Report - www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052

Report Overview

Visited public
2023-09-07 21:36:18
Tags
mt_bank financial phishing
URL
www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052
Finishing URL
www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052
IP / ASN
185.187.56.100
#41847 Daniel O'Mahony
Title
Welcome
Phishing - M&T Bank

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.entrust.net	1208	1997-07-28	2014-01-10 03:18:45	2023-09-07 20:11:38	330 B	2.0 kB	2.21.194.152
resources.mtb.com	144011	2000-11-13	2014-11-08 15:57:30	2023-08-31 17:24:51	3.8 kB	319 kB	24.75.29.77
ocsp.pki.goog	175	2016-06-13	2018-07-01 08:43:07	2023-09-07 18:12:13	666 B	1.4 kB	142.250.74.131
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-09-07 19:27:48	423 B	75 kB	142.250.74.168
cdn.quantummetric.com	2877	2011-09-01	2015-09-15 07:20:52	2023-09-07 20:41:17	339 B	518 B	172.67.20.158
www.btsucks.net	unknown	2014-03-01	2019-06-09 03:28:58	2023-08-30 11:56:11	6.4 kB	46 kB	185.187.56.100
tags.tiqcdn.com	969	2012-07-11	2013-01-15 06:04:26	2023-09-07 20:13:43	2.5 kB	62 kB	143.204.55.58

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (10)

	URL	From	Size	First Seen	Last Seen
	unknown	Function	17 kB	2023-04-06	2025-04-07
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-06 15:03 Last Seen2025-04-07 11:48 Times Seen962 Hash bc34d71796091ea6e2c4b063648a41f3 fbbf474676f00b29b3befb89592e826391980aee 67a3ae3abcf4ff6083a7c463a038000aa610317487e62a9d14fc52ebd6bf20d0 Loading...

	www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052	ScriptElement	4.5 kB	2023-03-26	2024-08-21
Pretty URL www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052 IP 185.187.56.100 ASN #41847 Daniel O'Mahony Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-26 13:06 Last Seen2024-08-21 09:43 Times Seen39 Hash e6f3c23f846369be51537a4e8903cf9a 26ea95cf8988ee85caa3bec2a9a5abccbfff9ce1 f6b545983416dddbffb3004d4ba16b62c5af4a732207acd186ad9e4b2fd3bc67 Loading...

	tags.tiqcdn.com/utag/mtbank/olb-legacy/prod/utag.js	ScriptElement	34 kB	2023-07-26	2023-10-19
Pretty URL tags.tiqcdn.com/utag/mtbank/olb-legacy/prod/utag.js IP 143.204.55.58 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-26 17:05 Last Seen2023-10-19 11:49 Times Seen39 Hash d7a6443d7c3a41558e01d765623b8dd3 62ae6c8afbb9c3e13c9deb207e89fba1caf7b813 5a2b5c8b438f2c50ec35d52748274f538785eea566994a910ac7780ab7a7ceac Loading...

	resources.mtb.com/r/simple-layout-responsive/js.mtb?v=09242021103000	ScriptElement	322 kB	2023-03-07	2024-08-21
Pretty URL resources.mtb.com/r/simple-layout-responsive/js.mtb?v=09242021103000 IP 24.75.29.77 ASN #16490 MTB Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2024-08-21 09:43 Times Seen273 Hash 9c5a48bd789473f18b8bf7bd777371f9 f84d9237854640f2b0cc554b816c17d11376af5a 6ef98ef294d03000d904d5f868598dc98667a0d00338cee40b3080a9d725d1cd Loading...

	tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=mtbank/olb-legacy/202307261404&cb=1694122563016	ScriptElement	2 B	2023-03-07	2025-05-11
Pretty URL tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=mtbank/olb-legacy/202307261404&cb=1694122563016 IP 143.204.55.58 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 10:23 Times Seen12724 Hash 7bc0ee636b3b83484fc3b9348863bd22 ebbffb7d7ea5362a22bfa1bab0bfdeb1617cd610 a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb Loading...

	cdn.quantummetric.com/qscripts/quantum-mtb.js	ScriptElement	351 kB	2024-08-21	2024-08-21
Pretty URL cdn.quantummetric.com/qscripts/quantum-mtb.js IP 172.67.20.158 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-21 07:20 Last Seen2024-08-21 07:20 Times Seen1 Hash 6213400f1c13431b8cfce5be681bbb41 69a9f71775b7a8197835d8e2434a83a3f8684bdf 9900657fb3100658dafb726231fee34f45e615da4e298be94d2d3051d332842b Loading...

	www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052	ScriptElement	4.6 kB	2023-03-26	2024-08-21
Pretty URL www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052 IP 185.187.56.100 ASN #41847 Daniel O'Mahony Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-26 13:06 Last Seen2024-08-21 09:43 Times Seen39 Hash bd9e275c4c0ad9d01a65761138cff171 ecab36274fb399e030e3c2203b961e0773ad1e31 9d2532364475892ccfa201529c1c0b98b739195897268c91715044d241ef3fc3 Loading...

	tags.tiqcdn.com/utag/mtbank/olb-legacy/prod/utag.1.js?utv=ut4.48.202103120408	ScriptElement	64 kB	2023-05-10	2024-08-21
Pretty URL tags.tiqcdn.com/utag/mtbank/olb-legacy/prod/utag.1.js?utv=ut4.48.202103120408 IP 143.204.55.58 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-10 16:25 Last Seen2024-08-21 09:43 Times Seen39 Hash 153fee061109eb8ec978c389f9f1c708 bec6f9e2e70fab462b42c109100ac91d2f6cd624 180d08a84337ee1c154c51fa0cb24517648245515242a92d1f5408101b353beb Loading...

