=019f8203fd7a3d72a4445199f5bce0c0a5b02b9338dcab613f4bfce46f11c2f0e0616f24d34b7c820a69c2236086f3c23fa88614a6b8937ff36f511ef9c038d30e4cbcb86e; path=/; domain=.mtb.com
TSf60233d5027=08affc4e07ab2000e6452c6b89dffc8d5749fafdbc7b6596de6fdee32c019625696f3a0112c93e1008da1d39db113000425204d72ffa1a191fb919ba3efbd8a4c2fbf0715bfb237a0021748963c68938342f58729fa65bb1042793b05dbe60ed; Path=/
Transfer-Encoding: chunked

resources.mtb.com/assets/fonts/mandtpg-iconfont.woff

192.216.61.78

200 OK

4.8 kB

URL HTTP/1.1
resources.mtb.com/assets/fonts/mandtpg-iconfont.woff
IP
192.216.61.78:0
ASN
#12134 MTB

File type
Web Open Font Format, TrueType, length 4776, version 1.0\012- data
Size
4.8 kB (4776 bytes)
Hash
ac13691b89191d11d0e5577eb3cf3d53
0126fa82c0ab022e61b5de74f1fe3e204a905a7b
108d16421ae2ff7fc5157d507dc5b1bf7f62140ba58cf3c723b1f2b7e74c21df

HTTP Headers

GET /assets/fonts/mandtpg-iconfont.woff HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://aslottonownext.line.pm
Connection: keep-alive
Referer: https://resources.mtb.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: APPLICATION/X-WOFF
Last-Modified: Wed, 01 Feb 2023 07:06:23 GMT
Accept-Ranges: bytes
ETag: "0d8d1b1b36d91:0:dtagent10255221104040649ShC2"
X-Srv: M-SC-02
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Timing-Allow-Origin: *
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-1110024659", dtTao;desc="1"
Date: Wed, 01 Feb 2023 09:04:46 GMT
Content-Length: 4776
Set-Cookie: dtCookie=v_4_srv_6_sn_5882756EFFB4AE6F62B4155A47792210_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com
TS019299a7=019f8203fd8a0f410cea7b2256601ad35ff6c374122f6199e370550aa125501bd97cee050c6bfca8f2d4837ee9e026c854e1ec4e28; Path=/
TS0128739d=019f8203fd799f23c86d91c99c77c04ebfce101e0b2f6199e370550aa125501bd97cee050c85105ddbbf53e1530672859a47790eae41bb86e0c61b3e98c0047e5ef13408f8; path=/; domain=.mtb.com
TSf60233d5027=08affc4e07ab2000e3ddf5eb00af15529e5a2988dc702527a737a01f0b2f88e6cc9b24e3028f38e508f30e0fdf113000a2f08d1507c5d974ac809f75d66855c579000163bccad768cb1e49b15bd85d9af3b6b8bd1ecae0f33585331d249b3d41; Path=/

aslottonownext.line.pm/Assets/js/kessel-client-prod.js

45.42.203.197

404 Not Found

726 B

URL HTTP/1.1
aslottonownext.line.pm/Assets/js/kessel-client-prod.js
IP
45.42.203.197:0
ASN
#40676 AS40676

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
726 B (726 bytes)
Hash
e06f441a0f085d26416faed7afa09ad0
9256a85ef9301c0cd0d33cd846b5b40afcba5b41
bf63f6856a4afa5d8fb50c018cd84488661dac9c9983be7005dea1b97dd13cc1

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	M & T Bank Coporation
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /Assets/js/kessel-client-prod.js HTTP/1.1
Host: aslottonownext.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aslottonownext.line.pm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 01 Feb 2023 09:04:47 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 31 Jan 2023 19:41:56 GMT
ETag: W/"5a1-5f394863827eb"
Content-Encoding: gzip

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6557
Expires: Wed, 01 Feb 2023 10:54:04 GMT
Date: Wed, 01 Feb 2023 09:04:47 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6557
Expires: Wed, 01 Feb 2023 10:54:04 GMT
Date: Wed, 01 Feb 2023 09:04:47 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6557
Expires: Wed, 01 Feb 2023 10:54:04 GMT
Date: Wed, 01 Feb 2023 09:04:47 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6557
Expires: Wed, 01 Feb 2023 10:54:04 GMT
Date: Wed, 01 Feb 2023 09:04:47 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
43bc5afe1d7330aa521e0efc78185a92
f53e9daa0a32e0acf7a10d9494fb383c1d039305
429d5a3a918137cae61e9dee0f05b0d5b4c799517aa6ae30e041a2a3e7f05cac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "429D5A3A918137CAE61E9DEE0F05B0D5B4C799517AA6AE30E041A2A3E7F05CAC"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6557
Expires: Wed, 01 Feb 2023 10:54:04 GMT
Date: Wed, 01 Feb 2023 09:04:47 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg

34.120.237.76

200 OK

9.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.6 kB (9600 bytes)
Hash
3366ef4f8733cb9c89a5c88f63a0a441
7da46843b6d885f38a4759a08e6c899906ab7b97
7114397ee5c251cc5cb46f3433c2cc17ff68a08e0872e227671198e9b61eba0a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9600
x-amzn-requestid: 48094e1a-d550-4a91-b87c-4a08505f7cce
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVsWcFN7IAMF2pg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d2275c-5ced593a7e2126c9494563df;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 07:10:20 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: aZOeDFqBJQoGwLpIs-GpPvY0FKGCAOXY6MgzG32qzX-kVzUCKKv-kw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 02:29:58 GMT
age: 23689
etag: "7da46843b6d885f38a4759a08e6c899906ab7b97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30335cb7-009a-42f5-8186-d0c302adc827.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.8 kB (6819 bytes)
Hash
ec7e808a5e82552c46c3417a5b32b836
f0a273292b47d7e2e33c9d77fd95abdcc9e31ddd
f16d982224dfeb0753eaf9d4eb87d80fd1111f682fd8fa36f3177aad5bf926a4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30335cb7-009a-42f5-8186-d0c302adc827.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6819
x-amzn-requestid: a0368695-4182-40bd-9a28-c50ae783a7a5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: foJaRHGnoAMF0Ow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9890e-624285eb16110b8c2360dec5;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 21:33:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: daAf58GNG6Oy-ov_8TUeXnTcvZyW5eL_qwWz7dapr2Sy_5XSiS-3Mw==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 21:42:56 GMT
age: 40911
etag: "f0a273292b47d7e2e33c9d77fd95abdcc9e31ddd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

16 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
16 kB (15857 bytes)
Hash
4bb3a6fba496d54cdbbccaf2b9600386
8e30002699e9fbf2047f9ac11a36d2175fc9c591
927bf3a04b011b4e3bc8d8772a3d5813507f7f523312d43627767b64615562f3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 15857
x-amzn-requestid: cfe36b9d-34f6-4f3f-896e-e70ec45c4a04
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmJ2JGGWoAMFSLA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8bcf3-0dd68dd778b9aba268a129b0;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:02:11 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: pU_436f27nMZKPxZZWqZekERHFTvcG5NT5p_CYEXHRPtIWjDtSA-uA==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 07:27:41 GMT
age: 5826
etag: "8e30002699e9fbf2047f9ac11a36d2175fc9c591"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb28b8703-d49a-4e2e-80e7-cf4d081d6dba.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.7 kB (5736 bytes)
Hash
2998f7f50ac0eec931c348e8a0fb0c60
f5e411cda74cb7fb4a662f4787e9543b9749c8b5
0c81413a819e379212bf757b1c9469415aec2ac8fdf47f94ff23c420a1da20e1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb28b8703-d49a-4e2e-80e7-cf4d081d6dba.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5736
x-amzn-requestid: 895ee89b-8d2e-42f9-a392-466557f8a0d3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffEtEGk_oAMFYPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d5e7ed-026a1b0d79dc7eb572317bd2;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 03:28:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 64EbarGrn6AIpXOE8TIfiBeGFQinx-P9lUIvmiQ1ivZgFrxl7_W4EQ==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 10:37:05 GMT
age: 80862
etag: "f5e411cda74cb7fb4a662f4787e9543b9749c8b5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc960001-158a-4a74-b6ce-f28cd110ca9c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8735 bytes)
Hash
23db22ce2120fbb0ae6109e1a046062d
2068c8d9a5bc30a17be658e198e26c64a80703cf
f307ba6c4929d9f0c9354334b7baea878da379138489d9689bb777c4da308dab

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc960001-158a-4a74-b6ce-f28cd110ca9c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8735
x-amzn-requestid: f466c962-7b12-4923-a4be-7ff9fce372a0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: foJaWFP_IAMF9wA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9890e-7a8c027d58f5b9132bb68a33;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 21:33:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: XtqfgDxskGIUmZdRj2nrGDpo9KvECk528eLZV29xNx3h7CLOu49mnQ==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 21:42:19 GMT
age: 40948
etag: "2068c8d9a5bc30a17be658e198e26c64a80703cf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2c0a4094-de1e-41f3-9e75-80a725d23095.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.8 kB (9841 bytes)
Hash
c4ef3610dcd19f46f763e313d46e9df6
3cdf187d3923ec5084192adf2b0f73f8c9534a56
e67f0cf265912e3bebfa296cf4c71be24e619efb396d74432a8ff912bf6998ee

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2c0a4094-de1e-41f3-9e75-80a725d23095.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9841
x-amzn-requestid: 26093f6c-900b-425d-827c-4d70a2fa225a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPGMFHOeIAMF-4w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf83e6-29d957942dda79d0723d9e8f;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:08:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Chs87A3OGCMyp250Sz8F-sPoiOmDmlj8kUBrSrUtuEbYeD6we39KQg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 07:26:24 GMT
age: 5903
etag: "3cdf187d3923ec5084192adf2b0f73f8c9534a56"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

aslottonownext.line.pm/Assets/scripts/kessel-help.js

45.42.203.197

404 Not Found

726 B

URL HTTP/1.1
aslottonownext.line.pm/Assets/scripts/kessel-help.js
IP
45.42.203.197:0
ASN
#40676 AS40676

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
726 B (726 bytes)
Hash
e06f441a0f085d26416faed7afa09ad0
9256a85ef9301c0cd0d33cd846b5b40afcba5b41
bf63f6856a4afa5d8fb50c018cd84488661dac9c9983be7005dea1b97dd13cc1

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	M & T Bank Coporation
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /Assets/scripts/kessel-help.js HTTP/1.1
Host: aslottonownext.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aslottonownext.line.pm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 01 Feb 2023 09:04:47 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 31 Jan 2023 19:41:56 GMT
ETag: W/"5a1-5f394863827eb"
Content-Encoding: gzip

aslottonownext.line.pm/Assets/scripts/Login/Index.js

45.42.203.197

404 Not Found

726 B

URL HTTP/1.1
aslottonownext.line.pm/Assets/scripts/Login/Index.js
IP
45.42.203.197:0
ASN
#40676 AS40676

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
726 B (726 bytes)
Hash
e06f441a0f085d26416faed7afa09ad0
9256a85ef9301c0cd0d33cd846b5b40afcba5b41
bf63f6856a4afa5d8fb50c018cd84488661dac9c9983be7005dea1b97dd13cc1

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
openphish	M & T Bank Coporation
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /Assets/scripts/Login/Index.js HTTP/1.1
Host: aslottonownext.line.pm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aslottonownext.line.pm/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 01 Feb 2023 09:04:47 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 31 Jan 2023 19:41:56 GMT
ETag: W/"5a1-5f394863827eb"
Content-Encoding: gzip

resources.mtb.com/assets/fonts/mandtbaltoweb-book.woff

192.216.61.78

200 OK

68 kB

URL HTTP/1.1
resources.mtb.com/assets/fonts/mandtbaltoweb-book.woff
IP
192.216.61.78:0
ASN
#12134 MTB

File type
Web Open Font Format, TrueType, length 67671, version 1.0\012- data
Size
68 kB (67671 bytes)
Hash
6cd469e8613d82d4d07834a5ca7745f0
95347ba0a03d27e1aa91bc17c937d8aefe53e6ff
4029a5a081992259f4e529190b49dbba893931da4e843dd203449f1b9a4509d2

HTTP Headers

GET /assets/fonts/mandtbaltoweb-book.woff HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://aslottonownext.line.pm
Connection: keep-alive
Referer: https://resources.mtb.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: APPLICATION/X-WOFF
Last-Modified: Wed, 01 Feb 2023 07:06:23 GMT
Accept-Ranges: bytes
ETag: "0d8d1b1b36d91:0:dtagent10255221104040649ShC2"
X-Srv: M-SC-02
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Timing-Allow-Origin: *
Server-Timing: dtSInfo;desc="0", dtRpid;desc="520290031", dtTao;desc="1"
Date: Wed, 01 Feb 2023 09:04:46 GMT
Content-Length: 67671
Set-Cookie: dtCookie=v_4_srv_6_sn_B3652602BA490D2282BCF55A026EA0AF_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com
TS019299a7=019f8203fd8dd4956f3429cf6b596937e56034f1177f315f7829649d3a995c8b8b4fd717145d145ba3e837dfba2e421db048205f05; Path=/
TS0128739d=019f8203fd74257b5ddd48c20d155239c48a8a2aed7f315f7829649d3a995c8b8b4fd717148d68404d2bd0c7a72d24d634f3152ca566de5c1030f8b3318795993fb223da16; path=/; domain=.mtb.com
TSf60233d5027=08affc4e07ab200087313f026df14ada4ae997b3f484d391ca162116aa1100134df0717392eed85e0815aa7d02113000a7f2ddaa8e6d5d87ac809f75d66855c5019c647a346e6e327045baf2257304c6ba4a271140a1fb2ae69d365c435a167c; Path=/

resources.mtb.com/assets/fonts/mandtbaltoweb-medium.woff

192.216.61.78

200 OK

64 kB

URL HTTP/1.1
resources.mtb.com/assets/fonts/mandtbaltoweb-medium.woff
IP
192.216.61.78:0
ASN
#12134 MTB

