Report - rough-block-a14b.hisena9054.workers.dev/

Report Overview

Visited public
2024-02-25 12:01:30
Tags
suspicious
URL
rough-block-a14b.hisena9054.workers.dev/
Finishing URL
rough-block-a14b.hisena9054.workers.dev/
IP / ASN
188.114.96.1
#13335 CLOUDFLARENET
Title
Welcome to Online Banking | M&T Bank
Suspicious - Suspicious Javascript code

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
rough-block-a14b.hisena9054.workers.dev	unknown	2019-02-08	2022-08-17 20:54:15	2024-02-18 13:45:37	4.4 kB	347 kB	188.114.97.1
resources.mtb.com	144011	2000-11-13	2014-11-08 15:57:30	2024-02-23 22:25:12	3.4 kB	505 kB	192.216.61.78
asset.mtb.com	246397	2000-11-13	2017-02-13 05:24:51	2024-02-23 22:25:14	470 B	804 B	0.0.0.0

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-02-24	medium	rough-block-a14b.hisena9054.workers.dev/	M & T Bank Coporation
2024-02-24	medium	rough-block-a14b.hisena9054.workers.dev/	M & T Bank Coporation
2024-02-24	medium	rough-block-a14b.hisena9054.workers.dev/	M & T Bank Coporation
2024-02-24	medium	rough-block-a14b.hisena9054.workers.dev/	M & T Bank Coporation
2024-02-24	medium	rough-block-a14b.hisena9054.workers.dev/	M & T Bank Coporation
2024-02-24	medium	rough-block-a14b.hisena9054.workers.dev/	M & T Bank Coporation
2024-02-24	medium	rough-block-a14b.hisena9054.workers.dev/	M & T Bank Coporation

PhishTank

Scan Date	Severity	Indicator	Alert
2024-02-18	medium	rough-block-a14b.hisena9054.workers.dev/	M&T Bank
2024-02-18	medium	rough-block-a14b.hisena9054.workers.dev/ruxitagentjs_ICA2Vfhjqrux_10233220201140653.js	M&T Bank
2024-02-18	medium	rough-block-a14b.hisena9054.workers.dev/Assets/js/kessel-client-prod.js	M&T Bank
2024-02-18	medium	rough-block-a14b.hisena9054.workers.dev/Assets/scripts/Login/Index.js	M&T Bank
2024-02-18	medium	rough-block-a14b.hisena9054.workers.dev/Assets/scripts/kessel-help.js	M&T Bank
2024-02-18	medium	rough-block-a14b.hisena9054.workers.dev/Assets/js/mtb_app_wbk.js	M&T Bank
2024-02-18	medium	rough-block-a14b.hisena9054.workers.dev/Assets/js/tealium_prod.js	M&T Bank

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (7)

	URL	From	Size	First Seen	Last Seen
	rough-block-a14b.hisena9054.workers.dev/	ScriptElement	39 kB	2024-01-13	2024-08-20
Pretty URL rough-block-a14b.hisena9054.workers.dev/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-13 05:36 Last Seen2024-08-20 12:34 Times Seen8 Hash d2ef0b8f5d02f2016298e08e9dd8f9e1 38b2022dcd49e6df1f70ed8b8ddfa0f8997f01ec b957b5cb663c10c43f7fb3c8acc3503623ba50e690c36bf800fec9b63cfcc647 Loading...

	unknown	ScriptElement	702 B	2024-01-13	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-13 05:36 Last Seen2024-08-20 12:34 Times Seen8 Hash 1fb6284c5e45b68495606be89460af37 513561aabf09e36df0165618c5681157d143ab6a 0141ef6452ac251425c6dcf700a913998701e39329c0f4b98da1fe176d938aed Loading...

	unknown	ScriptElement	4.8 kB	2024-01-13	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-13 05:36 Last Seen2024-08-20 12:34 Times Seen8 Hash 2557ee2bdce17acaf849e2cebcbf75c4 8bfc6185b8863fd0be8ef05f6e932f1acd493f8e 7d0aaad892c711d6bf8abe4907c575f0ef8da85bdf7d8fc34934003ae7c3141f Loading...

	unknown	ScriptElement	4.6 kB	2024-01-13	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-13 05:36 Last Seen2024-08-20 12:34 Times Seen8 Hash d3269ca8699c815b265e730b1dc2f332 7d208cf564f19b967379f01db3b956a69f331454 622495b426f6bbe4228fa84cfb2ed9f74ecd65f0d72e7070855d4f4e5d076208 Loading...

	resources.mtb.com/r/simple-layout-responsive/js.mtb?v=11242021100000	ScriptElement	322 kB	2023-03-07	2025-05-22
Pretty URL resources.mtb.com/r/simple-layout-responsive/js.mtb?v=11242021100000 IP 192.216.61.78 ASN #12134 MTB Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-22 18:42 Times Seen274 Hash 9c5a48bd789473f18b8bf7bd777371f9 f84d9237854640f2b0cc554b816c17d11376af5a 6ef98ef294d03000d904d5f868598dc98667a0d00338cee40b3080a9d725d1cd Loading...

	unknown	ScriptElement	2.1 kB	2024-01-13	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-01-13 05:36 Last Seen2024-08-20 12:34 Times Seen4 Hash 949909ffdb833fac953343136c05ec04 0088ab724b044ebc9a8b52f67536292db4b53aea ed84c3fde289786f4caf171297bf81fb09f0e55394e1617c73358f02be33d490 Loading...

		Size	First Seen	Last Seen
	#1 Write - 5dff22956606414535158c3f6b911e42	23 kB	2024-01-13 05:36	2024-08-20 12:34
Pretty Observations First Seen2024-01-13 05:36 Last Seen2024-08-20 12:34 Times Seen8 Hash 5dff22956606414535158c3f6b911e42 7427af9f1aa3462d52dddc827fd8fd2b769eabdb 3a0ec23876eaeffa416d6359c631016cad26ec6164612caccfb7a0b0558b2fb1 Loading...

HTTP Transactions (17)

URL IP Response Size

rough-block-a14b.hisena9054.workers.dev/

188.114.97.1

200 OK

43 kB

URL User Request GET HTTP/2
rough-block-a14b.hisena9054.workers.dev/
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjecthisena9054.workers.dev
Fingerprint10:35:62:8F:2E:13:4E:48:96:21:9F:19:03:FA:69:65:03:71:7E:11
ValidityWed, 10 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (39419)
Size
43 kB (42890 bytes)
Hash
894e32bf645a6d9a3245cbb8fb95a31e
4ce3fc79d301d5d64938d8019a2d4a732fa717e6
8c14e8fc056ce6e5c919f7d77ff031be76c1dcf78b306eff4c4f9e3ac6d13d71

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Suspicious Javascript code
OpenPhish	phishing	M & T Bank Coporation
PhishTank	phishing	M&T Bank

HTTP Headers

GET / HTTP/1.1
Host: rough-block-a14b.hisena9054.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 25 Feb 2024 12:01:04 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rgJCio5IO%2FIACKp0V06iiT1mST255CUx0OhQF0ERin8kCiaQfx5wzhkB6JEAUwASaYqRl%2FhU0FevYwDTW%2BSQqlB88r2wQGm6uv3S6DVb%2BSsjd20iRgtTM%2Fv7eYJvFQWTnmLsTJAJaOHoIPoVxlQWC9RtNhLBKDmp7vI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 85afcaa41c6c56ab-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

resources.mtb.com/Assets/img/mtb-equalhousinglender.svg

192.216.61.78

200 OK

230 B

URL GET HTTP/1.1
resources.mtb.com/Assets/img/mtb-equalhousinglender.svg
IP
192.216.61.78:443
ASN
#12134 MTB

Requested by
https://rough-block-a14b.hisena9054.workers.dev/
Certificate
IssuerEntrust, Inc.
Subjectresources.mtb.com
Fingerprint47:DC:20:DB:BF:23:48:CC:46:87:F0:91:50:8A:37:B1:C5:14:C8:38
ValidityMon, 08 May 2023 17:29:50 GMT - Wed, 08 May 2024 17:29:50 GMT

File type
SVG Scalable Vector Graphics image
Size
230 B (230 bytes)
Hash
916635d10512ae6a1840614a895dcd38
db175de4c42281bb4d239c57d1b95b8e75c529ec
d58eb2802f72d0c6b1d944a1335e8fb914af44b51fe16097aad994c15b8cfbad

HTTP Headers

GET /Assets/img/mtb-equalhousinglender.svg HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rough-block-a14b.hisena9054.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/svg+xml
Last-Modified: Fri, 23 Feb 2024 07:33:36 GMT
Accept-Ranges: bytes
ETag: "0886e9c2a66da1:0"
X-Srv: M-STC-003
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="752698982"
Date: Sun, 25 Feb 2024 12:01:05 GMT
Content-Length: 230
Set-Cookie: dtCookie=v_4_srv_11_sn_E0BD82A15174F61EE4A6D84BAD175192_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com
TS019299a7=019f8203fd333c6eaf57e6ca7e22087296656bceec78ee6ec377c1c3002af25a10fefe834a1f3cb68403a6d51d22f180fb0b77d044; Path=/
TS0128739d=019f8203fd2c73710b3aacacc8f8026af0e91660df78ee6ec377c1c3002af25a10fefe834af9cca5c559fa9e5ff1c6bb45ab1a44c797dfb44aaa744b677bab786478c439a2; path=/; domain=.mtb.com
TSf60233d5027=08affc4e07ab2000cac15c387217c00bc55d921a45c3632601f4f2792724800865b7bf71f35cf46508ccc00d221130004beb9d2b7a2c28024beb693687689b2e9513dc93e6e967edb5fa1a5eaaebe03ba232bb4a63ac581cb3a19b52bb30c15b; Path=/

resources.mtb.com/Assets/img/mtb-logo.svg

192.216.61.78

200 OK

2.0 kB

URL GET HTTP/1.1
resources.mtb.com/Assets/img/mtb-logo.svg
IP
192.216.61.78:443
ASN
#12134 MTB

Requested by
https://rough-block-a14b.hisena9054.workers.dev/
Certificate
IssuerEntrust, Inc.
Subjectresources.mtb.com
Fingerprint47:DC:20:DB:BF:23:48:CC:46:87:F0:91:50:8A:37:B1:C5:14:C8:38
ValidityMon, 08 May 2023 17:29:50 GMT - Wed, 08 May 2024 17:29:50 GMT

File type
SVG Scalable Vector Graphics image
Size
2.0 kB (2039 bytes)
Hash
f2b901cf895852a0866fe4a16c7f1730
c4240af1ec798477b4e65a185ddbb1b038817da4
5f5b0d9f678fe446631a33a4cbbe891a01b0ed972143702e67ae6617367096ac

HTTP Headers

GET /Assets/img/mtb-logo.svg HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rough-block-a14b.hisena9054.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/svg+xml
Last-Modified: Fri, 23 Feb 2024 07:33:36 GMT
Accept-Ranges: bytes
ETag: "0886e9c2a66da1:0"
X-Srv: M-STC-003
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-696823871"
Date: Sun, 25 Feb 2024 12:01:05 GMT
Content-Length: 2039
Set-Cookie: dtCookie=v_4_srv_1_sn_DB5F7A350049C9FAFDB5A11136F3B2B4_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com
TS019299a7=019f8203fdd3247c370b2591b2f82b38346c2355917752dcecb9352fb36583a2f7c21eaa4002c6bc4932a7a1954aa682e018595055; Path=/
TS0128739d=019f8203fd99ce4811415f043e1564472512f425b47752dcecb9352fb36583a2f7c21eaa40564f8016a1ce7e8d2c1e766984cc0b592807dcd41303e52311f9df6db3af6a2e; path=/; domain=.mtb.com
TSf60233d5027=08affc4e07ab2000a1f6bf2495d45ca0f9e6fbb8df4b861fbc9c53ced92ba538d837fe348cdbb12c087bf4d0d9113000db30fb9e8701a7214beb693687689b2e05c402b990afb019f4cf34c23c1af3db3fe9cee0093cbdb33b9e1a9425c4cf79; Path=/

resources.mtb.com/Assets/img/mtb-entrust.svg

192.216.61.78

200 OK

1.3 kB

URL GET HTTP/1.1
resources.mtb.com/Assets/img/mtb-entrust.svg
IP
192.216.61.78:443
ASN
#12134 MTB

Requested by
https://rough-block-a14b.hisena9054.workers.dev/
Certificate
IssuerEntrust, Inc.
Subjectresources.mtb.com
Fingerprint47:DC:20:DB:BF:23:48:CC:46:87:F0:91:50:8A:37:B1:C5:14:C8:38
ValidityMon, 08 May 2023 17:29:50 GMT - Wed, 08 May 2024 17:29:50 GMT

File type
SVG Scalable Vector Graphics image
Size
1.3 kB (1349 bytes)
Hash
9a569ad20708d7453d89fe6c72e7fcdc
60b6a41620583484642f7c826faf8e3c879a6374
b2ef3bd17aa6bc2daa7b1209f7848b30c64f3068e43162b09a216639ab430ce5

HTTP Headers

GET /Assets/img/mtb-entrust.svg HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rough-block-a14b.hisena9054.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: image/svg+xml
Last-Modified: Fri, 23 Feb 2024 07:33:36 GMT
Accept-Ranges: bytes
ETag: "0886e9c2a66da1:0"
X-Srv: M-STC-003
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-1204873401"
Date: Sun, 25 Feb 2024 12:01:05 GMT
Content-Length: 1349
Set-Cookie: dtCookie=v_4_srv_1_sn_BF3D0E5A44EB2E2DADD455E1E4EDA804_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com
TS019299a7=019f8203fdd16600384cb991712aa21faf965f999424837c35793d322e163852768f70b75a780d108c4b6f0790ef004bb4b2fcbf9f; Path=/
TS0128739d=019f8203fd2b1de0890ca2dea55d9f7357119b549524837c35793d322e163852768f70b75a1a9b33de934f0292e50c5dd3445a327c76aabbb6ceb868ac572bf6e970692ae9; path=/; domain=.mtb.com
TSf60233d5027=08affc4e07ab20007348d3634be00623e5484f69d1786e5eb32a1fe6f7ad49e56b0bc59ecfa32d3508b1cb1752113000ecee19e8174d118d4beb693687689b2eaf20555f5600df53266a7fd013db5ad5691edfa1bc0491fb882b6941d2fc1589; Path=/

resources.mtb.com/r/simple-layout-responsive/js.mtb?v=11242021100000

192.216.61.78

200 OK

104 kB

URL GET HTTP/1.1
resources.mtb.com/r/simple-layout-responsive/js.mtb?v=11242021100000
IP
192.216.61.78:443
ASN
#12134 MTB

Requested by
https://rough-block-a14b.hisena9054.workers.dev/
Certificate
IssuerEntrust, Inc.
Subjectresources.mtb.com
Fingerprint47:DC:20:DB:BF:23:48:CC:46:87:F0:91:50:8A:37:B1:C5:14:C8:38
ValidityMon, 08 May 2023 17:29:50 GMT - Wed, 08 May 2024 17:29:50 GMT

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
104 kB (103533 bytes)
Hash
9c5a48bd789473f18b8bf7bd777371f9
f84d9237854640f2b0cc554b816c17d11376af5a
6ef98ef294d03000d904d5f868598dc98667a0d00338cee40b3080a9d725d1cd

HTTP Headers

GET /r/simple-layout-responsive/js.mtb?v=11242021100000 HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rough-block-a14b.hisena9054.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Expires: Mon, 24 Feb 2025 12:01:05 GMT
Last-Modified: Sun, 25 Feb 2024 12:01:04 GMT
ETag: "1708862465:dtagent10283240117152214Srur"
Vary: User-Agent
X-Srv: M-STC-003
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-1675622797"
Date: Sun, 25 Feb 2024 12:01:05 GMT
ntCoent-Length: 322405
Cache-Control: private
Content-Encoding: gzip
Set-Cookie: dtCookie=v_4_srv_9_sn_2B708E676401694866CB27422095C5AD_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com
TS019299a7=019f8203fdfe8a49e0b0e3524bb5a750e44d199e568e5cea1bb3f25eee7af4eac8758445186c009965cbcc43f4e306935748a7a93b; Path=/
TS0128739d=019f8203fdad94399438c6eb4b159b37336742a3428e5cea1bb3f25eee7af4eac8758445183f7b810e4c04c14c6caa39e13109112ffabaa681959c7c3f6b1e5263815c1a5b; path=/; domain=.mtb.com
TSf60233d5027=08affc4e07ab200070d56c35a5beaa1d1ee8fb97054c3fc17b5966d6a1fd3616499ea6b9a349293b08e33b0d951130008e95edf73f8fea2cf50f8dcdaf32e24d212e0f90321a7f455718201d7f9a31c06c7b7237ab73ffa363fd79583cede3a9; Path=/
Transfer-Encoding: chunked

resources.mtb.com/assets/fonts/mandtbaltoweb-medium.woff

192.216.61.78

200 OK

64 kB

URL GET HTTP/1.1
resources.mtb.com/assets/fonts/mandtbaltoweb-medium.woff
IP
192.216.61.78:443
ASN
#12134 MTB

Requested by
https://rough-block-a14b.hisena9054.workers.dev/
Certificate
IssuerEntrust, Inc.
Subjectresources.mtb.com
Fingerprint47:DC:20:DB:BF:23:48:CC:46:87:F0:91:50:8A:37:B1:C5:14:C8:38
ValidityMon, 08 May 2023 17:29:50 GMT - Wed, 08 May 2024 17:29:50 GMT

File type
Web Open Font Format, TrueType, length 64318, version 1.0
Size
64 kB (64318 bytes)
Hash
b245a55f7e33e1cf4d2477570936ef84
12bf1c1eda6db246778f7c343acebbaad8fa36f4
b391b55f950528937beee7687717a4aef81196817834f1c93b099713ff738fbc

HTTP Headers

GET /assets/fonts/mandtbaltoweb-medium.woff HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rough-block-a14b.hisena9054.workers.dev
DNT: 1
Connection: keep-alive
Referer: https://resources.mtb.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: APPLICATION/X-WOFF
Last-Modified: Fri, 23 Feb 2024 07:33:37 GMT
Accept-Ranges: bytes
ETag: "0b59f9d2a66da1:0:dtagent10283240117152214Srur"
X-Srv: M-STC-003
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="1997304805"
Date: Sun, 25 Feb 2024 12:01:06 GMT
Content-Length: 64318
Set-Cookie: TSf60233d5027=08affc4e07ab2000eb7a084d4f933faa883efe054d2ee6914168bf039e367dceb7bcb739cdf700e508b82ac7fa1130006e2fcb2a9da849754beb693687689b2e17aff9514ac1370b36700dd1c4a7c6b9f5a2b9efe90a2189490b634f3d5316ce; Path=/

resources.mtb.com/assets/fonts/mandtbaltoweb-book.woff

192.216.61.78

200 OK

68 kB

URL GET HTTP/1.1
resources.mtb.com/assets/fonts/mandtbaltoweb-book.woff
IP
192.216.61.78:443
ASN
#12134 MTB

Requested by
https://rough-block-a14b.hisena9054.workers.dev/
Certificate
IssuerEntrust, Inc.
Subjectresources.mtb.com
Fingerprint47:DC:20:DB:BF:23:48:CC:46:87:F0:91:50:8A:37:B1:C5:14:C8:38
ValidityMon, 08 May 2023 17:29:50 GMT - Wed, 08 May 2024 17:29:50 GMT

File type
Web Open Font Format, TrueType, length 67671, version 1.0
Size
68 kB (67671 bytes)
Hash
6cd469e8613d82d4d07834a5ca7745f0
95347ba0a03d27e1aa91bc17c937d8aefe53e6ff
4029a5a081992259f4e529190b49dbba893931da4e843dd203449f1b9a4509d2

HTTP Headers

GET /assets/fonts/mandtbaltoweb-book.woff HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rough-block-a14b.hisena9054.workers.dev
DNT: 1
Connection: keep-alive
Referer: https://resources.mtb.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: APPLICATION/X-WOFF
Last-Modified: Fri, 23 Feb 2024 07:33:37 GMT
Accept-Ranges: bytes
ETag: "0b59f9d2a66da1:0:dtagent10283240117152214Srur"
X-Srv: M-STC-003
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="1496091107"
Date: Sun, 25 Feb 2024 12:01:06 GMT
Content-Length: 67671
Set-Cookie: TSf60233d5027=08affc4e07ab2000030f04424b681d37b54c68855ac9ccadb8bfcaa5dfc86c726db30669b4bc3fd1088d365c9c1130000f2d245151ae98b44beb693687689b2ee69e22700d18a690e29a98d5da6184091e7008c149b9c10040033f6de168aa47; Path=/

rough-block-a14b.hisena9054.workers.dev/TSPD/0856addebbab20004666d7ee90a9c1cc91098e9a327422308cb14c168b5247d9da57f332fcae7aa2?type=9

188.114.97.1

200 OK

23 kB

URL GET HTTP/3
rough-block-a14b.hisena9054.workers.dev/TSPD/0856addebbab20004666d7ee90a9c1cc91098e9a327422308cb14c168b5247d9da57f332fcae7aa2?type=9
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rough-block-a14b.hisena9054.workers.dev/
Certificate
IssuerCloudflare, Inc.
Subjecthisena9054.workers.dev
Fingerprint10:35:62:8F:2E:13:4E:48:96:21:9F:19:03:FA:69:65:03:71:7E:11
ValidityWed, 10 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (39419)
Size
23 kB (22999 bytes)
Hash
894e32bf645a6d9a3245cbb8fb95a31e
4ce3fc79d301d5d64938d8019a2d4a732fa717e6
8c14e8fc056ce6e5c919f7d77ff031be76c1dcf78b306eff4c4f9e3ac6d13d71

HTTP Headers

GET /TSPD/0856addebbab20004666d7ee90a9c1cc91098e9a327422308cb14c168b5247d9da57f332fcae7aa2?type=9 HTTP/1.1
Host: rough-block-a14b.hisena9054.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rough-block-a14b.hisena9054.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sun, 25 Feb 2024 12:01:05 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nAe6ae%2F%2Fnf80rcodoc22IK5JEUmXN1hgZsgd0rfrrRAMK6rBuek8Sytz0%2FPPWZGOhVOztHnT7kgLFgZ5uSVsYQ2LeTq8yMhdvz5dAIc24Rzpou6Meo41BL0vnVx%2FtpMgyv3f2IDXUXBBEHe4NmXfM1FdtnkxUzs7Ki8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 85afcaa7ce0a56c1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

rough-block-a14b.hisena9054.workers.dev/ruxitagentjs_ICA2Vfhjqrux_10233220201140653.js

188.114.97.1

200 OK

39 kB

URL GET HTTP/3
rough-block-a14b.hisena9054.workers.dev/ruxitagentjs_ICA2Vfhjqrux_10233220201140653.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rough-block-a14b.hisena9054.workers.dev/
Certificate
IssuerCloudflare, Inc.
Subjecthisena9054.workers.dev
Fingerprint10:35:62:8F:2E:13:4E:48:96:21:9F:19:03:FA:69:65:03:71:7E:11
ValidityWed, 10 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (39419)
Size
39 kB (39449 bytes)
Hash
894e32bf645a6d9a3245cbb8fb95a31e
4ce3fc79d301d5d64938d8019a2d4a732fa717e6
8c14e8fc056ce6e5c919f7d77ff031be76c1dcf78b306eff4c4f9e3ac6d13d71

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	M & T Bank Coporation
PhishTank	phishing	M&T Bank

HTTP Headers

GET /ruxitagentjs_ICA2Vfhjqrux_10233220201140653.js HTTP/1.1
Host: rough-block-a14b.hisena9054.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rough-block-a14b.hisena9054.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 25 Feb 2024 12:01:05 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y%2F%2Bpli8gY3hh%2FDyhw9v60HoE9JT96e8Afbb%2ByH5wV1qJbvvb9g63p0hMLTetV%2FJ2d39QUD6ddBVztRK%2F8KDAE0x9cTe8qYwISopO%2Blk%2FVkpzixtYR43WhTP4ivE9tpvjZYIr7peMO4asjagEQFQgjoHG0bRvW6Haf54%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 85afcaa7ce1556c1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

rough-block-a14b.hisena9054.workers.dev/Assets/js/kessel-client-prod.js

188.114.97.1

200 OK

39 kB

URL GET HTTP/3
rough-block-a14b.hisena9054.workers.dev/Assets/js/kessel-client-prod.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rough-block-a14b.hisena9054.workers.dev/
Certificate
IssuerCloudflare, Inc.
Subjecthisena9054.workers.dev
Fingerprint10:35:62:8F:2E:13:4E:48:96:21:9F:19:03:FA:69:65:03:71:7E:11
ValidityWed, 10 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (39419)
Size
39 kB (39449 bytes)
Hash
894e32bf645a6d9a3245cbb8fb95a31e
4ce3fc79d301d5d64938d8019a2d4a732fa717e6
8c14e8fc056ce6e5c919f7d77ff031be76c1dcf78b306eff4c4f9e3ac6d13d71

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	M & T Bank Coporation
PhishTank	phishing	M&T Bank

HTTP Headers

GET /Assets/js/kessel-client-prod.js HTTP/1.1
Host: rough-block-a14b.hisena9054.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rough-block-a14b.hisena9054.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 25 Feb 2024 12:01:05 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZH1iDEMVAqTwJrhhd0ZeNh8eLT08H5CVG2xyTOAIeELo%2Fv%2FWCFY%2BdtBvZs78LVQ%2BAXEMqv9ShUG9im4pOuI6vTLs26sOdZf87zG2CqS67QEWovaUYZohscLZDjck0jANRqLcrd6TOULcBjOpieByH6Ah%2FfQmwNrHXaY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 85afcaa7de3b56c1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

rough-block-a14b.hisena9054.workers.dev/Assets/scripts/Login/Index.js

188.114.97.1

200 OK

39 kB

URL GET HTTP/3
rough-block-a14b.hisena9054.workers.dev/Assets/scripts/Login/Index.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rough-block-a14b.hisena9054.workers.dev/
Certificate
IssuerCloudflare, Inc.
Subjecthisena9054.workers.dev
Fingerprint10:35:62:8F:2E:13:4E:48:96:21:9F:19:03:FA:69:65:03:71:7E:11
ValidityWed, 10 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (39419)
Size
39 kB (39449 bytes)
Hash
894e32bf645a6d9a3245cbb8fb95a31e
4ce3fc79d301d5d64938d8019a2d4a732fa717e6
8c14e8fc056ce6e5c919f7d77ff031be76c1dcf78b306eff4c4f9e3ac6d13d71

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	M & T Bank Coporation
PhishTank	phishing	M&T Bank

HTTP Headers

GET /Assets/scripts/Login/Index.js HTTP/1.1
Host: rough-block-a14b.hisena9054.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rough-block-a14b.hisena9054.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 25 Feb 2024 12:01:05 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h8mV1NPHBiLVNVXclNVqDKpeAfYNDGnBiMX9E6QvYRNj8UV%2FT7eBlegQZOnf1LUwanaeez9%2BuAHOOTh605Wdcw2M%2B02LhyXJXiVbkcM8BtiIXjHeNLkd7Yogq%2BQavLNwItGC%2FwHooc4cQCT%2BIHG8jjOKa8WMtReK2Qs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 85afcaa7de4856c1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

asset.mtb.com/Documents/html/homepage/favicon.ico

0.0.0.0

0 B

URL GET
asset.mtb.com/Documents/html/homepage/favicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
https://rough-block-a14b.hisena9054.workers.dev/
Certificate
IssuerEntrust, Inc.
Subjectwww.mtb.com
FingerprintB3:03:88:84:C3:E4:60:11:74:37:2F:73:6B:6C:ED:0A:CD:E9:BB:49
ValidityThu, 30 Nov 2023 20:46:24 GMT - Sun, 02 Jun 2024 20:46:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /Documents/html/homepage/favicon.ico HTTP/1.1
Host: asset.mtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rough-block-a14b.hisena9054.workers.dev/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/x-icon
content-length: 14862
accept-ranges: bytes
content-disposition: inline
content-encoding: gzip
last-modified: Wed, 04 May 2022 18:18:59 GMT
server: Apache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
x-dispatcher: dispatcher1useast1
x-frame-options: SAMEORIGIN
x-vhost: publish
date: Sun, 25 Feb 2024 12:01:07 GMT
cache-control: max-age=3600, no-cache="set-cookie"
etag: "3dce-5de33a8b9cac0-gzip"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Tc06xeNLNanGF_kfiJ37QVc1Z-vGFypzynfKpOkVh5ojLeCcDgQBpA==
age: 1667
permissions-policy: browsing-topics=()
X-Firefox-Spdy: h2

rough-block-a14b.hisena9054.workers.dev/TSPD/0856addebbab20004666d7ee90a9c1cc91098e9a327422308cb14c168b5247d9da57f332fcae7aa2?type=17

188.114.97.1

200 OK

39 kB

URL GET HTTP/3
rough-block-a14b.hisena9054.workers.dev/TSPD/0856addebbab20004666d7ee90a9c1cc91098e9a327422308cb14c168b5247d9da57f332fcae7aa2?type=17
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rough-block-a14b.hisena9054.workers.dev/
Certificate
IssuerCloudflare, Inc.
Subjecthisena9054.workers.dev
Fingerprint10:35:62:8F:2E:13:4E:48:96:21:9F:19:03:FA:69:65:03:71:7E:11
ValidityWed, 10 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (39419)
Size
39 kB (39449 bytes)
Hash
894e32bf645a6d9a3245cbb8fb95a31e
4ce3fc79d301d5d64938d8019a2d4a732fa717e6
8c14e8fc056ce6e5c919f7d77ff031be76c1dcf78b306eff4c4f9e3ac6d13d71

HTTP Headers

GET /TSPD/0856addebbab20004666d7ee90a9c1cc91098e9a327422308cb14c168b5247d9da57f332fcae7aa2?type=17 HTTP/1.1
Host: rough-block-a14b.hisena9054.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rough-block-a14b.hisena9054.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 25 Feb 2024 12:01:05 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dM9f1Q5QvFqF%2BB5hJ2joq3uJ5LCYmDw3cifFqvabEk%2B6%2FlyFDNEqJyzpR1cpPJ9uQCIqnIjet9Ya6j9Ym5Ji%2FVQ57DLEh%2FoaLULuE9E1xANiV3l6rh1Gb0Pg709sOUWEcEX5GyJB%2FOw0Y0gYGiqux9Y9H3dld9WaYSY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 85afcaa7ce0b56c1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

rough-block-a14b.hisena9054.workers.dev/Assets/scripts/kessel-help.js

188.114.97.1

200 OK

39 kB

URL GET HTTP/3
rough-block-a14b.hisena9054.workers.dev/Assets/scripts/kessel-help.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rough-block-a14b.hisena9054.workers.dev/
Certificate
IssuerCloudflare, Inc.
Subjecthisena9054.workers.dev
Fingerprint10:35:62:8F:2E:13:4E:48:96:21:9F:19:03:FA:69:65:03:71:7E:11
ValidityWed, 10 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (39419)
Size
39 kB (39449 bytes)
Hash
894e32bf645a6d9a3245cbb8fb95a31e
4ce3fc79d301d5d64938d8019a2d4a732fa717e6
8c14e8fc056ce6e5c919f7d77ff031be76c1dcf78b306eff4c4f9e3ac6d13d71

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	M & T Bank Coporation
PhishTank	phishing	M&T Bank

HTTP Headers

GET /Assets/scripts/kessel-help.js HTTP/1.1
Host: rough-block-a14b.hisena9054.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rough-block-a14b.hisena9054.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 25 Feb 2024 12:01:05 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O4pO7S3fLuY%2BR83j%2BO3oQJKswqmNCRtMLKcNeiwjehN9GT%2B%2BqnMXbcq32B7Kgt3Jh8rLOhKxa8dMMUWtWeFNn0eQ2F8pqaP8hyNC9uYaBaVYc8FA1sZUnFjSy3sCl1FRSooR3hjNy8tLBVkINHB3DVx2wsCP2kyqgkE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 85afcaa7de4056c1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

rough-block-a14b.hisena9054.workers.dev/Assets/js/mtb_app_wbk.js

188.114.97.1

200 OK

39 kB

URL GET HTTP/3
rough-block-a14b.hisena9054.workers.dev/Assets/js/mtb_app_wbk.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rough-block-a14b.hisena9054.workers.dev/
Certificate
IssuerCloudflare, Inc.
Subjecthisena9054.workers.dev
Fingerprint10:35:62:8F:2E:13:4E:48:96:21:9F:19:03:FA:69:65:03:71:7E:11
ValidityWed, 10 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (39419)
Size
39 kB (39449 bytes)
Hash
894e32bf645a6d9a3245cbb8fb95a31e
4ce3fc79d301d5d64938d8019a2d4a732fa717e6
8c14e8fc056ce6e5c919f7d77ff031be76c1dcf78b306eff4c4f9e3ac6d13d71

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	M & T Bank Coporation
PhishTank	phishing	M&T Bank

HTTP Headers

GET /Assets/js/mtb_app_wbk.js HTTP/1.1
Host: rough-block-a14b.hisena9054.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rough-block-a14b.hisena9054.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 25 Feb 2024 12:01:05 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0WO4eaW06HI6cc9EItxjTgHdGz3sLn2%2FZF9x0C9BM3DuaqS88ENfCtMl6BRapyzncfagQZfOq9d%2FtVdLEairdh2Dr0MlsspG3Ohioe4XOZQHTF7OUdTvsFc%2BVqVtLreY%2ByuRvtKdvO4C2WB0ApQ1NjTZ4UpAnQXFS9A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 85afcaa7ce0f56c1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

rough-block-a14b.hisena9054.workers.dev/Assets/js/tealium_prod.js

188.114.97.1

200 OK

39 kB

URL GET HTTP/3
rough-block-a14b.hisena9054.workers.dev/Assets/js/tealium_prod.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://rough-block-a14b.hisena9054.workers.dev/
Certificate
IssuerCloudflare, Inc.
Subjecthisena9054.workers.dev
Fingerprint10:35:62:8F:2E:13:4E:48:96:21:9F:19:03:FA:69:65:03:71:7E:11
ValidityWed, 10 Jan 2024 00:00:00 GMT - Tue, 31 Dec 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (39419)
Size
39 kB (39449 bytes)
Hash
894e32bf645a6d9a3245cbb8fb95a31e
4ce3fc79d301d5d64938d8019a2d4a732fa717e6
8c14e8fc056ce6e5c919f7d77ff031be76c1dcf78b306eff4c4f9e3ac6d13d71

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	M & T Bank Coporation
PhishTank	phishing	M&T Bank

HTTP Headers

GET /Assets/js/tealium_prod.js HTTP/1.1
Host: rough-block-a14b.hisena9054.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rough-block-a14b.hisena9054.workers.dev/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sun, 25 Feb 2024 12:01:05 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=btIlHMQFZDNIFHiqp7xVj6kxt1elMQsVRhtYtnS%2BJVg2upm0Rs7b8A%2BHvEUREZsu0CG0ZN3%2F5upLlTRNqPkSJ4aJ323Ryu4LfOdZrLRmuiEXynzwD6biQPiCNCK1DQ1rqT7Qd9mfWi27Oj%2BBei3wHOGaPRi84y5RcIM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 85afcaa7ce1656c1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

resources.mtb.com/r/simple-layout-responsive/css.mtb?v=11242021100000

192.216.61.78

200 OK

259 kB

URL GET HTTP/1.1
resources.mtb.com/r/simple-layout-responsive/css.mtb?v=11242021100000
IP
192.216.61.78:443
ASN
#12134 MTB

Requested by
https://rough-block-a14b.hisena9054.workers.dev/
Certificate
IssuerEntrust, Inc.
Subjectresources.mtb.com
Fingerprint47:DC:20:DB:BF:23:48:CC:46:87:F0:91:50:8A:37:B1:C5:14:C8:38
ValidityMon, 08 May 2023 17:29:50 GMT - Wed, 08 May 2024 17:29:50 GMT

File type

Size
259 kB (259098 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /r/simple-layout-responsive/css.mtb?v=11242021100000 HTTP/1.1
Host: resources.mtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rough-block-a14b.hisena9054.workers.dev/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Expires: Mon, 24 Feb 2025 12:01:05 GMT
Last-Modified: Sun, 25 Feb 2024 12:01:04 GMT
ETag: "1708862465:dtagent10283240117152214Srur"
Vary: User-Agent
X-Srv: M-STC-003
Access-Control-Allow-Origin: *
X-FRAME-OPTIONS: ALLOW-FROM https://mtb.com/
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-205785183"
Date: Sun, 25 Feb 2024 12:01:05 GMT
ntCoent-Length: 259098
Cache-Control: private
Content-Encoding: gzip
Set-Cookie: dtCookie=v_4_srv_4_sn_7EB37484B99A9B4B68F63DE13764BD00_perc_100000_ol_0_mul_1_app-3A1ce138bfdcbaa26d_1_rcs-3Acss_0; Path=/; Domain=.mtb.com
TS019299a7=019f8203fd854906afc5a4a4ea6fe5bfbaf6e3d76bfba6ad224e4899b56237c3ac40d1ae972b197475ccb5ee92189280eefe8b940c; Path=/
TS0128739d=019f8203fdb2f3ccd39a4dcfffb1d29f8c679c29c6fba6ad224e4899b56237c3ac40d1ae9753f5b4414bd6bba7c520e0b04ece90f722c2203f6ed98e1995305831454c0375; path=/; domain=.mtb.com
TSf60233d5027=08affc4e07ab20005967e38b6972cddc78b0fa2311e82e5951299fd56aaff4e7e89742f14fcaa32a08e27fd5e3113000f07d01133491dc76f50f8dcdaf32e24dacdf028345ff382ff0391be126eaf7b2a7005fd51af2fa21a6c52caf97810ed5; Path=/
Transfer-Encoding: chunked

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

HTTP Transactions (17)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

File type

Size