	tags.tiqcdn.com/utag/mtbank/olb-legacy/prod/utag.8.js?utv=ut4.49.202212232259	ScriptElement	12 kB	2023-07-26	2023-10-19
Pretty URL tags.tiqcdn.com/utag/mtbank/olb-legacy/prod/utag.8.js?utv=ut4.49.202212232259 IP 143.204.55.58 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-26 17:05 Last Seen2023-10-19 11:49 Times Seen39 Hash aaa48b8818796378587a72992b6b959d e10b92ba5a2cf0661afe34ac859f81a08c39104e 572ebabbbd9fee99defc51744b6948a1f244c32e26b00e99b2dcf41422b75e81 Loading...

	www.googletagmanager.com/gtag/js?id=AW-990489911	ScriptElement	207 kB	2023-09-07	2023-09-07
Pretty URL www.googletagmanager.com/gtag/js?id=AW-990489911 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-07 23:36 Last Seen2023-09-07 23:36 Times Seen1 Hash 8dc695799674a305dc63c2734346e992 28c0ddfdde688884542cb6a4a2fa2fff8fac115e 51f90c4cbe7025421923535b25d2688576ef61cb06afc2ea9ad2c779ec7ac227 Loading...

HTTP Transactions (31)

URL IP Response Size

www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052

185.187.56.100

200 OK

23 kB

URL User Request GET HTTP/1.1
www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052
IP
185.187.56.100:80
ASN
#41847 Daniel O'Mahony

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1392), with CRLF line terminators
Size
23 kB (22807 bytes)
Hash
7b2ecfb7a346be46932789442016ff94
d0a99006997f406e24057125a721717ac82c87d0
763086f2b604c738515ba833cc54622b5d82ace624f8a606a204065c49f444d7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052 HTTP/1.1
Host: www.btsucks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 07 Sep 2023 21:35:58 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

www.btsucks.net/TSPD/0856addebbab2000b21ebed53c44a3dcbd47d3d580f80ec002bfdd2dea512880aa722a92c26491b7?type=9

185.187.56.100

404 Not Found

315 B

URL GET HTTP/1.1
www.btsucks.net/TSPD/0856addebbab2000b21ebed53c44a3dcbd47d3d580f80ec002bfdd2dea512880aa722a92c26491b7?type=9
IP
185.187.56.100:80
ASN
#41847 Daniel O'Mahony

Requested by
http://www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /TSPD/0856addebbab2000b21ebed53c44a3dcbd47d3d580f80ec002bfdd2dea512880aa722a92c26491b7?type=9 HTTP/1.1
Host: www.btsucks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Thu, 07 Sep 2023 21:35:58 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

www.btsucks.net/ruxitagentjs_ICA2SVfhjqrux_10223210811140219.js

185.187.56.100

404 Not Found

315 B

URL GET HTTP/1.1
www.btsucks.net/ruxitagentjs_ICA2SVfhjqrux_10223210811140219.js
IP
185.187.56.100:80
ASN
#41847 Daniel O'Mahony

Requested by
http://www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /ruxitagentjs_ICA2SVfhjqrux_10223210811140219.js HTTP/1.1
Host: www.btsucks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Thu, 07 Sep 2023 21:35:58 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

www.btsucks.net/Assets/js/tealium_prod.js

185.187.56.100

404 Not Found

315 B

URL GET HTTP/1.1
www.btsucks.net/Assets/js/tealium_prod.js
IP
185.187.56.100:80
ASN
#41847 Daniel O'Mahony

Requested by
http://www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /Assets/js/tealium_prod.js HTTP/1.1
Host: www.btsucks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Thu, 07 Sep 2023 21:35:58 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

www.btsucks.net/Assets/scripts/Login/Index.js

185.187.56.100

404 Not Found

315 B

URL GET HTTP/1.1
www.btsucks.net/Assets/scripts/Login/Index.js
IP
185.187.56.100:80
ASN
#41847 Daniel O'Mahony

Requested by
http://www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /Assets/scripts/Login/Index.js HTTP/1.1
Host: www.btsucks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Thu, 07 Sep 2023 21:35:58 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

www.btsucks.net/TSPD/0856addebbab2000b21ebed53c44a3dcbd47d3d580f80ec002bfdd2dea512880aa722a92c26491b7?type=17

185.187.56.100

404 Not Found

315 B

URL GET HTTP/1.1
www.btsucks.net/TSPD/0856addebbab2000b21ebed53c44a3dcbd47d3d580f80ec002bfdd2dea512880aa722a92c26491b7?type=17
IP
185.187.56.100:80
ASN
#41847 Daniel O'Mahony

Requested by
http://www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /TSPD/0856addebbab2000b21ebed53c44a3dcbd47d3d580f80ec002bfdd2dea512880aa722a92c26491b7?type=17 HTTP/1.1
Host: www.btsucks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Thu, 07 Sep 2023 21:35:58 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

tags.tiqcdn.com/utag/mtbank/olb-legacy/prod/utag.1.js?utv=ut4.48.202103120408

143.204.55.58

301 Moved Permanently

167 B

URL GET HTTP/1.1
tags.tiqcdn.com/utag/mtbank/olb-legacy/prod/utag.1.js?utv=ut4.48.202103120408
IP
143.204.55.58:80
ASN
#16509 AMAZON-02

Requested by
http://www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
167 B (167 bytes)
Hash
f5d40b7259645010f9a248858ad14178
b3051d17a6ec8c9e166bf09a62b48261ab86957b
7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d

HTTP Headers

GET /utag/mtbank/olb-legacy/prod/utag.1.js?utv=ut4.48.202103120408 HTTP/1.1
Host: tags.tiqcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.btsucks.net/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Thu, 07 Sep 2023 21:36:01 GMT
Content-Type: application/javascript
Content-Length: 167
Connection: keep-alive
Location: https://tags.tiqcdn.com/utag/mtbank/olb-legacy/prod/utag.1.js?utv=ut4.48.202103120408
X-Cache: Redirect from cloudfront
Via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ol_hv8oYFSZ_wX5vwSRI79Ry_ny5_kh6U1W0XA3vIy47dDgltyqTBA==
Cache-Control: max-age=1296000

www.btsucks.net/Assets/js/mtb_app_wbk.js

185.187.56.100

404 Not Found

315 B

URL GET HTTP/1.1
www.btsucks.net/Assets/js/mtb_app_wbk.js
IP
185.187.56.100:80
ASN
#41847 Daniel O'Mahony

Requested by
http://www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /Assets/js/mtb_app_wbk.js HTTP/1.1
Host: www.btsucks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Thu, 07 Sep 2023 21:35:58 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

www.btsucks.net/ruxitagentjs_ICA2SVfhjqrux_10223210811140219.js

185.187.56.100

404 Not Found

315 B

URL GET HTTP/1.1
www.btsucks.net/ruxitagentjs_ICA2SVfhjqrux_10223210811140219.js
IP
185.187.56.100:80
ASN
#41847 Daniel O'Mahony

Requested by
http://www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /ruxitagentjs_ICA2SVfhjqrux_10223210811140219.js HTTP/1.1
Host: www.btsucks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Thu, 07 Sep 2023 21:35:58 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

www.btsucks.net/Assets/js/tealium_prod.js

185.187.56.100

404 Not Found

315 B

URL GET HTTP/1.1
www.btsucks.net/Assets/js/tealium_prod.js
IP
185.187.56.100:80
ASN
#41847 Daniel O'Mahony

Requested by
http://www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /Assets/js/tealium_prod.js HTTP/1.1
Host: www.btsucks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Thu, 07 Sep 2023 21:35:58 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

tags.tiqcdn.com/utag/mtbank/olb-legacy/prod/utag.1.js?utv=ut4.48.202103120408

143.204.55.58

301 Moved Permanently

24 kB

URL GET HTTP/1.1
tags.tiqcdn.com/utag/mtbank/olb-legacy/prod/utag.1.js?utv=ut4.48.202103120408
IP
143.204.55.58:80
ASN
#16509 AMAZON-02

Requested by
http://www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052

File type
ASCII text, with very long lines (11428)
Size
24 kB (23459 bytes)
Hash
153fee061109eb8ec978c389f9f1c708
bec6f9e2e70fab462b42c109100ac91d2f6cd624
180d08a84337ee1c154c51fa0cb24517648245515242a92d1f5408101b353beb

HTTP Headers

GET /utag/mtbank/olb-legacy/prod/utag.1.js?utv=ut4.48.202103120408 HTTP/1.1
Host: tags.tiqcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.btsucks.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
last-modified: Wed, 10 May 2023 14:07:00 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: 9s0loI9I7BhaBuKcV4lhZFBt.LHrz9nN
server: AmazonS3
content-encoding: br
date: Thu, 07 Sep 2023 21:31:41 GMT
etag: W/"153fee061109eb8ec978c389f9f1c708"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: dd2wSgmMi_oDGmjlk7bd3cLejQ5tLQVvcH_OCKLrU6Yv8ywx7lCyNA==
age: 261
cache-control: max-age=1296000
X-Firefox-Spdy: h2

ocsp.entrust.net/

2.21.194.152

1.6 kB

URL
ocsp.entrust.net/
IP
2.21.194.152:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
8949b625eb65b3708e9989f9b27d9bbc
d300dc62a2a9baa28700ab05261793b4c600e482
84e6832c73db9a0dc7837654643b50b95dd5361d0f7b027cb53dd4f794e8049a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "84E6832C73DB9A0DC7837654643B50B95DD5361D0F7B027CB53DD4F794E8049A"
Last-Modified: Thu, 07 Sep 2023 17:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3598
Expires: Thu, 07 Sep 2023 22:36:00 GMT
Date: Thu, 07 Sep 2023 21:36:02 GMT
Connection: keep-alive

resources.mtb.com/r/simple-layout-responsive/css.mtb?v=09242021103000

24.75.29.77

200 OK

35 kB

URL GET HTTP/1.1
resources.mtb.com/r/simple-layout-responsive/css.mtb?v=09242021103000
IP
24.75.29.77:443
ASN
#16490 MTB

Requested by
http://www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052
Certificate
IssuerEntrust, Inc.
Subjectresources.mtb.com
Fingerprint47:DC:20:DB:BF:23:48:CC:46:87:F0:91:50:8A:37:B1:C5:14:C8:38
ValidityMon, 08 May 2023 17:29:50 GMT - Wed, 08 May 2024 17:29:50 GMT

File type
Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Size
35 kB (34753 bytes)
Hash
c6a2a28f74b476f5444f752383ad870c
c3d77a0f69f1f55e9ffa24799d06b62a714c2465
58e1f9b6898a00101a5241e6524fca06fbab5abc06f1b0b52e4c0a6ceae70bf8