File type
Web Open Font Format, TrueType, length 64318, version 1.0\012- data
Size
64 kB (64318 bytes)
Hash
b245a55f7e33e1cf4d2477570936ef84
12bf1c1eda6db246778f7c343acebbaad8fa36f4
b391b55f950528937beee7687717a4aef81196817834f1c93b099713ff738fbc

HTTP Headers

GET /assets/fonts/mandtbaltoweb-medium.woff HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://aslottonownext.line.pm
Connection: keep-alive
Referer: https://resources.mtb.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: APPLICATION/X-WOFF
Last-Modified: Wed, 01 Feb 2023 07:06:23 GMT
Accept-Ranges: bytes
ETag: "0d8d1b1b36d91:0:dtagent10255221104040649ShC2"
X-Srv: M-SC-02
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Timing-Allow-Origin: *
Server-Timing: dtSInfo;desc="0", dtRpid;desc="520630817", dtTao;desc="1"
Date: Wed, 01 Feb 2023 09:04:46 GMT
Content-Length: 64318
Set-Cookie: dtCookie=v_4_srv_1_sn_FA09D26AD61B75F65BD1C99E0668AE62_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_1; Path=/; Domain=.mtb.com
TS019299a7=019f8203fd41636d8894e66b2b0bc01f7a5b5e90d3fd67fcf42a846c8850f5ebc77914914f7ee5b1335149a86808f693d72100377c; Path=/
TS0128739d=019f8203fd7781fb9ae5be8f577c5cb4ebbd45e4ccfd67fcf42a846c8850f5ebc77914914f1a65292d85695c564f917b020f8177c0d5ed2b5929c1f069921277bcadfe67b1; path=/; domain=.mtb.com
TSf60233d5027=08affc4e07ab2000391ba0953ecdad09d4f23abd7517406f33ba47a40fd607fad16c354b6705714608c10c3fdb113000891d99bffaae8674ac809f75d66855c5c4eb9a0fe57aee4941c45adbe302c87f0738969afcd40d1a900c00cfb47dbcd6; Path=/

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
3f6becac13223011b0591159e1a0df2f
030d623c2e065091a9e1f67fe2ec1e07eb70b924
f594dbe21f4d5c721234e0dd8fff0acc3cf6addcd59e257be7648b1195856cb2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "F594DBE21F4D5C721234E0DD8FFF0ACC3CF6ADDCD59E257BE7648B1195856CB2"
Last-Modified: Wed, 01 Feb 2023 03:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3600
Expires: Wed, 01 Feb 2023 10:04:47 GMT
Date: Wed, 01 Feb 2023 09:04:47 GMT
Connection: keep-alive

asset.mtb.com/Documents/html/homepage/favicon.ico

54.230.111.59

200 OK

15 kB

URL HTTP/2
asset.mtb.com/Documents/html/homepage/favicon.ico
IP
54.230.111.59:0
ASN
#16509 AMAZON-02

File type
PNG image data, 300 x 300, 8-bit/color RGB, non-interlaced\012- data
Size
15 kB (14862 bytes)
Hash
e82f458a5c1c5353a97401eccc925613
949d6c8d06ca14b52f496c20f63fae269b6708c2
cd320f6e4a5ccfb2d08a5aca1d42dc606530d63e3d779038c41865c85568cbf3

HTTP Headers

GET /Documents/html/homepage/favicon.ico HTTP/1.1
Host: asset.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://aslottonownext.line.pm/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/x-icon
content-length: 14862
accept-ranges: bytes
content-disposition: inline
content-encoding: gzip
last-modified: Wed, 04 May 2022 18:18:59 GMT
server: Apache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
x-dispatcher: dispatcher2useast1
x-frame-options: SAMEORIGIN
x-vhost: publish
date: Wed, 01 Feb 2023 08:44:46 GMT
cache-control: max-age=3600, no-cache="set-cookie"
etag: "3dce-5de33a8b9cac0-gzip"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: w6v0auPc6CBt9Rq2QrWCdAYIwc6aXztAPxgJJz3v9XpRtrc7fSajpg==
age: 3230
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (55)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type