weepworknow.work.gd
Open in
urlscan Pro
185.209.162.219
Malicious Activity!
Public Scan
Submission: On March 15 via api from US — Scanned from US
Summary
TLS certificate: Issued by R3 on March 13th 2023. Valid for: 3 months.
This is the only time weepworknow.work.gd was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: M&T Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
9 | 185.209.162.219 185.209.162.219 | 14576 (HOSTING-S...) (HOSTING-SOLUTIONS) | |
3 | 2620:0:890::100 2620:0:890::100 | 54113 (FASTLY) (FASTLY) | |
1 | 2606:4700::68... 2606:4700::6812:bcf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6812:acf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
14 | 4 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
work.gd
weepworknow.work.gd |
170 KB |
3 |
web.app
datacssjs.web.app |
54 KB |
2 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 784 stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2326 |
29 KB |
14 | 3 |
Domain | Requested by | |
---|---|---|
9 | weepworknow.work.gd |
weepworknow.work.gd
|
3 | datacssjs.web.app |
weepworknow.work.gd
|
1 | stackpath.bootstrapcdn.com |
weepworknow.work.gd
|
1 | maxcdn.bootstrapcdn.com |
weepworknow.work.gd
|
14 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.mtb.com |
onlinebanking.mtb.com |
www3.mtb.com |
asset.mtb.com |
mtb.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
weepworknow.work.gd R3 |
2023-03-13 - 2023-06-11 |
3 months | crt.sh |
web.app GTS CA 1D4 |
2023-03-06 - 2023-06-04 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-12-30 - 2023-12-30 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://weepworknow.work.gd/home.html?qj1loXOqSf4gc3aCFxBWxYI69ENuOWthDjwXvJECKW8XyjLOiKmHC9hm0Wmpwf2GpIprsdeh7426c5AcXQUxBSfyZvUqkqO8LMw2Yqrn1SJo4WK9Ah5gBb4lBf3ghmpqmWOS3=
Frame ID: E3B4F8046C1848079C3D497A72DA927A
Requests: 14 HTTP requests in this frame
Screenshot
Page Title
Welcome to Online Banking | M&T BankDetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
14 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Help with User ID or Passcode
Search URL Search Domain Scan URL
Title: Enroll Now
Search URL Search Domain Scan URL
Title: Get Started Guide
Search URL Search Domain Scan URL
Title: Security Assistance
Search URL Search Domain Scan URL
Title: Digital Service Agreement
Search URL Search Domain Scan URL
Title: ESign Agreement
Search URL Search Domain Scan URL
Title: Accessibility
Search URL Search Domain Scan URL
Title: mtb.com
Search URL Search Domain Scan URL
Title: Terms of Use
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Member FDIC
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
home.html
weepworknow.work.gd/ |
8 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css.mtb.css
weepworknow.work.gd/mtb/ |
251 KB 28 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mtb-logo.svg
weepworknow.work.gd/mtb/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mtb-equalhousinglender.svg
weepworknow.work.gd/mtb/ |
230 B 538 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mtb-entrust.svg
weepworknow.work.gd/mtb/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.2.1.slim.min.js
datacssjs.web.app/ |
68 KB 21 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popper.min.js
datacssjs.web.app/ |
19 KB 6 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ |
48 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
datacssjs.web.app/ |
84 KB 26 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ |
50 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
min2.js
weepworknow.work.gd/ |
4 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mandtbaltoweb-book.woff
weepworknow.work.gd/mtb/ |
66 KB 66 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mandtpg-iconfont.woff
weepworknow.work.gd/mtb/ |
5 KB 5 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mandtbaltoweb-medium.woff
weepworknow.work.gd/mtb/ |
63 KB 63 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: M&T Bank (Banking)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless function| $ function| jQuery function| Popper object| bootstrap0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
datacssjs.web.app
maxcdn.bootstrapcdn.com
stackpath.bootstrapcdn.com
weepworknow.work.gd
185.209.162.219
2606:4700::6812:acf
2606:4700::6812:bcf
2620:0:890::100
108d16421ae2ff7fc5157d507dc5b1bf7f62140ba58cf3c723b1f2b7e74c21df
1d4ff8ac7d7a30a94bb3ce8dd10f6b297912bd4cafecacf1de60ec41179e3177
24f0d95fa34870957472207f3bd3912609f09d6895068bc4a4369a52069162a2
4029a5a081992259f4e529190b49dbba893931da4e843dd203449f1b9a4509d2
5614d21225b2e012e3765c1b32fba0b8762bcecd8863c8705c1bcc0d03ec19de
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
5f5b0d9f678fe446631a33a4cbbe891a01b0ed972143702e67ae6617367096ac
91a04a5dfe501d54af8a59b942495bd7ab26bb811ab34f460115fc0267f825f1
b2ef3bd17aa6bc2daa7b1209f7848b30c64f3068e43162b09a216639ab430ce5
b391b55f950528937beee7687717a4aef81196817834f1c93b099713ff738fbc
d58eb2802f72d0c6b1d944a1335e8fb914af44b51fe16097aad994c15b8cfbad
e0731b9d34d0faa917438774d6e82cff05bb544cd8d5c0863a21a729a2b51a8d
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
fdce77a6d0053f32d231518a84a71bcab5c86045ed52369da00b89d4284aef46