HTTP Headers

GET /r/simple-layout-responsive/css.mtb?v=09242021103000 HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.btsucks.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Expires: Fri, 06 Sep 2024 21:36:02 GMT
Last-Modified: Thu, 07 Sep 2023 21:36:01 GMT
ETag: "1694122562:dtagent10271230629152232SvJ4"
Vary: User-Agent
X-Srv: B-STC-004
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-357156041"
Date: Thu, 07 Sep 2023 21:36:02 GMT
ntCoent-Length: 259098
Cache-Control: private
Content-Encoding: gzip
Set-Cookie: dtCookie=v_4_srv_4_sn_6E52ADC3F66DA26AF515A400D02E3C81_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com
TS019299a7=01fb46a92638e52731e21c5bdf9f96affec1ac04e22d6d1d7c3887ad69589f8120f62e7a1255fe5303ff270e9dc734c201aa054b8f; Path=/
TS0128739d=01fb46a9266d4b7dea418d658748de651f093c01bf2d6d1d7c3887ad69589f8120f62e7a121bf72991b59c66a3cf8082c1db5a78dc277fbff8e297ad7011eac1f5e312ceb9; path=/; domain=.mtb.com
TSea15929a027=0856addebbab20001b560e401130330305ec1197dc450eed95ffa530cb49f82d215d3fee508e898d08d35a80dd11300098f4fdad64793153038b308a9cc3e42c1cad9c19b0becbcd6fbce87653058ccd7f5ef7aba510e528173f4cf021395351; Path=/
Transfer-Encoding: chunked

www.btsucks.net/Q9targop/nothink/mortal/img/logo.svg

185.187.56.100

200 OK

2.0 kB

URL GET HTTP/1.1
www.btsucks.net/Q9targop/nothink/mortal/img/logo.svg
IP
185.187.56.100:80
ASN
#41847 Daniel O'Mahony

Requested by
http://www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2039), with no line terminators
Size
2.0 kB (2039 bytes)
Hash
f2b901cf895852a0866fe4a16c7f1730
c4240af1ec798477b4e65a185ddbb1b038817da4
5f5b0d9f678fe446631a33a4cbbe891a01b0ed972143702e67ae6617367096ac

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /Q9targop/nothink/mortal/img/logo.svg HTTP/1.1
Host: www.btsucks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 07 Sep 2023 21:35:59 GMT
Server: Apache
Last-Modified: Sat, 02 Oct 2021 14:49:28 GMT
Accept-Ranges: bytes
Content-Length: 2039
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/svg+xml

resources.mtb.com/Assets/img/mtb-equalhousinglender.svg

24.75.29.77

200 OK

230 B

URL GET HTTP/1.1
resources.mtb.com/Assets/img/mtb-equalhousinglender.svg
IP
24.75.29.77:443
ASN
#16490 MTB

Requested by
http://www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052
Certificate
IssuerEntrust, Inc.
Subjectresources.mtb.com
Fingerprint47:DC:20:DB:BF:23:48:CC:46:87:F0:91:50:8A:37:B1:C5:14:C8:38
ValidityMon, 08 May 2023 17:29:50 GMT - Wed, 08 May 2024 17:29:50 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Size
230 B (230 bytes)
Hash
916635d10512ae6a1840614a895dcd38
db175de4c42281bb4d239c57d1b95b8e75c529ec
d58eb2802f72d0c6b1d944a1335e8fb914af44b51fe16097aad994c15b8cfbad

HTTP Headers

GET /Assets/img/mtb-equalhousinglender.svg HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.btsucks.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/svg+xml
Last-Modified: Thu, 03 Aug 2023 06:35:46 GMT
Accept-Ranges: bytes
ETag: "08de1bbd4c5d91:0"
X-Srv: B-STC-004
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="904866957"
Date: Thu, 07 Sep 2023 21:36:02 GMT
Content-Length: 230
Set-Cookie: dtCookie=v_4_srv_1_sn_A6FF978A18E4304CBB78F24140985D07_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_1; Path=/; Domain=.mtb.com
TS019299a7=01fb46a9267d22229a71198b2888a201ac06462e7b8d836118f526fc8884963241082157fc2c755e4e88f990de276999d08aa710d2; Path=/
TS0128739d=01fb46a92610cbf67f7cafc51c101788f033ae11208d836118f526fc8884963241082157fcab3b595f04f1d464aa5942bad0bd1950634953c0b7295c40853223c72f419d44; path=/; domain=.mtb.com
TSea15929a027=0856addebbab2000fd2a6f71c7c61e373262890594f5aa533b27313b9928e5a1b3d09673d1df7d9b0850610d7c1130004547e3d024639407038b308a9cc3e42c3211d8ce374eef64238e8c54f7e0c715df32505b1475b6aa899edcdaa37ea3c4; Path=/

resources.mtb.com/r/simple-layout-responsive/js.mtb?v=09242021103000

24.75.29.77

200 OK

104 kB

URL GET HTTP/1.1
resources.mtb.com/r/simple-layout-responsive/js.mtb?v=09242021103000
IP
24.75.29.77:443
ASN
#16490 MTB

Requested by
http://www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052
Certificate
IssuerEntrust, Inc.
Subjectresources.mtb.com
Fingerprint47:DC:20:DB:BF:23:48:CC:46:87:F0:91:50:8A:37:B1:C5:14:C8:38
ValidityMon, 08 May 2023 17:29:50 GMT - Wed, 08 May 2024 17:29:50 GMT

File type
ASCII text, with CRLF line terminators
Size
104 kB (103533 bytes)
Hash
9c5a48bd789473f18b8bf7bd777371f9
f84d9237854640f2b0cc554b816c17d11376af5a
6ef98ef294d03000d904d5f868598dc98667a0d00338cee40b3080a9d725d1cd

HTTP Headers

GET /r/simple-layout-responsive/js.mtb?v=09242021103000 HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.btsucks.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Expires: Fri, 06 Sep 2024 21:36:02 GMT
Last-Modified: Thu, 07 Sep 2023 21:36:01 GMT
ETag: "1694122562:dtagent10271230629152232SvJ4"
Vary: User-Agent
X-Srv: B-STC-004
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="2039698194"
Date: Thu, 07 Sep 2023 21:36:02 GMT
Cteonnt-Length: 322405
Cache-Control: private
Content-Encoding: gzip
Set-Cookie: dtCookie=v_4_srv_6_sn_9FCEE0D1FAEE980169DE92CF2850034E_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com
TS019299a7=01fb46a926e43fec47fdbb7a3fe0f54e3786240fda946fd2470f984884119afd41747602f4cca9c3f0a921c6554eab508ac79a3bd5; Path=/
TS0128739d=01fb46a926eda44ffa0c86de3e17ce9aa9920409e9946fd2470f984884119afd41747602f45be31dc54cde3ecfe835790658abdc9f7bdf4cfea00b761d92dc597f1f762e6a; path=/; domain=.mtb.com
TSea15929a027=0856addebbab20002e30b0f59bc79d70b6abede59dc8241e6c2788e41bae1ce95a01a03cca3b6074080f4650c91130004769c53469a07643038b308a9cc3e42c1eb20b1ccc5382610b54806af281da0dd566ea65b8a8a35b2a4e316a66de45b0; Path=/
Transfer-Encoding: chunked

resources.mtb.com/Assets/img/mtb-entrust.svg

24.75.29.77

200 OK

1.3 kB

URL GET HTTP/1.1
resources.mtb.com/Assets/img/mtb-entrust.svg
IP
24.75.29.77:443
ASN
#16490 MTB

Requested by
http://www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052
Certificate
IssuerEntrust, Inc.
Subjectresources.mtb.com
Fingerprint47:DC:20:DB:BF:23:48:CC:46:87:F0:91:50:8A:37:B1:C5:14:C8:38
ValidityMon, 08 May 2023 17:29:50 GMT - Wed, 08 May 2024 17:29:50 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1349), with no line terminators
Size
1.3 kB (1349 bytes)
Hash
9a569ad20708d7453d89fe6c72e7fcdc
60b6a41620583484642f7c826faf8e3c879a6374
b2ef3bd17aa6bc2daa7b1209f7848b30c64f3068e43162b09a216639ab430ce5

HTTP Headers

GET /Assets/img/mtb-entrust.svg HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.btsucks.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/svg+xml
Last-Modified: Thu, 03 Aug 2023 06:35:46 GMT
Accept-Ranges: bytes
ETag: "08de1bbd4c5d91:0"
X-Srv: B-STC-004
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="582507617"
Date: Thu, 07 Sep 2023 21:36:02 GMT
Content-Length: 1349
Set-Cookie: dtCookie=v_4_srv_6_sn_5DED4899148F5B53C6ABD38A808A2B10_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com
TS019299a7=01fb46a926552331d407c439e3a3cdb2d98da96e9dc69979f6450c95db6af349fcab3eefc2c3327221a2c80c554d67c2d952bb861c; Path=/
TS0128739d=01fb46a926b8b82093933a757babdaa1395404a0a6c69979f6450c95db6af349fcab3eefc24a5f2c6a4ad60b526bc326c40fab893e6397f12224fd7eb3a7bc15db9a664249; path=/; domain=.mtb.com
TSea15929a027=0856addebbab2000768b5d53fd33b8ab316c6859098ab78df191bdb85d0127f1a730916d1f02720608eb28e03b113000444ca839d5786b39038b308a9cc3e42cfe4639c195d155184ab139af6d498e854dbdda4b1603a4b4125110e14daf2ea3; Path=/

www.btsucks.net/Assets/scripts/Login/Index.js

185.187.56.100

404 Not Found

315 B

URL GET HTTP/1.1
www.btsucks.net/Assets/scripts/Login/Index.js
IP
185.187.56.100:80
ASN
#41847 Daniel O'Mahony

Requested by
http://www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /Assets/scripts/Login/Index.js HTTP/1.1
Host: www.btsucks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052
Cookie: utag_main=v_id:018a7192d0fe001a35f304d9282d0504600a800900918$_sn:1$_se:1$_ss:1$_st:1694124361791$ses_id:1694122561791%3Bexp-session$_pn:1%3Bexp-session
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Date: Thu, 07 Sep 2023 21:36:00 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

tags.tiqcdn.com/utag/mtbank/olb-legacy/prod/utag.8.js?utv=ut4.49.202212232259

143.204.55.58

301 Moved Permanently

167 B

URL GET HTTP/1.1
tags.tiqcdn.com/utag/mtbank/olb-legacy/prod/utag.8.js?utv=ut4.49.202212232259
IP
143.204.55.58:80
ASN
#16509 AMAZON-02

Requested by
http://www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
167 B (167 bytes)
Hash
f5d40b7259645010f9a248858ad14178
b3051d17a6ec8c9e166bf09a62b48261ab86957b
7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d

HTTP Headers

GET /utag/mtbank/olb-legacy/prod/utag.8.js?utv=ut4.49.202212232259 HTTP/1.1
Host: tags.tiqcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.btsucks.net/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Thu, 07 Sep 2023 21:36:02 GMT
Content-Type: application/javascript
Content-Length: 167
Connection: keep-alive
Location: https://tags.tiqcdn.com/utag/mtbank/olb-legacy/prod/utag.8.js?utv=ut4.49.202212232259
X-Cache: Redirect from cloudfront
Via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: aNcnCn-ym5PgL51Zcj7Ozkuq4SpE3ROCSBmiR7HN00nkLZ8JXnXxVg==
Cache-Control: max-age=1296000

resources.mtb.com/assets/fonts/mandtpg-iconfont.woff

24.75.29.77

200 OK

4.8 kB

URL GET HTTP/1.1
resources.mtb.com/assets/fonts/mandtpg-iconfont.woff
IP
24.75.29.77:443
ASN
#16490 MTB

Requested by
http://www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052
Certificate
IssuerEntrust, Inc.
Subjectresources.mtb.com
Fingerprint47:DC:20:DB:BF:23:48:CC:46:87:F0:91:50:8A:37:B1:C5:14:C8:38
ValidityMon, 08 May 2023 17:29:50 GMT - Wed, 08 May 2024 17:29:50 GMT

File type
Web Open Font Format, TrueType, length 4776, version 1.0\012- data
Size
4.8 kB (4776 bytes)
Hash
ac13691b89191d11d0e5577eb3cf3d53
0126fa82c0ab022e61b5de74f1fe3e204a905a7b
108d16421ae2ff7fc5157d507dc5b1bf7f62140ba58cf3c723b1f2b7e74c21df

HTTP Headers

GET /assets/fonts/mandtpg-iconfont.woff HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.btsucks.net
DNT: 1
Connection: keep-alive
Referer: https://resources.mtb.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: APPLICATION/X-WOFF
Last-Modified: Thu, 03 Aug 2023 06:35:45 GMT
Accept-Ranges: bytes
ETag: "08de1bbd4c5d91:0:dtagent10271230629152232SvJ4"
X-Srv: B-STC-004
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-718470760"
Date: Thu, 07 Sep 2023 21:36:02 GMT
Content-Length: 4776
Set-Cookie: TSea15929a027=0856addebbab20005c2e54f993afe9c40e360617f62ca94eaa4f7c2245692d10b0f8afff2f7ddcc908a5844c36113000b84f643504c529b9038b308a9cc3e42c3613e579cc62d5d2b86810d3e65a7b1ac79586c6f1f976ee6711f8aaf54ef4b3; Path=/

tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=mtbank/olb-legacy/202307261404&cb=1694122563016

143.204.55.58

200 OK

167 B

URL GET HTTP/2
tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=mtbank/olb-legacy/202307261404&cb=1694122563016
IP
143.204.55.58:443
ASN
#16509 AMAZON-02

Requested by
http://www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052
Certificate
IssuerAmazon
Subjecttags.tiqcdn.com
Fingerprint6B:C4:49:CA:3C:06:E1:FA:8B:24:5C:78:97:D9:86:D7:EB:CA:09:62
ValidityTue, 18 Apr 2023 00:00:00 GMT - Fri, 17 May 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
167 B (167 bytes)
Hash
f5d40b7259645010f9a248858ad14178
b3051d17a6ec8c9e166bf09a62b48261ab86957b
7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d

HTTP Headers

GET /utag/tiqapp/utag.v.js?a=mtbank/olb-legacy/202307261404&cb=1694122563016 HTTP/1.1
Host: tags.tiqcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.btsucks.net/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Thu, 07 Sep 2023 21:36:03 GMT
Content-Type: application/javascript
Content-Length: 167
Connection: keep-alive
Location: https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=mtbank/olb-legacy/202307261404&cb=1694122563016
X-Cache: Redirect from cloudfront
Via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: igDyNcCXCu_bFapsMNqiC02Czm3g92-6LVRNWmgFHR3xO63uhIvD-w==
Cache-Control: max-age=300

tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=mtbank/olb-legacy/202307261404&cb=1694122563016

143.204.55.58

200 OK

2 B

URL GET HTTP/2
tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=mtbank/olb-legacy/202307261404&cb=1694122563016
IP
143.204.55.58:443
ASN
#16509 AMAZON-02

Requested by
http://www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052
Certificate
IssuerAmazon
Subjecttags.tiqcdn.com
Fingerprint6B:C4:49:CA:3C:06:E1:FA:8B:24:5C:78:97:D9:86:D7:EB:CA:09:62
ValidityTue, 18 Apr 2023 00:00:00 GMT - Fri, 17 May 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
7bc0ee636b3b83484fc3b9348863bd22
ebbffb7d7ea5362a22bfa1bab0bfdeb1617cd610
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

HTTP Headers

GET /utag/tiqapp/utag.v.js?a=mtbank/olb-legacy/202307261404&cb=1694122563016 HTTP/1.1
Host: tags.tiqcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://www.btsucks.net/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
content-length: 2
last-modified: Sat, 11 Mar 2023 06:57:46 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: 2XUX04X5QEw0.xFya64khU._sHTRl_Pz
accept-ranges: bytes
server: AmazonS3
date: Thu, 07 Sep 2023 21:34:26 GMT
etag: "7bc0ee636b3b83484fc3b9348863bd22"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: HqQFXI5TQuMZJwoGgD_OM_LwOmCG1qr0V2Q16hRTGENOwgZO7x1qVw==
age: 98
cache-control: max-age=300
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
6df1fd7c8a02948bb027eade41b4b0da
638e5d9d81dbfff413e7ea4b75a661e44c7aab1a
83a43210ac40ab92ccef3b002822774b2aa22295eb8baaf74831d89ab06ca1a9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 07 Sep 2023 21:36:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=AW-990489911

142.250.74.168

200 OK

74 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=AW-990489911
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
http://www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint4E:35:EC:AC:A4:3A:09:F9:F3:9A:26:43:94:A7:BA:2C:01:54:DA:12
ValidityMon, 07 Aug 2023 12:16:40 GMT - Mon, 30 Oct 2023 12:16:39 GMT

