Report - exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==

Report Overview

Submitted URL
exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
IP
198.54.115.37
ASN
#22612 NAMECHEAP-NET
Submitted
2022-12-30 04:24:39
Access
Website Title
Final URL
Tags
mt_bank financial phishing
urlquery detections
Phishing - M&T Bank

Detections

urlquery
66
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	6.2 kB	23.36.77.32
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
exotikdoks.org	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	38 kB	410 kB	198.54.115.37
beacon.krxd.net	408	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	852 B	1.8 kB	52.209.245.18
ocsp.entrust.net	1208	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	9.8 kB	104.110.10.32
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	34.216.192.228
consumer.krxd.net	1656	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	482 B	614 B	151.101.130.133
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.3 kB	60 kB	34.120.237.76
www3.mtb.com	114433	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.5 kB	203 kB	54.230.111.37
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	340 B	963 B	172.64.155.188
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.6 kB	93.184.220.29
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
cdn.krxd.net	1312	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	94 kB	151.101.2.133

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (12)

	URL	Size	First Seen	Last Seen
	cdn.krxd.net/partnerjs/xdi/proxy.3d2100fd7107262ecb55ce6847f01fa5.html#!kxcid=umz03a31z&kxt=http%3A%2F%2F127.0.0.1&kxcl=cdn&kxp=	686 B	2023-03-07	2023-03-17
Pretty URL cdn.krxd.net/partnerjs/xdi/proxy.3d2100fd7107262ecb55ce6847f01fa5.html#!kxcid=umz03a31z&kxt=http%3A%2F%2F127.0.0.1&kxcl=cdn&kxp= IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:13:34 Last Seen2023-03-17 12:40:42 Times Seen1 Hash 27850a8c64d6695816ded31bbd973b11 7e16c45f9233c8cd2a66c17f3188623231c5c7e1 682b0eba492769296c02bdcbd23de3a381cbf4912c02da1442553dec8c23d83a Loading...

	exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==	75 B	2023-03-12	2023-03-14
Pretty URL exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw== IP 198.54.115.37 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 11:09:26 Last Seen2023-03-14 05:41:38 Times Seen1 Hash c5f7ad568d7c24195751648e35613910 b63fe9ef7b28902d504804d35c8d4554d0ff4548 42d21aa67b487a00856ebb6d0edb39e4f48ee5963a09cee824ad64933de447f7 Loading...

	consumer.krxd.net/consent/get/5fbc882d-fc17-416e-8069-4c0fc55390a2?idt=device&dt=kxcookie&callback=Krux.ns.mtbankcorporationus.kxjsonp_consent_get_0	247 B	2023-03-12	2023-03-14
Pretty URL consumer.krxd.net/consent/get/5fbc882d-fc17-416e-8069-4c0fc55390a2?idt=device&dt=kxcookie&callback=Krux.ns.mtbankcorporationus.kxjsonp_consent_get_0 IP 151.101.130.133 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 11:09:26 Last Seen2023-03-14 05:41:38 Times Seen1 Hash 82d4629933c271950e2210e9d5ba393a 0c978ac86802e4573076f933658f43b2441c02d6 57e3e5ae03a534374ceda8c6b67138f825e60ef752df30bd168df7a23e9b999f Loading...

	exotikdoks.org/app/files/vendor.js	194 kB	2023-03-12	2023-03-14
Pretty URL exotikdoks.org/app/files/vendor.js IP 198.54.115.37 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 11:09:26 Last Seen2023-03-14 05:41:38 Times Seen1 Hash fecd4d02efa3e13951aab771c263106d 9eca8abb2f84620de839eabc4e55ceb11a5f607a 1d727a0b4bbf95539bf95ff63e3b8fe5c382a8046c9edb2dbaea3498bb57855c Loading...

	exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==	1.9 kB	2023-03-12	2023-03-14
Pretty URL exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw== IP 198.54.115.37 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 11:09:26 Last Seen2023-03-14 05:41:38 Times Seen1 Hash dc642bd6da367f8da69b6c0bd7148f4f b809d1a4921cde0f1f843f410363f7ebfed052dc 3cbfd5bf2e0af19e12faa4b64952da05e154a1f2c9eb0771e142368bd0d1de1d Loading...

	exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==	1.0 kB	2023-03-07	2023-07-22
Pretty URL exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw== IP 198.54.115.37 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:45:52 Last Seen2023-07-22 03:55:34 Times Seen4 Hash b1fc4a0f72bffdffe637e5ee9bf2a1b0 ba9c469f33ad05275621b4232e4bc7f007daf285 3cbd96a9f2f0b5df33a2044ea76587cdcaf9b7cc2fe4937f2cc599673cc7dca6 Loading...

	exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==	605 B	2023-03-07	2023-07-22
Pretty URL exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw== IP 198.54.115.37 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:06:29 Last Seen2023-07-22 03:55:34 Times Seen6 Hash 68d87bb2ed681c1231848c4e4281a695 20cb2fcb90934f743be9d0140a124cc2f7413f46 73b9b1435ae29dbea497e817f48b2d8b7cb28a20a9b2b07a36cec11213d5a44a Loading...

	exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==	2.2 kB	2023-03-12	2023-03-14
Pretty URL exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw== IP 198.54.115.37 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 11:09:26 Last Seen2023-03-14 05:41:38 Times Seen1 Hash 79e2539fd6de21ef112e69b7e22346c1 50321bcd4e5b98f47dfc0d601bd3ba5f2a1568bb 4f72089d1ad90100cf9017f12b767bf42bf9c356bc55f317a683f1e0ce4a9cfe Loading...

	cdn.krxd.net/controltag/umz03a31z.js	32 kB	2023-03-12	2023-03-14
Pretty URL cdn.krxd.net/controltag/umz03a31z.js IP 151.101.2.133 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 11:09:26 Last Seen2023-03-14 05:41:38 Times Seen1 Hash 862f070168217030a650f8a37f30af1c b98c609de9f05ec266a0250aa834a20d5dbe02d5 0735d146acb271c97565ba8b640aadd18cf503b82fd198291f8286d724496bcc Loading...

	beacon.krxd.net/optout_check?callback=Krux.ns.mtbankcorporationus.kxjsonp_optOutCheck	73 B	2023-03-07	2023-07-22
Pretty URL beacon.krxd.net/optout_check?callback=Krux.ns.mtbankcorporationus.kxjsonp_optOutCheck IP 52.209.245.18 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:50:17 Last Seen2023-07-22 03:55:35 Times Seen10 Hash 31d64c2a6a918629050e159a2effaee2 f9eb5a5b99bdcf395783e0468cb14a7cfeda59aa bec3120eb0298bdc01d313d6fc8f754156cffeaf3806a18e3a8a77a136ea5713 Loading...

	unknown	0 B	2023-03-07	2024-04-25
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-25 09:38:18 Times Seen37059477 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042	266 kB	2023-03-07	2023-08-01
Pretty URL cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042 IP 151.101.2.133 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:50:17 Last Seen2023-08-01 22:10:30 Times Seen3 Hash 11b035c409786725c5324e0ea3a3a171 2f7decc434adadd2db1b3e7841fc9cd96c370f33 58d6350da5588a52d6baa4efc27a3362b4ee69dba3504fc762f934d7bb5d0bc4 Loading...

HTTP Transactions (107)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e717435470c9f4f06b174d7100c6a98f
292150251495b243c384e0c676a258597ba7f4d8
91ce8257662cb8cea9cc3c74cda1d95dba421daa466b0ac231fa433e0c58e6c6

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "91CE8257662CB8CEA9CC3C74CDA1D95DBA421DAA466B0AC231FA433E0C58E6C6"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16914
Expires: Fri, 30 Dec 2022 09:06:21 GMT
Date: Fri, 30 Dec 2022 04:24:27 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
259d3eba2ac4ea32f0410a59bd01c18a
ab02cd69e6c04e3842ad1778fb0daa6d0e86fddc
0d6ec941dac6d97a0b24c0cf00a5642a4edda68ae5ec8b3019d1ec05f40d2281

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0D6EC941DAC6D97A0B24C0CF00A5642A4EDDA68AE5EC8B3019D1EC05F40D2281"
Last-Modified: Tue, 27 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3970
Expires: Fri, 30 Dec 2022 05:30:37 GMT
Date: Fri, 30 Dec 2022 04:24:27 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 30 Dec 2022 03:46:55 GMT
content-type: application/json
age: 2252
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
07e619a5a572fa9bcb54fa70de27f0d4
c0499dcc7551831f517f189465812859d0f48ced
2213c856ce4dd64ebe28e4deff34d449b2c08be98565c0405427453ae948fa74

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2213C856CE4DD64EBE28E4DEFF34D449B2C08BE98565C0405427453AE948FA74"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2321
Expires: Fri, 30 Dec 2022 05:03:08 GMT
Date: Fri, 30 Dec 2022 04:24:27 GMT
Connection: keep-alive

exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==

198.54.115.37

301 Moved Permanently

707 B

URL HTTP/1.1
exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
707 B (707 bytes)
Hash
1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw== HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Fri, 30 Dec 2022 04:24:27 GMT
server: LiteSpeed
location: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
x-turbo-charged-by: LiteSpeed

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: zo+i6Um64N3/VvB1P/xfdr5Fpm7kocPRM1z3o8iYO9Qk38EjAizlRFcPZFK1pSgQB6T8KPId37M=
x-amz-request-id: XR705JND46YV9Z9C
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 30 Dec 2022 03:56:52 GMT
age: 1655
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 30 Dec 2022 04:24:27 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Alert, ETag, Content-Type, Last-Modified, Cache-Control, Expires, Content-Length, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 30 Dec 2022 03:33:30 GMT
age: 3058
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
83363ddf6d13d766b0e043d47087e0c4
7bf3f210e58495accf7de4ac9fc02c7ce66fed8e
8f537ef639a431615589e06aa053bc035651cf2a4617e996a5e0e0d69327b254

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 30 Dec 2022 04:24:28 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 26 Dec 2022 22:07:05 GMT
Expires: Mon, 02 Jan 2023 22:07:04 GMT
Etag: "7bf3f210e58495accf7de4ac9fc02c7ce66fed8e"
Cache-Control: max-age=322355,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78180187dfa5b505-OSL

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
0a08dc71eb7ba3512abb4d29505eb034
e66404bda80b355bae30b0d4db3daa193a6e4276
357891f99263d30eaded85985217d9627cd60369ee8d01a7eacdb2d0f2d8b2dd

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4859
Cache-Control: max-age=108198
Content-Type: application/ocsp-response
Date: Fri, 30 Dec 2022 04:24:28 GMT
Etag: "63ad58a7-1d7"
Expires: Sat, 31 Dec 2022 10:27:46 GMT
Last-Modified: Thu, 29 Dec 2022 09:06:47 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

34.216.192.228

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.216.192.228:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: RDtz+vUJ6WHdbjILb+sR3A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Jah6UU/5T/qBFl46mADzLQ1Ivpo=

cdn.krxd.net/userdata/get?pub=5fbc882d-fc17-416e-8069-4c0fc55390a2&technographics=1&callback=Krux.ns.mtbankcorporationus.kxjsonp_userdata

151.101.2.133

400 Bad Request

50 B

URL HTTP/2
cdn.krxd.net/userdata/get?pub=5fbc882d-fc17-416e-8069-4c0fc55390a2&technographics=1&callback=Krux.ns.mtbankcorporationus.kxjsonp_userdata
IP
151.101.2.133:0
ASN
#54113 FASTLY

File type
JSON data\012- , ASCII text, with no line terminators
Size
50 B (50 bytes)
Hash
21c1496715ae85cc8430301724721c4b
2ce1ca9fd413b7447426ba8c6c70066b32b942b1
1e65a1902d68be5091e78ad816712b96324672d1ef4573de23a6bd2092b70773

HTTP Headers

GET /userdata/get?pub=5fbc882d-fc17-416e-8069-4c0fc55390a2&technographics=1&callback=Krux.ns.mtbankcorporationus.kxjsonp_userdata HTTP/1.1
Host: cdn.krxd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 400 Bad Request
content-type: application/json; charset=utf-8
x-age: 0
x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_userdata_ash_prod_krxd_net___UserData_Service_V2
cache-control: public, max-age=10
accept-ranges: bytes
date: Fri, 30 Dec 2022 04:24:28 GMT
via: 1.1 varnish
age: 0
x-served-by: userdata-a002-ash-prod.krxd.net, cache-bma1661-BMA
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1672374269.869234,VS0,VE92
content-length: 50
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
d2766b14604223ddc7bf201e8bff4452
de982367c6f5bc10f2d9ce1fd1e1a7fdc6713f25
84427497a4b00b5bf66b9256f79a64a73db93365f2ad854df99b5b3836be3bdc

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4810
Cache-Control: max-age=118608
Content-Type: application/ocsp-response
Date: Fri, 30 Dec 2022 04:24:28 GMT
Etag: "63ad8182-1d7"
Expires: Sat, 31 Dec 2022 13:21:16 GMT
Last-Modified: Thu, 29 Dec 2022 12:01:06 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

consumer.krxd.net/consent/get/5fbc882d-fc17-416e-8069-4c0fc55390a2?idt=device&dt=kxcookie&callback=Krux.ns.mtbankcorporationus.kxjsonp_consent_get_0

