Report - dapper-hexagonal-week.glitch.me/public/ztut.html

Report Overview

Submitted URL
dapper-hexagonal-week.glitch.me/public/ztut.html
IP
52.21.72.108
ASN
#14618 AMAZON-AES
Submitted
2024-04-18 06:06:40
Access
public
Website Title
Online Banking Login - Tesco Bank
Final URL
dapper-hexagonal-week.glitch.me/public/ztut.html
Tags
tesco_bank financial phishing suspicious
urlquery detections
Phishing - Tesco Bank
Phishing - Generic phishing
Suspicious - Suspicious Javascript code

Detections

urlquery
18
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
dapper-hexagonal-week.glitch.me	unknown	unknown	No data	No data	502 B	2.2 MB	52.21.72.108
l2.io	163527	2012-05-12	2015-06-25	2024-04-17	412 B	226 B	195.80.159.133
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2024-04-17	446 B	32 kB	216.58.207.234
smtpjs.com	309535	2016-01-30	2016-02-01	2024-04-15	411 B	1.2 kB	109.169.71.112

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-17	medium	dapper-hexagonal-week.glitch.me/public/ztut.html	Tesco Personal Finance PLC

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (22)

	URL	Size	First Seen	Last Seen
	smtpjs.com/v3/smtp.js	868 B	2023-03-07	2024-04-30
Pretty URL smtpjs.com/v3/smtp.js IP 109.169.71.112 ASN #20860 Iomart Cloud Services Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:38 Last Seen2024-04-30 18:24:55 Times Seen2421 Hash 73572da03234fa6d561c64b59c152230 5de5efc900b7eaf2b93b02f7c4c260fa938ef983 1fd711cb491a361ef91e29c50de0680a4b156c0b34bb91e18570d0037263a776 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js	90 kB	2023-03-07	2024-05-01
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js IP 216.58.207.234 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-05-01 14:49:00 Times Seen140584 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	unknown	685 B	2023-04-27	2024-04-30
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-27 08:06:41 Last Seen2024-04-30 14:57:19 Times Seen21 Hash af9b9a7880fa1ce11b06141bfdda6011 81c821bc073fc23af1f7f1f0a10200a1b0c6467d 98b9ed7398a5ad938e0f2add15a45893f2d9cc5753810e6087a6d0f4f8f4e584 Loading...

	unknown	826 B	2023-04-27	2024-04-30
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-27 08:06:40 Last Seen2024-04-30 14:57:19 Times Seen21 Hash 527649a019ebdcacc0460ad7190c6158 de967a3401e68a3225c03abc70375bf26ab617d6 58ab9727e9953033447591952769d78386878b873a09f638ed3b5a33c4fa0459 Loading...

	unknown	3.9 kB	2023-04-27	2024-04-30
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-27 08:06:40 Last Seen2024-04-30 14:57:19 Times Seen21 Hash e797c283c9763b187a9eae713abcd638 e75263994222efbf95064ce293be32e31b50ee99 4d5b0100e361cd6a909629393f72f953118e6a93fd2f4c5a3d60e651ef9b0d90 Loading...

	unknown	4.0 kB	2023-04-27	2024-04-30
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-27 08:06:40 Last Seen2024-04-30 14:57:19 Times Seen21 Hash 1af846c0cd89c5979a071a282e5a1eda 8057b1d23f94394299496b3e43ae45f91c773b55 ee255e06a5d796decf35a180e41384cda109b1db18bf88760a693960f4f78ef6 Loading...

	unknown	855 B	2023-04-27	2024-04-30
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-27 08:06:40 Last Seen2024-04-30 14:57:19 Times Seen21 Hash d701c9e050893343efe4f2dd880c156e 6ec003e3865b1e50a1f013f44e6923616c4d9137 5a92993b41cedfc9e7948ceebc09929fcde9215648ae4dd2ce78216323f121f2 Loading...

	unknown	2.1 kB	2023-04-27	2024-04-30
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-27 08:06:40 Last Seen2024-04-30 14:57:19 Times Seen21 Hash d36e6c93723bbf62158a8b59c5e3fe5d c379d794518dcfe9eb5679c0c38dfb899d5308a8 7f7f5d5f123d6005c48c956af5675cd446b59a9bbdfdeddccc76d208b5b36f4e Loading...

	unknown	3.0 kB	2023-04-27	2024-04-30
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-27 08:06:40 Last Seen2024-04-30 14:57:19 Times Seen21 Hash d898fb0f888d5a2f66cb57a398d20478 4d53c099ad9b9ffb9d43e7a4fa18d7d3f16c9353 5d8aa7a9e23e75087b23a79046b946615b82169a84f24cbc82dd97fb9914397c Loading...

	unknown	3.2 kB	2023-04-27	2024-04-30
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-27 08:06:41 Last Seen2024-04-30 14:57:19 Times Seen21 Hash 13b64683eeb64a6645713df12d1ec881 90064b9511eeae50b323329f66cd3eae0d312d4d 79ce2d3fa9cf849320ceb0aa12a4ca1d2cd52914f61e7557c0e1c6a704411280 Loading...

	unknown	1.1 kB	2023-04-27	2024-04-30
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-27 08:06:40 Last Seen2024-04-30 14:57:19 Times Seen21 Hash d8a10fb03e0b85de33311e93969b09b0 4a0308033309c5eef440a024905e0e60e1b7e673 ca134ec7873cd546e7d0c909c181ffa4bf0657b481602fbdaf714e94103c37bc Loading...

	unknown	10 kB	2023-04-27	2024-04-30
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-27 08:06:40 Last Seen2024-04-30 14:57:19 Times Seen21 Hash 6ab55f7e210d54e96a4aadc320f00014 07412a8734068ee0d315dac62c94c3f4916f47af 0d85dbb5f6fccebed2bddb2e12a3132dda60293df2ebfde716457cbc1e7368f9 Loading...

	l2.io/ip.js?var=userip	24 B	2023-03-07	2024-04-30
Pretty URL l2.io/ip.js?var=userip IP 195.80.159.133 ASN #29152 Decknet S.a.r.l. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:55 Last Seen2024-04-30 14:57:20 Times Seen1575 Hash f9dc91b3feea65bd389a2f5b57306c32 147d1c9ae79ae948a34c5f1254bdcbf7af9caf8e d88923af30873abcf4cde709062c3d2e9ded181f9e2552c7fbcc983b3796ff77 Loading...

	unknown	628 B	2023-04-27	2024-04-30
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-27 08:06:41 Last Seen2024-04-30 14:57:19 Times Seen21 Hash 6a696d2f940acae79bb55e39c8a8a1ad e0240ffa8cc4eb08e71f938733c80dc7fe2b6f0b 918512a11be593316b554655d766d0dac3c09b461d5706e7f65cf2b0df99c70e Loading...

	unknown	2.7 kB	2023-04-27	2024-04-30
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-27 08:06:41 Last Seen2024-04-30 14:57:19 Times Seen21 Hash 462adcde35e08c7eec17047c410f433a b83f895b5a43040594ad618c419f59da0a3cadc4 a95cfa4bd763814f564147f603e585b1879e55eee71683129f1f3916227a8a47 Loading...

	dapper-hexagonal-week.glitch.me/public/ztut.html	2.2 MB	2023-03-08	2024-04-30
Pretty URL dapper-hexagonal-week.glitch.me/public/ztut.html IP 52.21.72.108 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 02:46:29 Last Seen2024-04-30 14:57:19 Times Seen13 Hash eb9b717b086977fb8e10a0acd694bc2d 3a5d1d8ce5897c178d4609b6ba74f6845dbae3cd a4d01f60f8831d17ff2b9337a11d42382f18ad7a5460beb97d020e0543be35cd Loading...

	unknown	853 B	2023-04-27	2024-04-30
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-27 08:06:40 Last Seen2024-04-30 14:57:19 Times Seen21 Hash a48e24362779b90107a2b04f9543fc1f 396d10f2c0789b2bba9966d353184e8fb4845659 ab7195140a518d9b63e3c7cbf898150a18548814e3778006975cb504410ad112 Loading...

	unknown	836 B	2023-04-27	2024-04-30
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-27 08:06:40 Last Seen2024-04-30 14:57:19 Times Seen21 Hash 4c7357061d5512addb2975f81b250427 ca425c4fdf4adbd3a2582a261184ad8d8190b190 f35c7d6e9420e59536cb3185ad78ccd3a28aa966dd3f3cf9a8f931fb55437976 Loading...

	unknown	1.6 kB	2023-04-27	2024-04-30
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-27 08:06:40 Last Seen2024-04-30 14:57:19 Times Seen21 Hash 4fb93788d473ad03ecab2b833554127a a55b4a395669dab5b397e016c1a8d6f10c0ea4d5 2b747f93b86d96a1ac6b135cbafd4e8389893c19161a382cae4a140aaf864799 Loading...

	unknown	2.9 kB	2023-04-27	2024-04-30
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-27 08:06:40 Last Seen2024-04-30 14:57:19 Times Seen21 Hash 96cc0b8df7fd803a6d85b79937c8d044 cd99d5b78b474052d34cdea63d37b4cb267edcdc f23849cc6c4894eebb5af70f68a19b7b1c0ee2ea46061ec611e97b190ba3d07e Loading...

		Size	First Seen	Last Seen
	#1 Write - dc0df58531284349fa250c4b369ba3da	731 kB	2023-03-08	2024-04-30
Pretty Observations First Seen2023-03-08 02:46:29 Last Seen2024-04-30 14:57:19 Times Seen11 Hash dc0df58531284349fa250c4b369ba3da b3d00e8784490038054949393734d9104a543be2 e650d2fa0ff4eaa5fd64dd93949ba2157b27f55cb4e801213f9d7bd3c83c8547 Loading...

	#2 Write - 851a9301dd85c00d593a4311819a9db4	3.0 kB	2023-03-07	2024-04-30
Pretty Observations First Seen2023-03-07 01:06:39 Last Seen2024-04-30 14:57:19 Times Seen24 Hash 851a9301dd85c00d593a4311819a9db4 74e0f73cae875f421a8514753f19ca10e35961d3 a5b45d5a6f19ecbb6a787e60a46a93a305c378e279a259cbc07b834af72fabb0 Loading...

HTTP Transactions (4)

URL IP Response Size

dapper-hexagonal-week.glitch.me/public/ztut.html

52.21.72.108

200 OK

2.2 MB

URL User Request GET HTTP/2
dapper-hexagonal-week.glitch.me/public/ztut.html
IP
52.21.72.108:443
ASN
#14618 AMAZON-AES

Certificate
IssuerAmazon
Subjectglitch.com
Fingerprint57:4F:13:8A:33:42:32:7C:F7:C9:C5:1F:DF:C1:35:65:F0:E9:70:EE
ValidityMon, 04 Dec 2023 00:00:00 GMT - Wed, 01 Jan 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (65536), with no line terminators
Size
2.2 MB (2192019 bytes)
Hash
07445bab0d83381cb9def79f0f486b89
83d120057cb83217a65479c3f63944f21130034e
e0ff6cf0ebecc83715ff0c775d1a3defad5558e293153102a17a359ed4704062

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Tesco Bank
urlquery	suspicious	Suspicious - Suspicious Javascript code
OpenPhish	phishing	Tesco Personal Finance PLC

HTTP Headers

GET /public/ztut.html HTTP/1.1
Host: dapper-hexagonal-week.glitch.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 06:06:14 GMT
content-type: text/html; charset=utf-8
content-length: 2192019
x-amz-id-2: VFKyCH83oANDl5sm5naENeUDEXpjgQEaJfZ4pjAiQ0oWPC3SRTGdnCsU8CCxmMeGGi7IFZJa5N6GeR2OPMz0cKUNpmqhaVP+ntr9VeT/9pA=
x-amz-request-id: 7B42QF88C2VG5Z6V
last-modified: Tue, 16 Apr 2024 17:59:07 GMT
etag: "07445bab0d83381cb9def79f0f486b89"
x-amz-server-side-encryption: AES256
cache-control: no-cache
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
X-Firefox-Spdy: h2

l2.io/ip.js?var=userip

195.80.159.133

200 OK

24 B

URL GET HTTP/1.1
l2.io/ip.js?var=userip
IP
195.80.159.133:443
ASN
#29152 Decknet S.a.r.l.

Requested by
https://dapper-hexagonal-week.glitch.me/public/ztut.html
Certificate
IssuerLet's Encrypt
Subjectl2.io
Fingerprint1D:F0:67:A9:3B:A0:37:E5:4C:88:AD:B8:EA:EE:A3:BB:A1:84:53:A7
ValidityTue, 05 Mar 2024 09:52:38 GMT - Mon, 03 Jun 2024 09:52:37 GMT

File type
ASCII text, with no line terminators
Size
24 B (24 bytes)
Hash
f9dc91b3feea65bd389a2f5b57306c32
147d1c9ae79ae948a34c5f1254bdcbf7af9caf8e
d88923af30873abcf4cde709062c3d2e9ded181f9e2552c7fbcc983b3796ff77

HTTP Headers

GET /ip.js?var=userip HTTP/1.1
Host: l2.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dapper-hexagonal-week.glitch.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:06:16 GMT
Server: Apache/2.4.38 (Debian)
Content-Length: 24
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

216.58.207.234

200 OK

31 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP
216.58.207.234:443
ASN
#15169 GOOGLE

Requested by
https://dapper-hexagonal-week.glitch.me/public/ztut.html
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
31 kB (31021 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dapper-hexagonal-week.glitch.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31021
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 17 Apr 2024 10:51:04 GMT
expires: Thu, 17 Apr 2025 10:51:04 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Fri, 08 May 2020 07:05:03 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 69312
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

smtpjs.com/v3/smtp.js

109.169.71.112

200 OK

871 B

URL GET HTTP/2
smtpjs.com/v3/smtp.js
IP
109.169.71.112:443
ASN
#20860 Iomart Cloud Services Limited

Requested by
https://dapper-hexagonal-week.glitch.me/public/ztut.html
Certificate
IssuerLet's Encrypt
Subjectsmtpjs.com
FingerprintEC:83:1D:D8:A2:64:CE:2A:CC:AC:62:79:7D:42:09:D5:21:4E:8D:05
ValidityTue, 09 Apr 2024 02:31:24 GMT - Mon, 08 Jul 2024 02:31:23 GMT

File type
JavaScript source, Unicode text, UTF-8 (with BOM) text, with very long lines (841), with CRLF line terminators
Size
871 B (871 bytes)
Hash
3834e1b9e65ca954b7479464ea1e5118
437df45dbf59c3a3414236f44e3bcd5045bfe314
fc33c6b2c79aafa930e841962ae3c25bf8f56cbc20ec48fc2b0ddd0aa6ee23b6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Tesco Bank

HTTP Headers

GET /v3/smtp.js HTTP/1.1
Host: smtpjs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dapper-hexagonal-week.glitch.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
last-modified: Fri, 15 Mar 2024 10:08:42 GMT
accept-ranges: bytes
etag: "b65c4ac2c076da1:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
access-control-allow-origin: *
date: Thu, 18 Apr 2024 06:06:15 GMT
content-length: 871
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (22)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash