r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bea3185dd820a31c1981317f37c3456d
1a548a5d27270fc11df9011837a7149571cedd78
469b97bf9f57401b3c9571039483589f2815f4794212b75c7c85cfefe0ae71e9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "469B97BF9F57401B3C9571039483589F2815F4794212B75C7C85CFEFE0AE71E9"
Last-Modified: Wed, 22 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8381
Expires: Thu, 23 Mar 2023 13:45:03 GMT
Date: Thu, 23 Mar 2023 11:25:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 65fc860bc043f3fb83bdc3debdcd322d
418010755deae099ef1284e402813c5837a10f42
d93d50c523c7f735987aba09db628259441eb75efe713a2df3c214e1fb8b5171
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D93D50C523C7F735987ABA09DB628259441EB75EFE713A2DF3C214E1FB8B5171"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2404
Expires: Thu, 23 Mar 2023 12:05:26 GMT
Date: Thu, 23 Mar 2023 11:25:22 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bc86ef2a0cee04915bc360f5821adc8f
3658f9028cce204d38f7f48fcfaa2a8e4f54383a
aeecd718d03811322457de4f20828bdba86b277e7e0e328cae9c0a8075638454
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Backoff, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 23 Mar 2023 10:27:32 GMT
content-type: application/json
age: 3470
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 51a5d4696a6090c295850554508b51ce
c44e143c2223546e64b19f543b8101aaf3b11e97
8794223d5e8d4d276c35e2fdcc24bf99694240634dd749cd9b5bf874dec055cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8794223D5E8D4D276C35E2FDCC24BF99694240634DD749CD9B5BF874DEC055CF"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3241
Expires: Thu, 23 Mar 2023 12:19:23 GMT
Date: Thu, 23 Mar 2023 11:25:22 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: zKXPJl60t2Qkgft5P+24AplJh6HSufJFJkvpPp2sGq1ntf76wNsFnWymPcSHuY6mH+wMJUuRIwM=
x-amz-request-id: 6GQAFJR9Q1MXK6RA
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 23 Mar 2023 10:54:01 GMT
age: 1881
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
mbtinfor.cloud/597541dfef857c4e17807dd9b82f67b0/?token=5db8ca5b678d11dba165b00f9688c171063ef0aff11c3862a88a64e63ef743db57c7c71776dc881a5a6abe4c587fdfa2ad849dfd466d6fd58b4e83a5b029856e
162.241.123.12302 Moved Temporarily 0 B URL HTTP/1.1 mbtinfor.cloud/597541dfef857c4e17807dd9b82f67b0/?token=5db8ca5b678d11dba165b00f9688c171063ef0aff11c3862a88a64e63ef743db57c7c71776dc881a5a6abe4c587fdfa2ad849dfd466d6fd58b4e83a5b029856e
IP 162.241.123.12:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
NIDS Severity Alert suricata high ETPRO HUNTING Suspicious Redirect to Recursive PHP - Possible Phishing
GET /597541dfef857c4e17807dd9b82f67b0/?token=5db8ca5b678d11dba165b00f9688c171063ef0aff11c3862a88a64e63ef743db57c7c71776dc881a5a6abe4c587fdfa2ad849dfd466d6fd58b4e83a5b029856e HTTP/1.1
Host: mbtinfor.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 11:25:22 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=38a52b0dc0f67c9160075358a79a5330; path=/
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Location: ../index.php
Content-Length: 0
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 11:25:22 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Last-Modified, Retry-After, Content-Length, Alert, Cache-Control, Expires, Content-Type, Backoff, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 23 Mar 2023 11:14:33 GMT
age: 649
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 050ca4dc2182e0a27573b0d9f32b7834
bec14dc5af0d0b32210470673511acd8db404308
b6129b9d1848f75265dca4446c5399927bdaf15c7b49c083765847b0fe276eaf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B6129B9D1848F75265DCA4446C5399927BDAF15C7B49C083765847B0FE276EAF"
Last-Modified: Wed, 22 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3284
Expires: Thu, 23 Mar 2023 12:20:06 GMT
Date: Thu, 23 Mar 2023 11:25:22 GMT
Connection: keep-alive
push.services.mozilla.com/
54.148.187.127101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.148.187.127:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ZE/RwRmBWhU7/DVsdJPChA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: /YVvggtHBNxKd1CWZ7FmH509pws=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9218
Expires: Thu, 23 Mar 2023 13:59:02 GMT
Date: Thu, 23 Mar 2023 11:25:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9218
Expires: Thu, 23 Mar 2023 13:59:02 GMT
Date: Thu, 23 Mar 2023 11:25:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9218
Expires: Thu, 23 Mar 2023 13:59:02 GMT
Date: Thu, 23 Mar 2023 11:25:24 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5be1b286-007a-44a5-a6fd-872190ecfa0b.jpeg
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5be1b286-007a-44a5-a6fd-872190ecfa0b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c05bfdf1411a931d8ea9adc64b07bc74
156ef59e53564a4f2b27002b2695fafecd578d82
15d17c0df2d2b0625ecf5f576a7ff630ae8b923b28be354ad23aec6a284a801a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5be1b286-007a-44a5-a6fd-872190ecfa0b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6692
x-amzn-requestid: 3a0f6a8d-89b1-43f4-8a15-8749bdbc047b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM9d9FcOoAMFaFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b75f2-3540256d6be3d4f85bba65ea;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:41:06 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: Jj5lAwItWYm45j5kLqQnd3fhsiGsiuSiSVtrBUOolyHvPAmCc0S71A==
via: 1.1 e92cc925fc8895560cd0628c67f58828.cloudfront.net (CloudFront), 1.1 b23fb37cd7fff033ab21e3284f558a28.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Mar 2023 07:54:24 GMT
age: 12660
etag: "156ef59e53564a4f2b27002b2695fafecd578d82"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a816157-9568-4e7f-a034-14b2f1982949.jpeg
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a816157-9568-4e7f-a034-14b2f1982949.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f4a771935927950222124e14b56046df
d07fe53e4ac41048497b2732c017f6666c3eda9e
4e8388626074646c2336711be0a170ceab367c343648a32d2389dd87640251d0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a816157-9568-4e7f-a034-14b2f1982949.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4912
x-amzn-requestid: d8fcf495-12af-42ae-ad69-0ea07b1a8669
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM8H3Fl1IAMFYgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b73cb-01cbd1981a57e53b3d3cde93;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:31:55 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: soxgrR0B6Rz79QysB7qbMTsNYmkYfG8doOMPpTEd9uLlrE6WTcDKdw==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 995664ee945c06fc706b5cb8e0e650dc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 21:47:44 GMT
age: 49060
etag: "d07fe53e4ac41048497b2732c017f6666c3eda9e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93c300c4-e707-428c-9ae5-d4699c20a7ef.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93c300c4-e707-428c-9ae5-d4699c20a7ef.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 800c2662fd6ab8829a02b7d63084c38d
0917d2c376f8d2af2a436a33ce2bfe1cbdb8b239
76545e9f75dc558fdb7b54550934c7775318fb4150a9309f60e65d982d2e576e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93c300c4-e707-428c-9ae5-d4699c20a7ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5950
x-amzn-requestid: ce85112e-428d-4ca1-9dac-1d6c8c6dc74a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CKyF9EI3oAMFtyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a96f2-05c5948d6f74948b1c67d68c;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 05:49:38 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: tu0ENc_6tfykYc23nLfwYEMsi5HIfaDWF6dvzVTfX5rfjr3JrmMrCA==
via: 1.1 59456abf79b201034ab5c9cfef7355e2.cloudfront.net (CloudFront), 1.1 aabd01c4a20dae837d162bd972422efc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 22:02:44 GMT
age: 57605
etag: "0917d2c376f8d2af2a436a33ce2bfe1cbdb8b239"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fea5d4e17-e42c-49fb-a54b-d7d97ad50ba4.jpeg
34.120.237.76200 OK 7.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fea5d4e17-e42c-49fb-a54b-d7d97ad50ba4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 40d24dfcd9f0afe0e4077384f16cc494
76213c7d5c759471ed3823888860f918ac7e8f13
fbbbef0498ddf14bc9b204273a3cd416c357dceed20339c3e8c64a16b0be3caf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fea5d4e17-e42c-49fb-a54b-d7d97ad50ba4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7083
x-amzn-requestid: 52c38747-4a30-4831-87ca-7e72e5602ed0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CHY_gFu8IAMFh9g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64193b96-49c53b7c2e5ed4fc0217e357;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 05:07:34 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: XUrSSF8TgZSClR4MqJ0kuXGO-8KIguNmGe5lmVwzKXZO6CN0F9mimg==
via: 1.1 f3802d173009698413044360f84de06c.cloudfront.net (CloudFront), 1.1 f313d3df80c4dab8f5399614116801cc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 21:51:03 GMT
age: 48861
etag: "76213c7d5c759471ed3823888860f918ac7e8f13"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a7546f8-3d34-4fb4-b63f-8e8098b48c30.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a7546f8-3d34-4fb4-b63f-8e8098b48c30.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f777f840a3fc7e500c57a7cbdf88f26d
3518e8a18807209e94011806a96492e0d86ee9c9
44aa32fa1bf15785a4dd8cd6184772fb268113cbf459f5f30a70ff5ca66c9e05
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a7546f8-3d34-4fb4-b63f-8e8098b48c30.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7419
x-amzn-requestid: bc02abbe-706d-42af-b963-0163b07b87c9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: B9xbnE7OIAMFW2g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641562b0-247606a3713a20d25cf83763;Sampled=0
x-amzn-remapped-date: Sat, 18 Mar 2023 07:05:20 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: W_FZ-TYlfmS1JSvZVG4v_4Iag3ssm5J2oYgk0LBdKqv-Q0KST6FkDQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 618052a0d9c86c1a3bf663f82d041d1c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 20:21:35 GMT
age: 54229
etag: "3518e8a18807209e94011806a96492e0d86ee9c9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
34.120.237.76200 OK 4.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 85351059b67b0a42eda7e69a31b3b4b4
b798268806dc2f79f033e5872676019faf0e0cc1
86e163b7159b197d6358ab01333ac6da221de0ebe1c5da8d5cef2977d38625fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4000
x-amzn-requestid: 68dc01d7-3eed-48f6-8532-8efaa96cc1ec
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJpraEqyoAMFgNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a2315-3852cc8961365a560d1fa02f;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:17 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: k6VaCG5oTQnKOvKJnleVqxIIc9yOgdOL0oPcL0ZSVw7DZQ8_GzFoZQ==
via: 1.1 288c777a01e22425da9494dad7a69734.cloudfront.net (CloudFront), 1.1 4d8620b80ebe37d366388e117039aa8e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 21:47:43 GMT
age: 49061
etag: "b798268806dc2f79f033e5872676019faf0e0cc1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
mbtinfor.cloud/index.php
162.241.123.12302 Moved Temporarily 22 B IP 162.241.123.12:0
ASN #46606 UNIFIEDLAYER-AS-1
Hash 463423f62d72f0be0533a6b7f210fb35
af361bf21971a8a9f15d8146e05ac69c5a30834f
4dc8d44ac335e82b032a385918448022803a1f313fa4e866a08ecb3a6233c90f
GET /index.php HTTP/1.1
Host: mbtinfor.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: PHPSESSID=38a52b0dc0f67c9160075358a79a5330
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Date: Thu, 23 Mar 2023 11:25:22 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Location: 94e2e716927eb9ed3fdf65232fd64f03?token=e7b9f17aa7e6346e3216ae8c51a2df6d70b89ea58e1991fc102bac9a1f9b0ab1f6cbac9addd2d24779e7481939b03293cd1696c6ad173e6ecdd5ac348864e566
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 22
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8
mbtinfor.cloud/94e2e716927eb9ed3fdf65232fd64f03?token=e7b9f17aa7e6346e3216ae8c51a2df6d70b89ea58e1991fc102bac9a1f9b0ab1f6cbac9addd2d24779e7481939b03293cd1696c6ad173e6ecdd5ac348864e566
162.241.123.12301 Moved Permanently 398 B URL HTTP/1.1 mbtinfor.cloud/94e2e716927eb9ed3fdf65232fd64f03?token=e7b9f17aa7e6346e3216ae8c51a2df6d70b89ea58e1991fc102bac9a1f9b0ab1f6cbac9addd2d24779e7481939b03293cd1696c6ad173e6ecdd5ac348864e566
IP 162.241.123.12:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash b50710c90abb76f66dc935c14be14375
71ecd3f6aa360d29c3bdaae60476befd317978c4
ced02147804a713d7cda4d64acf56e914e4bd7b3c350f7597134573537531457
GET /94e2e716927eb9ed3fdf65232fd64f03?token=e7b9f17aa7e6346e3216ae8c51a2df6d70b89ea58e1991fc102bac9a1f9b0ab1f6cbac9addd2d24779e7481939b03293cd1696c6ad173e6ecdd5ac348864e566 HTTP/1.1
Host: mbtinfor.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: PHPSESSID=38a52b0dc0f67c9160075358a79a5330
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 23 Mar 2023 11:25:24 GMT
Server: Apache
Location: http://mbtinfor.cloud/94e2e716927eb9ed3fdf65232fd64f03/?token=e7b9f17aa7e6346e3216ae8c51a2df6d70b89ea58e1991fc102bac9a1f9b0ab1f6cbac9addd2d24779e7481939b03293cd1696c6ad173e6ecdd5ac348864e566
Content-Length: 398
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
mbtinfor.cloud/94e2e716927eb9ed3fdf65232fd64f03/?token=e7b9f17aa7e6346e3216ae8c51a2df6d70b89ea58e1991fc102bac9a1f9b0ab1f6cbac9addd2d24779e7481939b03293cd1696c6ad173e6ecdd5ac348864e566
162.241.123.12200 OK 3.0 kB URL HTTP/1.1 mbtinfor.cloud/94e2e716927eb9ed3fdf65232fd64f03/?token=e7b9f17aa7e6346e3216ae8c51a2df6d70b89ea58e1991fc102bac9a1f9b0ab1f6cbac9addd2d24779e7481939b03293cd1696c6ad173e6ecdd5ac348864e566
IP 162.241.123.12:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (717), with CRLF line terminators
Hash 26ba2c2a24353faab0a24bfb349a60bc
b4ae5afdbfc681600f404383abe77561c5ce1b8e
649fa0b9ce0a6b6ba313cee7ccb46011cd519a85f82756daa18c443182614696
GET /94e2e716927eb9ed3fdf65232fd64f03/?token=e7b9f17aa7e6346e3216ae8c51a2df6d70b89ea58e1991fc102bac9a1f9b0ab1f6cbac9addd2d24779e7481939b03293cd1696c6ad173e6ecdd5ac348864e566 HTTP/1.1
Host: mbtinfor.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: PHPSESSID=38a52b0dc0f67c9160075358a79a5330
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 11:25:24 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2952
Keep-Alive: timeout=5, max=73
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mbtinfor.cloud/TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=9
162.241.123.12404 Not Found 355 B URL HTTP/1.1 mbtinfor.cloud/TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=9
IP 162.241.123.12:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash cb50b952a1a41c3358018129e081d511
9b3ce22f173597240fd0c22ff649f3ffb9c6ea99
791b5cb893932898c350d1ec9888ee9c2feaea002431d12e9a1ba29331813be0
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
NIDS Severity Alert suricata medium ET INFO 404 Response with Javascript Variable in Page
GET /TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=9 HTTP/1.1
Host: mbtinfor.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mbtinfor.cloud/94e2e716927eb9ed3fdf65232fd64f03/?token=e7b9f17aa7e6346e3216ae8c51a2df6d70b89ea58e1991fc102bac9a1f9b0ab1f6cbac9addd2d24779e7481939b03293cd1696c6ad173e6ecdd5ac348864e566
Cookie: PHPSESSID=38a52b0dc0f67c9160075358a79a5330
HTTP/1.1 404 Not Found
Date: Thu, 23 Mar 2023 11:25:27 GMT
Server: Apache
Last-Modified: Fri, 12 Aug 2022 05:28:09 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 355
Keep-Alive: timeout=5, max=72
Connection: Keep-Alive
Content-Type: text/html
mbtinfor.cloud/TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=17
162.241.123.12404 Not Found 355 B URL HTTP/1.1 mbtinfor.cloud/TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=17
IP 162.241.123.12:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash cb50b952a1a41c3358018129e081d511
9b3ce22f173597240fd0c22ff649f3ffb9c6ea99
791b5cb893932898c350d1ec9888ee9c2feaea002431d12e9a1ba29331813be0
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
NIDS Severity Alert suricata medium ET INFO 404 Response with Javascript Variable in Page
GET /TSPD/0856addebbab2000ba949201dad9f67efc42df64f349dd0cbd91a24e357d5af05b11616b8df1b84b?type=17 HTTP/1.1
Host: mbtinfor.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mbtinfor.cloud/94e2e716927eb9ed3fdf65232fd64f03/?token=e7b9f17aa7e6346e3216ae8c51a2df6d70b89ea58e1991fc102bac9a1f9b0ab1f6cbac9addd2d24779e7481939b03293cd1696c6ad173e6ecdd5ac348864e566
Cookie: PHPSESSID=38a52b0dc0f67c9160075358a79a5330
HTTP/1.1 404 Not Found
Date: Thu, 23 Mar 2023 11:25:27 GMT
Server: Apache
Last-Modified: Fri, 12 Aug 2022 05:28:09 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 355
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html
mbtinfor.cloud/Assets/scripts/Login/Index.js
162.241.123.12404 Not Found 355 B URL HTTP/1.1 mbtinfor.cloud/Assets/scripts/Login/Index.js
IP 162.241.123.12:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash cb50b952a1a41c3358018129e081d511
9b3ce22f173597240fd0c22ff649f3ffb9c6ea99
791b5cb893932898c350d1ec9888ee9c2feaea002431d12e9a1ba29331813be0
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
NIDS Severity Alert suricata medium ET INFO 404 Response with Javascript Variable in Page
suricata medium ET INFO 404 Response with Javascript Variable in Page
GET /Assets/scripts/Login/Index.js HTTP/1.1
Host: mbtinfor.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mbtinfor.cloud/94e2e716927eb9ed3fdf65232fd64f03/?token=e7b9f17aa7e6346e3216ae8c51a2df6d70b89ea58e1991fc102bac9a1f9b0ab1f6cbac9addd2d24779e7481939b03293cd1696c6ad173e6ecdd5ac348864e566
Cookie: PHPSESSID=38a52b0dc0f67c9160075358a79a5330
HTTP/1.1 404 Not Found
Date: Thu, 23 Mar 2023 11:25:27 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 12 Aug 2022 05:28:09 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 355
Keep-Alive: timeout=5, max=75
Content-Type: text/html
mbtinfor.cloud/ruxitagentjs_ICA2SVfhjqrux_10205201218101503.js
162.241.123.12404 Not Found 355 B URL HTTP/1.1 mbtinfor.cloud/ruxitagentjs_ICA2SVfhjqrux_10205201218101503.js
IP 162.241.123.12:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash cb50b952a1a41c3358018129e081d511
9b3ce22f173597240fd0c22ff649f3ffb9c6ea99
791b5cb893932898c350d1ec9888ee9c2feaea002431d12e9a1ba29331813be0
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
NIDS Severity Alert suricata medium ET INFO 404 Response with Javascript Variable in Page
GET /ruxitagentjs_ICA2SVfhjqrux_10205201218101503.js HTTP/1.1
Host: mbtinfor.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mbtinfor.cloud/94e2e716927eb9ed3fdf65232fd64f03/?token=e7b9f17aa7e6346e3216ae8c51a2df6d70b89ea58e1991fc102bac9a1f9b0ab1f6cbac9addd2d24779e7481939b03293cd1696c6ad173e6ecdd5ac348864e566
Cookie: PHPSESSID=38a52b0dc0f67c9160075358a79a5330
HTTP/1.1 404 Not Found
Date: Thu, 23 Mar 2023 11:25:27 GMT
Server: Apache
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Last-Modified: Fri, 12 Aug 2022 05:28:09 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 355
Keep-Alive: timeout=5, max=75
Content-Type: text/html
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash ed02e401fd9d42fbd4d9d0f7734e50b4
9d7c3db352a040065330f2780a2ed308a42d926a
47753dea34aa4f2f64b316028adb92402d02ab053b291aec7b66ac6e8fc0cfcd
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "47753DEA34AA4F2F64B316028ADB92402D02AB053B291AEC7B66AC6E8FC0CFCD"
Last-Modified: Wed, 22 Mar 2023 23:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3320
Expires: Thu, 23 Mar 2023 12:20:47 GMT
Date: Thu, 23 Mar 2023 11:25:27 GMT
Connection: keep-alive
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash ed02e401fd9d42fbd4d9d0f7734e50b4
9d7c3db352a040065330f2780a2ed308a42d926a
47753dea34aa4f2f64b316028adb92402d02ab053b291aec7b66ac6e8fc0cfcd
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "47753DEA34AA4F2F64B316028ADB92402D02AB053B291AEC7B66AC6E8FC0CFCD"
Last-Modified: Wed, 22 Mar 2023 23:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3320
Expires: Thu, 23 Mar 2023 12:20:47 GMT
Date: Thu, 23 Mar 2023 11:25:27 GMT
Connection: keep-alive
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash ed02e401fd9d42fbd4d9d0f7734e50b4
9d7c3db352a040065330f2780a2ed308a42d926a
47753dea34aa4f2f64b316028adb92402d02ab053b291aec7b66ac6e8fc0cfcd
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "47753DEA34AA4F2F64B316028ADB92402D02AB053B291AEC7B66AC6E8FC0CFCD"
Last-Modified: Wed, 22 Mar 2023 23:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3320
Expires: Thu, 23 Mar 2023 12:20:47 GMT
Date: Thu, 23 Mar 2023 11:25:27 GMT
Connection: keep-alive
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash ed02e401fd9d42fbd4d9d0f7734e50b4
9d7c3db352a040065330f2780a2ed308a42d926a
47753dea34aa4f2f64b316028adb92402d02ab053b291aec7b66ac6e8fc0cfcd
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "47753DEA34AA4F2F64B316028ADB92402D02AB053B291AEC7B66AC6E8FC0CFCD"
Last-Modified: Wed, 22 Mar 2023 23:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3296
Expires: Thu, 23 Mar 2023 12:20:23 GMT
Date: Thu, 23 Mar 2023 11:25:27 GMT
Connection: keep-alive
nexus.ensighten.com/mtbank/OE-Prod/Bootstrap.js
54.230.111.14200 OK 15 B URL HTTP/1.1 nexus.ensighten.com/mtbank/OE-Prod/Bootstrap.js
IP 54.230.111.14:0
Hash ffe905f50d9b47e6353b68513c4d48ac
d2c2ee4201cca3be67abf771ed1f1922fa94d083
c0d8671e209f009f9c1ad8153222f942087ec193b7e87f856e60971bd5424633
GET /mtbank/OE-Prod/Bootstrap.js HTTP/1.1
Host: nexus.ensighten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mbtinfor.cloud/
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 15
Connection: keep-alive
Date: Thu, 23 Mar 2023 11:25:28 GMT
x-amz-replication-status: COMPLETED
Last-Modified: Fri, 03 Feb 2023 08:06:57 GMT
ETag: "ffe905f50d9b47e6353b68513c4d48ac"
x-amz-server-side-encryption: AES256
Cache-Control: no-cache, no-store
x-amz-version-id: wavO2l7VyxB9HskbZfGyDtMNoZwuEJgp
Accept-Ranges: bytes
Server: CloudFront
X-Cache: Error from cloudfront
Via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: yu_-mfA5TG3wO6GbilIthkcY47JZugIjr9N5VgTUjPZi4f4cO4M6QQ==
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash dddcc9b15d08f61a046a43eaf5f02135
ae09ab36525b50a240cba40c3b80ac1524bf80ff
f827f74d922f7313ff66ef06192edc7c472d2aedc9c889dac341152ae71593e4
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "F827F74D922F7313FF66EF06192EDC7C472D2AEDC9C889DAC341152AE71593E4"
Last-Modified: Thu, 23 Mar 2023 09:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3588
Expires: Thu, 23 Mar 2023 12:25:16 GMT
Date: Thu, 23 Mar 2023 11:25:28 GMT
Connection: keep-alive
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash dddcc9b15d08f61a046a43eaf5f02135
ae09ab36525b50a240cba40c3b80ac1524bf80ff
f827f74d922f7313ff66ef06192edc7c472d2aedc9c889dac341152ae71593e4
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "F827F74D922F7313FF66EF06192EDC7C472D2AEDC9C889DAC341152AE71593E4"
Last-Modified: Thu, 23 Mar 2023 09:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3600
Expires: Thu, 23 Mar 2023 12:25:28 GMT
Date: Thu, 23 Mar 2023 11:25:28 GMT
Connection: keep-alive
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash dddcc9b15d08f61a046a43eaf5f02135
ae09ab36525b50a240cba40c3b80ac1524bf80ff
f827f74d922f7313ff66ef06192edc7c472d2aedc9c889dac341152ae71593e4
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "F827F74D922F7313FF66EF06192EDC7C472D2AEDC9C889DAC341152AE71593E4"
Last-Modified: Thu, 23 Mar 2023 09:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3553
Expires: Thu, 23 Mar 2023 12:24:41 GMT
Date: Thu, 23 Mar 2023 11:25:28 GMT
Connection: keep-alive
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash dddcc9b15d08f61a046a43eaf5f02135
ae09ab36525b50a240cba40c3b80ac1524bf80ff
f827f74d922f7313ff66ef06192edc7c472d2aedc9c889dac341152ae71593e4
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "F827F74D922F7313FF66EF06192EDC7C472D2AEDC9C889DAC341152AE71593E4"
Last-Modified: Thu, 23 Mar 2023 09:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3550
Expires: Thu, 23 Mar 2023 12:24:38 GMT
Date: Thu, 23 Mar 2023 11:25:28 GMT
Connection: keep-alive
resources.mtb.com/r/simple-layout-responsive/css.mtb?v=08132020140516
24.75.29.77200 OK 35 kB URL HTTP/1.1 resources.mtb.com/r/simple-layout-responsive/css.mtb?v=08132020140516
IP 24.75.29.77:0
File type Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Hash a09551203c370fcc0c14eee4d7af4fac
6fcd08a7f0871a33ded481a49023de7c42bcdbf0
59df120e12a64898104a890d8a3d976a0c9ef2e31c0741215106fd1edfa172d9
GET /r/simple-layout-responsive/css.mtb?v=08132020140516 HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mbtinfor.cloud/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Expires: Fri, 22 Mar 2024 11:25:28 GMT
Last-Modified: Thu, 23 Mar 2023 11:25:27 GMT
ETag: "1679570728:dtagent10259230221142207SN+M"
Vary: User-Agent
X-Srv: B-SC-02
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="544276263"
Date: Thu, 23 Mar 2023 11:25:27 GMT
Cteonnt-Length: 258715
Cache-Control: private
Content-Encoding: gzip
Set-Cookie: dtCookie=v_4_srv_11_sn_4047F1250D204AE08F9D705B8977E979_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com
TS019299a7=01fb46a92654b86c7afe69c943fc5c1975cead462e3829a3106d4ff946ba6c0de5f1cd38199fc54dfd063404e6f532727af8a6f8fe; Path=/
TS0128739d=01fb46a9264e19ad9ad74db0bdbbfdcaf18def4dbd3829a3106d4ff946ba6c0de5f1cd38194a7164a2998c3ccbc758e95871803af9ec2abb617061c1d42fc485e003e40681; path=/; domain=.mtb.com
TSea15929a027=0856addebbab2000e580bf3a4d705353d8cef293d5649bbf9f52a0b79d296c38b0d8884f53f4715d088dadce181130002f8ea7d2dde06ef406f3172f1c44b2e97e99f948ce60d2bc2ba2e2dd031ad53ecd775e4021bab1e2bc74cb05bfa5351a; Path=/
Transfer-Encoding: chunked
resources.mtb.com/Assets/img/mtb-logo.svg
24.75.29.77200 OK 2.0 kB URL HTTP/1.1 resources.mtb.com/Assets/img/mtb-logo.svg
IP 24.75.29.77:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2039), with no line terminators
Hash f2b901cf895852a0866fe4a16c7f1730
c4240af1ec798477b4e65a185ddbb1b038817da4
5f5b0d9f678fe446631a33a4cbbe891a01b0ed972143702e67ae6617367096ac
GET /Assets/img/mtb-logo.svg HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mbtinfor.cloud/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/svg+xml
Last-Modified: Fri, 10 Mar 2023 07:27:54 GMT
Accept-Ranges: bytes
ETag: "0f90d42153d91:0"
X-Srv: B-SC-02
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="258879310"
Date: Thu, 23 Mar 2023 11:25:27 GMT
Content-Length: 2039
Set-Cookie: TSea15929a027=0856addebbab2000af72e98d19fdc93bba3dde88d13206ff057210fb4a0093ea20f1c01d8c23e2b008ca749ed11130004212e9f740f1ae6406f3172f1c44b2e9bc0732593b62f00c05d3867131d83e296e7ecc2df08ee888676ddd9d03884c2c; Path=/
resources.mtb.com/Assets/img/mtb-equalhousinglender.svg
24.75.29.77200 OK 230 B URL HTTP/1.1 resources.mtb.com/Assets/img/mtb-equalhousinglender.svg
IP 24.75.29.77:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Hash 916635d10512ae6a1840614a895dcd38
db175de4c42281bb4d239c57d1b95b8e75c529ec
d58eb2802f72d0c6b1d944a1335e8fb914af44b51fe16097aad994c15b8cfbad
GET /Assets/img/mtb-equalhousinglender.svg HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mbtinfor.cloud/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/svg+xml
Last-Modified: Fri, 10 Mar 2023 07:27:54 GMT
Accept-Ranges: bytes
ETag: "0f90d42153d91:0"
X-Srv: B-SC-02
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-284557800"
Date: Thu, 23 Mar 2023 11:25:27 GMT
Content-Length: 230
Set-Cookie: TSea15929a027=0856addebbab2000decffaace16f3c98103decf90792ee3146d6b4849fb5cbd2c4f750c19189729a0838f7ac9a113000698258be6823d9e106f3172f1c44b2e9324b236ad7b18be4ef1f6b6f4465ee13b401d68f5347a3471b20a891d90f05b1; Path=/
resources.mtb.com/Assets/img/mtb-entrust.svg
24.75.29.77200 OK 1.3 kB URL HTTP/1.1 resources.mtb.com/Assets/img/mtb-entrust.svg
IP 24.75.29.77:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1349), with no line terminators
Hash 9a569ad20708d7453d89fe6c72e7fcdc
60b6a41620583484642f7c826faf8e3c879a6374
b2ef3bd17aa6bc2daa7b1209f7848b30c64f3068e43162b09a216639ab430ce5
GET /Assets/img/mtb-entrust.svg HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mbtinfor.cloud/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: image/svg+xml
Last-Modified: Fri, 10 Mar 2023 07:27:54 GMT
Accept-Ranges: bytes
ETag: "0f90d42153d91:0"
X-Srv: B-SC-02
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-296452583"
Date: Thu, 23 Mar 2023 11:25:27 GMT
Content-Length: 1349
Set-Cookie: TSea15929a027=0856addebbab2000c04e51d57b59288af289b8031e08583de58db435b6cef8efa5c23122f7556b5c080b1d441811300037574546c8a23b3d06f3172f1c44b2e9a089ce2b753568810a2347e1143a9e066b297ea54cf4caf2d15acbbeb676b345; Path=/
resources.mtb.com/r/simple-layout-responsive/js.mtb?v=08132020140516
24.75.29.77200 OK 104 kB URL HTTP/1.1 resources.mtb.com/r/simple-layout-responsive/js.mtb?v=08132020140516
IP 24.75.29.77:0
File type ASCII text, with CRLF line terminators
Size 104 kB (103531 bytes)
Hash 709ebc99ab68894c16d41797eb08e778
76a47991fe6d37cfff3521535bf366798a97e292
3ac3d1438229e5d19ab15b5a7552eb05497af3ea08ecc93fb3c5d084d73e60b9
GET /r/simple-layout-responsive/js.mtb?v=08132020140516 HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mbtinfor.cloud/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Expires: Fri, 22 Mar 2024 11:25:28 GMT
Last-Modified: Thu, 23 Mar 2023 11:25:27 GMT
ETag: "1679570728:dtagent10259230221142207SN+M"
Vary: User-Agent
X-Srv: B-SC-02
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-304519431"
Date: Thu, 23 Mar 2023 11:25:27 GMT
ntCoent-Length: 322405
Cache-Control: private
Content-Encoding: gzip
Set-Cookie: dtCookie=v_4_srv_1_sn_E48502C8FD33C7B10894C64D3D034D1B_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com
TS019299a7=01fb46a926d24e3a5cd98974e1dfb3530025b45fd9337d1d1922d93896c8f70740215cbaf745d90b58915069df851e125a1cc2422a; Path=/
TS0128739d=01fb46a92606bde9711ff99dfc057b4fe1b4e9d556337d1d1922d93896c8f70740215cbaf7f8f9b8f59a9ffa731a7fb0482de897d11e1d5427577f94a7bb757648d1039396; path=/; domain=.mtb.com
TSea15929a027=0856addebbab2000400e880728192fca9cd0c5564b69792e5dc71bf1eb9dec0fa9d9dd785b4e8550082360e478113000316f56c7e42f826006f3172f1c44b2e934bf9c3f41887a8274805386b20676870f99d9abbaa8bed48f533ce087e0c4dd; Path=/
Transfer-Encoding: chunked
resources.mtb.com/assets/fonts/mandtpg-iconfont.woff
24.75.29.77200 OK 4.8 kB URL HTTP/1.1 resources.mtb.com/assets/fonts/mandtpg-iconfont.woff
IP 24.75.29.77:0
File type Web Open Font Format, TrueType, length 4776, version 1.0\012- data
Hash ac13691b89191d11d0e5577eb3cf3d53
0126fa82c0ab022e61b5de74f1fe3e204a905a7b
108d16421ae2ff7fc5157d507dc5b1bf7f62140ba58cf3c723b1f2b7e74c21df
GET /assets/fonts/mandtpg-iconfont.woff HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://mbtinfor.cloud
Connection: keep-alive
Referer: https://resources.mtb.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: APPLICATION/X-WOFF
Last-Modified: Fri, 10 Mar 2023 07:27:53 GMT
Accept-Ranges: bytes
ETag: "0f90d42153d91:0:dtagent10259230221142207SN+M"
X-Srv: B-SC-02
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Timing-Allow-Origin: *
Server-Timing: dtSInfo;desc="0", dtRpid;desc="996413917", dtTao;desc="1"
Date: Thu, 23 Mar 2023 11:25:27 GMT
Content-Length: 4776
Set-Cookie: dtCookie=v_4_srv_9_sn_72B432163B1CEF98836EDAD4B400B1B4_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com
TS019299a7=01fb46a926c03854bc4d583e07d798d87628265a5c050aaa86ebf6a88ff1e25dfe2c0bc96de5222e0e01280db526c6b9538aea869d; Path=/
TS0128739d=01fb46a926b9c1a84c8ea827288e0d8bd61b8d7897050aaa86ebf6a88ff1e25dfe2c0bc96daaf9d06960dfcd7f221da5d6f159ea8d2f83b8745ad3dd890c7641ec04f28238; path=/; domain=.mtb.com
TSea15929a027=0856addebbab200000c251df62271c18604e4b15cd1c12b1b8c3b03fd3d783f33a57cbe315ecfac908743f92231130000562951098385f2a06f3172f1c44b2e9b7c6b29077b1dd44f94abd3f72102ebc2092f0c1e51d50527daea404e60e353d; Path=/
mbtinfor.cloud/Assets/scripts/Login/Index.js
162.241.123.12404 Not Found 355 B URL HTTP/1.1 mbtinfor.cloud/Assets/scripts/Login/Index.js
IP 162.241.123.12:0
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash cb50b952a1a41c3358018129e081d511
9b3ce22f173597240fd0c22ff649f3ffb9c6ea99
791b5cb893932898c350d1ec9888ee9c2feaea002431d12e9a1ba29331813be0
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
NIDS Severity Alert suricata medium ET INFO 404 Response with Javascript Variable in Page
suricata medium ET INFO 404 Response with Javascript Variable in Page
GET /Assets/scripts/Login/Index.js HTTP/1.1
Host: mbtinfor.cloud
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mbtinfor.cloud/94e2e716927eb9ed3fdf65232fd64f03/?token=e7b9f17aa7e6346e3216ae8c51a2df6d70b89ea58e1991fc102bac9a1f9b0ab1f6cbac9addd2d24779e7481939b03293cd1696c6ad173e6ecdd5ac348864e566
Cookie: PHPSESSID=38a52b0dc0f67c9160075358a79a5330
HTTP/1.1 404 Not Found
Date: Thu, 23 Mar 2023 11:25:28 GMT
Server: Apache
Last-Modified: Fri, 12 Aug 2022 05:28:09 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 355
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive
Content-Type: text/html
resources.mtb.com/assets/fonts/mandtbaltoweb-book.woff
24.75.29.77200 OK 68 kB URL HTTP/1.1 resources.mtb.com/assets/fonts/mandtbaltoweb-book.woff
IP 24.75.29.77:0
File type Web Open Font Format, TrueType, length 67671, version 1.0\012- data
Hash 6cd469e8613d82d4d07834a5ca7745f0
95347ba0a03d27e1aa91bc17c937d8aefe53e6ff
4029a5a081992259f4e529190b49dbba893931da4e843dd203449f1b9a4509d2
GET /assets/fonts/mandtbaltoweb-book.woff HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://mbtinfor.cloud
Connection: keep-alive
Referer: https://resources.mtb.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: APPLICATION/X-WOFF
Last-Modified: Fri, 10 Mar 2023 07:27:53 GMT
Accept-Ranges: bytes
ETag: "0f90d42153d91:0:dtagent10259230221142207SN+M"
X-Srv: B-SC-02
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Timing-Allow-Origin: *
Server-Timing: dtSInfo;desc="0", dtRpid;desc="1599000050", dtTao;desc="1"
Date: Thu, 23 Mar 2023 11:25:27 GMT
Content-Length: 67671
Set-Cookie: dtCookie=v_4_srv_4_sn_D723083C7E559F220E66EFACB84E23B5_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_1; Path=/; Domain=.mtb.com
TS019299a7=01fb46a926bc2e8807f25fa07434c714cb2b6beb098c74bbfcfe63cfb989393e1a47ee9a5e2289736d9044067f331876b0c4412f1a; Path=/
TS0128739d=01fb46a926f7289f1ca4e162c3c5bd96d8eb0d88bc8c74bbfcfe63cfb989393e1a47ee9a5ec22b57d6fc91c62fa3dbd86d0f507b980b5ff0226399be65e47c8bf835b41791; path=/; domain=.mtb.com
TSea15929a027=0856addebbab20006e20a4f9549cdd206f8aefa5727559c7cfb8b52a6013a878ec6488ed48396b35087d46ca0e113000ae888c4a6260a2c006f3172f1c44b2e91a64024963166bcdcad128b4708affb4b1787f8b441fad03765655f0d0b60203; Path=/
resources.mtb.com/assets/fonts/mandtbaltoweb-medium.woff
24.75.29.77200 OK 64 kB URL HTTP/1.1 resources.mtb.com/assets/fonts/mandtbaltoweb-medium.woff
IP 24.75.29.77:0
File type Web Open Font Format, TrueType, length 64318, version 1.0\012- data
Hash b245a55f7e33e1cf4d2477570936ef84
12bf1c1eda6db246778f7c343acebbaad8fa36f4
b391b55f950528937beee7687717a4aef81196817834f1c93b099713ff738fbc
GET /assets/fonts/mandtbaltoweb-medium.woff HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://mbtinfor.cloud
Connection: keep-alive
Referer: https://resources.mtb.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: APPLICATION/X-WOFF
Last-Modified: Fri, 10 Mar 2023 07:27:53 GMT
Accept-Ranges: bytes
ETag: "0f90d42153d91:0:dtagent10259230221142207SN+M"
X-Srv: B-SC-02
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Timing-Allow-Origin: *
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-885036827", dtTao;desc="1"
Date: Thu, 23 Mar 2023 11:25:27 GMT
Content-Length: 64318
Set-Cookie: dtCookie=v_4_srv_9_sn_4E0EB1EF9EFFA01DA530D7729A44F65A_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com
TS019299a7=01fb46a9263766bc68e33886c013e9fb6f39cf1a43436290860e290229abe2c1ebc412d6e255501ea75c27901f5b311f8380348057; Path=/
TS0128739d=01fb46a926aff16099dd2bb6bbbc93baffd451fd7a436290860e290229abe2c1ebc412d6e290c93ed6e151191a4a2f89249bb3da25464edb7c635f33a21b6755de73a984ca; path=/; domain=.mtb.com
TSea15929a027=0856addebbab2000baaf61662b42e3a4ca512795bcde5978abbe5f6e77ecede82d79d31164355fea08ccb4d854113000a90568e9650843f406f3172f1c44b2e9fcb439a1414052f4e7e11b1c27771b4e561a04de9bbae5894d1d86ece407a290; Path=/
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash 64bbcaf8aa4aa14e359541e907a1fc7a
05561a4cad7263861af68921b4689de7dd758fd8
752075998100a9878d438f79e9bfea5e559841ebf6f26bcf9769f1dfc7413d15
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "752075998100A9878D438F79E9BFEA5E559841EBF6F26BCF9769F1DFC7413D15"
Last-Modified: Thu, 23 Mar 2023 03:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3568
Expires: Thu, 23 Mar 2023 12:24:57 GMT
Date: Thu, 23 Mar 2023 11:25:29 GMT
Connection: keep-alive
asset.mtb.com/Documents/html/homepage/favicon.ico
54.230.111.64200 OK 15 kB URL HTTP/2 asset.mtb.com/Documents/html/homepage/favicon.ico
IP 54.230.111.64:0
File type PNG image data, 300 x 300, 8-bit/color RGB, non-interlaced\012- data
Hash e82f458a5c1c5353a97401eccc925613
949d6c8d06ca14b52f496c20f63fae269b6708c2
cd320f6e4a5ccfb2d08a5aca1d42dc606530d63e3d779038c41865c85568cbf3
GET /Documents/html/homepage/favicon.ico HTTP/1.1
Host: asset.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://mbtinfor.cloud/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/x-icon
content-length: 14862
accept-ranges: bytes
content-disposition: inline
content-encoding: gzip
last-modified: Wed, 04 May 2022 18:18:59 GMT
server: Apache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
x-dispatcher: dispatcher2useast1
x-frame-options: SAMEORIGIN
x-vhost: publish
date: Thu, 23 Mar 2023 11:12:25 GMT
cache-control: max-age=3600, no-cache="set-cookie"
etag: "3dce-5de33a8b9cac0-gzip"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: IHsaN9V9Yd6HiZLfnDwaA8bJtmhSWzOtmDxyAZMzRG08cWZfB57r8g==
age: 786
X-Firefox-Spdy: h2