File type
ASCII text, with very long lines (4179)
Size
74 kB (74338 bytes)
Hash
8dc695799674a305dc63c2734346e992
28c0ddfdde688884542cb6a4a2fa2fff8fac115e
51f90c4cbe7025421923535b25d2688576ef61cb06afc2ea9ad2c779ec7ac227

HTTP Headers

GET /gtag/js?id=AW-990489911 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.btsucks.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 07 Sep 2023 21:36:03 GMT
expires: Thu, 07 Sep 2023 21:36:03 GMT
cache-control: private, max-age=900
last-modified: Thu, 07 Sep 2023 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 74338
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
6df1fd7c8a02948bb027eade41b4b0da
638e5d9d81dbfff413e7ea4b75a661e44c7aab1a
83a43210ac40ab92ccef3b002822774b2aa22295eb8baaf74831d89ab06ca1a9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 07 Sep 2023 21:36:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

resources.mtb.com/assets/fonts/mandtbaltoweb-medium.woff

24.75.29.77

200 OK

64 kB

URL GET HTTP/1.1
resources.mtb.com/assets/fonts/mandtbaltoweb-medium.woff
IP
24.75.29.77:443
ASN
#16490 MTB

Requested by
http://www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052
Certificate
IssuerEntrust, Inc.
Subjectresources.mtb.com
Fingerprint47:DC:20:DB:BF:23:48:CC:46:87:F0:91:50:8A:37:B1:C5:14:C8:38
ValidityMon, 08 May 2023 17:29:50 GMT - Wed, 08 May 2024 17:29:50 GMT

File type
Web Open Font Format, TrueType, length 64318, version 1.0\012- data
Size
64 kB (64318 bytes)
Hash
b245a55f7e33e1cf4d2477570936ef84
12bf1c1eda6db246778f7c343acebbaad8fa36f4
b391b55f950528937beee7687717a4aef81196817834f1c93b099713ff738fbc

HTTP Headers

GET /assets/fonts/mandtbaltoweb-medium.woff HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.btsucks.net
DNT: 1
Connection: keep-alive
Referer: https://resources.mtb.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: APPLICATION/X-WOFF
Last-Modified: Thu, 03 Aug 2023 06:35:45 GMT
Accept-Ranges: bytes
ETag: "08de1bbd4c5d91:0:dtagent10271230629152232SvJ4"
X-Srv: B-STC-004
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-1653272144"
Date: Thu, 07 Sep 2023 21:36:02 GMT
Content-Length: 64318
Set-Cookie: TSea15929a027=0856addebbab20007bec802312459e64d678556c05ebee866f278e242ae306044ff5c740e65f0d1408c4cbf41c1130006052f1e5cc963326038b308a9cc3e42ca30d26279cac15f3c33c42108c83edea51d2f82253e2f35f2f94488bddf4070e; Path=/

cdn.quantummetric.com/qscripts/quantum-mtb.js

172.67.20.158

301 Moved Permanently

178 B

URL GET HTTP/1.1
cdn.quantummetric.com/qscripts/quantum-mtb.js
IP
172.67.20.158:80
ASN
#13335 CLOUDFLARENET

Requested by
http://www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
178 B (178 bytes)
Hash
cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

HTTP Headers

GET /qscripts/quantum-mtb.js HTTP/1.1
Host: cdn.quantummetric.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.btsucks.net/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Thu, 07 Sep 2023 21:36:03 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://cdn.quantummetric.com/qscripts/quantum-mtb.js
CF-Cache-Status: EXPIRED
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 803215c2bbf7b4f4-OSL
alt-svc: h3=":443"; ma=86400

resources.mtb.com/assets/fonts/mandtbaltoweb-book.woff

24.75.29.77

200 OK

68 kB

URL GET HTTP/1.1
resources.mtb.com/assets/fonts/mandtbaltoweb-book.woff
IP
24.75.29.77:443
ASN
#16490 MTB

Requested by
http://www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052
Certificate
IssuerEntrust, Inc.
Subjectresources.mtb.com
Fingerprint47:DC:20:DB:BF:23:48:CC:46:87:F0:91:50:8A:37:B1:C5:14:C8:38
ValidityMon, 08 May 2023 17:29:50 GMT - Wed, 08 May 2024 17:29:50 GMT

File type
Web Open Font Format, TrueType, length 67671, version 1.0\012- data
Size
68 kB (67671 bytes)
Hash
6cd469e8613d82d4d07834a5ca7745f0
95347ba0a03d27e1aa91bc17c937d8aefe53e6ff
4029a5a081992259f4e529190b49dbba893931da4e843dd203449f1b9a4509d2

HTTP Headers

GET /assets/fonts/mandtbaltoweb-book.woff HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.btsucks.net
DNT: 1
Connection: keep-alive
Referer: https://resources.mtb.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: APPLICATION/X-WOFF
Last-Modified: Thu, 03 Aug 2023 06:35:45 GMT
Accept-Ranges: bytes
ETag: "08de1bbd4c5d91:0:dtagent10271230629152232SvJ4"
X-Srv: B-STC-004
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-869862560"
Date: Thu, 07 Sep 2023 21:36:02 GMT
Content-Length: 67671
Set-Cookie: TSea15929a027=0856addebbab2000cff715bad0c192dccd1f8847e1ecf801d40d8f100b3a7eea3ea0193492c5ef110892d9cafd113000a222d7f49b3f37d5038b308a9cc3e42c9217a286cb8fb56a928d75720272a883ad9ad004851d1503dc8dceff0b53cd0c; Path=/

www.btsucks.net/Q9targop/nothink/mortal/img/favicon.png

185.187.56.100

200 OK

16 kB

URL GET HTTP/1.1
www.btsucks.net/Q9targop/nothink/mortal/img/favicon.png
IP
185.187.56.100:80
ASN
#41847 Daniel O'Mahony

Requested by
http://www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052

File type
PNG image data, 300 x 300, 8-bit/color RGB, non-interlaced\012- data
Size
16 kB (15822 bytes)
Hash
652a2382a1d4d1159bffe5dd9c77877d
84b893fd39255950601da0c8d65735d28e775892
acfa0cc8b42493333d9032c79e4d91d7bbdd40995a283a3945075da6fb2f3cfb

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /Q9targop/nothink/mortal/img/favicon.png HTTP/1.1
Host: www.btsucks.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052
Cookie: utag_main=v_id:018a7192d0fe001a35f304d9282d0504600a800900918$_sn:1$_se:1$_ss:1$_st:1694124361791$ses_id:1694122561791%3Bexp-session$_pn:1%3Bexp-session; _gcl_au=1.1.456365796.1694122563
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 07 Sep 2023 21:36:00 GMT
Server: Apache
Last-Modified: Sat, 02 Oct 2021 14:47:28 GMT
Accept-Ranges: bytes
Content-Length: 15822
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: image/png

resources.mtb.com/r/simple-layout-responsive/css.mtb?v=09242021103000

24.75.29.77

200 OK

35 kB

URL GET HTTP/1.1
resources.mtb.com/r/simple-layout-responsive/css.mtb?v=09242021103000
IP
24.75.29.77:443
ASN
#16490 MTB

Requested by
http://www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052
Certificate
IssuerEntrust, Inc.
Subjectresources.mtb.com
Fingerprint47:DC:20:DB:BF:23:48:CC:46:87:F0:91:50:8A:37:B1:C5:14:C8:38
ValidityMon, 08 May 2023 17:29:50 GMT - Wed, 08 May 2024 17:29:50 GMT

File type
Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Size
35 kB (34752 bytes)
Hash
c6a2a28f74b476f5444f752383ad870c
c3d77a0f69f1f55e9ffa24799d06b62a714c2465
58e1f9b6898a00101a5241e6524fca06fbab5abc06f1b0b52e4c0a6ceae70bf8

HTTP Headers

GET /r/simple-layout-responsive/css.mtb?v=09242021103000 HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.btsucks.net
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Expires: Fri, 06 Sep 2024 21:36:05 GMT
Last-Modified: Thu, 07 Sep 2023 21:36:04 GMT
ETag: "1694122565:dtagent10271230629152232SvJ4"
Vary: User-Agent
X-Srv: B-STC-004
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Timing-Allow-Origin: *
Server-Timing: dtSInfo;desc="0", dtRpid;desc="1278680576", dtTao;desc="1"
Date: Thu, 07 Sep 2023 21:36:04 GMT
ntCoent-Length: 259098
Cache-Control: private
Content-Encoding: gzip
Set-Cookie: dtCookie=v_4_srv_4_sn_DF914BDA6349BD68CB96AF24D09FA268_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com
TS019299a7=01fb46a926825a9d7e6c38a813c1b00b2cc6ff543c15808556a42c21383577b910e65076a3d649afa5a80368c8025fabadebb007b4; Path=/
TS0128739d=01fb46a92681cb5d9afa82dc61825698348f825aac15808556a42c21383577b910e65076a3e8bbd97fb24811fa1abcac8bb0b218099aaa74bf2fb400ada055cae5c4d74df2; path=/; domain=.mtb.com
TSea15929a027=0856addebbab20005190179f9f69554b4f7e91249bd584378d815dcbde33b36c6229a6874160113708704451ce113000156e8bd393314643dd94b60c4ff625a036276473a01d9c218460d184754f1b8b0c12afb16685d3ead289052dbc9ff259; Path=/
Transfer-Encoding: chunked

tags.tiqcdn.com/utag/mtbank/olb-legacy/prod/utag.js

143.204.55.58

200 OK

34 kB

URL GET HTTP/2
tags.tiqcdn.com/utag/mtbank/olb-legacy/prod/utag.js
IP
143.204.55.58:443
ASN
#16509 AMAZON-02

Requested by
http://www.btsucks.net/Q9targop/nothink/mortal/error.php?cmd=_account-details&dispatch=f23dc6af3b648eb4d2f7d9f4a2c5d57a5b14d1fd&session=8d84cd5764beb3a451466052295a0052
Certificate
IssuerAmazon
Subjecttags.tiqcdn.com
Fingerprint6B:C4:49:CA:3C:06:E1:FA:8B:24:5C:78:97:D9:86:D7:EB:CA:09:62
ValidityTue, 18 Apr 2023 00:00:00 GMT - Fri, 17 May 2024 23:59:59 GMT

File type

Size
34 kB (34346 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /utag/mtbank/olb-legacy/prod/utag.js HTTP/1.1
Host: tags.tiqcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.btsucks.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
last-modified: Wed, 26 Jul 2023 14:05:25 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: OlfN2HN16BmqRTSQtS9kbCUvZZylR6Up
server: AmazonS3
content-encoding: br
date: Thu, 07 Sep 2023 21:36:02 GMT
etag: W/"d7a6443d7c3a41558e01d765623b8dd3"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ORsszXmc2oTZpyc68yyHc2UWOo0ACHVD8mh5ElKUOJQ1rXHb5iZAVg==
cache-control: max-age=300
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (10)

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash