r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e717435470c9f4f06b174d7100c6a98f
292150251495b243c384e0c676a258597ba7f4d8
91ce8257662cb8cea9cc3c74cda1d95dba421daa466b0ac231fa433e0c58e6c6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "91CE8257662CB8CEA9CC3C74CDA1D95DBA421DAA466B0AC231FA433E0C58E6C6"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16914
Expires: Fri, 30 Dec 2022 09:06:21 GMT
Date: Fri, 30 Dec 2022 04:24:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 259d3eba2ac4ea32f0410a59bd01c18a
ab02cd69e6c04e3842ad1778fb0daa6d0e86fddc
0d6ec941dac6d97a0b24c0cf00a5642a4edda68ae5ec8b3019d1ec05f40d2281
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0D6EC941DAC6D97A0B24C0CF00A5642A4EDDA68AE5EC8B3019D1EC05F40D2281"
Last-Modified: Tue, 27 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3970
Expires: Fri, 30 Dec 2022 05:30:37 GMT
Date: Fri, 30 Dec 2022 04:24:27 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 30 Dec 2022 03:46:55 GMT
content-type: application/json
age: 2252
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 07e619a5a572fa9bcb54fa70de27f0d4
c0499dcc7551831f517f189465812859d0f48ced
2213c856ce4dd64ebe28e4deff34d449b2c08be98565c0405427453ae948fa74
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2213C856CE4DD64EBE28E4DEFF34D449B2C08BE98565C0405427453AE948FA74"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2321
Expires: Fri, 30 Dec 2022 05:03:08 GMT
Date: Fri, 30 Dec 2022 04:24:27 GMT
Connection: keep-alive
exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
198.54.115.37301 Moved Permanently 707 B URL HTTP/1.1 exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 1304294c0823ca486542ba408ed761e3
b2a70fb2d810ca13985882e6981f33998823e83e
3bbe72f3baa8ec61de17a1d767fca58704769684b7abe9161d0c4eaf4c8f0982
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw== HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
keep-alive: timeout=5, max=100
content-type: text/html
content-length: 707
date: Fri, 30 Dec 2022 04:24:27 GMT
server: LiteSpeed
location: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
x-turbo-charged-by: LiteSpeed
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: zo+i6Um64N3/VvB1P/xfdr5Fpm7kocPRM1z3o8iYO9Qk38EjAizlRFcPZFK1pSgQB6T8KPId37M=
x-amz-request-id: XR705JND46YV9Z9C
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 30 Dec 2022 03:56:52 GMT
age: 1655
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 30 Dec 2022 04:24:27 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Alert, ETag, Content-Type, Last-Modified, Cache-Control, Expires, Content-Length, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 30 Dec 2022 03:33:30 GMT
age: 3058
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 83363ddf6d13d766b0e043d47087e0c4
7bf3f210e58495accf7de4ac9fc02c7ce66fed8e
8f537ef639a431615589e06aa053bc035651cf2a4617e996a5e0e0d69327b254
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 30 Dec 2022 04:24:28 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 26 Dec 2022 22:07:05 GMT
Expires: Mon, 02 Jan 2023 22:07:04 GMT
Etag: "7bf3f210e58495accf7de4ac9fc02c7ce66fed8e"
Cache-Control: max-age=322355,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 78180187dfa5b505-OSL
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0a08dc71eb7ba3512abb4d29505eb034
e66404bda80b355bae30b0d4db3daa193a6e4276
357891f99263d30eaded85985217d9627cd60369ee8d01a7eacdb2d0f2d8b2dd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4859
Cache-Control: max-age=108198
Content-Type: application/ocsp-response
Date: Fri, 30 Dec 2022 04:24:28 GMT
Etag: "63ad58a7-1d7"
Expires: Sat, 31 Dec 2022 10:27:46 GMT
Last-Modified: Thu, 29 Dec 2022 09:06:47 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
34.216.192.228101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.216.192.228:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: RDtz+vUJ6WHdbjILb+sR3A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Jah6UU/5T/qBFl46mADzLQ1Ivpo=
cdn.krxd.net/userdata/get?pub=5fbc882d-fc17-416e-8069-4c0fc55390a2&technographics=1&callback=Krux.ns.mtbankcorporationus.kxjsonp_userdata
151.101.2.133400 Bad Request 50 B URL HTTP/2 cdn.krxd.net/userdata/get?pub=5fbc882d-fc17-416e-8069-4c0fc55390a2&technographics=1&callback=Krux.ns.mtbankcorporationus.kxjsonp_userdata
IP 151.101.2.133:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 21c1496715ae85cc8430301724721c4b
2ce1ca9fd413b7447426ba8c6c70066b32b942b1
1e65a1902d68be5091e78ad816712b96324672d1ef4573de23a6bd2092b70773
GET /userdata/get?pub=5fbc882d-fc17-416e-8069-4c0fc55390a2&technographics=1&callback=Krux.ns.mtbankcorporationus.kxjsonp_userdata HTTP/1.1
Host: cdn.krxd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 400 Bad Request
content-type: application/json; charset=utf-8
x-age: 0
x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_userdata_ash_prod_krxd_net___UserData_Service_V2
cache-control: public, max-age=10
accept-ranges: bytes
date: Fri, 30 Dec 2022 04:24:28 GMT
via: 1.1 varnish
age: 0
x-served-by: userdata-a002-ash-prod.krxd.net, cache-bma1661-BMA
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1672374269.869234,VS0,VE92
content-length: 50
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d2766b14604223ddc7bf201e8bff4452
de982367c6f5bc10f2d9ce1fd1e1a7fdc6713f25
84427497a4b00b5bf66b9256f79a64a73db93365f2ad854df99b5b3836be3bdc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4810
Cache-Control: max-age=118608
Content-Type: application/ocsp-response
Date: Fri, 30 Dec 2022 04:24:28 GMT
Etag: "63ad8182-1d7"
Expires: Sat, 31 Dec 2022 13:21:16 GMT
Last-Modified: Thu, 29 Dec 2022 12:01:06 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
consumer.krxd.net/consent/get/5fbc882d-fc17-416e-8069-4c0fc55390a2?idt=device&dt=kxcookie&callback=Krux.ns.mtbankcorporationus.kxjsonp_consent_get_0
151.101.130.133200 OK 197 B URL HTTP/2 consumer.krxd.net/consent/get/5fbc882d-fc17-416e-8069-4c0fc55390a2?idt=device&dt=kxcookie&callback=Krux.ns.mtbankcorporationus.kxjsonp_consent_get_0
IP 151.101.130.133:0
File type ASCII text, with no line terminators
Hash 58bececf88a3c7a0ed55cdbf7eb064f8
53d6944ccef815d61482e168067e02fb6b8209e0
876fe480cae3a2d503e2a2e6123bc4a1e11cef759a4eae944dcedf2bcc7e0625
GET /consent/get/5fbc882d-fc17-416e-8069-4c0fc55390a2?idt=device&dt=kxcookie&callback=Krux.ns.mtbankcorporationus.kxjsonp_consent_get_0 HTTP/1.1
Host: consumer.krxd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
cache-control: max-age=1800
content-encoding: gzip
x-age: 0
accept-ranges: bytes
date: Fri, 30 Dec 2022 04:24:28 GMT
via: 1.1 varnish
age: 0
x-served-by: consumer-a014-ash-prod.krxd.net, cache-bma1627-BMA
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1672374269.880679,VS0,VE93
vary: Accept-Encoding
content-length: 197
X-Firefox-Spdy: h2
cdn.krxd.net/userdata/get?pub=5fbc882d-fc17-416e-8069-4c0fc55390a2&technographics=1&callback=Krux.ns.mtbankcorporationus.kxjsonp_userdata
151.101.2.133400 Bad Request 50 B URL HTTP/2 cdn.krxd.net/userdata/get?pub=5fbc882d-fc17-416e-8069-4c0fc55390a2&technographics=1&callback=Krux.ns.mtbankcorporationus.kxjsonp_userdata
IP 151.101.2.133:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 21c1496715ae85cc8430301724721c4b
2ce1ca9fd413b7447426ba8c6c70066b32b942b1
1e65a1902d68be5091e78ad816712b96324672d1ef4573de23a6bd2092b70773
GET /userdata/get?pub=5fbc882d-fc17-416e-8069-4c0fc55390a2&technographics=1&callback=Krux.ns.mtbankcorporationus.kxjsonp_userdata HTTP/1.1
Host: cdn.krxd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 400 Bad Request
content-type: application/json; charset=utf-8
x-age: 0
x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_userdata_ash_prod_krxd_net___UserData_Service_V2
cache-control: public, max-age=10
accept-ranges: bytes
date: Fri, 30 Dec 2022 04:24:29 GMT
via: 1.1 varnish
age: 0
x-served-by: userdata-a002-ash-prod.krxd.net, cache-bma1661-BMA
x-cache: MISS, HIT
x-cache-hits: 0, 1
x-timer: S1672374269.052172,VS0,VE0
content-length: 50
X-Firefox-Spdy: h2
exotikdoks.org/tags.tiqcdn.com/utag/mtbank/main/prod/utag.js
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/tags.tiqcdn.com/utag/mtbank/main/prod/utag.js
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /tags.tiqcdn.com/utag/mtbank/main/prod/utag.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:28 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/get
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/get
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/get HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:28 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/5fbc882d-fc17-416e-8069-4c0fc55390a2_002
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/5fbc882d-fc17-416e-8069-4c0fc55390a2_002
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/5fbc882d-fc17-416e-8069-4c0fc55390a2_002 HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:28 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/controltag.a1705c5ac5f06cf0c202ff70908fc042
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/controltag.a1705c5ac5f06cf0c202ff70908fc042
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/controltag.a1705c5ac5f06cf0c202ff70908fc042 HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:28 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/dnb_coretag_v5.js
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/dnb_coretag_v5.js
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/dnb_coretag_v5.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:28 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/a.txt
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/a.txt
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/a.txt HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:28 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/utag_002.js
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/utag_002.js
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/utag_002.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:28 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/get_002
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/get_002
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/get_002 HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:28 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/optout_check
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/optout_check
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/optout_check HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:28 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/conversion_async.js
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/conversion_async.js
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/conversion_async.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:28 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/5fbc882d-fc17-416e-8069-4c0fc55390a2
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/5fbc882d-fc17-416e-8069-4c0fc55390a2
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/5fbc882d-fc17-416e-8069-4c0fc55390a2 HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/conversion_async_002.js
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/conversion_async_002.js
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/conversion_async_002.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/ytc.js
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/ytc.js
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/ytc.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/fbevents.js
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/fbevents.js
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/fbevents.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/js
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/js
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/insight.js
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/insight.js
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/insight.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/uwt.js
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/uwt.js
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/uwt.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/bat.js
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/bat.js
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/bat.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/umz03a31z.js
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/umz03a31z.js
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/umz03a31z.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/mtb_app_wbk.js
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/mtb_app_wbk.js
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/mtb_app_wbk.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/clientlib-header.js
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/clientlib-header.js
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/clientlib-header.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/content/dam/mtb-web/images/spanish/es-language-icon.svg
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/content/dam/mtb-web/images/spanish/es-language-icon.svg
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /content/dam/mtb-web/images/spanish/es-language-icon.svg HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/utag.js
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/utag.js
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/utag.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/utag_005.js
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/utag_005.js
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/utag_005.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/5564484.js
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/5564484.js
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/5564484.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/green-logo.png
198.54.115.37200 OK 22 kB URL HTTP/2 exotikdoks.org/app/files/green-logo.png
IP 198.54.115.37:0
File type PNG image data, 600 x 200, 8-bit/color RGBA, non-interlaced\012- data
Hash 1e1d02e141e89a4c45d9c0aa5530bc3a
970e63270ce5fd36c51c3b25724b7b37f014f760
4ab56bfc693e75fbc52de80072dcbcd412efe057dcc099c9b718fb6f85ee129b
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/green-logo.png HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 06 Jan 2023 04:24:29 GMT
content-type: image/png
last-modified: Wed, 05 Jan 2022 01:45:22 GMT
accept-ranges: bytes
content-length: 21842
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/es-language-icon.htm
198.54.115.37200 OK 196 B URL HTTP/2 exotikdoks.org/app/files/es-language-icon.htm
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
GET /app/files/es-language-icon.htm HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Wed, 05 Jan 2022 01:45:22 GMT
accept-ranges: bytes
content-length: 196
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/vendor.js
198.54.115.37200 OK 58 kB URL HTTP/2 exotikdoks.org/app/files/vendor.js
IP 198.54.115.37:0
File type ASCII text, with very long lines (53751)
Hash b87b2bb115d8111fe95f029f9bb83cf5
2f66a69c67b5f78a3be8853a97be60a8f8ccafd9
7e2d164d656798463b7ba244f32c8b55cbddfafd55735c34f913b15bb9b86263
GET /app/files/vendor.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 06 Jan 2023 04:24:29 GMT
content-type: application/javascript
last-modified: Wed, 05 Jan 2022 01:45:22 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 58460
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/clientlib-base.css
198.54.115.37200 OK 46 kB URL HTTP/2 exotikdoks.org/app/files/clientlib-base.css
IP 198.54.115.37:0
File type ASCII text, with very long lines (1334)
Hash 5b068a4871806878f6fd52fb56d2f684
9d8fefafb73523caafe65428b2a4725f167a11fc
f1815afcfe5ef1862d797a61ffce5daf8e9ce9e4bfe1fc0f3fc3924e1e4742da
GET /app/files/clientlib-base.css HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 06 Jan 2023 04:24:29 GMT
content-type: text/css
last-modified: Wed, 05 Jan 2022 01:45:22 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 46095
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/alert_new_design.css
198.54.115.37200 OK 662 B URL HTTP/2 exotikdoks.org/app/files/alert_new_design.css
IP 198.54.115.37:0
File type ASCII text, with CRLF line terminators
Hash be59f04879a17b5730ecbbff100ca4cd
9139ee86051aee5ede4be7bb7d44f3e02b575c7f
c9ae89068c364801a86483365f2783e38d295b488e61fa21cb913271a8435916
GET /app/files/alert_new_design.css HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 06 Jan 2023 04:24:29 GMT
content-type: text/css
last-modified: Wed, 05 Jan 2022 01:45:22 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 662
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
beacon.krxd.net/optout_check?callback=Krux.ns.mtbankcorporationus.kxjsonp_optOutCheck
52.209.245.18200 OK 1.3 kB URL HTTP/2 beacon.krxd.net/optout_check?callback=Krux.ns.mtbankcorporationus.kxjsonp_optOutCheck
IP 52.209.245.18:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash ac50c75577e399c3257655d2d83087c4
a82543cd6a963f10c3f41e43d1481c920c6cafec
84c7868dc43d9632255c94be3ff1f1694c5d89ded2e8069d5e46acff1bb4f7ee
GET /optout_check?callback=Krux.ns.mtbankcorporationus.kxjsonp_optOutCheck HTTP/1.1
Host: beacon.krxd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 30 Dec 2022 04:24:29 GMT
content-type: text/javascript
cache-control: private, max-age=0, s-max-age=0
x-served-by: beacon-n021-dub-prod.krxd.net
x-request-time: D=41 t=1672374269
X-Firefox-Spdy: h2
exotikdoks.org/app/files/status.js
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/status.js
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/status.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/charReplace.js
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/charReplace.js
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/charReplace.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/clientlib-base.js
198.54.115.37200 OK 85 kB URL HTTP/2 exotikdoks.org/app/files/clientlib-base.js
IP 198.54.115.37:0
Hash 34330020ff2028a519c75096e2dbc9df
6646001f9c3e33552db53c5ea507365c9b09051a
df6742b5967c054f7fac62f9ad1c972e3a1beba0476920102282a68c24604ebf
GET /app/files/clientlib-base.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 06 Jan 2023 04:24:29 GMT
content-type: application/javascript
last-modified: Wed, 05 Jan 2022 01:45:22 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 84722
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/controltag.a1705c5ac5f06cf0c202ff70908fc042
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/controltag.a1705c5ac5f06cf0c202ff70908fc042
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/controltag.a1705c5ac5f06cf0c202ff70908fc042 HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/conversion_async.js
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/conversion_async.js
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/conversion_async.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/conversion_async.js
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/conversion_async.js
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/conversion_async.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/conversion_async.js
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/conversion_async.js
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/conversion_async.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/conversion_async.js
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/conversion_async.js
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/conversion_async.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/conversion_async_002.js
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/conversion_async_002.js
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/conversion_async_002.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/controltag.a1705c5ac5f06cf0c202ff70908fc042
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/controltag.a1705c5ac5f06cf0c202ff70908fc042
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/controltag.a1705c5ac5f06cf0c202ff70908fc042 HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/js
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/js
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/insight.js
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/insight.js
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/insight.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/ytc.js
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/ytc.js
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/ytc.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/fbevents.js
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/fbevents.js
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/fbevents.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/dnb_coretag_v5.js
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/dnb_coretag_v5.js
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/dnb_coretag_v5.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/utag_002.js
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/utag_002.js
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/utag_002.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2783127a63c78cb5ac02e1a31631bfca
a26af5a37bbb43d4258282640749ced026ba9560
cfe19d12b6070f9171129591b54bab634d5582e4d8d83e5c1fbe703d873b8366
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CFE19D12B6070F9171129591B54BAB634D5582E4D8D83E5C1FBE703D873B8366"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18328
Expires: Fri, 30 Dec 2022 09:29:57 GMT
Date: Fri, 30 Dec 2022 04:24:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2783127a63c78cb5ac02e1a31631bfca
a26af5a37bbb43d4258282640749ced026ba9560
cfe19d12b6070f9171129591b54bab634d5582e4d8d83e5c1fbe703d873b8366
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CFE19D12B6070F9171129591B54BAB634D5582E4D8D83E5C1FBE703D873B8366"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18328
Expires: Fri, 30 Dec 2022 09:29:57 GMT
Date: Fri, 30 Dec 2022 04:24:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2783127a63c78cb5ac02e1a31631bfca
a26af5a37bbb43d4258282640749ced026ba9560
cfe19d12b6070f9171129591b54bab634d5582e4d8d83e5c1fbe703d873b8366
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CFE19D12B6070F9171129591B54BAB634D5582E4D8D83E5C1FBE703D873B8366"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18328
Expires: Fri, 30 Dec 2022 09:29:57 GMT
Date: Fri, 30 Dec 2022 04:24:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2783127a63c78cb5ac02e1a31631bfca
a26af5a37bbb43d4258282640749ced026ba9560
cfe19d12b6070f9171129591b54bab634d5582e4d8d83e5c1fbe703d873b8366
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CFE19D12B6070F9171129591B54BAB634D5582E4D8D83E5C1FBE703D873B8366"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18328
Expires: Fri, 30 Dec 2022 09:29:57 GMT
Date: Fri, 30 Dec 2022 04:24:29 GMT
Connection: keep-alive
exotikdoks.org/app/files/ytc.js
198.54.115.37404 Not Found 11 kB URL HTTP/2 exotikdoks.org/app/files/ytc.js
IP 198.54.115.37:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 51406d6bd4a7322a475fc2a98267154e
9fa03002aa1974d4a9557cedad8bd5d7fefa52ad
a1858d9fd203972f0dc3fe97f36e07796b84f6e2851c9990d406f452793e3454
GET /app/files/ytc.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdab5cb9e-53fc-4a70-831a-6d6bd503103e.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdab5cb9e-53fc-4a70-831a-6d6bd503103e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a9d1857128ab6a237e6854c7a3532b51
702ab1eb38be637f012e1454201b9a7561c29081
48fbf5b5aa1cf66fcdaafe68c72ac073d2ba9b6dedf76ebfaafdc88836fa0fde
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdab5cb9e-53fc-4a70-831a-6d6bd503103e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4833
x-amzn-requestid: 46ef49d7-dadb-4665-84bf-1c331ed8fce6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d7ZU2E3IIAMFxAw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ae08eb-28af0ab9094d7c21560a60db;Sampled=0
x-amzn-remapped-date: Thu, 29 Dec 2022 21:38:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: YyIKd_GHAixWYqzjn0XD2Jwal3Jt62L90StfgPkCkJWU3RQml-u6oA==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Dec 2022 22:01:39 GMT
age: 22970
etag: "702ab1eb38be637f012e1454201b9a7561c29081"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b72d4d2-0340-4f3f-9cb2-a0ff1e1ece28.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b72d4d2-0340-4f3f-9cb2-a0ff1e1ece28.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d0f02288213f270c5a4a8944107c81e9
d17f3594e4aa86aa1b28849bbc3c7f1d45d938ea
770e6cc997aafc1c0485af4fa413fa255868a5d333e8e60e7de90b4c74bf29bf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b72d4d2-0340-4f3f-9cb2-a0ff1e1ece28.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8494
x-amzn-requestid: 8dc4c6ae-ecb5-427d-be0a-535585f19b03
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d7ZUXHR1IAMFn4w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ae08e8-326ee70106b8fa9d2c4d540b;Sampled=0
x-amzn-remapped-date: Thu, 29 Dec 2022 21:38:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: fR6Tky8KiadgDTqrGN7QKIldTbOm8rIxJXZOtT6FyjBC6gafdCd33A==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Dec 2022 22:01:38 GMT
age: 22971
etag: "d17f3594e4aa86aa1b28849bbc3c7f1d45d938ea"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24cb4ce3-48b0-4438-a0c5-0c62139706b6.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24cb4ce3-48b0-4438-a0c5-0c62139706b6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a5df739293f8846ba42b9ee2748ddec0
8ae554e7a9944145b58cdf14433e382e0b09d417
2a2bbd6219432e6a451838ca1266972fb412190fbf1c96351f3f0372143eea2f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24cb4ce3-48b0-4438-a0c5-0c62139706b6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9748
x-amzn-requestid: 06f61fb6-c474-4c29-8e2a-3c94086c0a96
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d7ZmOG9DoAMFhOQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ae095a-731b23c915809aba62afd050;Sampled=0
x-amzn-remapped-date: Thu, 29 Dec 2022 21:40:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KjGfhkZcBsccQksbbE0udUABqQ-3whKNn_2vVln0AVvrd-Uwas_O6w==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Dec 2022 22:01:37 GMT
age: 22972
etag: "8ae554e7a9944145b58cdf14433e382e0b09d417"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feb2de568-8b33-4d12-9106-7572f02ecbb1.png
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feb2de568-8b33-4d12-9106-7572f02ecbb1.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 31d49f75781806f50df72ef4fdaa58f5
dc95fbf5234792c673e8167db1c6bbbbe037e65a
ddc369bfd6a15cfa1bc16a4d36e67a96aefca71fbb37c5736ebdf4577a2bd232
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feb2de568-8b33-4d12-9106-7572f02ecbb1.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10251
x-amzn-requestid: b3548ad3-066b-4908-828e-857d14028fb9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d7ZUtH09IAMFmgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ae08ea-32d0ae852ae4332751a274d3;Sampled=0
x-amzn-remapped-date: Thu, 29 Dec 2022 21:38:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: LL7xpalzGYAFomhGYwmo_aapLDsrd5_xwCEbZNyJveTL3-Qttzfwvg==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Dec 2022 22:11:59 GMT
age: 22350
etag: "dc95fbf5234792c673e8167db1c6bbbbe037e65a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59a00921-670d-4d42-8d38-4adc489e84fc.webp
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59a00921-670d-4d42-8d38-4adc489e84fc.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a420fd559ef25d34ee67e7ad924754dc
8af81fc3bcd1447ad6318d6c0973c96cd0d274db
b2fbf57e833264e53a22c4361a8e4a21d57886f7b419889bfdc15c0b46783da5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59a00921-670d-4d42-8d38-4adc489e84fc.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8304
x-amzn-requestid: 98c46da7-857c-44be-86b1-f94b23be3821
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d44n2EEYIAMFkWw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ad07cb-636c41041748af7a27f7ad39;Sampled=0
x-amzn-remapped-date: Thu, 29 Dec 2022 03:21:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: LcudzBZihPaz5Fn0GenuCNnPGWw1Fs7fYN_eoLg0WZFYxqJhOUCfgA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Dec 2022 16:12:38 GMT
age: 43911
etag: "8af81fc3bcd1447ad6318d6c0973c96cd0d274db"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
exotikdoks.org/app/files/clientlib-header.js
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/clientlib-header.js
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/clientlib-header.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/tags.tiqcdn.com/utag/mtbank/main/prod/utag.js
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/tags.tiqcdn.com/utag/mtbank/main/prod/utag.js
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /tags.tiqcdn.com/utag/mtbank/main/prod/utag.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/utag.js
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/utag.js
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/utag.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:29 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/utag_005.js
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/utag_005.js
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/utag_005.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:30 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/5564484.js
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/5564484.js
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/5564484.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:30 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/content/dam/mtb-web/images/spanish/es-language-icon.svg
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/content/dam/mtb-web/images/spanish/es-language-icon.svg
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /content/dam/mtb-web/images/spanish/es-language-icon.svg HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:30 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/allAlertobject.js
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/allAlertobject.js
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/allAlertobject.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:30 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-book.woff
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-book.woff
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-book.woff HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://exotikdoks.org/app/files/clientlib-base.css
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:30 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-medium.woff
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-medium.woff
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-medium.woff HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://exotikdoks.org/app/files/clientlib-base.css
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:30 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/Kensington_Mural_OLB_Desktop.jpg
198.54.115.37200 OK 97 kB URL HTTP/2 exotikdoks.org/app/files/Kensington_Mural_OLB_Desktop.jpg
IP 198.54.115.37:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 720x816, components 3\012- data
Hash eff5918d95c67e5895d1238899035038
a91dac29ffedc3af3d4165da5a5cc5b7a8d5361a
cd2a867b9a143a9fd42b3fa1dcf69f57d09f0e9f61c5d3c49fb8302d87603ecc
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/Kensington_Mural_OLB_Desktop.jpg HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Fri, 06 Jan 2023 04:24:30 GMT
content-type: image/jpeg
last-modified: Wed, 05 Jan 2022 00:09:42 GMT
accept-ranges: bytes
content-length: 97376
date: Fri, 30 Dec 2022 04:24:30 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-light.woff
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-light.woff
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-light.woff HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://exotikdoks.org/app/files/clientlib-base.css
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:30 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/status.js
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/status.js
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/status.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:30 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash 45d0275d888de3db6b032bf5321c25ee
5ee65eca4d6cb272e2c7ce13d8889127da21618f
3c10ed1705439725141ec14d321729239a4163904cac4d5b8239a1081d7ab9a4
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "3C10ED1705439725141EC14D321729239A4163904CAC4D5B8239A1081D7AB9A4"
Last-Modified: Thu, 29 Dec 2022 23:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3462
Expires: Fri, 30 Dec 2022 05:22:12 GMT
Date: Fri, 30 Dec 2022 04:24:30 GMT
Connection: keep-alive
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash 45d0275d888de3db6b032bf5321c25ee
5ee65eca4d6cb272e2c7ce13d8889127da21618f
3c10ed1705439725141ec14d321729239a4163904cac4d5b8239a1081d7ab9a4
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "3C10ED1705439725141EC14D321729239A4163904CAC4D5B8239A1081D7AB9A4"
Last-Modified: Thu, 29 Dec 2022 23:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3405
Expires: Fri, 30 Dec 2022 05:21:15 GMT
Date: Fri, 30 Dec 2022 04:24:30 GMT
Connection: keep-alive
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash 45d0275d888de3db6b032bf5321c25ee
5ee65eca4d6cb272e2c7ce13d8889127da21618f
3c10ed1705439725141ec14d321729239a4163904cac4d5b8239a1081d7ab9a4
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "3C10ED1705439725141EC14D321729239A4163904CAC4D5B8239A1081D7AB9A4"
Last-Modified: Thu, 29 Dec 2022 23:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3373
Expires: Fri, 30 Dec 2022 05:20:43 GMT
Date: Fri, 30 Dec 2022 04:24:30 GMT
Connection: keep-alive
www3.mtb.com/etc.clientlibs/axp-common/clientlibs/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-light.woff
54.230.111.37200 OK 66 kB URL HTTP/2 www3.mtb.com/etc.clientlibs/axp-common/clientlibs/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-light.woff
IP 54.230.111.37:0
File type Web Open Font Format, TrueType, length 66170, version 1.0\012- data
Hash 2c232501b80100ac5022cb84380a6df4
79898c6b15d379850157a7b44d55d8694eb54b1f
18c9c9a98b2a0de85fb63e8fc0fbf0dd575b45d76cfdd22220f4c7d9caf0b99a
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /etc.clientlibs/axp-common/clientlibs/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-light.woff HTTP/1.1
Host: www3.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exotikdoks.org
Connection: keep-alive
Referer: https://exotikdoks.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/x-font-woff
content-length: 66170
accept-ranges: bytes
content-disposition: inline
last-modified: Thu, 15 Oct 2020 22:08:15 GMT
server: Apache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
x-dispatcher: dispatcher1useast1
x-frame-options: SAMEORIGIN
x-vhost: publish
cache-control: max-age=86400, public, no-cache="set-cookie"
date: Fri, 30 Dec 2022 03:54:23 GMT
etag: "1027a-5b1bce27771c0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: xpx4EQS4fEjRaOOtR9F7h5ciTd95VVDFx4xjfiaBFo6FiJSEYVhLuQ==
age: 1807
X-Firefox-Spdy: h2
exotikdoks.org/app/files/charReplace.js
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/charReplace.js
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/charReplace.js HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:30 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
cdn.krxd.net/partnerjs/xdi/proxy.3d2100fd7107262ecb55ce6847f01fa5.html
151.101.2.133200 OK 525 B URL HTTP/2 cdn.krxd.net/partnerjs/xdi/proxy.3d2100fd7107262ecb55ce6847f01fa5.html
IP 151.101.2.133:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (682)
Hash e05627dfbb358dfa9f4d07d79ef2f584
4f113ff981ad900ad46e81987024e5639d50bd9a
28d28aa733802fa7694668c09e5a35c8e772109a1732923a3a9a022fc3d0325b
GET /partnerjs/xdi/proxy.3d2100fd7107262ecb55ce6847f01fa5.html HTTP/1.1
Host: cdn.krxd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 21 Feb 2017 17:50:54 GMT
etag: "3d2100fd7107262ecb55ce6847f01fa5"
cache-control: public, max-age=315360000
expires: Fri, 19 Feb 2027 17:50:50 GMT
content-type: text/html
x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_Partner_JS_S3
fastly-restarts: 1
content-encoding: gzip
accept-ranges: bytes
date: Fri, 30 Dec 2022 04:24:30 GMT
via: 1.1 varnish
age: 49225620
x-served-by: cache-bma1661-BMA
x-cache: HIT
x-cache-hits: 117750
x-timer: S1672374271.610114,VS0,VE0
vary: Accept-Encoding
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
content-length: 525
X-Firefox-Spdy: h2
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash c8a9bd227b835bca61350cd4d5b80ff3
97497b178651eb7340002233ccb5d211c04941ee
4acf849cb82825e169edf8999282c8baff4da83fbe366219728caf5973d46229
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "4ACF849CB82825E169EDF8999282C8BAFF4DA83FBE366219728CAF5973D46229"
Last-Modified: Fri, 30 Dec 2022 03:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3532
Expires: Fri, 30 Dec 2022 05:23:22 GMT
Date: Fri, 30 Dec 2022 04:24:30 GMT
Connection: keep-alive
ocsp.entrust.net/
104.110.10.32200 OK 1.6 kB IP 104.110.10.32:0
Hash c8a9bd227b835bca61350cd4d5b80ff3
97497b178651eb7340002233ccb5d211c04941ee
4acf849cb82825e169edf8999282c8baff4da83fbe366219728caf5973d46229
POST / HTTP/1.1
Host: ocsp.entrust.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
ETag: "4ACF849CB82825E169EDF8999282C8BAFF4DA83FBE366219728CAF5973D46229"
Last-Modified: Fri, 30 Dec 2022 03:00:00 UTC
Content-Length: 1588
Cache-Control: public, no-transform, must-revalidate, max-age=3569
Expires: Fri, 30 Dec 2022 05:23:59 GMT
Date: Fri, 30 Dec 2022 04:24:30 GMT
Connection: keep-alive
www3.mtb.com/etc.clientlibs/axp-common/clientlibs/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-medium.woff
54.230.111.37200 OK 64 kB URL HTTP/2 www3.mtb.com/etc.clientlibs/axp-common/clientlibs/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-medium.woff
IP 54.230.111.37:0
File type Web Open Font Format, TrueType, length 64318, version 1.0\012- data
Hash b245a55f7e33e1cf4d2477570936ef84
12bf1c1eda6db246778f7c343acebbaad8fa36f4
b391b55f950528937beee7687717a4aef81196817834f1c93b099713ff738fbc
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /etc.clientlibs/axp-common/clientlibs/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-medium.woff HTTP/1.1
Host: www3.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exotikdoks.org
Connection: keep-alive
Referer: https://exotikdoks.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/x-font-woff
content-length: 64318
accept-ranges: bytes
content-disposition: inline
last-modified: Thu, 15 Oct 2020 22:08:15 GMT
server: Apache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
x-dispatcher: dispatcher2useast1
x-frame-options: SAMEORIGIN
x-vhost: publish
cache-control: max-age=86400, public, no-cache="set-cookie"
date: Fri, 30 Dec 2022 03:54:22 GMT
etag: "fb3e-5b1bce27771c0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: s9BlIUh6CgNfjDVP7nPxfmMvIDf5f5C8FcldwtUNwHrC8GBpFpSy3Q==
age: 1808
X-Firefox-Spdy: h2
www3.mtb.com/etc.clientlibs/axp-common/clientlibs/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-book.woff
54.230.111.37200 OK 68 kB URL HTTP/2 www3.mtb.com/etc.clientlibs/axp-common/clientlibs/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-book.woff
IP 54.230.111.37:0
File type Web Open Font Format, TrueType, length 67671, version 1.0\012- data
Hash 6cd469e8613d82d4d07834a5ca7745f0
95347ba0a03d27e1aa91bc17c937d8aefe53e6ff
4029a5a081992259f4e529190b49dbba893931da4e843dd203449f1b9a4509d2
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /etc.clientlibs/axp-common/clientlibs/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-book.woff HTTP/1.1
Host: www3.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exotikdoks.org
Connection: keep-alive
Referer: https://exotikdoks.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/x-font-woff
content-length: 67671
accept-ranges: bytes
content-disposition: inline
last-modified: Thu, 15 Oct 2020 22:08:15 GMT
server: Apache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
x-dispatcher: dispatcher1useast1
x-frame-options: SAMEORIGIN
x-vhost: publish
cache-control: max-age=86400, public, no-cache="set-cookie"
date: Fri, 30 Dec 2022 03:25:55 GMT
etag: "10857-5b1bce27771c0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: a9UzqxrMMYtjrng9tgNQ-RSoD-D_k3hfS-KuxoxViCe3OxBFWUgs6Q==
age: 3513
X-Firefox-Spdy: h2
cdn.krxd.net/controltag/umz03a31z.js
151.101.2.133200 OK 6.2 kB URL HTTP/2 cdn.krxd.net/controltag/umz03a31z.js
IP 151.101.2.133:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (30239)
Hash 2df704308541dcd619b6f68f1e0f5b9a
348b65d37cc287e8a065190e79d1e9131bba07eb
1ecadcb545bdc6117f7555e2df60b90a5dbc7adcd4942c73a8e6a19868f6483b
GET /controltag/umz03a31z.js HTTP/1.1
Host: cdn.krxd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.krxd.net/partnerjs/xdi/proxy.3d2100fd7107262ecb55ce6847f01fa5.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
etag: "b98c609de9f05ec266a0250aa834a20d5dbe02d5"
x-app-cache: HIT
cache-control: public, max-age=1200
x-response-time: 0
content-encoding: gzip
x-age: 0
x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_config_service_ash_prod
via: 1.1 varnish, 1.1 varnish
x-do-esi: esi
accept-ranges: bytes
date: Fri, 30 Dec 2022 04:24:30 GMT
age: 1442
x-served-by: config-service-a006-ash-prod.krxd.net, cache-iad-kjyo7100046-IAD, cache-bma1661-BMA
x-cache: MISS, HIT, HIT
x-cache-hits: 0, 5, 1
x-timer: S1672374271.653470,VS0,VE1
vary: Accept-Encoding
content-length: 6199
X-Firefox-Spdy: h2
www3.mtb.com/etc.clientlibs/axp-common/clientlibs/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-book.woff
54.230.111.37304 Not Modified 0 B URL HTTP/2 www3.mtb.com/etc.clientlibs/axp-common/clientlibs/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-book.woff
IP 54.230.111.37:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /etc.clientlibs/axp-common/clientlibs/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-book.woff HTTP/1.1
Host: www3.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exotikdoks.org
Connection: keep-alive
Referer: https://exotikdoks.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Thu, 15 Oct 2020 22:08:15 GMT
If-None-Match: "10857-5b1bce27771c0"
TE: trailers
HTTP/2 304 Not Modified
date: Fri, 30 Dec 2022 04:24:30 GMT
content-disposition: inline
server: Apache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
x-dispatcher: dispatcher1useast1
x-frame-options: SAMEORIGIN
x-vhost: publish
cache-control: max-age=86400, public, no-cache="set-cookie"
etag: "10857-5b1bce27771c0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: sbmGR0muJf_b9A0QVsolri4nUb2kVH0o2fUFEtlJlj1e379x3absLA==
age: 3513
X-Firefox-Spdy: h2
www3.mtb.com/etc.clientlibs/axp-common/clientlibs/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-light.woff
54.230.111.37206 Partial Content 634 B URL HTTP/2 www3.mtb.com/etc.clientlibs/axp-common/clientlibs/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-light.woff
IP 54.230.111.37:0
Hash 1f904851079f195b2ca9bc8fdc7fb9a2
9719b54a71815e2e10401d031a89c52a508c9da9
c8dc1cc6028e9fa77217cf16e067c7ac2fac30377415310c793b1420697ecc76
GET /etc.clientlibs/axp-common/clientlibs/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-light.woff HTTP/1.1
Host: www3.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exotikdoks.org
Connection: keep-alive
Referer: https://exotikdoks.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Range: bytes=65536-
If-Range: "1027a-5b1bce27771c0"
TE: trailers
HTTP/2 206 Partial Content
content-type: application/x-font-woff
content-length: 634
accept-ranges: bytes
content-disposition: inline
last-modified: Thu, 15 Oct 2020 22:08:15 GMT
server: Apache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
x-dispatcher: dispatcher1useast1
x-frame-options: SAMEORIGIN
x-vhost: publish
cache-control: max-age=86400, public, no-cache="set-cookie"
date: Fri, 30 Dec 2022 03:54:23 GMT
etag: "1027a-5b1bce27771c0"
vary: Accept-Encoding
content-range: bytes 65536-66169/66170
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: igXNU4v0rQ-hzpEAMMN4jki4M9wNXUYOR3_sFsA_ZXGajOVoTYxETw==
age: 1807
X-Firefox-Spdy: h2
cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042
151.101.2.133200 OK 84 kB URL HTTP/2 cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042
IP 151.101.2.133:0
File type ASCII text, with very long lines (65438)
Hash a1705c5ac5f06cf0c202ff70908fc042
61b46d7b851db6ed27714fca76c600eb30e3beaa
2baa440c34cbc5327be71f2af4469118e217edbdcfb05513637be9f4f037188b
GET /ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042 HTTP/1.1
Host: cdn.krxd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdn.krxd.net/partnerjs/xdi/proxy.3d2100fd7107262ecb55ce6847f01fa5.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 02 Aug 2021 12:06:17 GMT
etag: "a1705c5ac5f06cf0c202ff70908fc042"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=315360000
content-encoding: gzip
expires: Thu, 31 Jul 2031 12:06:16 GMT
content-type: application/javascript
x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_Controltag_S3
accept-ranges: bytes
date: Fri, 30 Dec 2022 04:24:30 GMT
via: 1.1 varnish
age: 24812619
x-served-by: cache-bma1661-BMA
x-cache: HIT
x-cache-hits: 65836
x-timer: S1672374271.680035,VS0,VE0
content-length: 84509
X-Firefox-Spdy: h2
exotikdoks.org/content/dam/mtb-web/images/spanish/es-language-icon.svg
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/content/dam/mtb-web/images/spanish/es-language-icon.svg
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /content/dam/mtb-web/images/spanish/es-language-icon.svg HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:30 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-book.woff
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-book.woff
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-book.woff HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://exotikdoks.org/app/files/clientlib-base.css
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:30 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-medium.woff
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-medium.woff
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-medium.woff HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://exotikdoks.org/app/files/clientlib-base.css
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:30 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
exotikdoks.org/app/files/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-light.woff
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/app/files/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-light.woff
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /app/files/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-light.woff HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://exotikdoks.org/app/files/clientlib-base.css
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:30 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
www3.mtb.com/etc.clientlibs/axp-common/clientlibs/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-medium.woff
54.230.111.37304 Not Modified 0 B URL HTTP/2 www3.mtb.com/etc.clientlibs/axp-common/clientlibs/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-medium.woff
IP 54.230.111.37:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /etc.clientlibs/axp-common/clientlibs/clientlib-site/resources/fonts/MTB_Balto/Webfonts/mandtbaltoweb-medium.woff HTTP/1.1
Host: www3.mtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://exotikdoks.org
Connection: keep-alive
Referer: https://exotikdoks.org/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Thu, 15 Oct 2020 22:08:15 GMT
If-None-Match: "fb3e-5b1bce27771c0"
TE: trailers
HTTP/2 304 Not Modified
date: Fri, 30 Dec 2022 04:24:30 GMT
content-disposition: inline
server: Apache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
x-dispatcher: dispatcher2useast1
x-frame-options: SAMEORIGIN
x-vhost: publish
cache-control: max-age=86400, public, no-cache="set-cookie"
etag: "fb3e-5b1bce27771c0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: d7jTR25_jzrqseuFsqVe6gb80079kmy2h_98n_BK-esp9VIL-G1t4A==
age: 1808
X-Firefox-Spdy: h2
exotikdoks.org/favicon.ico
198.54.115.37404 Not Found 1.2 kB URL HTTP/2 exotikdoks.org/favicon.ico
IP 198.54.115.37:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - M&T Bank
GET /favicon.ico HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
Cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Fri, 30 Dec 2022 04:24:30 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ad1d8a9-df54-42a9-8d13-3a03c3b4c479.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ad1d8a9-df54-42a9-8d13-3a03c3b4c479.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 51e07c8cb6d9597f35747f86d066ceb0
f151aba59b7fcd5f15a53aedfe8fa5c46cf0932c
ae483370712700a1126be780f0684edbf5d5d9012f611a673b8ad32b49bedae5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ad1d8a9-df54-42a9-8d13-3a03c3b4c479.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 12128
x-amzn-requestid: 57e64ee7-4792-4240-b6ef-70d65d057136
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d7ZTTExLIAMF-Mg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ae08e1-377fb669207833c413b92cf7;Sampled=0
x-amzn-remapped-date: Thu, 29 Dec 2022 21:38:41 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GJX-uBJ3LpYYXbhvc1rpA5KinXAgkweLQOTj3b6PEwuQs4O7IyRxaQ==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Dec 2022 21:50:07 GMT
age: 23669
etag: "f151aba59b7fcd5f15a53aedfe8fa5c46cf0932c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
198.54.115.37200 OK 0 B URL HTTP/2 exotikdoks.org/app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw==
IP 198.54.115.37:0
GET /app/login.php?MTY3MjM3MjI0NWY4MTRmOWUyYjg0M2YxN2Y1NzJiYTYwZDhmODljZTVlMDRlODg1ZjNlNWNjOWRkYmYzYTFmMTdmNmE2M2I0NzBkYjMwYWQxYw== HTTP/1.1
Host: exotikdoks.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
x-powered-by: PHP/7.4.33
set-cookie: PHPSESSID=361669d4e6b4f7ee85318e2c2a777f17; path=/; secure
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-type: text/html; charset=UTF-8
content-encoding: br
vary: Accept-Encoding
date: Fri, 30 Dec 2022 04:24:28 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
X-Firefox-Spdy: h2
beacon.krxd.net/optout_check?callback=Krux.ns.mtbankcorporationus.kxjsonp_optOutCheck
52.209.245.18200 OK 0 B URL HTTP/2 beacon.krxd.net/optout_check?callback=Krux.ns.mtbankcorporationus.kxjsonp_optOutCheck
IP 52.209.245.18:0
GET /optout_check?callback=Krux.ns.mtbankcorporationus.kxjsonp_optOutCheck HTTP/1.1
Host: beacon.krxd.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://exotikdoks.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 30 Dec 2022 04:24:29 GMT
content-type: text/javascript
cache-control: private, max-age=0, s-max-age=0
x-served-by: beacon-n017-dub-prod.krxd.net
x-request-time: D=31 t=1672374269
X-Firefox-Spdy: h2