151.101.130.133

200 OK

197 B

URL HTTP/2
consumer.krxd.net/consent/get/5fbc882d-fc17-416e-8069-4c0fc55390a2?idt=device&dt=kxcookie&callback=Krux.ns.mtbankcorporationus.kxjsonp_consent_get_0
IP
151.101.130.133:0
ASN
#54113 FASTLY

File type
ASCII text, with no line terminators
Size
197 B (197 bytes)
Hash
58bececf88a3c7a0ed55cdbf7eb064f8
53d6944ccef815d61482e168067e02fb6b8209e0
876fe480cae3a2d503e2a2e6123bc4a1e11cef759a4eae944dcedf2bcc7e0625

HTTP Headers

GET /consent/get/5fbc882d-fc17-416e-8069-4c0fc55390a2?idt=device&dt=kxcookie&callback=Krux.ns.mtbankcorporationus.kxjsonp_consent_get_0 HTTP/1.1
Host: consumer.krxd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
cache-control: max-age=1800
content-encoding: gzip
x-age: 0
accept-ranges: bytes
date: Fri, 30 Dec 2022 04:24:28 GMT
via: 1.1 varnish
age: 0
x-served-by: consumer-a014-ash-prod.krxd.net, cache-bma1627-BMA
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1672374269.880679,VS0,VE93
vary: Accept-Encoding
content-length: 197
X-Firefox-Spdy: h2

cdn.krxd.net/userdata/get?pub=5fbc882d-fc17-416e-8069-4c0fc55390a2&technographics=1&callback=Krux.ns.mtbankcorporationus.kxjsonp_userdata

151.101.2.133

400 Bad Request

50 B

URL HTTP/2
cdn.krxd.net/userdata/get?pub=5fbc882d-fc17-416e-8069-4c0fc55390a2&technographics=1&callback=Krux.ns.mtbankcorporationus.kxjsonp_userdata
IP
151.101.2.133:0
ASN
#54113 FASTLY

File type
JSON data\012- , ASCII text, with no line terminators
Size
50 B (50 bytes)
Hash
21c1496715ae85cc8430301724721c4b
2ce1ca9fd413b7447426ba8c6c70066b32b942b1
1e65a1902d68be5091e78ad816712b96324672d1ef4573de23a6bd2092b70773

HTTP Headers

GET /userdata/get?pub=5fbc882d-fc17-416e-8069-4c0fc55390a2&technographics=1&callback=Krux.ns.mtbankcorporationus.kxjsonp_userdata HTTP/1.1
Host: cdn.krxd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 400 Bad Request
content-type: application/json; charset=utf-8
x-age: 0
x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_userdata_ash_prod_krxd_net___UserData_Service_V2
cache-control: public, max-age=10
accept-ranges: bytes
date: Fri, 30 Dec 2022 04:24:29 GMT
via: 1.1 varnish
age: 0
x-served-by: userdata-a002-ash-prod.krxd.net, cache-bma1661-BMA
x-cache: MISS, HIT
x-cache-hits: 0, 1
x-timer: S1672374269.052172,VS0,VE0
content-length: 50
X-Firefox-Spdy: h2

exotikdoks.org/tags.tiqcdn.com/utag/mtbank/main/prod/utag.js

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/tags.tiqcdn.com/utag/mtbank/main/prod/utag.js
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /tags.tiqcdn.com/utag/mtbank/main/prod/utag.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:28 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/get

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/get
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/get HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:28 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/5fbc882d-fc17-416e-8069-4c0fc55390a2_002

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/5fbc882d-fc17-416e-8069-4c0fc55390a2_002
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/5fbc882d-fc17-416e-8069-4c0fc55390a2_002 HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:28 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/controltag.a1705c5ac5f06cf0c202ff70908fc042

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/controltag.a1705c5ac5f06cf0c202ff70908fc042
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/controltag.a1705c5ac5f06cf0c202ff70908fc042 HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:28 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/dnb_coretag_v5.js

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/dnb_coretag_v5.js
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/dnb_coretag_v5.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:28 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/a.txt

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/a.txt
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/a.txt HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:28 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/utag_002.js

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/utag_002.js
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/utag_002.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:28 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/get_002

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/get_002
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/get_002 HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:28 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/optout_check

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/optout_check
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/optout_check HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:28 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/conversion_async.js

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/conversion_async.js
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/conversion_async.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:28 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/5fbc882d-fc17-416e-8069-4c0fc55390a2

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/5fbc882d-fc17-416e-8069-4c0fc55390a2
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/5fbc882d-fc17-416e-8069-4c0fc55390a2 HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/conversion_async_002.js

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/conversion_async_002.js
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/conversion_async_002.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/ytc.js

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/ytc.js
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/ytc.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/fbevents.js

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/fbevents.js
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/fbevents.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/js

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/js
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/insight.js

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/insight.js
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/insight.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/uwt.js

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/uwt.js
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/uwt.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/bat.js

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/bat.js
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/bat.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/umz03a31z.js

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/umz03a31z.js
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/umz03a31z.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/mtb_app_wbk.js

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/mtb_app_wbk.js
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/mtb_app_wbk.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/clientlib-header.js

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/clientlib-header.js
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/clientlib-header.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/content/dam/mtb-web/images/spanish/es-language-icon.svg

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/content/dam/mtb-web/images/spanish/es-language-icon.svg
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /content/dam/mtb-web/images/spanish/es-language-icon.svg HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/utag.js

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/utag.js
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/utag.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/utag_005.js

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/utag_005.js
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/utag_005.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/5564484.js

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/5564484.js
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/5564484.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/green-logo.png

198.54.115.37

200 OK

22 kB

URL HTTP/2
exotikdoks.org/app/files/green-logo.png
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
PNG image data, 600 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size
22 kB (21842 bytes)
Hash
1e1d02e141e89a4c45d9c0aa5530bc3a
970e63270ce5fd36c51c3b25724b7b37f014f760
4ab56bfc693e75fbc52de80072dcbcd412efe057dcc099c9b718fb6f85ee129b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/green-logo.png HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 06 Jan 2023 04:24:29 GMT
content-type: image/png
last-modified: Wed, 05 Jan 2022 01:45:22 GMT
accept-ranges: bytes
content-length: 21842
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/es-language-icon.htm

198.54.115.37

200 OK

196 B

URL HTTP/2
exotikdoks.org/app/files/es-language-icon.htm
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

HTTP Headers

GET /app/files/es-language-icon.htm HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: text/html
last-modified: Wed, 05 Jan 2022 01:45:22 GMT
accept-ranges: bytes
content-length: 196
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/vendor.js

198.54.115.37

200 OK

58 kB

URL HTTP/2
exotikdoks.org/app/files/vendor.js
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (53751)
Size
58 kB (58460 bytes)
Hash
b87b2bb115d8111fe95f029f9bb83cf5
2f66a69c67b5f78a3be8853a97be60a8f8ccafd9
7e2d164d656798463b7ba244f32c8b55cbddfafd55735c34f913b15bb9b86263

HTTP Headers

GET /app/files/vendor.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 06 Jan 2023 04:24:29 GMT
content-type: application/javascript
last-modified: Wed, 05 Jan 2022 01:45:22 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 58460
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/clientlib-base.css

198.54.115.37

200 OK

46 kB

URL HTTP/2
exotikdoks.org/app/files/clientlib-base.css
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (1334)
Size
46 kB (46095 bytes)
Hash
5b068a4871806878f6fd52fb56d2f684
9d8fefafb73523caafe65428b2a4725f167a11fc
f1815afcfe5ef1862d797a61ffce5daf8e9ce9e4bfe1fc0f3fc3924e1e4742da

HTTP Headers

GET /app/files/clientlib-base.css HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 06 Jan 2023 04:24:29 GMT
content-type: text/css
last-modified: Wed, 05 Jan 2022 01:45:22 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 46095
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/alert_new_design.css

198.54.115.37

200 OK

662 B

URL HTTP/2
exotikdoks.org/app/files/alert_new_design.css
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with CRLF line terminators
Size
662 B (662 bytes)
Hash
be59f04879a17b5730ecbbff100ca4cd
9139ee86051aee5ede4be7bb7d44f3e02b575c7f
c9ae89068c364801a86483365f2783e38d295b488e61fa21cb913271a8435916

HTTP Headers

GET /app/files/alert_new_design.css HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 06 Jan 2023 04:24:29 GMT
content-type: text/css
last-modified: Wed, 05 Jan 2022 01:45:22 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 662
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

beacon.krxd.net/optout_check?callback=Krux.ns.mtbankcorporationus.kxjsonp_optOutCheck

52.209.245.18

200 OK

1.3 kB

URL HTTP/2
beacon.krxd.net/optout_check?callback=Krux.ns.mtbankcorporationus.kxjsonp_optOutCheck
IP
52.209.245.18:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.3 kB (1311 bytes)
Hash
ac50c75577e399c3257655d2d83087c4
a82543cd6a963f10c3f41e43d1481c920c6cafec
84c7868dc43d9632255c94be3ff1f1694c5d89ded2e8069d5e46acff1bb4f7ee

HTTP Headers

GET /optout_check?callback=Krux.ns.mtbankcorporationus.kxjsonp_optOutCheck HTTP/1.1
Host: beacon.krxd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 30 Dec 2022 04:24:29 GMT
content-type: text/javascript
cache-control: private, max-age=0, s-max-age=0
x-served-by: beacon-n021-dub-prod.krxd.net
x-request-time: D=41 t=1672374269
X-Firefox-Spdy: h2

exotikdoks.org/app/files/status.js

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/status.js
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/status.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/charReplace.js

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/charReplace.js
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/charReplace.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/clientlib-base.js

198.54.115.37

200 OK

85 kB

URL HTTP/2
exotikdoks.org/app/files/clientlib-base.js
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text
Size
85 kB (84722 bytes)
Hash
34330020ff2028a519c75096e2dbc9df
6646001f9c3e33552db53c5ea507365c9b09051a
df6742b5967c054f7fac62f9ad1c972e3a1beba0476920102282a68c24604ebf

HTTP Headers

GET /app/files/clientlib-base.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 06 Jan 2023 04:24:29 GMT
content-type: application/javascript
last-modified: Wed, 05 Jan 2022 01:45:22 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 84722
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/controltag.a1705c5ac5f06cf0c202ff70908fc042

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/controltag.a1705c5ac5f06cf0c202ff70908fc042
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/controltag.a1705c5ac5f06cf0c202ff70908fc042 HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/conversion_async.js

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/conversion_async.js
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/conversion_async.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/conversion_async.js

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/conversion_async.js
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/conversion_async.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/conversion_async.js

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/conversion_async.js
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/conversion_async.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/conversion_async.js

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/conversion_async.js
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/conversion_async.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/conversion_async_002.js

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/conversion_async_002.js
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/conversion_async_002.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/controltag.a1705c5ac5f06cf0c202ff70908fc042

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/controltag.a1705c5ac5f06cf0c202ff70908fc042
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/controltag.a1705c5ac5f06cf0c202ff70908fc042 HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/js

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/js
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/insight.js

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/insight.js
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/insight.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/ytc.js

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/ytc.js
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/ytc.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/fbevents.js

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/fbevents.js
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/fbevents.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/dnb_coretag_v5.js

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/dnb_coretag_v5.js
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/dnb_coretag_v5.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/utag_002.js

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/utag_002.js
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/utag_002.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2783127a63c78cb5ac02e1a31631bfca
a26af5a37bbb43d4258282640749ced026ba9560
cfe19d12b6070f9171129591b54bab634d5582e4d8d83e5c1fbe703d873b8366

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CFE19D12B6070F9171129591B54BAB634D5582E4D8D83E5C1FBE703D873B8366"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18328
Expires: Fri, 30 Dec 2022 09:29:57 GMT
Date: Fri, 30 Dec 2022 04:24:29 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2783127a63c78cb5ac02e1a31631bfca
a26af5a37bbb43d4258282640749ced026ba9560
cfe19d12b6070f9171129591b54bab634d5582e4d8d83e5c1fbe703d873b8366

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CFE19D12B6070F9171129591B54BAB634D5582E4D8D83E5C1FBE703D873B8366"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18328
Expires: Fri, 30 Dec 2022 09:29:57 GMT
Date: Fri, 30 Dec 2022 04:24:29 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2783127a63c78cb5ac02e1a31631bfca
a26af5a37bbb43d4258282640749ced026ba9560
cfe19d12b6070f9171129591b54bab634d5582e4d8d83e5c1fbe703d873b8366

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CFE19D12B6070F9171129591B54BAB634D5582E4D8D83E5C1FBE703D873B8366"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18328
Expires: Fri, 30 Dec 2022 09:29:57 GMT
Date: Fri, 30 Dec 2022 04:24:29 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2783127a63c78cb5ac02e1a31631bfca
a26af5a37bbb43d4258282640749ced026ba9560
cfe19d12b6070f9171129591b54bab634d5582e4d8d83e5c1fbe703d873b8366

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CFE19D12B6070F9171129591B54BAB634D5582E4D8D83E5C1FBE703D873B8366"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18328
Expires: Fri, 30 Dec 2022 09:29:57 GMT
Date: Fri, 30 Dec 2022 04:24:29 GMT
Connection: keep-alive

exotikdoks.org/app/files/ytc.js

198.54.115.37

404 Not Found

11 kB

URL HTTP/2
exotikdoks.org/app/files/ytc.js
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11315 bytes)
Hash
51406d6bd4a7322a475fc2a98267154e
9fa03002aa1974d4a9557cedad8bd5d7fefa52ad
a1858d9fd203972f0dc3fe97f36e07796b84f6e2851c9990d406f452793e3454

HTTP Headers

GET /app/files/ytc.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdab5cb9e-53fc-4a70-831a-6d6bd503103e.jpeg

34.120.237.76

200 OK

4.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdab5cb9e-53fc-4a70-831a-6d6bd503103e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.8 kB (4833 bytes)
Hash
a9d1857128ab6a237e6854c7a3532b51
702ab1eb38be637f012e1454201b9a7561c29081
48fbf5b5aa1cf66fcdaafe68c72ac073d2ba9b6dedf76ebfaafdc88836fa0fde

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdab5cb9e-53fc-4a70-831a-6d6bd503103e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4833
x-amzn-requestid: 46ef49d7-dadb-4665-84bf-1c331ed8fce6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d7ZU2E3IIAMFxAw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ae08eb-28af0ab9094d7c21560a60db;Sampled=0
x-amzn-remapped-date: Thu, 29 Dec 2022 21:38:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: YyIKd_GHAixWYqzjn0XD2Jwal3Jt62L90StfgPkCkJWU3RQml-u6oA==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Dec 2022 22:01:39 GMT
age: 22970
etag: "702ab1eb38be637f012e1454201b9a7561c29081"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b72d4d2-0340-4f3f-9cb2-a0ff1e1ece28.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8494 bytes)
Hash
d0f02288213f270c5a4a8944107c81e9
d17f3594e4aa86aa1b28849bbc3c7f1d45d938ea
770e6cc997aafc1c0485af4fa413fa255868a5d333e8e60e7de90b4c74bf29bf

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b72d4d2-0340-4f3f-9cb2-a0ff1e1ece28.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8494
x-amzn-requestid: 8dc4c6ae-ecb5-427d-be0a-535585f19b03
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d7ZUXHR1IAMFn4w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ae08e8-326ee70106b8fa9d2c4d540b;Sampled=0
x-amzn-remapped-date: Thu, 29 Dec 2022 21:38:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: fR6Tky8KiadgDTqrGN7QKIldTbOm8rIxJXZOtT6FyjBC6gafdCd33A==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Dec 2022 22:01:38 GMT
age: 22971
etag: "d17f3594e4aa86aa1b28849bbc3c7f1d45d938ea"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24cb4ce3-48b0-4438-a0c5-0c62139706b6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.7 kB (9748 bytes)
Hash
a5df739293f8846ba42b9ee2748ddec0
8ae554e7a9944145b58cdf14433e382e0b09d417
2a2bbd6219432e6a451838ca1266972fb412190fbf1c96351f3f0372143eea2f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24cb4ce3-48b0-4438-a0c5-0c62139706b6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9748
x-amzn-requestid: 06f61fb6-c474-4c29-8e2a-3c94086c0a96
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d7ZmOG9DoAMFhOQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ae095a-731b23c915809aba62afd050;Sampled=0
x-amzn-remapped-date: Thu, 29 Dec 2022 21:40:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KjGfhkZcBsccQksbbE0udUABqQ-3whKNn_2vVln0AVvrd-Uwas_O6w==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Dec 2022 22:01:37 GMT
age: 22972
etag: "8ae554e7a9944145b58cdf14433e382e0b09d417"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feb2de568-8b33-4d12-9106-7572f02ecbb1.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10251 bytes)
Hash
31d49f75781806f50df72ef4fdaa58f5
dc95fbf5234792c673e8167db1c6bbbbe037e65a
ddc369bfd6a15cfa1bc16a4d36e67a96aefca71fbb37c5736ebdf4577a2bd232

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feb2de568-8b33-4d12-9106-7572f02ecbb1.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10251
x-amzn-requestid: b3548ad3-066b-4908-828e-857d14028fb9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d7ZUtH09IAMFmgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ae08ea-32d0ae852ae4332751a274d3;Sampled=0
x-amzn-remapped-date: Thu, 29 Dec 2022 21:38:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: LL7xpalzGYAFomhGYwmo_aapLDsrd5_xwCEbZNyJveTL3-Qttzfwvg==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Dec 2022 22:11:59 GMT
age: 22350
etag: "dc95fbf5234792c673e8167db1c6bbbbe037e65a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59a00921-670d-4d42-8d38-4adc489e84fc.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.3 kB (8304 bytes)
Hash
a420fd559ef25d34ee67e7ad924754dc
8af81fc3bcd1447ad6318d6c0973c96cd0d274db
b2fbf57e833264e53a22c4361a8e4a21d57886f7b419889bfdc15c0b46783da5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59a00921-670d-4d42-8d38-4adc489e84fc.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8304
x-amzn-requestid: 98c46da7-857c-44be-86b1-f94b23be3821
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d44n2EEYIAMFkWw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ad07cb-636c41041748af7a27f7ad39;Sampled=0
x-amzn-remapped-date: Thu, 29 Dec 2022 03:21:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: LcudzBZihPaz5Fn0GenuCNnPGWw1Fs7fYN_eoLg0WZFYxqJhOUCfgA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Dec 2022 16:12:38 GMT
age: 43911
etag: "8af81fc3bcd1447ad6318d6c0973c96cd0d274db"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

exotikdoks.org/app/files/clientlib-header.js

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/clientlib-header.js
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/clientlib-header.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/tags.tiqcdn.com/utag/mtbank/main/prod/utag.js

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/tags.tiqcdn.com/utag/mtbank/main/prod/utag.js
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /tags.tiqcdn.com/utag/mtbank/main/prod/utag.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/utag.js

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/utag.js
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/utag.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/utag_005.js

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/utag_005.js
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/utag_005.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:30 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/5564484.js

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/5564484.js
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/5564484.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:30 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/content/dam/mtb-web/images/spanish/es-language-icon.svg

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/content/dam/mtb-web/images/spanish/es-language-icon.svg
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /content/dam/mtb-web/images/spanish/es-language-icon.svg HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:30 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/allAlertobject.js

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/allAlertobject.js
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/allAlertobject.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:30 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-book.woff

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-book.woff
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-book.woff HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://exotikdoks.org/app/files/clientlib-base.css
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:30 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-medium.woff

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-medium.woff
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-medium.woff HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://exotikdoks.org/app/files/clientlib-base.css
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:30 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/Kensington_Mural_OLB_Desktop.jpg

198.54.115.37

200 OK

97 kB

URL HTTP/2
exotikdoks.org/app/files/Kensington_Mural_OLB_Desktop.jpg
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 720x816, components 3\012- data
Size
97 kB (97376 bytes)
Hash
eff5918d95c67e5895d1238899035038
a91dac29ffedc3af3d4165da5a5cc5b7a8d5361a
cd2a867b9a143a9fd42b3fa1dcf69f57d09f0e9f61c5d3c49fb8302d87603ecc

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/Kensington_Mural_OLB_Desktop.jpg HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 06 Jan 2023 04:24:30 GMT
content-type: image/jpeg
last-modified: Wed, 05 Jan 2022 00:09:42 GMT
accept-ranges: bytes
content-length: 97376
date: Fri, 30 Dec 2022 04:24:30 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-light.woff

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-light.woff
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-light.woff HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://exotikdoks.org/app/files/clientlib-base.css
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:30 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/status.js

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/status.js
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/status.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:30 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
45d0275d888de3db6b032bf5321c25ee
5ee65eca4d6cb272e2c7ce13d8889127da21618f
3c10ed1705439725141ec14d321729239a4163904cac4d5b8239a1081d7ab9a4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "3C10ED1705439725141EC14D321729239A4163904CAC4D5B8239A1081D7AB9A4"
Last-Modified: Thu, 29 Dec 2022 23:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3462
Expires: Fri, 30 Dec 2022 05:22:12 GMT
Date: Fri, 30 Dec 2022 04:24:30 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
45d0275d888de3db6b032bf5321c25ee
5ee65eca4d6cb272e2c7ce13d8889127da21618f
3c10ed1705439725141ec14d321729239a4163904cac4d5b8239a1081d7ab9a4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "3C10ED1705439725141EC14D321729239A4163904CAC4D5B8239A1081D7AB9A4"
Last-Modified: Thu, 29 Dec 2022 23:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3405
Expires: Fri, 30 Dec 2022 05:21:15 GMT
Date: Fri, 30 Dec 2022 04:24:30 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
45d0275d888de3db6b032bf5321c25ee
5ee65eca4d6cb272e2c7ce13d8889127da21618f
3c10ed1705439725141ec14d321729239a4163904cac4d5b8239a1081d7ab9a4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "3C10ED1705439725141EC14D321729239A4163904CAC4D5B8239A1081D7AB9A4"
Last-Modified: Thu, 29 Dec 2022 23:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3373
Expires: Fri, 30 Dec 2022 05:20:43 GMT
Date: Fri, 30 Dec 2022 04:24:30 GMT
Connection: keep-alive

www3.mtb.com/etc.clientlibs/axp-common/clientlibs/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-light.woff

54.230.111.37

200 OK

66 kB

URL HTTP/2
www3.mtb.com/etc.clientlibs/axp-common/clientlibs/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-light.woff
IP
54.230.111.37:0
ASN
#16509 AMAZON-02

File type
Web Open Font Format, TrueType, length 66170, version 1.0\012- data
Size
66 kB (66170 bytes)
Hash
2c232501b80100ac5022cb84380a6df4
79898c6b15d379850157a7b44d55d8694eb54b1f
18c9c9a98b2a0de85fb63e8fc0fbf0dd575b45d76cfdd22220f4c7d9caf0b99a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /etc.clientlibs/axp-common/clientlibs/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-light.woff HTTP/1.1
Host: www3.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exotikdoks.org
Connection: keep-alive
Referer: https://exotikdoks.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/x-font-woff
content-length: 66170
accept-ranges: bytes
content-disposition: inline
last-modified: Thu, 15 Oct 2020 22:08:15 GMT
server: Apache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
x-dispatcher: dispatcher1useast1
x-frame-options: SAMEORIGIN
x-vhost: publish
cache-control: max-age=86400, public, no-cache="set-cookie"
date: Fri, 30 Dec 2022 03:54:23 GMT
etag: "1027a-5b1bce27771c0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: xpx4EQS4fEjRaOOtR9F7h5ciTd95VVDFx4xjfiaBFo6FiJSEYVhLuQ==
age: 1807
X-Firefox-Spdy: h2

exotikdoks.org/app/files/charReplace.js

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/charReplace.js
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/charReplace.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:30 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

cdn.krxd.net/partnerjs/xdi/proxy.3d2100fd7107262ecb55ce6847f01fa5.html

151.101.2.133

200 OK

525 B

URL HTTP/2
cdn.krxd.net/partnerjs/xdi/proxy.3d2100fd7107262ecb55ce6847f01fa5.html
IP
151.101.2.133:0
ASN
#54113 FASTLY

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (682)
Size
525 B (525 bytes)
Hash
e05627dfbb358dfa9f4d07d79ef2f584
4f113ff981ad900ad46e81987024e5639d50bd9a
28d28aa733802fa7694668c09e5a35c8e772109a1732923a3a9a022fc3d0325b

HTTP Headers

GET /partnerjs/xdi/proxy.3d2100fd7107262ecb55ce6847f01fa5.html HTTP/1.1
Host: cdn.krxd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
last-modified: Tue, 21 Feb 2017 17:50:54 GMT
etag: "3d2100fd7107262ecb55ce6847f01fa5"
cache-control: public, max-age=315360000
expires: Fri, 19 Feb 2027 17:50:50 GMT
content-type: text/html
x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_Partner_JS_S3
fastly-restarts: 1
content-encoding: gzip
accept-ranges: bytes
date: Fri, 30 Dec 2022 04:24:30 GMT
via: 1.1 varnish
age: 49225620
x-served-by: cache-bma1661-BMA
x-cache: HIT
x-cache-hits: 117750
x-timer: S1672374271.610114,VS0,VE0
vary: Accept-Encoding
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
content-length: 525
X-Firefox-Spdy: h2

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
c8a9bd227b835bca61350cd4d5b80ff3
97497b178651eb7340002233ccb5d211c04941ee
4acf849cb82825e169edf8999282c8baff4da83fbe366219728caf5973d46229

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "4ACF849CB82825E169EDF8999282C8BAFF4DA83FBE366219728CAF5973D46229"
Last-Modified: Fri, 30 Dec 2022 03:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3532
Expires: Fri, 30 Dec 2022 05:23:22 GMT
Date: Fri, 30 Dec 2022 04:24:30 GMT
Connection: keep-alive

ocsp.entrust.net/

104.110.10.32

200 OK

1.6 kB

URL HTTP/1.1
ocsp.entrust.net/
IP
104.110.10.32:0
ASN
#16625 AKAMAI-AS

File type
data
Size
1.6 kB (1588 bytes)
Hash
c8a9bd227b835bca61350cd4d5b80ff3
97497b178651eb7340002233ccb5d211c04941ee
4acf849cb82825e169edf8999282c8baff4da83fbe366219728caf5973d46229

HTTP Headers

POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "4ACF849CB82825E169EDF8999282C8BAFF4DA83FBE366219728CAF5973D46229"
Last-Modified: Fri, 30 Dec 2022 03:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3569
Expires: Fri, 30 Dec 2022 05:23:59 GMT
Date: Fri, 30 Dec 2022 04:24:30 GMT
Connection: keep-alive

www3.mtb.com/etc.clientlibs/axp-common/clientlibs/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-medium.woff

54.230.111.37

200 OK

64 kB

URL HTTP/2
www3.mtb.com/etc.clientlibs/axp-common/clientlibs/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-medium.woff
IP
54.230.111.37:0
ASN
#16509 AMAZON-02

File type
Web Open Font Format, TrueType, length 64318, version 1.0\012- data
Size
64 kB (64318 bytes)
Hash
b245a55f7e33e1cf4d2477570936ef84
12bf1c1eda6db246778f7c343acebbaad8fa36f4
b391b55f950528937beee7687717a4aef81196817834f1c93b099713ff738fbc

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /etc.clientlibs/axp-common/clientlibs/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-medium.woff HTTP/1.1
Host: www3.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exotikdoks.org
Connection: keep-alive
Referer: https://exotikdoks.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/x-font-woff
content-length: 64318
accept-ranges: bytes
content-disposition: inline
last-modified: Thu, 15 Oct 2020 22:08:15 GMT
server: Apache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
x-dispatcher: dispatcher2useast1
x-frame-options: SAMEORIGIN
x-vhost: publish
cache-control: max-age=86400, public, no-cache="set-cookie"
date: Fri, 30 Dec 2022 03:54:22 GMT
etag: "fb3e-5b1bce27771c0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: s9BlIUh6CgNfjDVP7nPxfmMvIDf5f5C8FcldwtUNwHrC8GBpFpSy3Q==
age: 1808
X-Firefox-Spdy: h2

www3.mtb.com/etc.clientlibs/axp-common/clientlibs/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-book.woff

54.230.111.37

200 OK

68 kB

URL HTTP/2
www3.mtb.com/etc.clientlibs/axp-common/clientlibs/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-book.woff
IP
54.230.111.37:0
ASN
#16509 AMAZON-02

File type
Web Open Font Format, TrueType, length 67671, version 1.0\012- data
Size
68 kB (67671 bytes)
Hash
6cd469e8613d82d4d07834a5ca7745f0
95347ba0a03d27e1aa91bc17c937d8aefe53e6ff
4029a5a081992259f4e529190b49dbba893931da4e843dd203449f1b9a4509d2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /etc.clientlibs/axp-common/clientlibs/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-book.woff HTTP/1.1
Host: www3.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exotikdoks.org
Connection: keep-alive
Referer: https://exotikdoks.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/x-font-woff
content-length: 67671
accept-ranges: bytes
content-disposition: inline
last-modified: Thu, 15 Oct 2020 22:08:15 GMT
server: Apache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
x-dispatcher: dispatcher1useast1
x-frame-options: SAMEORIGIN
x-vhost: publish
cache-control: max-age=86400, public, no-cache="set-cookie"
date: Fri, 30 Dec 2022 03:25:55 GMT
etag: "10857-5b1bce27771c0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: a9UzqxrMMYtjrng9tgNQ-RSoD-D_k3hfS-KuxoxViCe3OxBFWUgs6Q==
age: 3513
X-Firefox-Spdy: h2

cdn.krxd.net/controltag/umz03a31z.js

151.101.2.133

200 OK

6.2 kB

URL HTTP/2
cdn.krxd.net/controltag/umz03a31z.js
IP
151.101.2.133:0
ASN
#54113 FASTLY

File type
HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (30239)
Size
6.2 kB (6199 bytes)
Hash
2df704308541dcd619b6f68f1e0f5b9a
348b65d37cc287e8a065190e79d1e9131bba07eb
1ecadcb545bdc6117f7555e2df60b90a5dbc7adcd4942c73a8e6a19868f6483b

HTTP Headers

GET /controltag/umz03a31z.js HTTP/1.1
Host: cdn.krxd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.krxd.net/partnerjs/xdi/proxy.3d2100fd7107262ecb55ce6847f01fa5.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
etag: "b98c609de9f05ec266a0250aa834a20d5dbe02d5"
x-app-cache: HIT
cache-control: public, max-age=1200
x-response-time: 0
content-encoding: gzip
x-age: 0
x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_config_service_ash_prod
via: 1.1 varnish, 1.1 varnish
x-do-esi: esi
accept-ranges: bytes
date: Fri, 30 Dec 2022 04:24:30 GMT
age: 1442
x-served-by: config-service-a006-ash-prod.krxd.net, cache-iad-kjyo7100046-IAD, cache-bma1661-BMA
x-cache: MISS, HIT, HIT
x-cache-hits: 0, 5, 1
x-timer: S1672374271.653470,VS0,VE1
vary: Accept-Encoding
content-length: 6199
X-Firefox-Spdy: h2

www3.mtb.com/etc.clientlibs/axp-common/clientlibs/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-book.woff

54.230.111.37

304 Not Modified

0 B

URL HTTP/2
www3.mtb.com/etc.clientlibs/axp-common/clientlibs/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-book.woff
IP
54.230.111.37:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /etc.clientlibs/axp-common/clientlibs/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-book.woff HTTP/1.1
Host: www3.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exotikdoks.org
Connection: keep-alive
Referer: https://exotikdoks.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Thu, 15 Oct 2020 22:08:15 GMT
If-None-Match: "10857-5b1bce27771c0"
TE: trailers

HTTP/2 304 Not Modified
date: Fri, 30 Dec 2022 04:24:30 GMT
content-disposition: inline
server: Apache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
x-dispatcher: dispatcher1useast1
x-frame-options: SAMEORIGIN
x-vhost: publish
cache-control: max-age=86400, public, no-cache="set-cookie"
etag: "10857-5b1bce27771c0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: sbmGR0muJf_b9A0QVsolri4nUb2kVH0o2fUFEtlJlj1e379x3absLA==
age: 3513
X-Firefox-Spdy: h2

www3.mtb.com/etc.clientlibs/axp-common/clientlibs/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-light.woff

54.230.111.37

206 Partial Content

634 B

URL HTTP/2
www3.mtb.com/etc.clientlibs/axp-common/clientlibs/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-light.woff
IP
54.230.111.37:0
ASN
#16509 AMAZON-02

File type
data
Size
634 B (634 bytes)
Hash
1f904851079f195b2ca9bc8fdc7fb9a2
9719b54a71815e2e10401d031a89c52a508c9da9
c8dc1cc6028e9fa77217cf16e067c7ac2fac30377415310c793b1420697ecc76

HTTP Headers

GET /etc.clientlibs/axp-common/clientlibs/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-light.woff HTTP/1.1
Host: www3.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exotikdoks.org
Connection: keep-alive
Referer: https://exotikdoks.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Range: bytes=65536-
If-Range: "1027a-5b1bce27771c0"
TE: trailers

HTTP/2 206 Partial Content
content-type: application/x-font-woff
content-length: 634
accept-ranges: bytes
content-disposition: inline
last-modified: Thu, 15 Oct 2020 22:08:15 GMT
server: Apache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
x-dispatcher: dispatcher1useast1
x-frame-options: SAMEORIGIN
x-vhost: publish
cache-control: max-age=86400, public, no-cache="set-cookie"
date: Fri, 30 Dec 2022 03:54:23 GMT
etag: "1027a-5b1bce27771c0"
vary: Accept-Encoding
content-range: bytes 65536-66169/66170
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: igXNU4v0rQ-hzpEAMMN4jki4M9wNXUYOR3_sFsA_ZXGajOVoTYxETw==
age: 1807
X-Firefox-Spdy: h2

cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042

151.101.2.133

200 OK

84 kB

URL HTTP/2
cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042
IP
151.101.2.133:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (65438)
Size
84 kB (84509 bytes)
Hash
a1705c5ac5f06cf0c202ff70908fc042
61b46d7b851db6ed27714fca76c600eb30e3beaa
2baa440c34cbc5327be71f2af4469118e217edbdcfb05513637be9f4f037188b

HTTP Headers

GET /ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042 HTTP/1.1
Host: cdn.krxd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.krxd.net/partnerjs/xdi/proxy.3d2100fd7107262ecb55ce6847f01fa5.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
last-modified: Mon, 02 Aug 2021 12:06:17 GMT
etag: "a1705c5ac5f06cf0c202ff70908fc042"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=315360000
content-encoding: gzip
expires: Thu, 31 Jul 2031 12:06:16 GMT
content-type: application/javascript
x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_Controltag_S3
accept-ranges: bytes
date: Fri, 30 Dec 2022 04:24:30 GMT
via: 1.1 varnish
age: 24812619
x-served-by: cache-bma1661-BMA
x-cache: HIT
x-cache-hits: 65836
x-timer: S1672374271.680035,VS0,VE0
content-length: 84509
X-Firefox-Spdy: h2

exotikdoks.org/content/dam/mtb-web/images/spanish/es-language-icon.svg

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/content/dam/mtb-web/images/spanish/es-language-icon.svg
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /content/dam/mtb-web/images/spanish/es-language-icon.svg HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:30 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-book.woff

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-book.woff
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-book.woff HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://exotikdoks.org/app/files/clientlib-base.css
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:30 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-medium.woff

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-medium.woff
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-medium.woff HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://exotikdoks.org/app/files/clientlib-base.css
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:30 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

exotikdoks.org/app/files/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-light.woff

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/app/files/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-light.woff
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /app/files/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-light.woff HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://exotikdoks.org/app/files/clientlib-base.css
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:30 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

www3.mtb.com/etc.clientlibs/axp-common/clientlibs/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-medium.woff

54.230.111.37

304 Not Modified

0 B

URL HTTP/2
www3.mtb.com/etc.clientlibs/axp-common/clientlibs/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-medium.woff
IP
54.230.111.37:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /etc.clientlibs/axp-common/clientlibs/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-medium.woff HTTP/1.1
Host: www3.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exotikdoks.org
Connection: keep-alive
Referer: https://exotikdoks.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Thu, 15 Oct 2020 22:08:15 GMT
If-None-Match: "fb3e-5b1bce27771c0"
TE: trailers

HTTP/2 304 Not Modified
date: Fri, 30 Dec 2022 04:24:30 GMT
content-disposition: inline
server: Apache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
x-dispatcher: dispatcher2useast1
x-frame-options: SAMEORIGIN
x-vhost: publish
cache-control: max-age=86400, public, no-cache="set-cookie"
etag: "fb3e-5b1bce27771c0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: d7jTR25_jzrqseuFsqVe6gb80079kmy2h_98n_BK-esp9VIL-G1t4A==
age: 1808
X-Firefox-Spdy: h2

exotikdoks.org/favicon.ico

198.54.115.37

404 Not Found

1.2 kB

URL HTTP/2
exotikdoks.org/favicon.ico
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - M&T Bank

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:30 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ad1d8a9-df54-42a9-8d13-3a03c3b4c479.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12128 bytes)
Hash
51e07c8cb6d9597f35747f86d066ceb0
f151aba59b7fcd5f15a53aedfe8fa5c46cf0932c
ae483370712700a1126be780f0684edbf5d5d9012f611a673b8ad32b49bedae5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ad1d8a9-df54-42a9-8d13-3a03c3b4c479.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 12128
x-amzn-requestid: 57e64ee7-4792-4240-b6ef-70d65d057136
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d7ZTTExLIAMF-Mg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ae08e1-377fb669207833c413b92cf7;Sampled=0
x-amzn-remapped-date: Thu, 29 Dec 2022 21:38:41 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GJX-uBJ3LpYYXbhvc1rpA5KinXAgkweLQOTj3b6PEwuQs4O7IyRxaQ==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Dec 2022 21:50:07 GMT
age: 23669
etag: "f151aba59b7fcd5f15a53aedfe8fa5c46cf0932c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==

198.54.115.37

200 OK

0 B

URL HTTP/2
exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
IP
198.54.115.37:0
ASN
#22612 NAMECHEAP-NET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw== HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
x-powered-by: PHP/7.4.33
set-cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17; path=/; secure
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-type: text/html; charset=UTF-8
content-encoding: br
vary: Accept-Encoding
date: Fri, 30 Dec 2022 04:24:28 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2

beacon.krxd.net/optout_check?callback=Krux.ns.mtbankcorporationus.kxjsonp_optOutCheck

52.209.245.18

200 OK

0 B

URL HTTP/2
beacon.krxd.net/optout_check?callback=Krux.ns.mtbankcorporationus.kxjsonp_optOutCheck
IP
52.209.245.18:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /optout_check?callback=Krux.ns.mtbankcorporationus.kxjsonp_optOutCheck HTTP/1.1
Host: beacon.krxd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 30 Dec 2022 04:24:29 GMT
content-type: text/javascript
cache-control: private, max-age=0, s-max-age=0
x-served-by: beacon-n017-dub-prod.krxd.net
x-request-time: D=31 t=1672374269
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (12)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations